We consider the problem of checking the differential privacy of online randomized algorithms that process a stream of inputs and produce outputs corresponding to each input. This paper generalizes an automaton model called DiP automata (See arXiv:2104.14519) to describe such algorithms by allowing multiple real-valued storage variables. A DiP automaton is a parametric automaton whose behavior depends on the privacy budget $\epsilon$. An automaton $A$ will be said to be differentially private if, for some $\mathfrak{D}$, the automaton is $\mathfrak{D}\epsilon$-differentially private for all values of $\epsilon>0$. We identify a precise characterization of the class of all differentially private DiP automata. We show that the problem of determining if a given DiP automaton belongs to this class is PSPACE-complete. Our PSPACE algorithm also computes a value for $\mathfrak{D}$ when the given automaton is differentially private. The algorithm has been implemented, and experiments demonstrating its effectiveness are presented.

翻译：我们考虑检查在线随机算法差分隐私性的问题，该类算法处理输入流并为每个输入生成相应输出。本文通过允许多个实值存储变量，对一种称为DiP自动机（参见arXiv:2104.14519）的自动化模型进行推广，以描述此类算法。DiP自动机是一种参数化自动机，其行为依赖于隐私预算ε。若存在常数D使得该自动机对所有ε>0均满足Dε-差分隐私，则称该自动机具有差分隐私性。我们给出了所有差分隐私DiP自动机类的精确刻画，并证明了判定给定DiP自动机是否属于该类的问题为PSPACE完全问题。当给定自动机具有差分隐私性时，我们提出的PSPACE算法同时可计算参数D的值。该算法已实现，并通过实验验证了其有效性。