Better than Composition: How to Answer Multiple Relational Queries under Differential Privacy

Answering relational queries under differential privacy has attracted a lot of attention in recent years due to growing concerns on personal privacy, and instance-optimal mechanisms have been developed for a single query. However, most real-world data analytical tasks require multiple queries to be answered under a total privacy budget. The standard solution to extend the single-query mechanism to multiple queries is via privacy composition. However, we observe that this may yield an error bound that could be a √ 𝑑-factor worse from the optimal, where 𝑑 is the number of queries. In this paper, we present a different, more holistic approach that closes this gap. In addition to theoretical optimality, our new mechanism also significantly outperforms privacy composition in practice, especially on more skewed data and large 𝑑. CCS CONCEPTS • Information systems → Database query processing; • Security and privacy → Database and storage security; • Theory of computation → Theory of database privacy and security.