Differential Privacy (DP) mechanisms usually {force} reduction in data utility by producing "out-of-bound" noisy results for a tight privacy budget. We introduce the Budget Recycling Differential Privacy (BR-DP) framework, designed to provide soft-bounded noisy outputs for a broad range of existing DP mechanisms. By "soft-bounded," we refer to the mechanism's ability to release most outputs within a predefined error boundary, thereby improving utility and maintaining privacy simultaneously. The core of BR-DP consists of two components: a DP kernel responsible for generating a noisy answer per iteration, and a recycler that probabilistically recycles/regenerates or releases the noisy answer. We delve into the privacy accounting of BR-DP, culminating in the development of a budgeting principle that optimally sub-allocates the available budget between the DP kernel and the recycler. Furthermore, we introduce algorithms for tight BR-DP accounting in composition scenarios, and our findings indicate that BR-DP achieves reduced privacy leakage post-composition compared to DP. Additionally, we explore the concept of privacy amplification via subsampling within the BR-DP framework and propose optimal sampling rates for BR-DP across various queries. We experiment with real data, and the results demonstrate BR-DP's effectiveness in lifting the utility-privacy tradeoff provided by DP mechanisms.

翻译：差分隐私（DP）机制通常通过为严格的隐私预算产生"超界"的噪声结果，强制降低数据效用。我们提出了预算循环差分隐私（BR-DP）框架，旨在为现有多种DP机制提供软有界的噪声输出。所谓"软有界"，是指该机制能够将大多数输出控制在预定义的误差边界内，从而在保持隐私的同时提升效用。BR-DP的核心包含两个组件：一个负责在每次迭代中生成噪声答案的DP内核，以及一个以概率方式循环/再生或释放噪声答案的回收器。我们深入探讨了BR-DP的隐私核算，最终提出了一种预算分配原则，可在DP内核与回收器之间最优地分配可用预算。此外，我们引入了组合场景下严格的BR-DP核算算法，研究结果表明，与DP相比，BR-DP在组合后实现了更低的隐私泄露。另外，我们在BR-DP框架内探索了通过子采样实现隐私放大的概念，并为各类查询提出了BR-DP的最优采样率。我们在真实数据上进行了实验，结果证明BR-DP能有效提升DP机制提供的效用-隐私权衡关系。