This work addresses the challenge of formally verifying or automatically refuting ε-differential privacy (ε-DP) in complex mechanisms involving both discrete and continuous random sampling. To this end, the authors propose a fully automated refutation method based on upper-expectation supermartingales and lower-expectation submartingales. The approach simultaneously searches for a pair of inputs violating ε-DP and a non-negative output function that witnesses the violation, leveraging expected divergence to construct a sound and semi-complete proof rule. This is the first technique to enable fully automated ε-DP refutation with guarantees of soundness and semi-completeness while supporting mixed distributions. The prototype tool, SuperDP, outperforms existing methods on several challenging benchmarks, successfully disproving ε-DP for mechanisms previously beyond the reach of automated analysis.

Differential privacy (DP) has established itself as one of the standards for ensuring privacy of individual data. However, reasoning about DP is a challenging and error-prone task, hence methods for formal verification and refutation of DP properties have received significant interest in recent years. In this work, we present a novel method for automated formal refutation of $ε$-DP. Our method refutes $ε$-DP by searching for a pair of inputs together with a non-negative function over outputs whose expected value on these two inputs differs by a significant amount. The two inputs and the non-negative function over outputs are computed simultaneously, by utilizing upper expectation supermartingales and lower expectation submartingales from probabilistic program analysis, which we leverage to introduce a sound and complete proof rule for $ε$-DP refutation. To the best of our knowledge, our method is the first method for $ε$-DP refutation to offer the following four desirable features: (1)~it is fully automated, (2)~it is applicable to stochastic mechanisms with sampling instructions from both discrete and continuous distributions, (3)~it provides soundness guarantees, and (4)~it provides semi-completeness guarantees. Our experiments show that our prototype tool SuperDP achieves superior performance compared to the state of the art and manages to refute $ε$-DP for a number of challenging examples collected from the literature, including ones that were out of the reach of prior methods.