Better Privacy Guarantees for Larger Groups

📅 2026-07-15
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses the challenge of providing stronger differential privacy guarantees for large-scale group counting under fixed disjoint groups and the “add/remove-one” adjacency model, while tolerating larger counting errors. To this end, the authors propose a count-dependent zero-concentrated differential privacy (zCDP) mechanism that combines shifted log-Gaussian noise with multi-count information-theoretic analysis and introduces a refined relative error utility condition. The main contribution is the construction of a mechanism achieving a privacy budget of \(O_r(n^{-2})\), complemented by a matching lower bound of \(\Omega_r(n^{-2})\) for any mechanism satisfying the proposed utility condition. This establishes the optimality of the inverse-square rate \(v(n) = \Theta(n^{-2})\) in this setting.
📝 Abstract
Pujol and Desfontaines asked whether a private histogram can allow more error on larger counts and use that slack to protect members of larger groups more strongly. We study this question for fixed disjoint groups under add-or-remove-one adjacency. The privacy budget $v(n)$ depends on the affected count, is nonincreasing, and must bound both Rényi-divergence directions at every order. This is the count-dependent form of zero-concentrated differential privacy (zCDP) studied here. The original strict relative-error condition is impossible at count zero. We therefore make the boundary tolerance explicit by requiring $\mathbb{E}\lvert\widehat{x}_i-x_i\rvert < r\max\{x_i,1\}$, without changing the requirement at any positive count. Our main result determines the best dependence on group size. For the upper bound, we directly specialize an existing shifted-transformation framework. The resulting shifted-log Gaussian mechanism has a certified budget $v(n)=O_r(n^{-2})$. Conversely, for every fixed $0<r<1$, any mechanism satisfying the same positive-count utility requirement and count-dependent zCDP must have $v(n)=Ω_r(n^{-2})$. Thus the inverse-square rate is optimal under the repaired formulation. A many-count information argument further places the leading coefficient in the large-count-then-small-error limit between $π/(4e^2)$ and $1/π$, a factor below three. At $r=1$, a data-independent release meets the repaired criterion with zero privacy loss.
Problem

Research questions and friction points this paper is trying to address.

differential privacy
privacy budget
histogram
group size
zero-concentrated differential privacy
Innovation

Methods, ideas, or system contributions that make the work stand out.

count-dependent zCDP
shifted-log Gaussian mechanism
optimal privacy-utility tradeoff
inverse-square rate
differential privacy for histograms
🔎 Similar Papers
No similar papers found.