The Composition Theorem for Differential Privacy
This foundational result addresses privacy concerns in sequential data analysis, with applications in multi-party computation, though it is incremental as it builds on existing differential privacy theory.
The paper tackles the problem of privacy degradation when sequentially querying differentially private mechanisms, providing a complete characterization of overall privacy as a function of query count and individual privacy levels by proving an upper bound and constructing mechanisms that achieve it.
Sequential querying of differentially private mechanisms degrades the overall privacy level. In this paper, we answer the fundamental question of characterizing the level of overall privacy degradation as a function of the number of queries and the privacy levels maintained by each privatization mechanism. Our solution is complete: we prove an upper bound on the overall privacy level and construct a sequence of privatization mechanisms that achieves this bound. The key innovation is the introduction of an operational interpretation of differential privacy (involving hypothesis testing) and the use of new data processing inequalities. Our result improves over the state-of-the-art, and has immediate applications in several problems studied in the literature including differentially private multi-party computation.