In black-box differential privacy (DP) auditing, existing single-run methods exhibit a substantial gap between empirically estimated lower bounds and theoretical upper bounds on the privacy parameter ε. Method: This paper proposes a novel membership inference attack (MIA) framework based on quantile regression—the first such integration in MIA—leveraging its capability to model prediction uncertainty to tighten empirical lower-bound estimation of ε under strict black-box access (i.e., only final model outputs). Contribution/Results: Evaluated on DP-SGD-trained image classifiers on CIFAR-10, our method significantly narrows the gap between empirical lower bounds and theoretical ε, achieving higher auditing accuracy than state-of-the-art single-run approaches without incurring additional training overhead. The core contribution is the pioneering synthesis of quantile regression with MIA, enabling efficient, tight, and empirically grounded black-box DP auditing.

Differential privacy (DP) auditing aims to provide empirical lower bounds on the privacy guarantees of DP mechanisms like DP-SGD. While some existing techniques require many training runs that are prohibitively costly, recent work introduces one-run auditing approaches that effectively audit DP-SGD in white-box settings while still being computationally efficient. However, in the more practical black-box setting where gradients cannot be manipulated during training and only the last model iterate is observed, prior work shows that there is still a large gap between the empirical lower bounds and theoretical upper bounds. Consequently, in this work, we study how incorporating approaches for stronger membership inference attacks (MIA) can improve one-run auditing in the black-box setting. Evaluating on image classification models trained on CIFAR-10 with DP-SGD, we demonstrate that our proposed approach, which utilizes quantile regression for MIA, achieves tighter bounds while crucially maintaining the computational efficiency of one-run methods.