Auditing Differential Privacy in the Black-Box Setting
This work addresses the challenge of verifying privacy guarantees in practical systems where internal mechanisms are unknown, which is crucial for ensuring compliance and trust in data-driven applications, though it is incremental in extending existing auditing methods.
The paper tackles the problem of auditing differential privacy in black-box settings by introducing a theoretical framework based on f-differential privacy and conformal inference, which robustly controls type I error and, under a monotone likelihood ratio assumption, also controls type II error, while establishing an impossibility result for simultaneous error control without assumptions.
This paper introduces a novel theoretical framework for auditing differential privacy (DP) in a black-box setting. Leveraging the concept of $f$-differential privacy, we explicitly define type I and type II errors and propose an auditing mechanism based on conformal inference. Our approach robustly controls the type I error rate under minimal assumptions. Furthermore, we establish a fundamental impossibility result, demonstrating the inherent difficulty of simultaneously controlling both type I and type II errors without additional assumptions. Nevertheless, under a monotone likelihood ratio (MLR) assumption, our auditing mechanism effectively controls both errors. We also extend our method to construct valid confidence bands for the trade-off function in the finite-sample regime.