English

Sequential Auditing for f-Differential Privacy

Cryptography and Security 2026-02-09 v1 Methodology Machine Learning

Abstract

We present new auditors to assess Differential Privacy (DP) of an algorithm based on output samples. Such empirical auditors are common to check for algorithmic correctness and implementation bugs. Most existing auditors are batch-based or targeted toward the traditional notion of (ε,δ)(\varepsilon,\delta)-DP; typically both. In this work, we shift the focus to the highly expressive privacy concept of ff-DP, in which the entire privacy behavior is captured by a single tradeoff curve. Our auditors detect violations across the full privacy spectrum with statistical significance guarantees, which are supported by theory and simulations. Most importantly, and in contrast to prior work, our auditors do not require a user-specified sample size as an input. Rather, they adaptively determine a near-optimal number of samples needed to reach a decision, thereby avoiding the excessively large sample sizes common in many auditing studies. This reduction in sampling cost becomes especially beneficial for expensive training procedures such as DP-SGD. Our method supports both whitebox and blackbox settings and can also be executed in single-run frameworks.

Keywords

Cite

@article{arxiv.2602.06518,
  title  = {Sequential Auditing for f-Differential Privacy},
  author = {Tim Kutta and Martin Dunsche and Yu Wei and Vassilis Zikas},
  journal= {arXiv preprint arXiv:2602.06518},
  year   = {2026}
}

Comments

19 pages, 19 figures

R2 v1 2026-07-01T10:23:57.331Z