Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Natural Privacy Filters Are Not Always Free: A Characterization of Free Natural Filters

Matthew Regehr, Bingshan Hu, Ethan Leeman, Pasin Manurangsi, Pierre Tholoniat, Mathias Lécuyer

TL;DR

It is shown that only families of privacy mechanisms that are well-ordered when composed admit free natural privacy filters, contrary to other forms of DP, natural privacy filters are not free in general.

Abstract

We study natural privacy filters, which enable the exact composition of differentially private (DP) mechanisms with adaptively chosen privacy characteristics. Earlier privacy filters consider only simple privacy parameters such as Rényi-DP or Gaussian DP parameters. Natural filters account for the entire privacy profile of every query, promising greater utility for a given privacy budget. We show that, contrary to other forms of DP, natural privacy filters are not free in general. Indeed, we show that only families of privacy mechanisms that are well-ordered when composed admit free natural privacy filters.

Natural Privacy Filters Are Not Always Free: A Characterization of Free Natural Filters

TL;DR

It is shown that only families of privacy mechanisms that are well-ordered when composed admit free natural privacy filters, contrary to other forms of DP, natural privacy filters are not free in general.

Abstract

We study natural privacy filters, which enable the exact composition of differentially private (DP) mechanisms with adaptively chosen privacy characteristics. Earlier privacy filters consider only simple privacy parameters such as Rényi-DP or Gaussian DP parameters. Natural filters account for the entire privacy profile of every query, promising greater utility for a given privacy budget. We show that, contrary to other forms of DP, natural privacy filters are not free in general. Indeed, we show that only families of privacy mechanisms that are well-ordered when composed admit free natural privacy filters.
Paper Structure (11 sections, 30 theorems, 58 equations, 3 figures, 2 algorithms)

This paper contains 11 sections, 30 theorems, 58 equations, 3 figures, 2 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Query-Restricted Adversaries
  4. Characterizing the Natural Filter
  5. Notable implications
  6. PLD and $f$-DP filters are NOT free in general
  7. Families of mechanisms with free filters
  8. A Proof of \ref{['thm:well_ordering']}
  9. $f$-DP Results, Proofs and Special Cases
  10. Proof of \ref{['prop:piecewise-linear-composition']}
  11. A Simple Derivation of \ref{['thm:well_ordering']} for Approximate DP

Key Result

Proposition 1

A distribution $L$ on $\mathbb{R} \cup \{\infty\}$ is the PLD of some $(P, Q$) if and only if it satisfies $\mathop{\mathbb{E}}_{Z \sim L}[e^{-Z}] \leq 1$. In this case, one such pair is $(L, L')$ where $L'$ is the Esscher tilt of $L$, namely $dL'(z) := e^{-z} dL(z)$ for $z \in \mathbb{R}$ and $L'(\

Figures (3)

  • Figure 1: Counter examples to \ref{['thm:universal_free_natural_filter']} (\ref{['eq:thm-free-filter-fdp']}), showing that $f$-DP filters are NOT free in general (for the set of all tradeoff curves $\mathcal{T}$), or when choosing adaptively among the set of $(\varepsilon, \delta)$-DP mechanisms. This is true even if $f\in\mathcal{F}$.
  • Figure 2: $\varepsilon$-DP mechanisms are well ordered, but not closed under composition. If $\mathcal{F} = \{ f_\varepsilon: \ \varepsilon \geq 0 \}$, then $\mathcal{F}^2 \subset \mathcal{F}^\infty$ is not well ordered (\ref{['subfig:pure-dp-twosteps']}), and by \ref{['thm:well_ordering']} pure DP mechanisms do not admit an $f$-DP/PLD filter (\ref{['subfig:pure-dp-counter-example']}).
  • Figure 3: Counter example to free $f$-DP filters when $f$ is GDP (a) or approximate GDP (b).

Theorems & Definitions (60)

  • Definition 1
  • Definition 2
  • Definition 3
  • Proposition 1
  • Proposition 2
  • Proposition 3
  • Definition 4
  • Proposition 4: ZhuDW22 Lemma 9
  • Proposition 5
  • proof
  • ...and 50 more