Unified Enhancement of Privacy Bounds for Mixture Mechanisms via $f$-Differential Privacy

TL;DR

This paper advances the analysis of privacy bounds in mixture mechanisms for differential privacy by deriving closed-form trade-off functions using $f$-DP, improving privacy guarantees for shuffling models and DP-GD with random initialization.

Contribution

It introduces a new inequality for trade-off functions, enabling tighter privacy bounds for mixture mechanisms in $f$-DP, and demonstrates the privacy benefits of random initialization.

Findings

Closed-form trade-off functions for shuffling models outperform previous $(,)$-DP results.

Random initialization can enhance the privacy of one-iteration DP-GD.

New inequalities for trade-off functions imply joint convexity of $F$-divergences.

Abstract

Differentially private (DP) machine learning algorithms incur many sources of randomness, such as random initialization, random batch subsampling, and shuffling. However, such randomness is difficult to take into account when proving differential privacy bounds because it induces mixture distributions for the algorithm's output that are difficult to analyze. This paper focuses on improving privacy bounds for shuffling models and one-iteration differentially private gradient descent (DP-GD) with random initializations using $f$-DP. We derive a closed-form expression of the trade-off function for shuffling models that outperforms the most up-to-date results based on $(\epsilon,\delta)$-DP. Moreover, we investigate the effects of random initialization on the privacy of one-iteration DP-GD. Our numerical computations of the trade-off function indicate that random initialization can enhance the privacy of DP-GD. Our analysis of $f$-DP guarantees for these mixture mechanisms relies on an inequality for trade-off functions introduced in this paper. This inequality implies the joint convexity of $F$-divergences. Finally, we study an $f$-DP analog of the advanced joint convexity of the hockey-stick divergence related to $(\epsilon,\delta)$-DP and apply it to analyze the privacy of mixture mechanisms.