Composition for Pufferfish Privacy

TL;DR

This paper introduces conditions to ensure the composability of Pufferfish privacy mechanisms, linking them to differential privacy, and demonstrates improved algorithms for Markov chains.

Contribution

It provides necessary and sufficient conditions for Pufferfish privacy to compose linearly, bridging it with differential privacy and enabling practical, composable privacy algorithms.

Findings

Conditions for linear composition of Pufferfish mechanisms

Translation of Pufferfish to differential privacy frameworks

Improved algorithms for Markov chain privacy

Abstract

When creating public data products out of confidential datasets, inferential/posterior-based privacy definitions, such as Pufferfish, provide compelling privacy semantics for data with correlations. However, such privacy definitions are rarely used in practice because they do not always compose. For example, it is possible to design algorithms for these privacy definitions that have no leakage when run once but reveal the entire dataset when run more than once. We prove necessary and sufficient conditions that must be added to ensure linear composition for Pufferfish mechanisms, hence avoiding such privacy collapse. These extra conditions turn out to be differential privacy-style inequalities, indicating that achieving both the interpretable semantics of Pufferfish for correlated data and composition benefits requires adopting differentially private mechanisms to Pufferfish. We show that such translation is possible through a concept called the $(a,b)$-influence curve, and many existing differentially private algorithms can be translated with our framework into a composable Pufferfish algorithm. We illustrate the benefit of our new framework by designing composable Pufferfish algorithms for Markov chains that significantly outperform prior work.