Privacy Amplification by Subsampling: Tight Analyses via Couplings and Divergences [article]

Borja Balle and Gilles Barthe and Marco Gaboardi
2018 arXiv   pre-print
Differential privacy comes equipped with multiple analytical tools for the design of private data analyses. One important tool is the so-called "privacy amplification by subsampling" principle, which ensures that a differentially private mechanism run on a random subsample of a population provides higher privacy guarantees than when run on the entire population. Several instances of this principle have been studied for different random subsampling methods, each with an ad-hoc analysis. In this
more » ... aper we present a general method that recovers and improves prior analyses, yields lower bounds and derives new instances of privacy amplification by subsampling. Our method leverages a characterization of differential privacy as a divergence which emerged in the program verification community. Furthermore, it introduces new tools, including advanced joint convexity and privacy profiles, which might be of independent interest.
arXiv:1807.01647v2 fatcat:cx5ov4b5ifgc3mif7p77w6uvaq