Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Differential Confounding Privacy and Inverse Composition

Tao Zhang, Bradley A. Malin, Netanel Raviv, Yevgeniy Vorobeychik

TL;DR

This work extends differential privacy to settings where the secret $S$ is not simply contained in the dataset $X$, by introducing differential confounding privacy (DCP), a Pufferfish-inspired framework that uses $\epsilon$-$\delta$ indistinguishability to quantify privacy loss under general S–X dependencies. It analyzes how DCP compositions differ from DP, showing that while DCP compositions exist, they lack DP’s graceful, additive bounds due to copula-driven dependencies among mechanisms. To address this, the authors propose Inverse Composition (IC), a leader–follower optimization that designs a privacy strategy to guarantee target $(\varepsilon, \delta)$-DCP under composition without relying on worst-case proofs, with convex reformulations under a strictly proper scoring rule. They validate IC through numerical experiments on genomic data, demonstrating that IC can meet privacy budgets under composition and can leverage copula perturbations to manage dependencies. The results offer a principled pathway to privacy accounting in complex, interdependent data-processing pipelines and highlight remaining challenges in algorithmic implementation and scalability.

Abstract

Differential privacy (DP) has become the gold standard for privacy-preserving data analysis, but its applicability can be limited in scenarios involving complex dependencies between sensitive information and datasets. To address this, we introduce \textit{differential confounding privacy} (DCP), a specialized form of the Pufferfish privacy (PP) framework that generalizes DP by accounting for broader relationships between sensitive information and datasets. DCP adopts the $(ε, δ)$-indistinguishability framework to quantify privacy loss. We show that while DCP mechanisms retain privacy guarantees under composition, they lack the graceful compositional properties of DP. To overcome this, we propose an \textit{Inverse Composition (IC)} framework, where a leader-follower model optimally designs a privacy strategy to achieve target guarantees without relying on worst-case privacy proofs, such as sensitivity calculation. Experimental results validate IC's effectiveness in managing privacy budgets and ensuring rigorous privacy guarantees under composition.

Differential Confounding Privacy and Inverse Composition

TL;DR

This work extends differential privacy to settings where the secret is not simply contained in the dataset , by introducing differential confounding privacy (DCP), a Pufferfish-inspired framework that uses - indistinguishability to quantify privacy loss under general S–X dependencies. It analyzes how DCP compositions differ from DP, showing that while DCP compositions exist, they lack DP’s graceful, additive bounds due to copula-driven dependencies among mechanisms. To address this, the authors propose Inverse Composition (IC), a leader–follower optimization that designs a privacy strategy to guarantee target -DCP under composition without relying on worst-case proofs, with convex reformulations under a strictly proper scoring rule. They validate IC through numerical experiments on genomic data, demonstrating that IC can meet privacy budgets under composition and can leverage copula perturbations to manage dependencies. The results offer a principled pathway to privacy accounting in complex, interdependent data-processing pipelines and highlight remaining challenges in algorithmic implementation and scalability.

Abstract

Differential privacy (DP) has become the gold standard for privacy-preserving data analysis, but its applicability can be limited in scenarios involving complex dependencies between sensitive information and datasets. To address this, we introduce \textit{differential confounding privacy} (DCP), a specialized form of the Pufferfish privacy (PP) framework that generalizes DP by accounting for broader relationships between sensitive information and datasets. DCP adopts the -indistinguishability framework to quantify privacy loss. We show that while DCP mechanisms retain privacy guarantees under composition, they lack the graceful compositional properties of DP. To overcome this, we propose an \textit{Inverse Composition (IC)} framework, where a leader-follower model optimally designs a privacy strategy to achieve target guarantees without relying on worst-case privacy proofs, such as sensitivity calculation. Experimental results validate IC's effectiveness in managing privacy budgets and ensuring rigorous privacy guarantees under composition.
Paper Structure (43 sections, 17 theorems, 133 equations, 1 figure, 9 tables)

This paper contains 43 sections, 17 theorems, 133 equations, 1 figure, 9 tables.

Table of Contents

  1. Introduction
  2. Example: Online Learning and Personalized Recommendation Systems
  3. Example: Medical Diagnosis and Screening Pipelines
  4. Related Work
  5. Differential Confounding Privacy
  6. Characterizing the Composition
  7. Inverse Composition
  8. Numerical Experiments
  9. Conclusion
  10. Table of Notations
  11. Pufferfish Privacy
  12. Detailed Characterization of Section III
  13. Effective Mechanisms
  14. Copula
  15. Privacy Loss Random Variable
  16. ...and 28 more sections

Key Result

Theorem 1

Let $\mathcal{M}(\vec{\gamma})$ be the composition of $\{\mathcal{M}_{i}(\gamma_{i})\}_{i=1}^{k}$ be independent mechanisms. Let $\mathcal{N}_{i}(\psi_{i})$ be the effective mechanism of $\mathcal{M}_{i}(\gamma_{i})$, $\forall i$. Suppose $\textbf{L}^{\mathcal{G}}_{c_{s_{0}}, c_{s_{1}}}(\vec{Y}) \ne

Figures (1)

  • Figure 1: (a) shows five tests with $\delta_{g} = \delta_{i} = 0.02$ and $\epsilon_{g} = \{0.25, 0.25, 1.5, 3, 5\}$, corresponding to $\epsilon_{i} = \{0.05, 0.1, 0.3, 0.6, 1\}$ for $i \in \{1,2, 3, 4, 5\}$. (b) shows six tests with $\delta_{g} = \delta_{i} = 0.02$ and $\epsilon_{g} = \{0.4, 0.6, 1, 2, 4, 6\}$, corresponding to $\epsilon_{i} = \{0.05, 0.1, 0.18, 0.3, 0.6, 1\}$ for $i \in \{1, 2, 3, 4, 5\}$.

Theorems & Definitions (25)

  • Definition 1: $(\epsilon, \delta, \theta,\mathcal{G})$-Differential Confounding Privacy
  • Theorem 1
  • Theorem 2
  • Definition 2: Invertable $\mathcal{G}$
  • Proposition 1
  • Proposition 2
  • Theorem 3
  • Definition 3: $(\epsilon_{\omega}, \delta_{\omega})$-Bayesian Differential Privacy triastcyn2020bayesian
  • Definition 4
  • Definition 5: Bivariate Gaussian Copula
  • ...and 15 more