English

Sequentially Auditing Differential Privacy

Cryptography and Security 2025-11-17 v2 Machine Learning Methodology

Abstract

We propose a practical sequential test for auditing differential privacy guarantees of black-box mechanisms. The test processes streams of mechanisms' outputs providing anytime-valid inference while controlling Type I error, overcoming the fixed sample size limitation of previous batch auditing methods. Experiments show this test detects violations with sample sizes that are orders of magnitude smaller than existing methods, reducing this number from 50K to a few hundred examples, across diverse realistic mechanisms. Notably, it identifies DP-SGD privacy violations in \textit{under} one training run, unlike prior methods needing full model training.

Keywords

Cite

@article{arxiv.2509.07055,
  title  = {Sequentially Auditing Differential Privacy},
  author = {Tomás González and Mateo Dulce-Rubio and Aaditya Ramdas and Mónica Ribero},
  journal= {arXiv preprint arXiv:2509.07055},
  year   = {2025}
}

Comments

Accepted in NeurIPS 2025

R2 v1 2026-07-01T05:27:09.241Z