Generalized Differential Privacy

• Generalized differential privacy is a framework that extends standard DP to handle complex output structures, dataset-dependent preferences, and specialized utility metrics.
• It encompasses methods like rainbow DP, integer subspace DP, and Rényi DP that model outputs via graph structures, constrained lattices, and tunable divergence measures.
• These approaches enable practical, privacy-preserving data analysis in settings from categorical queries to Bayesian inference while ensuring rigorous privacy guarantees.

Generalized @@@@1@@@@ encompasses a class of privacy notions and mechanisms that extend standard differential privacy (DP) to new contexts beyond simple neighbor-based data changes. These frameworks address situations with complex output structures, dataset-dependent output preferences, external invariants, and specialized utility metrics, enabling exactly optimal or compositional privacy guarantees in diverse data curation and analysis scenarios.

1. Structural Generalizations: Rainbow Differential Privacy

Rainbow differential privacy models datasets as nodes of a graph $G = (\mathcal{D}, \sim)$, where each node (dataset) may prefer certain outputs according to a "rainbow"—a total ordering $c \in \mathrm{Sym}(\mathcal{V})$ over a finite output set $\mathcal{V}$ of size $q$. The preference function $$f: \mathcal{D} \rightarrow \mathrm{Sym}(\mathcal{V})$$ partitions the graph into regions $B^c = \{d \in \mathcal{D} : f(d) = c\}$, each interior-separated from its boundary $\partial B^c$. This formalism enables precise reasoning about privacy in settings where output preferences vary by dataset, such as majority-vote queries or categorical histograms with personalized biases (Gu et al., 2023).

Optimal $(\epsilon, \delta)$-DP mechanisms within this framework are determined via the boundary condition of each region, specifically in cases with homogeneous boundaries—where all boundary nodes of a region share a common probability vector $m^c \in \Delta(\mathcal{V})$. The existence and uniqueness theorem asserts that when boundary parameters $\{m^c\}_c$ satisfy $(\epsilon, \delta)$-closeness across adjacent regions, there exists a unique dominance-maximal mechanism extending those boundaries (Gu et al., 2023). The construction reduces the problem to line graphs, leveraging the operator $T_{\epsilon, \delta}$ on probability simplices:

$$s'_k = \min\left\{1, \min\left\{e^\epsilon s_k,\, 1 - e^{-\epsilon}(1-s_k)\right\} + \delta\right\}$$

Iterating $T_{\epsilon, \delta}$ produces closed-form solutions along chain graphs. The optimality is strictly stronger than prior results, generalizing from 2 or 3 outputs and lexicographic orders to arbitrary finite $q$ and dominance orders.

2. Integer and Invariant Generalizations: Integer Subspace Differential Privacy

Integer subspace differential privacy addresses settings where data products must adhere to external invariants and integer-valued constraints—e.g., fixed marginal sums in contingency tables or mandated total counts in census releases. Given constraints $A = \{A_1, \ldots, A_k\}$, any noise-perturbed output $y$ must respect $\sum_{i \in A_\ell} y_i = \sum_{i \in A_\ell} x_i$ for $\ell=1,\ldots,k$. The feasible noise vectors belong to a lattice $\Lambda_A$ constructed from the null-space of these constraints via a full-rank integer matrix $T_A$ (Dharangutte et al., 2022).

A mechanism $M : \mathbb{N}^d \rightarrow \mathbb{Z}^d$ is $(\epsilon, \delta)$-integer-subspace-DP if it is $A$-invariant and, for all $x \equiv_A x'$ and measurable $S$,

$$\Pr[M(x)\in S] \leq e^{\epsilon \|x - x'\|} \Pr[M(x')\in S] + \frac{e^{\epsilon \|x-x'\|} - 1}{e^\epsilon - 1}\,\delta$$

This framework retains composition and post-processing properties analogous to standard DP, while enabling unbiased, integer-valued noise addition conforming to invariants.

Generalized Laplace and Gaussian mechanisms are defined over $\Lambda_A$:

Mechanism	Distribution Over Lattice	Error Tail Bound
Generalized Laplace	$\propto \exp(-\epsilon\|v\|)$	$K t^{d-k} e^{-\epsilon t}$
Generalized Gaussian	$\propto \exp(-\|v\|_2^2/(2\sigma^2))$	$K t^{d-k} e^{-t^2/(2\sigma^2)}$

Here $d-k$ is lattice rank and $K$ is a constant depending on $T_A$; both mechanisms are unbiased and guarantee strong accuracy bounds (Dharangutte et al., 2022).

3. Generalized Privacy Loss Metrics: Rényi Differential Privacy

Rényi differential privacy (RDP) expands the DP framework by quantifying privacy loss via Rényi divergence $D_\alpha$, which interpolates between average-case ($\alpha \to 1$) and worst-case ($\alpha \to \infty$) privacy. RDP guarantees can be converted to approximate DP via

$$\epsilon_{DP} = \epsilon(\alpha) + \frac{\log(1/\delta)}{\alpha-1}$$

and compose additively under adaptive or parallel composition (Geumlek et al., 2017).

RDP mechanisms provide tunable privacy-utility trade-offs, especially in Bayesian posterior sampling. For exponential-family models:

• Direct posterior sampling yields finite $\epsilon$ at all $\alpha < \alpha^*$ for $\Delta$-bounded families,
• Tunable privacy via diffused-posteriors (reducing data impact) or concentrated-posteriors (amplifying prior),
• For GLMs (logistic regression), both diffuse and concentrate methods can realize arbitrary $(\alpha, \epsilon)$ RDP guarantees (Geumlek et al., 2017).

4. Mechanism Construction and Analytical Techniques

In rainbow DP, optimal extension is realized via graph collapsing to boundary-line representations and recursive application of $T_{\epsilon, \delta}$. Integer subspace DP requires sampling from highly constrained noise distributions within lattices, addressed via a Gibbs-within-Metropolis MCMC:

Convergence is empirically assessed using $L$-lag coupling, bounding total variation distance to equilibrium via the expected meeting time of coupled chains.

RDP mechanisms rely on analysis of Rényi divergence among posteriors and control of privacy via adjustment of prior and likelihood parameters. The mechanisms exhibit theoretical guarantees (error, bias, tail decay) and practical finetunability through utilities computed on held-out datasets and KL divergence between distributions.

5. Empirical Validation and Applied Contexts

Empirical results across synthetic histograms (with overlapping invariants), contingency tables (fixed margins), and census county-level aggregates confirm mechanism feasibility, unbiasedness, and tail accuracy (mixing scales for Laplace, Gaussian under $\ell_1$, $\ell_2$ norms) (Dharangutte et al., 2022). Rainbow DP applications include categorical query mechanisms with individual ordering preferences (Gu et al., 2023).

In Bayesian privacy, posterior sampling methods—diffuse and concentrate samplers—outperform classical approaches on real datasets (Abalone, Adult, MNIST), maintaining superior utility metrics at controlled privacy levels (Geumlek et al., 2017).

6. Limitations and Open Questions

Rainbow DP mechanisms require homogeneous boundary conditions for unique optimality; counterexamples demonstrate non-existence of a global optimal mechanism in heterogeneous boundary scenarios (Gu et al., 2023). Integer subspace DP mechanisms entail computational challenges scaling with lattice rank and constraint intersection. RDP-based mechanisms require careful parameter tuning and remain sensitive to prior informativeness and posterior concentration.

Open directions include extension to continuous outputs (stochastic dominance in rainbow DP), computational complexity in large-scale graphs or lattice structures, exploration of weaker dominance orders, and mechanisms under alternative privacy relaxations.

7. Synthesis and Directions

Generalized differential privacy unifies several strands—structural graph-based DP, invariant- and integer-constrained DP, and generalized loss metrics (RDP)—into mechanisms tailored for complex, real-world data stewardship. These frameworks maintain rigorous privacy guarantees while precisely respecting user or system constraints, utility preferences, and empirical validation. Further theoretical and practical development is anticipated, with numerous applications across statistical data release, Bayesian analysis, and personalized query mechanisms.