The paper introduces an optimal black-box auditing framework using Donsker-Varadhan estimators to estimate Rényi differential privacy (RDP) guarantees for machine learning algorithms.

This paper corrects the theoretical analysis of DP-SGD by identifying that common implementations, which use batch averaging, result in weaker privacy guarantees than previously reported.

The paper introduces a novel realization-level privacy filtering approach that improves utility in differentially private data release by accounting for actual leakage rather than worst-case per-round…

The paper proposes a Quantitative Information Flow (QIF) framework to systematically and rigorously compare Local Differential Privacy (LDP) frequency estimation protocols, moving beyond simple $\vare…

The paper introduces Metric-Normalized Posterior Leakage (mPL), an attacker-aligned measure that provides a practical, certifiable privacy guarantee for machine learning systems consumed under joint o…

The paper introduces the PML envelope, a novel definition that provides a robust and operationally meaningful measure of information leakage about a secret, satisfying both post-processing robustness…

The paper develops a unified theoretical framework to systematically characterize the optimal privacy-utility trade-off (PUT) and optimal Local Differential Privacy (LDP) channels for general statisti…

This paper analyzes differential privacy auditing as a bilevel game, showing that naive audit designs fail to detect true harm when developers strategically respond, and proposes an optimal, single-le…

The paper introduces Zero-Run privacy auditing, a post-hoc framework that allows for practical differential privacy evaluation of large, deployed models without requiring retraining or controlled data…

The paper introduces 'mixture mechanisms,' a novel class of additive noise mechanisms that achieve approximate differential privacy by mixing multiple Gaussian distributions, resulting in lower noise…

The paper introduces 'mixture mechanisms,' a novel class of additive noise mechanisms that achieve differential privacy for real-valued queries, significantly reducing noise compared to the standard G…

This paper proposes two post-processing techniques, random selection and linear combination, to construct a model that satisfies any desired differential privacy level without retraining, given a set…

The paper introduces LLM-CEG, an extended framework that uses membership inference attack success rates and model perplexity to systematically audit and optimize the privacy-utility trade-off when fin…

This paper provides a comprehensive, system-level comparison of MPC and FHE for Privacy-Preserving Machine Learning (PPML) across various models and environments, moving beyond single-metric latency a…

This paper analyzes the reliability of efficient membership inference attack (MIA) evaluation methods, demonstrating that standard aggregation techniques introduce biases that compromise accurate vuln…

This paper demonstrates that standard privacy guarantees for multi-tenant RAG services fail when multiple accounts from the same tenant collude, proposing a novel audit protocol to quantify this joint…

The paper introduces ACE, a novel voting protocol that achieves end-to-end verifiability and strong voter privacy by combining tally-hiding aggregation with an Audit-or-Cast challenge, eliminating the…

This paper develops and analyzes two differentially private methods for answering counting queries on quantum-encoded datasets, demonstrating improved privacy guarantees and a quantum-safe approach fo…

The paper introduces the Generalized Thresholding Mechanism (GTM) to solve the generalized private testing problem in differential privacy, achieving near-optimal accuracy and sample complexity guaran…

The paper demonstrates that by introducing carefully designed correlations among locally added noise variables, local differential privacy mechanisms can achieve an estimation cost matching the optima…