Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Concurrent Composition for Interactive Differential Privacy with Adaptive Privacy-Loss Parameters

Samuel Haney, Michael Shoemate, Grace Tian, Salil Vadhan, Andrew Vyrros, Vicki Xu, Wanrong Zhang

TL;DR

This work addresses how to safely compose multiple interactive differential privacy mechanisms when privacy-loss budgets are chosen adaptively. It develops a unified framework of privacy filters and odometers that extend from noninteractive to concurrent interactive settings across $(oldsymbol{\\epsilon},\boldsymbol{\delta})$-DP, $f$-DP, and Rényi DP, preserving privacy under interleaved queries. The authors introduce the person-in-the-middle postprocessing paradigm and prove that adaptive concurrent filtering/odometer guarantees can be obtained via reductions to noninteractive mechanisms and inductive constructions, including universal mechanisms for RDP. The results have practical impact by enabling full adaptivity in libraries like OpenDP and Tumult, allowing analysts to allocate privacy budgets across multiple interactive analyses without sacrificing privacy guarantees. Overall, the paper provides rigorous theoretical foundations and concrete implementation paths for fully adaptive, concurrent interactive DP.

Abstract

In this paper, we study the concurrent composition of interactive mechanisms with adaptively chosen privacy-loss parameters. In this setting, the adversary can interleave queries to existing interactive mechanisms, as well as create new ones. We prove that every valid privacy filter and odometer for noninteractive mechanisms extends to the concurrent composition of interactive mechanisms if privacy loss is measured using $(ε, δ)$-DP, $f$-DP, or Rényi DP of fixed order. Our results offer strong theoretical foundations for enabling full adaptivity in composing differentially private interactive mechanisms, showing that concurrency does not affect the privacy guarantees. We also provide an implementation for users to deploy in practice.

Concurrent Composition for Interactive Differential Privacy with Adaptive Privacy-Loss Parameters

TL;DR

This work addresses how to safely compose multiple interactive differential privacy mechanisms when privacy-loss budgets are chosen adaptively. It develops a unified framework of privacy filters and odometers that extend from noninteractive to concurrent interactive settings across -DP, -DP, and Rényi DP, preserving privacy under interleaved queries. The authors introduce the person-in-the-middle postprocessing paradigm and prove that adaptive concurrent filtering/odometer guarantees can be obtained via reductions to noninteractive mechanisms and inductive constructions, including universal mechanisms for RDP. The results have practical impact by enabling full adaptivity in libraries like OpenDP and Tumult, allowing analysts to allocate privacy budgets across multiple interactive analyses without sacrificing privacy guarantees. Overall, the paper provides rigorous theoretical foundations and concrete implementation paths for fully adaptive, concurrent interactive DP.

Abstract

In this paper, we study the concurrent composition of interactive mechanisms with adaptively chosen privacy-loss parameters. In this setting, the adversary can interleave queries to existing interactive mechanisms, as well as create new ones. We prove that every valid privacy filter and odometer for noninteractive mechanisms extends to the concurrent composition of interactive mechanisms if privacy loss is measured using -DP, -DP, or Rényi DP of fixed order. Our results offer strong theoretical foundations for enabling full adaptivity in composing differentially private interactive mechanisms, showing that concurrency does not affect the privacy guarantees. We also provide an implementation for users to deploy in practice.
Paper Structure (30 sections, 30 theorems, 31 equations, 1 figure, 15 algorithms)

This paper contains 30 sections, 30 theorems, 31 equations, 1 figure, 15 algorithms.

Table of Contents

  1. Introduction
  2. Differential Privacy
  3. Composition of Differentially Private Mechanisms
  4. Composition Theorems for Noninteractive Mechanisms
  5. Composition Theorems for Interactive Mechanisms
  6. Odometers and Filters
  7. Our Results on Concurrent Filters and Odometers
  8. Proof Strategy
  9. Concurrent Filter and Odometer
  10. Preliminaries
  11. Filters
  12. Odometer
  13. I.M.-to-I.M. Interactive Postprocessing
  14. Concurrent Filter & Odometer for $f$-DP
  15. Concurrent Filter for $f$-DP
  16. ...and 15 more sections

Key Result

Theorem 1.8

Suppose that for all noninteractive mechanisms $\mathcal{M}_1, \ldots, \mathcal{M}_k$ such that $\mathcal{M}_i$ is $(\epsilon_i, \delta_i)$-DP for $i=1, \ldots, k$, their composition ${\text{Comp}}(\mathcal{M}_1, \ldots, \mathcal{M}_k)$ is $(\epsilon, \delta)$-DP. Then for all interactive mechanisms

Figures (1)

  • Figure 1: Diagram of a queryable.

Theorems & Definitions (79)

  • Definition 1.1: Differential Privacy
  • Definition 1.2: Rényi divergence renyi1961measures
  • Definition 1.3: Rényi DP mironov2017renyi
  • Definition 1.4: Interactive Algorithms
  • Definition 1.5: Interaction between two mechanisms
  • Definition 1.6: View of the adversary in an interactive mechanism
  • Definition 1.7: $(\epsilon, \delta)$-DP interactive mechanisms
  • Theorem 1.8: lyu2022compositionvadhan2022concurrent
  • Theorem 1.9: lyu2022composition
  • Definition 1.10: $\mathcal{F}$-filtered composition of noninteractive $(\epsilon, \delta)$-DP mechanisms ($\mathcal{F} \textit{-Filt(NIM)}$)
  • ...and 69 more