This paper establishes the equivalence between Local Differential Privacy (LDP) and a global limit on learning any knowledge about an object. However, an output from an LDP query is not necessarily required to provide exact amount of knowledge equal to the upper bound of the learning limit. Since the amount of knowledge gain should be proportional to the incurred privacy loss, the traditional approach of using DP guarantee to measure privacy loss can occasionally overestimate the actual privacy loss. This is especially problematic in privacy accounting in LDP, where privacy loss is computed by summing the DP guarantees (basic composition). To address this issue, this paper introduces the concept of realized privacy loss, which measures the actual knowledge gained by the analyst after a query, as a more accurate measure of privacy loss. The realized privacy loss is then integrated into the privacy accounting of fully adaptive composition, where an adversary adaptively selects queries based on previous results. The Bayesian Privacy Filter is implemented to ensure that the realized privacy loss of the composed queries eventually reaches the DP guarantee, allowing the full utilization of the privacy budget assigned to a queried object. Furthermore, this paper introduces the Bayesian Privacy Odometer to measure realized privacy loss in fully adaptive composition. Experimental evaluations are conducted to assess the efficiency of the Bayesian Privacy Filter, demonstrating that the corresponding composition can accept arbitrarily more queries than the basic composition when the composed queries have sufficiently small DP guarantees. Conversely, this paper concludes, through experiments, that when estimating the histogram of a group of objects with the same privacy budget, an analyst should prefer using a single randomized response over a composition managed by the Bayesian Privacy Filter.

翻译：本文建立了局部差分隐私（LDP）与关于对象知识学习的全局限制之间的等价关系。然而，LDP查询的输出并不必然要求提供精确等于学习限制上限的知识量。由于知识增益量应与所引发的隐私损失成正比，传统上使用DP保证来衡量隐私损失的方法有时会高估实际隐私损失。这在LDP隐私核算中尤为问题，因为隐私损失是通过累加DP保证（基本组合）来计算的。为解决这一问题，本文引入了实现隐私损失的概念，即衡量分析师在查询后实际获得的知识量，作为更准确的隐私损失度量。随后，将实现隐私损失整合到完全自适应组合的隐私核算中，其中对手基于先前结果自适应地选择查询。通过实现贝叶斯隐私过滤器，确保组合查询的实现隐私损失最终达到DP保证，从而充分利用分配给查询对象的隐私预算。此外，本文引入了贝叶斯隐私里程表来测量完全自适应组合中的实现隐私损失。通过实验评估贝叶斯隐私过滤器的效率，结果表明当组合查询具有足够小的DP保证时，相应组合可接受的基本组合查询数量无上限。反之，本文通过实验得出结论：在估算具有相同隐私预算的一组对象的直方图时，分析师应优先使用单次随机响应，而非由贝叶斯隐私过滤器管理的组合。