DP-SPRT: Differentially Private Sequential Probability Ratio Tests

TL;DR

This work tackles privacy-preserving sequential hypothesis testing by extending Wald's SPRT to the differential privacy regime. It introduces DP-SPRT, a general framework that privatizes SPRT through two noise streams and an OutsideInterval threshold mechanism, enabling calibrated error control under both pure $\varepsilon$-DP and Rényi DP. The authors provide a unified analysis: DP/RDP privacy guarantees, a lower bound on private sample complexity, and practical gains via subsampling, alongside empirical results on Bernoulli data showing favorable privacy-utility trade-offs. The approach yields near-optimal private sequential testing in regimes of small error and closely spaced hypotheses and offers a reusable privacy tool with broader applicability to continual monitoring.

Abstract

We revisit Wald's celebrated Sequential Probability Ratio Test for sequential tests of two simple hypotheses, under privacy constraints. We propose DP-SPRT, a wrapper that can be calibrated to achieve desired error probabilities and privacy constraints, addressing a significant gap in previous work. DP-SPRT relies on a private mechanism that processes a sequence of queries and stops after privately determining when the query results fall outside a predefined interval. This OutsideInterval mechanism improves upon naive composition of existing techniques like AboveThreshold, achieving a factor-of-2 privacy improvement and thus potentially benefiting other continual monitoring procedures. We prove generic upper bounds on the error and sample complexity of DP-SPRT that can accommodate various noise distributions based on the practitioner's privacy needs. We exemplify them in two settings: Laplace noise (pure Differential Privacy) and Gaussian noise (Rényi differential privacy). In the former setting, by providing a lower bound on the sample complexity of any $\varepsilon$-DP test with prescribed type I and type II errors, we show that DP-SPRT is near optimal when both errors are small and the two hypotheses are close. Moreover, we conduct an experimental study revealing its good practical performance.

Figures (5)

• Figure 1: Experimental results for different DP-SPRT variants: (a) Average sample size as privacy parameter varies for $\alpha=\beta=0.05$; (b) Empirical Type I error probability vs. privacy parameter. Error bars represent 95% percentile intervals over 1000 trials.
• Figure 2: Sample complexity for different methods across problem instances with $\alpha = \beta = 0.05$ and $\varepsilon = 1$. Top: Under $\mathcal{H}_0$. Bottom: Under $\mathcal{H}_1$.
• Figure 3: Sample complexity for different methods with varying target error probabilities at $\varepsilon = 1$ and $\alpha = \beta \in \{0.01, 0.05, 0.1\}$. Top: Instance 1 under $\mathcal{H}_0$. Bottom: Instance 2 under $\mathcal{H}_0$.
• Figure 4: Sample complexity for different privacy parameters with $\alpha = \beta = 0.05$ and $\varepsilon \in \{0.1, 1, 5\}$. Top: Instance 1 under $\mathcal{H}_0$. Bottom: Instance 2 under $\mathcal{H}_0$.
• Figure 5: Histogram of stopping times for DP-SPRT with Laplace noise, tuned DP-SPRT, and PrivSPRT with $\alpha = \beta = 0.1$ and $\varepsilon = 1$. Each row shows results under $\mathcal{H}_0$ (left) and $\mathcal{H}_1$ (right) for different instances. Top row: Instance 1. Middle row: Instance 2. Bottom row: Instance 3. Dashed lines indicate mean stopping times.

Theorems & Definitions (19)

• Definition 1: ($\alpha,\beta$)-Correct Sequential Test
• Definition 2: Neighboring Observation Sequences
• Definition 3: Differentially Private Sequential Test
• Definition 4: Noise-adding Mechanism
• Theorem 1
• Theorem 2: Privacy
• Theorem 3: Correctness of DP-SPRT
• Theorem 4: Sample Complexity of DP-SPRT
• Corollary 1: Sample Complexity of DP-SPRT with Laplace Noise
• Theorem 5: Lower Bound for Private Sequential Tests