Individual Privacy Accounting via a Renyi Filter

We consider a sequential setting in which a single dataset of individuals is used to perform adaptively-chosen analyses, while ensuring that the differential privacy loss of each participant does not exceed a pre-specified privacy budget. The standard approach to this problem relies on bounding a worst-case estimate of the privacy loss over all individuals and all possible values of their data, for every single analysis. Yet, in many scenarios this approach is overly conservative, especially for "typical" data points which incur little privacy loss by participation in most of the analyses. In this work, we give a method for tighter privacy loss accounting based on the value of a personalized privacy loss estimate for each individual in each analysis. The accounting method relies on a new composition theorem for R\'enyi differential privacy, which allows adaptively-chosen privacy parameters. We apply our results to the analysis of noisy gradient descent and show how existing algorithms can be generalized to incorporate individual privacy accounting and thus achieve a better privacy-utility tradeoff.

[1]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[2]  David M. Sommer,et al.  Privacy Loss Classes: The Central Limit Theorem in Differential Privacy , 2019, IACR Cryptol. ePrint Arch..

[3]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2016, J. Priv. Confidentiality.

[4]  Yu-Xiang Wang,et al.  Per-instance Differential Privacy , 2017, J. Priv. Confidentiality.

[5]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[6]  Seth Neel,et al.  Accuracy First: Selecting a Differential Privacy Level for Accuracy Constrained ERM , 2017, NIPS.

[7]  Dawn Song,et al.  Towards Practical Differentially Private Convex Optimization , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[8]  Moni Naor,et al.  Differential privacy under continual observation , 2010, STOC '10.

[9]  Aaron Roth,et al.  Privacy Odometers and Filters: Pay-as-you-Go Composition , 2016, NIPS.

[10]  Badih Ghazi,et al.  Large-Scale Differentially Private BERT , 2021, EMNLP.

[11]  Mathias L'ecuyer,et al.  Practical Privacy Filters and Odometers with Rényi Differential Privacy and Applications to Differentially Private Deep Learning , 2021, ArXiv.

[12]  Sofya Raskhodnikova,et al.  Smooth sensitivity and sampling in private data analysis , 2007, STOC '07.

[13]  Thomas Steinke,et al.  Concentrated Differential Privacy: Simplifications, Extensions, and Lower Bounds , 2016, TCC.

[14]  Moni Naor,et al.  On the complexity of differentially private data release: efficient algorithms and hardness results , 2009, STOC '09.

[15]  Kevin A. Lai,et al.  Differential Privacy for Growing Databases , 2018, NeurIPS.

[16]  Salil P. Vadhan,et al.  The Complexity of Computing the Optimal Composition of Differential Privacy , 2015, IACR Cryptol. ePrint Arch..

[17]  Raef Bassily,et al.  Algorithmic stability for adaptive data analysis , 2015, STOC.

[18]  Pramod Viswanath,et al.  The Composition Theorem for Differential Privacy , 2013, IEEE Transactions on Information Theory.

[19]  Toniann Pitassi,et al.  Preserving Statistical Validity in Adaptive Data Analysis , 2014, STOC.

[20]  Aaron Roth,et al.  Gaussian differential privacy , 2019, Journal of the Royal Statistical Society: Series B (Statistical Methodology).

[21]  David Durfee,et al.  Individual Sensitivity Preprocessing for Data Privacy , 2018, SODA.

[22]  Toniann Pitassi,et al.  Generalization in Adaptive Data Analysis and Holdout Reuse , 2015, NIPS.

[23]  Guy N. Rothblum,et al.  Concentrated Differential Privacy , 2016, ArXiv.

[24]  Thomas Steinke,et al.  Calibrating Noise to Variance in Adaptive Data Analysis , 2017, COLT.

[25]  Aaron Roth,et al.  Selling privacy at auction , 2010, EC '11.

[26]  Graham Cormode,et al.  Opacus: User-Friendly Differential Privacy Library in PyTorch , 2021, ArXiv.

[27]  David Sands,et al.  Differential Privacy , 2015, POPL.

[28]  Úlfar Erlingsson,et al.  Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity , 2018, SODA.

[29]  Ryan M. Rogers,et al.  Bounding, Concentrating, and Truncating: Unifying Privacy Loss Composition for Data Analytics , 2020, ALT.

[30]  Cynthia Dwork,et al.  Differential privacy and robust statistics , 2009, STOC '09.

[31]  Omer Reingold,et al.  Bounded-Leakage Differential Privacy , 2020, FORC.

[32]  Ilya Mironov,et al.  Rényi Differential Privacy , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[33]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[34]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[35]  Guy N. Rothblum,et al.  Boosting and Differential Privacy , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.