Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Concurrent Composition for Differentially Private Continual Mechanisms

Monika Henzinger, Roodabeh Safavi, Salil Vadhan

TL;DR

The paper addresses the challenge of differential privacy for mechanisms that continually observe data and receive adaptive queries, where updates and releases can be interleaved. It introduces a general formalism for privacy against adaptive adversaries using continual mechanisms (CMs), verifications, verifiers, and interactive post-processing, and then proves concurrent composition theorems that extend noninteractive and interactive results to the continual setting. Key contributions include (a) a modular framework that reduces CM privacy to interactive DP via verifiers and identifiers, (b) parallel and filter concurrent composition results that hold under precise conditions (including a counterexample that motivates constraints), (c) general design conditions ensuring privacy loss does not accumulate beyond the sub-mechanisms, and (d) application to the continual monotone histogram problem (HSS) with new adaptive-adversary privacy guarantees, as well as reductions to interactive randomized/interactive RR frameworks. These results enable simpler, modular privacy analyses for complex continual systems and broaden the practical applicability of DP in streaming and update-heavy settings with adaptive adversaries.

Abstract

Many intended uses of differential privacy involve a $\textit{continual mechanism}$ that is set up to run continuously over a long period of time, making more statistical releases as either queries come in or the dataset is updated. In this paper, we give the first general treatment of privacy against $\textit{adaptive}$ adversaries for mechanisms that support dataset updates and a variety of queries, all arbitrarily interleaved. It also models a very general notion of neighboring, that includes both event-level and user-level privacy. We prove several $\textit{concurrent}$ composition theorems for continual mechanisms, which ensure privacy even when an adversary can interleave queries and dataset updates to the different composed mechanisms. Previous concurrent composition theorems for differential privacy were only for the case when the dataset is static, with no adaptive updates. Moreover, we also give the first interactive and continual generalizations of the "parallel composition theorem" for noninteractive differential privacy. Specifically, we show that the analogue of the noninteractive parallel composition theorem holds if either there are no adaptive dataset updates or each of the composed mechanisms satisfies pure differential privacy, but it fails to hold for composing approximately differentially private mechanisms with dataset updates. We then formalize a set of general conditions on a continual mechanism $M$ that runs multiple continual sub-mechanisms such that the privacy guarantees of $M$ follow directly using the above concurrent composition theorems on the sub-mechanisms, without further privacy loss. This enables us to give a simpler and more modular privacy analysis of a recent continual histogram mechanism of Henzinger, Sricharan, and Steiner. In the case of approximate DP, ours is the first proof showing that its privacy holds against adaptive adversaries.

Concurrent Composition for Differentially Private Continual Mechanisms

TL;DR

The paper addresses the challenge of differential privacy for mechanisms that continually observe data and receive adaptive queries, where updates and releases can be interleaved. It introduces a general formalism for privacy against adaptive adversaries using continual mechanisms (CMs), verifications, verifiers, and interactive post-processing, and then proves concurrent composition theorems that extend noninteractive and interactive results to the continual setting. Key contributions include (a) a modular framework that reduces CM privacy to interactive DP via verifiers and identifiers, (b) parallel and filter concurrent composition results that hold under precise conditions (including a counterexample that motivates constraints), (c) general design conditions ensuring privacy loss does not accumulate beyond the sub-mechanisms, and (d) application to the continual monotone histogram problem (HSS) with new adaptive-adversary privacy guarantees, as well as reductions to interactive randomized/interactive RR frameworks. These results enable simpler, modular privacy analyses for complex continual systems and broaden the practical applicability of DP in streaming and update-heavy settings with adaptive adversaries.

Abstract

Many intended uses of differential privacy involve a that is set up to run continuously over a long period of time, making more statistical releases as either queries come in or the dataset is updated. In this paper, we give the first general treatment of privacy against adversaries for mechanisms that support dataset updates and a variety of queries, all arbitrarily interleaved. It also models a very general notion of neighboring, that includes both event-level and user-level privacy. We prove several composition theorems for continual mechanisms, which ensure privacy even when an adversary can interleave queries and dataset updates to the different composed mechanisms. Previous concurrent composition theorems for differential privacy were only for the case when the dataset is static, with no adaptive updates. Moreover, we also give the first interactive and continual generalizations of the "parallel composition theorem" for noninteractive differential privacy. Specifically, we show that the analogue of the noninteractive parallel composition theorem holds if either there are no adaptive dataset updates or each of the composed mechanisms satisfies pure differential privacy, but it fails to hold for composing approximately differentially private mechanisms with dataset updates. We then formalize a set of general conditions on a continual mechanism that runs multiple continual sub-mechanisms such that the privacy guarantees of follow directly using the above concurrent composition theorems on the sub-mechanisms, without further privacy loss. This enables us to give a simpler and more modular privacy analysis of a recent continual histogram mechanism of Henzinger, Sricharan, and Steiner. In the case of approximate DP, ours is the first proof showing that its privacy holds against adaptive adversaries.

Paper Structure

This paper contains 57 sections, 53 theorems, 85 equations, 5 figures, 4 algorithms.

Table of Contents

  1. Introduction
  2. Differential Privacy Over Time
  3. Our contributions
  4. A general formalism for privacy against adaptive adversaries.
  5. Concurrent Composition Theorems for Continual Mechanisms.
  6. Concurrent filter composition theorems for continual mechanisms.
  7. General Conditions for Privacy Analysis of Continual Mechanisms.
  8. An Algorithmic Application.
  9. Our Variants of Concurrent Composition.
  10. Preliminaries
  11. Non-interactive Mechanisms (NIM)
  12. Interactive Mechanisms (IM)
  13. Interaction of IMs.
  14. Differential Privacy for IMs.
  15. Interactive Post-Processing (IPM)
  16. ...and 42 more sections

Key Result

Theorem 1.2

For every fixed sequence $(\epsilon_1,\delta_1),\ldots,(\epsilon_k,\delta_k)$ of privacy-loss parameters and verification functions $f_1,\ldots,f_k$, the concurrent composition of continual mechanisms $\mathcal{M}_i$ that are $(\epsilon_i,\delta_i)$-DP w.r.t. $f_i$ is $(\epsilon,\delta)$-DP for the

Figures (5)

  • Figure 1: Comparison between interactive mechanism (IMs), continual observation (CO), and continual mechanisms (CMs)
  • Figure 2: Illustration of the interactions between $\mathcal{A}$, $\mathcal{V}[f]$, $\mathcal{I}(b)$, and $\mathcal{M}$
  • Figure 3: Illustration of the interactions between an honest adversary $\mathcal{A}$ and the concurrent composition of $k$ continual mechanisms
  • Figure 4: Illustration of the interactions between an honest adversary $\mathcal{A}$ and a mechanism with $k$ sub-mechanisms
  • Figure :

Theorems & Definitions (140)

  • Definition 1.1: DP for continual mechanisms
  • Theorem 1.2: concurrent composition of continual mechanisms, informally stated
  • Theorem 1.3: concurrent parallel composition of interactive mechanisms
  • Theorem 1.4: counterexample for the concurrent parallel composition of approximate DP continual mechanisms, informally stated
  • Theorem 1.5: concurrent parallel composition of approx DP continual mechanisms, informally stated
  • Lemma 1.6: post-processing of randomized response mechanisms, informal statement
  • Corollary 1.7: concurrent parallel composition of pure DP continual mechanisms, informally stated
  • Theorem 1.8: Concurrent filter composition for continual mechanisms
  • Definition 2.1: $(\epsilon,\delta)$-indistinguishability kasiviswanathan2014semantics
  • Definition 2.2: $(\epsilon,\delta)$-DP for NIMs dwork2006calibrating
  • ...and 130 more