Parallel Composition of ($\epsilon, \delta$) differential privacy

Question

I know that if there are $n$ functions $M_1, M_2, \cdots, M_n$ computed on disjoint subsets of the private database whose privacy guarantees are $\epsilon_1, \cdots ,\epsilon_n$ differential privacy, respectively, then any function $g$ of them: $g(M_1, \dots,M_n)$ is $$(\max_i \epsilon_i)$$differentially private.

This is known as the Parallel Composition Theorem.

My question is: does this Parellel Composition Theorem extend to $(\epsilon, \delta)$ differential privacy? In other words, is the following statement true?:

If there are $n$ functions $M_1, M_2, \cdots, M_n$ computed on disjoint subsets of the private database whose privacy guarantees are $(\epsilon_1, \delta_1), \cdots ,(\epsilon_n, \delta_n)$ differential privacy, respectively, then any function $g$ of them: $g(M_1, \dots,M_n)$ is $$(\max_i \epsilon_i, \max_i \delta_i)$$differentially private.

If this statement is NOT true, then what bounds are there are on the privacy of the composition function $g$.

score 1 · Answer 1 · answered Jul 23 '17 at 13:03

Your conjecture seems correct. If the sets are disjoint then the mapping $\bar{M} = (M_1,\dots,M_n)$ is $(\max(\epsilon_i),\max(\delta_i))$-DP. Note that for every database $D$ and any $x$, $\bar{M}(D)$ differs from $\bar{M}(D\setminus {x})$ in only one coordinate by the disjoint assumption, w.l.o.g., they differ in the $j$'th coordinate. Therefore, the difference between the density functions of $\bar{M}(D)$ and $\bar{M}(D\setminus {x})$ is the same as the difference between $M_j(D)$ and $M_j(D\setminus {x})$.

score 0 · Answer 2 · answered Apr 02 '25 at 19:11

For a proof of the case with $n=2$ (which generalizes to arbitrary $n \in \mathbb{N}$ by induction):

Let $x = x_1 \sqcup x_2, y = y_1 \sqcup y_2$ such that $x \sim y$.
Since $x \sim y$ (i.e. they differ by at most one entry) we have without loss of generality that $x_1 = y_1$.
Then for any Borel set $B = B_1 \times B_2$ and query $M = (M_1, M_2)$:

\begin{align*} P(M(x, Z) \in B) &= P(M_1(x_1, Z_1) \in B_1) P(M_2(x_2, Z_2) \in B_2)\\ &= P(M_1(y_1, Z_1) \in B_1) P(M_2(x_2, Z_2) \in B_2) & \text{since $x_1 = y_1$}\\ &\leq P(M_1(y_1, Z_1) \in B_1) (e^{\epsilon_2} P(M_2(x_2, Z_2) \in B_2) + \delta_2) & \text{$M_2$ is $(\epsilon_2, \delta_2)$-DP}\\ &= e^{\epsilon_2} P(M(y, Z) \in B) + \delta_2 & \text{since $P(x) \leq 1$}\\ &\leq e^{\max\{\epsilon_1, \epsilon_2\}} P(M(y, Z) \in B) + \max\{\delta_1, \delta_2\} \end{align*} i.e. $M$ is $$(\max\{\epsilon_1, \epsilon_2\}, \max\{\delta_1, \delta_2\})$$ approximately differentially private.

Parallel Composition of ($\epsilon, \delta$) differential privacy

2 Answers2