Differentially private computation often begins with a bound on some $d$-dimensional statistic's $\ell_p$ sensitivity. For pure differential privacy, the $K$-norm mechanism can improve on this approach using a norm tailored to the statistic's sensitivity space. Writing down a closed-form description of this optimal norm is often straightforward. However, running the $K$-norm mechanism reduces to uniformly sampling the norm's unit ball; this ball is a $d$-dimensional convex body, so general sampling algorithms can be slow. Turning to concentrated differential privacy, elliptic Gaussian noise offers similar improvement over spherical Gaussian noise. Once the shape of this ellipse is determined, sampling is easy; however, identifying the best such shape may be hard. This paper solves both problems for the simple statistics of sum, count, and vote. For each statistic, we provide a sampler for the optimal $K$-norm mechanism that runs in time $\tilde O(d^2)$ and derive a closed-form expression for the optimal shape of elliptic Gaussian noise. The resulting algorithms all yield meaningful accuracy improvements while remaining fast and simple enough to be practical. More broadly, we suggest that problem-specific sensitivity space analysis may be an overlooked tool for private additive noise.

翻译：差分隐私计算通常从对某个$d$维统计量的$\ell_p$敏感度进行界定的方法入手。对于纯差分隐私，K-范数机制可以通过使用针对统计量敏感度空间定制的范数来改进该方法。写出最优范数的闭式表达式通常较为直接。然而，运行K-范数机制需要均匀采样该范数的单位球；该球是一个$d$维凸体，因此通用采样算法可能较慢。转向集中差分隐私，椭圆高斯噪声相比球面高斯噪声能带来类似的改进。一旦确定了该椭圆的形状，采样变得容易；然而，确定最优形状可能较为困难。本文针对求和、计数与投票这三种简单统计量解决了上述问题。针对每个统计量，我们提出了一种运行时间为$\tilde O(d^2)$的最优K-范数机制采样器，并推导出了椭圆高斯噪声最优形状的闭式表达式。由此得到的算法在保持足够快速和简单以具实用性的同时，均带来了有意义的精度提升。更广泛地，我们指出，针对具体问题的敏感度空间分析可能是私有加性噪声中一个被忽视的工具。