Sequentially Auditing Differential Privacy
This provides a more efficient and practical solution for verifying differential privacy in real-world applications, addressing a key bottleneck in privacy auditing.
The authors tackled the problem of auditing differential privacy guarantees in black-box mechanisms by proposing a sequential test that processes output streams with anytime-valid inference and controlled Type I error, reducing required sample sizes from 50K to a few hundred examples and detecting violations in under one training run for DP-SGD.
We propose a practical sequential test for auditing differential privacy guarantees of black-box mechanisms. The test processes streams of mechanisms' outputs providing anytime-valid inference while controlling Type I error, overcoming the fixed sample size limitation of previous batch auditing methods. Experiments show this test detects violations with sample sizes that are orders of magnitude smaller than existing methods, reducing this number from 50K to a few hundred examples, across diverse realistic mechanisms. Notably, it identifies DP-SGD privacy violations in \textit{under} one training run, unlike prior methods needing full model training.