Bar Mahpud

Bar Mahpud, Or Sheffet

We study the problem of learning exponential distributions under differential privacy. Given $n$ i.i.d.\ samples from $\mathrm{Exp}(λ)$, the goal is to privately estimate $λ$ so that the learned distribution is close in total variation distance to the truth. We present a simple pure $ε$-differentially private algorithm that avoids the classical dependence on the true value of $λ$. Our method leverages a structural property of the exponential distribution: its $(1-1/e)$-quantile equals $1/λ$, allowing us to estimate the rate parameter directly via private quantile estimation. The resulting learner is both conceptually simple and sample-efficient, achieving near-optimal guarantees. We further extend the method to Pareto distributions via a logarithmic reduction, prove nearly matching lower bounds using group privacy arguments, and show how approximate $(ε,δ)$-DP removes the need for externally supplied parameter bounds. Together, these results give the first tight characterization of exponential distribution learning under differential privacy using a simple $λ$-free approach.

Coby Penso, Bar Mahpud, Jacob Goldberger et al.

Conformal prediction (CP) provides sets of candidate classes with a guaranteed probability of containing the true class. However, it typically relies on a calibration set with clean labels. We address privacy-sensitive scenarios where the aggregator is untrusted and can only access a perturbed version of the true labels. We propose two complementary approaches under local differential privacy (LDP). In the first approach, users do not access the model but instead provide their input features and a perturbed label using a k-ary randomized response. In the second approach, which enforces stricter privacy constraints, users add noise to their conformity score by binary search response. This method requires access to the classification model but preserves both data and label privacy. Both approaches compute the conformal threshold directly from noisy data without accessing the true labels. We prove finite-sample coverage guarantees and demonstrate robust coverage even under severe randomization. This approach unifies strong local privacy with predictive uncertainty control, making it well-suited for sensitive applications such as medical imaging or large language model queries, regardless of whether users can (or are willing to) compute their own scores.

Bar Mahpud, Or Sheffet

We study the problem of differentially private second moment estimation and present a new algorithm that achieve strong privacy-utility trade-offs even for worst-case inputs under subsamplability assumptions on the data. We call an input $(m,α,β)$-subsamplable if a random subsample of size $m$ (or larger) preserves w.p $\geq 1-β$ the spectral structure of the original second moment matrix up to a multiplicative factor of $1\pm α$. Building upon subsamplability, we give a recursive algorithmic framework similar to Kamath et al 2019, that abides zero-Concentrated Differential Privacy (zCDP) while preserving w.h.p. the accuracy of the second moment estimation upto an arbitrary factor of $(1\pmγ)$. We then show how to apply our algorithm to approximate the second moment matrix of a distribution $\mathcal{D}$, even when a noticeable fraction of the input are outliers.