🤖 AI Summary
This work addresses critical limitations of the conventional discrete Gaussian mechanism in differential privacy, which is vulnerable to floating-point precision issues and demands substantial high-quality randomness. The authors propose the dithered Gaussian mechanism, which decouples randomness into a privacy-critical high-quality component and a non-critical, computationally efficient component through output-side discretization and dual-source randomization. This approach preserves the theoretical privacy guarantees of the standard Gaussian mechanism while eliminating floating-point security vulnerabilities. Notably, it drastically reduces the requirement for high-quality random bits—rendering this demand independent of noise magnitude—and enables cryptographically secure noise generation in DP-SGD with minimal computational overhead, thereby achieving a strong balance between security and practicality.
📝 Abstract
We present the dithered Gaussian mechanism, a novel alternative to the discrete Gaussian mechanism for differential privacy that discretizes the private output rather than the noise distribution itself. By interpreting this discretization as post-processing of the Gaussian mechanism, our construction directly inherits the privacy guarantees of the standard Gaussian mechanism while avoiding vulnerabilities caused by finite-precision floating-point outputs. We show that the mechanism is provably randomness-efficient: by sampling the discretized output values directly, the number of high-quality random bits required for privacy can be reduced significantly and made independent of the noise level. This is achieved by separating the randomness into two sources: a high-quality source used for the privacy-critical sampling step, and a high-performance public source, possibly known to the adversary, that supplies the additional randomness needed for randomized discretization. This separation enables the use of cryptographically secure randomness without substantial performance loss. As an application, we study model training with DP-SGD and show that cryptographically secure noise generation with reduced exposure to floating-point vulnerabilities can be achieved with modest practical overhead.