The Complexity of Verifying Loop-Free Programs as Differentially Private
This work addresses the computational complexity of privacy verification for a specific class of programs, which is incremental as it builds on prior results in differential privacy composition.
The paper tackles the problem of verifying differential privacy for loop-free programs with probabilistic choice, showing that deciding if a program satisfies ε-differential privacy is coNP^#P-complete, and approximating privacy levels is NP-hard and coNP-hard.
We study the problem of verifying differential privacy for loop-free programs with probabilistic choice. Programs in this class can be seen as randomized Boolean circuits, which we will use as a formal model to answer two different questions: first, deciding whether a program satisfies a prescribed level of privacy; second, approximating the privacy parameters a program realizes. We show that the problem of deciding whether a program satisfies $\varepsilon$-differential privacy is $coNP^{\#P}$-complete. In fact, this is the case when either the input domain or the output range of the program is large. Further, we show that deciding whether a program is $(\varepsilon,δ)$-differentially private is $coNP^{\#P}$-hard, and in $coNP^{\#P}$ for small output domains, but always in $coNP^{\#P^{\#P}}$. Finally, we show that the problem of approximating the level of differential privacy is both $NP$-hard and $coNP$-hard. These results complement previous results by Murtagh and Vadhan showing that deciding the optimal composition of differentially private components is $\#P$-complete, and that approximating the optimal composition of differentially private components is in $P$.