We propose the \emph{Target Charging Technique} (TCT), a unified privacy accounting framework for interactive settings where a sensitive dataset is accessed multiple times using differentially private algorithms. Unlike traditional composition, where privacy guarantees deteriorate quickly with the number of accesses, TCT allows computations that don't hit a specified \emph{target}, often the vast majority, to be essentially free (while incurring instead a small overhead on those that do hit their targets). TCT generalizes tools such as the sparse vector technique and top-$k$ selection from private candidates and extends their remarkable privacy accounting benefits from noisy Lipschitz functions to general private algorithms.
翻译:我们建议使用 \ emph{ target suffecting Technique} ( TCT ) ( TCT ), 用于互动设置的统一隐私核算框架, 即使用不同的私人算法多次访问敏感数据集。 与传统构成不同的是, 隐私保障随着访问次数的增多而迅速恶化, TCT 允许不击中指定的 \ emph{ target} 的计算基本上免费( 而不是给达到目标的人带来少量间接费用 ) 。 TCT 概括了一些工具, 如稀疏的矢量技术和从私人候选人中选择最高至一万美金的软件, 并将他们从噪音利普西茨 功能中获得的显著隐私会计利益推广到普通私人算法 。