Differential Privacy via Distributionally Robust Optimization

TL;DR

This paper introduces a novel class of differentially private mechanisms with non-asymptotic optimality guarantees, formulated through distributionally robust optimization, and demonstrates their superior performance over existing methods.

Contribution

It develops a new framework for designing differentially private mechanisms using distributionally robust optimization with strong duality, providing non-asymptotic optimality guarantees.

Findings

Mechanisms outperform previous best results on benchmark problems.

Finite-dimensional bounds can be computed efficiently via cutting plane methods.

The approach offers non-asymptotic, unconditional optimality guarantees.

Abstract

In recent years, differential privacy has emerged as the de facto standard for sharing statistics of datasets while limiting the disclosure of private information about the involved individuals. This is achieved by randomly perturbing the statistics to be published, which in turn leads to a privacy-accuracy trade-off: larger perturbations provide stronger privacy guarantees, but they result in less accurate statistics that offer lower utility to the recipients. Of particular interest are therefore optimal mechanisms that provide the highest accuracy for a pre-selected level of privacy. To date, work in this area has focused on specifying families of perturbations a priori and subsequently proving their asymptotic and/or best-in-class optimality. In this paper, we develop a class of mechanisms that enjoy non-asymptotic and unconditional optimality guarantees. To this end, we formulate the mechanism design problem as an infinite-dimensional distributionally robust optimization problem. We show that the problem affords a strong dual, and we exploit this duality to develop converging hierarchies of finite-dimensional upper and lower bounding problems. Our upper (primal) bounds correspond to implementable perturbations whose suboptimality can be bounded by our lower (dual) bounds. Both bounding problems can be solved within seconds via cutting plane techniques that exploit the inherent problem structure. Our numerical experiments demonstrate that our perturbations can outperform the previously best results from the literature on artificial as well as standard benchmark problems.