Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Composition Theorems for Multiple Differential Privacy Constraints

Cemre Cadir, Salim Najib, Yanina Y. Shkel

Abstract

The exact composition of mechanisms for which two differential privacy (DP) constraints hold simultaneously is studied. The resulting privacy region admits an exact representation as a mixture over compositions of mechanisms of heterogeneous DP guarantees, yielding a framework that naturally generalizes to the composition of mechanisms for which any number of DP constraints hold. This result is shown through a structural lemma for mixtures of binary hypothesis tests. Lastly, the developed methodology is applied to approximate $f$-DP composition.

Composition Theorems for Multiple Differential Privacy Constraints

Abstract

The exact composition of mechanisms for which two differential privacy (DP) constraints hold simultaneously is studied. The resulting privacy region admits an exact representation as a mixture over compositions of mechanisms of heterogeneous DP guarantees, yielding a framework that naturally generalizes to the composition of mechanisms for which any number of DP constraints hold. This result is shown through a structural lemma for mixtures of binary hypothesis tests. Lastly, the developed methodology is applied to approximate -DP composition.
Paper Structure (31 sections, 11 theorems, 140 equations, 3 figures, 1 algorithm)

This paper contains 31 sections, 11 theorems, 140 equations, 3 figures, 1 algorithm.

Table of Contents

  1. Introduction
  2. Differential Privacy and f-DP
  3. Composition Theorems
  4. Our Contributions
  5. Preliminaries
  6. Hypothesis Testing and $f$-DP
  7. Privacy Regions
  8. Mixture of Hypothesis Tests
  9. Composition Theorems
  10. Heterogeneous Composition
  11. Composition Theorem for Double-DP Constraints
  12. A Method for Approximating $f$-DP Composition
  13. $f$-DP approximation from below
  14. $f$-DP approximation from above
  15. Example: Gaussian Mechanism
  16. ...and 16 more sections

Key Result

Lemma 1

Let $f_i = f(P^i,Q^i)$ be the trade-off function for $\mathcal{H}^i$. The trade-off function $f_m = f(P,Q)$ of $\mathcal{H}_m$ satisfies

Figures (3)

  • Figure 1: The trade-off functions $f_{1.3,0}$ and $f_{0.5,0.2}$, and their mixture with weights $\alpha_i = 0.5$. The mixture region does not necessarily include the union of the original regions. Likewise, it is not necessarily included in the union of the original regions.
  • Figure 2: The privacy region of $(\boldsymbol{\varepsilon}, \boldsymbol{\delta})$-DP under $k$-fold composition with $\boldsymbol{\varepsilon} = (0.3, 0.15)$, $\boldsymbol{\delta} = (0, 0.02)$ and $k \in \{3, 20\}$, as computed according to our result (Theorems 2-3) and prior works in Remarks \ref{['remark:intersection_single_dp']} and \ref{['remark:intersection_dptv']}. It is apparent that the previous bounds are close to the exact privacy region in the high privacy regime and with small $k$. As $k$ increases, these approximations rapidly worsen.
  • Figure 3: Privacy region of Gaussian mechanism with $\mu=1$ ($G_1$-DP) under $k$-fold composition for $k \in \{3,10\}$. The exact composition of $k$$G_\mu$-DP mechanisms is $G_{\mu\sqrt{k}}$-DP fdp. Lower and upper approximations are computed according to Propositions \ref{['prop:approx_below']} and \ref{['prop:approx_above']}, through double-DP composition in Theorems \ref{['thm:main']} and \ref{['thm:alt-main']}. Observe that the best approximation from below of $G_1$ is not a DP-TV trade-off function, improving on the approximation in dptv.

Theorems & Definitions (26)

  • Definition 1: Differential Privacy dwork2006calibratingdwork2006our
  • Definition 2: Privacy Region
  • Definition 3: Composition region for multiple DP constraints
  • Definition 4: Heterogeneous composition region
  • Lemma 1
  • proof
  • Corollary 1
  • Theorem 1
  • proof
  • Remark 1
  • ...and 16 more