Combining our market template in Mechanism6with the above privacy tools, we obtain Mechanism8. There are some key differences. First, we have a bound Q on the total number of queries. (Each query x
returns the instantaneous prices in the market for x.) This is because each query reveals information
about the participants, so intuitively, allowing too many queries must sacrifice either privacy or accuracy. Fortunately, this boundQcan be an arbitrarily large polynomial in the number of traders without affecting
the quality of the results. Second, we have PAC-style guarantees on accuracy: with probability 1−γ,
compute and represent the market prices∇Cx( ˆft) unlessY is finite. We leave the more general analysis
of Mechanism 8to future work.
Either exactly or approximately, Mechanism8 inherits the desirable properties of Mechanism6, such as incentive-compatitibility (that is, participants are incentivized to minimize the risk of the market hypothesis). In addition, we show that it preserves privacy while maintaining accuracy, for an appropriate choice of the price sensitivity λC.
Theorem 4.4.4 (Privacy). Mechanism8 is (, δ)-differentially private with respect to each trade dft.
Proof. First, imagine as a hypothetical that the mechanism publishedfˆs(t)+1,t for each t. By the
guarantee of the Gaussian process mechanism, (Theorem 4.4.1), each such publication would be
(0, δ0)-differentially private. But these publications would completely determine the values of fˆt
for each t. Therefore, it suffices to show that(, δ)-differential privacy would be preserved in our
hypothetical scenario, as only less information is revealed in reality.
We claim that each tradedfj participates in at mostdlogTedifferent such mechanismsfˆs(t)+1,t.
To see this, note that dfj participates in fˆs(t)+1,t if and only if s(t) + 1 ≤ j ≤ t. This implies
that the binary representation oftmatches j except for possibly its rightmost “one” bit: Otherwise, s(t)≥j. But this can only occur fordlogTe distinct values oft. In other words, at most dlogTe arrows pass abovej in Figure 4.1.
Now, ifdfjparticipates in at mostdlogTedifferent mechanisms, each of which is(/dlogTe, δ/dlogTe)-
differentially private, then by the composition property of privacy Dwork and Roth[2014], dfj is
guaranteed(, δ)-d.p.
Before proving an accuracy guarantee, we prove a lemma showing that, with high probability, our mechanism can support many queries tofˆtwith each being reasonably accurate. This will be the key
component in showing that the market prices are accurate, which is the crucial property we desire. Lemma 4.4.2. With probability 1−γ,|fˆt(zs)−ft(zs)| ≤
2√ln(Q0/γ) ln(2 log(T)/δ)∆2log(T)3/2
for all Q
0
Proof. Each evaluation is
ˆ
ft(z) = ˆfs(t)+1,t(z) +· · ·=f(z) + ∆
log(T)p2 ln(2 log(T)/δ)
Z
whereZis the sum of at mostlogT independent Gaussians with variance at most∆2 = maxdf
p
hdf, dfi,
hence is dominated by aN(0,∆2logT)variable. Since aZ has variance a2Var(Z),fˆt(z)−f(z)is
dominated by aN(0, σ2) variable where σ2 = ∆4log(T)32 ln(2 log(T)/δ)/2. By a standard tail
bound, Pr[|fˆt(z)−ft(z)|> K]≤ r 2 π e−K2/2σ2 K ≤e −K2/2σ2
forK ≥ 1. By a simple union bound over Q queries and rearranging, with probability 1−γ all
queries are withinK of the correct answer for
K=p2 ln(Q/γ)σ= 2
p
ln(Q/γ) ln(2 log(T)/δ)∆2log(T)3/2
.
Theorem 4.4.5 (Accuracy). With probability 1−γ, withQ queries to the market prices andT traders, for prices to be accurate to within α on each time step, lettingγ andδ beΩ(1/poly(Qd, T)), it suffices to set the price sensitivity to be
λC =O α d∆2log(Qd) log(T)5/2 .
Proof. Each query to prices in marketx is of the form ∇Cx(f) =∇Cx(f(y1), . . . , fx(yd))where
Y={y1, . . . , yd}. This requiresdevaluations off for each query to the prices, resulting inQ0 =Qd
queries tof total.
Using Lemma4.4.2, with probability 1−γ,
|fˆt(z)−ft(z)| ≤ 2 p
ln(Q0/γ) ln(2 log(T)/δ)∆2log(T)3/2
SubstitutingQ0 =Qd, and letting pˆtx be the published price vector in thex market at time t, gives kpˆtx−ptxk1 ≤ 2λCd p ln(Qd/γ) ln(2 log(T)/δ)∆2log(T)3/2 .
Thus, for accuracy α, it suffices to set
λC ≤
α
2dpln(Qd/γ) ln(2 log(T)/δ)∆2log(T)3/2 ,
and the result follows from takingγ and δ both to be Ω(1/poly(Qd)).
If one for example takes δ, γ = exp [−polylog(Q, T)], then except for a superpolynomially low failure
probability, Mechanism 8answers all queries to within accuracy αby setting the price sensitivity to be λC =O(α/polylog(Q, T)). We note, however, that this is a somewhat weaker guarantee than is usually
desired in the differential privacy literature, where ideally δ is exponentially small.
Algorithm 8 Privacy Protected Market
Parameters: , δ(privacy),α, γ (accuracy),k(kernel),∆(trade size4.4),Q(#queries),T (#traders)
Marketannounces fˆ0=f0, sets r = 0, sets C with λC =λC(, δ, α, γ,∆, Q, T) (Theorem4.4.5)
for t= 1,2, . . . , T do
Participanttproposes a betdft
Marketupdates true position ft=ft−1+dft
Marketinstantiatesfˆs(t)+1,t as defined in Equation4.5 whiler ≤Qand some Observer wishes to make a querydo
Observer r submits pricing query on x
Marketreturns prices ∇Cx( ˆft), where fˆt= ˆfs(t)+1:t+ ˆfs(s(t))+1:s(t)+· · ·+ ˆf0:0
Marketsetsr←r+ 1 end while
end for
Marketobserves a true sample(x, y) for t= 1,2, . . . , T do
Participantreceives paymentft−1(x, y)−ft(x, y)−Cx( ˆft−1+dft) +Cx( ˆft−1)
end for
Computing ∇Cx( ˆft). We have already discussed limiting to finite|Y| in order to efficiently compute
the marginal prices∇Cx( ˆft). However, it is still not immediately clear how to compute these prices, and
hence how to implement Mechanism8. Here, we show that the problem can be solved when C comes
from an exponential family, so that Cx(f) = log
R
given by the gradient of C have a nice exponential-weights form, namely the price of shares in (x, y)
is ptx(y) =∇yCx(ft) = e
f(x,y)
P
y∈Yef(x,y)
.Thus evaluating the prices can be done by evaluatingft(x, y) for
eachy∈ Y.
We also note that the worst-case bound used here could be greatly improved by taking into account the structure of the kernel. For “smooth” cases such as the Gaussian kernel, querying a second point very close to the first one requires very little additional randomness and builds up very little additional error. We gave only a worst-case bound that holds for all kernels.