Search papers, labs, and topics across Lattice.
This paper addresses the challenge of maintaining participation privacy in federated and streaming learning systems by introducing a modular recipe that utilizes randomized buffering to manage single-edit neighboring user streams. By transforming these streams into a Hamming-style update stream, the authors ensure that privacy guarantees can be upheld even under adaptive interactions, with a focus on the calibration of privacy parameters. The key result is a certification theorem that connects non-adaptive differential privacy proofs to adaptive inputs, enabling trajectory-level differential privacy while maintaining explicit control over privacy and latency trade-offs.
Achieving trajectory-level differential privacy in adaptive streaming contexts without sacrificing performance is now feasible through an auditable buffering-aggregation approach.
Modern federated and streaming learning systems often release intermediate models, so privacy must hold for the full trajectory under adaptive interaction. Motivated by participation privacy, we study single-edit neighboring user streams, where one insertion/deletion shifts all subsequent updates and defeats standard Hamming-neighbor continual-release analyses. We give an auditable modular recipe. A randomized buffering wrapper emits bins of size $[U,2U]$, reducing single-edit streams to a Hamming-style per-bin update stream with explicit backlog/delay guarantees, where $U$ is calibrated by the privacy parameters $(\varepsilon,\delta)$. We then prove a certification theorem identifying when a non-adaptive Hamming-neighbor DP proof for a continual primitive lifts to adaptive inputs: the primitive must use fresh per-round randomness and have a stable one-round privacy profile under common adaptive context. Together, these ingredients yield trajectory-level $(\varepsilon,\delta)$-DP for single-edit streams using standard primitives (e.g., tree prefix sums), with an explicit privacy--latency link via $U$.