pith. sign in

arxiv: 2509.03294 · v3 · submitted 2025-09-03 · 💻 cs.CR · cs.AI· cs.LG

A Comprehensive Guide to Differential Privacy: From Theory to User Expectations

Napsu Karmitsa , Antti Airola , Tapio Pahikkala , Tinja Pitk\"am\"aki This is my paper

Pith reviewed 2026-05-18 19:33 UTC · model grok-4.3

classification 💻 cs.CR cs.AIcs.LG
keywords differential privacyprivacy-preserving machine learningsynthetic data generationusabilitynoise mechanismsdata analysistransparency
0
0 comments X

The pith

Differential privacy supplies a formal bound on how much any one record can affect the output of data analysis or model training.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper assembles the core mathematical definition of differential privacy, the main ways to achieve it through noise addition or other perturbations, and its use in machine learning and synthetic data creation. It also examines the practical barriers that keep these methods from being widely adopted, especially the difficulty of explaining the protection level to users and regulators. A reader would care because the survey connects scattered technical results into one resource that shows both what the guarantees deliver and where current systems still fall short in real deployments.

Core claim

Differential privacy requires that the probability of any output differs by at most a small multiplicative factor when any single individual record is added or removed from the input, and this property is realized by scaling noise to the sensitivity of the computation or by using randomized response and other primitives; the survey collects the supporting theory, standard mechanisms, domain adaptations for machine learning and synthetic data, and the remaining usability and transparency shortfalls.

What carries the argument

The (epsilon, delta) differential privacy definition that caps the influence of any one record on output probabilities, enforced by calibrated noise or randomization.

If this is right

  • Machine learning models can be trained on sensitive data while keeping the contribution of any single training example formally bounded.
  • Synthetic datasets can be released with the same privacy guarantees that apply to direct query answers.
  • Organizations gain a concrete way to meet legal and ethical demands for responsible data use through explicit privacy parameters.
  • Domain-specific challenges in areas such as healthcare require tailored composition and accounting methods.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Clearer explanations of epsilon and delta values could increase acceptance among non-technical users and policymakers.
  • Integration with existing data-protection regulations would benefit from standardized ways to translate DP parameters into compliance language.
  • Empirical tests of user understanding of DP guarantees could reveal whether current transparency efforts are sufficient.

Load-bearing premise

That the existing published work on mechanisms and applications can be assembled into an accurate and complete current picture without important omissions or errors in any domain.

What would settle it

A major recent mechanism or application in privacy-preserving machine learning whose description or performance claims contradict those given in the survey.

Figures

Figures reproduced from arXiv: 2509.03294 by Antti Airola, Napsu Karmitsa, Tapio Pahikkala, Tinja Pitk\"am\"aki.

Figure 1
Figure 1. Figure 1: Different DP Settings: In distributed DP, a trusted suffler is used [PITH_FULL_IMAGE:figures/full_fig_p018_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Laplace Distribution with Different Scale Parameters. [PITH_FULL_IMAGE:figures/full_fig_p025_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Laplace Mechanism Output for Neighboring Datasets in Example 14. [PITH_FULL_IMAGE:figures/full_fig_p026_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Gaussian Distribution with Different Deviations. [PITH_FULL_IMAGE:figures/full_fig_p027_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Main Idea of the DP-SGD Algorithm. 4.3.2 Privacy Accounting When training models with DP-SGD, we need to track the total privacy loss across many iterations. The basic rules for combining privacy guarantees — 36 [PITH_FULL_IMAGE:figures/full_fig_p036_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Comparing Privacy Loss under Different Accounting Methods in Ex [PITH_FULL_IMAGE:figures/full_fig_p039_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Illustration of the DP Guarantee under the Laplace Mechanism (in [PITH_FULL_IMAGE:figures/full_fig_p049_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Common Properties of Synthetic, Simulated, and Fabricated Datasets: [PITH_FULL_IMAGE:figures/full_fig_p061_8.png] view at source ↗
read the original abstract

The increasing availability of personal data has enabled significant advances in fields such as machine learning, healthcare, and cybersecurity. However, this data abundance also raises serious privacy concerns, especially in light of powerful re-identification attacks and growing legal and ethical demands for responsible data use. Differential privacy (DP) has emerged as a principled, mathematically grounded framework for mitigating these risks. This review provides a comprehensive survey of DP, covering its theoretical foundations, practical mechanisms, and real-world applications. It explores key algorithmic tools and domain-specific challenges - particularly in privacy-preserving machine learning and synthetic data generation. The report also highlights usability issues and the need for improved communication and transparency in DP systems. Overall, the goal is to support informed adoption of DP by researchers and practitioners navigating the evolving landscape of data privacy.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 3 minor

Summary. The manuscript is a survey that presents differential privacy as a mathematically grounded framework for privacy protection, covering its theoretical foundations including the (ε, δ)-DP definition, practical mechanisms such as the Laplace and exponential mechanisms, applications in machine learning and synthetic data generation, domain-specific challenges, and issues around usability, communication, and transparency for end users.

Significance. If the synthesis is complete and current, the survey could serve as a useful consolidated reference for researchers and practitioners in computer security and privacy who need an accessible entry point into DP theory and its deployment, especially given rising regulatory pressures on data use.

major comments (1)
  1. [Introduction and Applications sections] The central synthesis claim rests on accurate representation of existing results; however, the survey should explicitly state the cutoff date for literature reviewed (e.g., up to which year) to allow readers to assess currency, particularly for rapidly evolving areas such as DP in large language models.
minor comments (3)
  1. Notation for privacy parameters (ε, δ) should be introduced once with a clear table or glossary and then used consistently to aid readability for non-expert users.
  2. [Usability and User Expectations] The discussion of user expectations would benefit from a short subsection contrasting formal DP guarantees with common misconceptions (e.g., “DP means no information leakage”) with concrete examples.
  3. [Conclusion] Add a brief forward-looking paragraph on open challenges such as composition in adaptive settings or DP for foundation models to strengthen the guide’s utility.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the positive assessment of the manuscript and the recommendation for minor revision. The single major comment is addressed point-by-point below.

read point-by-point responses

  1. Referee: [Introduction and Applications sections] The central synthesis claim rests on accurate representation of existing results; however, the survey should explicitly state the cutoff date for literature reviewed (e.g., up to which year) to allow readers to assess currency, particularly for rapidly evolving areas such as DP in large language models.

    Authors: We agree that an explicit statement of the literature cutoff date will improve transparency and help readers evaluate the survey's currency, particularly in fast-evolving areas such as differential privacy for large language models. In the revised manuscript we will add a clear sentence in the Introduction (with a cross-reference in the Applications section) stating the cutoff date used for the reviewed literature. This is a straightforward addition that does not alter any technical content or synthesis. revision: yes

Circularity Check

0 steps flagged

No significant circularity in survey synthesis

full rationale

This is a survey paper that synthesizes existing literature on differential privacy without presenting new derivations, fitted parameters, predictions, or self-referential equations. The central claim that DP is a mathematically grounded framework rests on standard external definitions (e.g., (ε, δ)-DP) and mechanisms from prior work, not on any internal construction or self-citation chain within this manuscript. No load-bearing steps reduce to the paper's own inputs by definition or fit. The analysis is self-contained against external benchmarks, consistent with the provided reader's circularity score of 0.0.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

As a review paper the contribution rests on accurate synthesis of prior literature rather than new axioms, parameters, or entities. No free parameters, axioms, or invented entities are introduced by the authors themselves.

pith-pipeline@v0.9.0 · 5676 in / 949 out tokens · 44882 ms · 2026-05-18T19:33:50.953460+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Inexact Limited Memory Bundle Method

    math.OC 2026-04 unverdicted novelty 6.0

    An inexact limited memory bundle method is developed for nonsmooth nonconvex optimization, with a proof of global convergence to approximate stationary points despite noise in function and subgradient information.

Reference graph

Works this paper leans on

18 extracted references · 18 canonical work pages · cited by 1 Pith paper · 2 internal anchors

  1. [1]

    Layer Normalization

    arXiv preprint arXiv:1607.06450. Available athttps://arxiv.org/ abs/1607.06450. E Bagdasaryan, P Kairouz, S Mellem, A Gasc´ on, K Bonawitz, D Estrin, and M Gruteser. Towards sparse federated analytics: Location heatmaps under distributed differential privacy with secure aggregation.Proceed- ings on Privacy Enhancing Technologies, (4):162–182, 2022. Availa...

    work page internal anchor Pith review Pith/arXiv arXiv doi:10.56553/popets-2022-0104 2022

  2. [2]

    Private stochastic convex optimization with optimal rates.arXiv preprint arXiv:1908.09970,

    Available athttps://proceedings.neurips.cc/paper_files/ paper/2018/file/aa97d584861474f4097cf13ccb5325da-Paper.pdf. 110 R Bassily, V Feldman, K Talwar, and A Thakurta. Private stochastic con- vex optimization with optimal rates, 2019. arXiv preprint arXiv:1908.09970. Available athttps://arxiv.org/abs/1908.09970. R Bassily, V Feldman, C Guzm´ an, and K Tal...

    work page arXiv 2018

  3. [3]

    Practical secure aggregation for privacy-preserving machine learning,

    Available athttps://doi.org/10.1145/3133956.3133982. Cameron B. Browne, Edward Powley, Daniel Whitehouse, Simon M. Lucas, Pe- ter I. Cowling, Philipp Rohlfshagen, Stephen Tavener, Diego Perez, Spyridon Samothrakis, and Simon Colton. A survey of Monte Carlo tree search meth- ods.IEEE Transactions on Computational Intelligence and AI in Games, 4 (1):1–43, 2...

    work page doi:10.1145/3133956.3133982 2012

  4. [4]

    J Ficek, W Wang, H Chen, G Dagne, and E Daley

    Springer International Publishing. J Ficek, W Wang, H Chen, G Dagne, and E Daley. Differential privacy in health research: A scoping review.Journal of the American Medical Informatics Association, 28(10):2269–2276, 08 2021. Available athttps://doi.org/10. 1093/jamia/ocab135. Christine Fisher. Over 267 million facebook users reportedly had data ex- posed o...

    work page doi:10.1145/3287287 2021

  5. [5]

    Denoising Diffusion Probabilistic Models

    Available athttps://research.facebook.com/blog/2020/6/ protecting-privacy-in-facebook-mobility-data-during-the-covid-19-response/ (accessed 09.05.2025). Jonathan Ho, Ajay Jain, and Pieter Abbeel. Denoising diffusion probabilistic models. InAdvances in Neural Information Processing Systems (NeurIPS), 2020.https://arxiv.org/abs/2006.11239. N Homer, S Szelin...

    work page internal anchor Pith review Pith/arXiv arXiv 2020

  6. [6]

    Sergey Ioffe and Christian Szegedy

    Available athttps://www.iso.org/standard/72024.html(accessed: 23.05.2025). Sergey Ioffe and Christian Szegedy. Batch normalization: accelerating deep net- work training by reducing internal covariate shift. InProceedings of the 32nd International Conference on International Conference on Machine Learning, volume 37 ofJMLR, pages 448–456, 2015. 118 S Islam...

    work page arXiv 2025

  7. [7]

    Available athttps://arxiv.org/ abs/2205.03257

    arXiv preprint arXiv:2205.03257. Available athttps://arxiv.org/ abs/2205.03257. Zach Jorgensen, Ting Yu, and Graham Cormode. Conservative or liberal? per- sonalized differential privacy. In2015 IEEE 31st International Conference on Data Engineering, IEEE, pages 1023–1034, 2015. P Kairouz, B McMahan, S Song, O Thakkar, A Thakurta, and Z Xu. Prac- tical and...

    work page arXiv 2015

  8. [8]

    Available athttps://arxiv.org/ abs/2308.00856

    arXiv preprint arXiv:2308.00856. Available athttps://arxiv.org/ abs/2308.00856. A Khanna, V Schaffer, G G¨ ursoy, and M Gerstein. Privacy-preserving model training for disease prediction using federated learning with differential pri- vacy. In2022 44th Annual International Conference of the IEEE Engineering in Medicine & Biology Society (EMBC), pages 1358...

    work page doi:10.6028/nist.sp.800226 2022

  9. [9]

    124 Kobbi Nissim, Sofya Raskhodnikova, and Adam Smith

    Available athttps://arxiv.org/abs/2309.13506. 124 Kobbi Nissim, Sofya Raskhodnikova, and Adam Smith. Smooth sensitivity and sampling in private data analysis. InProceedings of the Thirty-Ninth Annual ACM Symposium on Theory of Computing, ACM, pages 75–84, 2007. T Ogilvie. Differential privacy for free? Harnessing the noise in approximate homomorphic encry...

    work page arXiv 2007

  10. [10]

    L Ou, S Liao, S Gao, G Huang, and Z Qin

    Available at SSRN:https://ssrn.com/abstract=5172990orhttp: //dx.doi.org/10.2139/ssrn.5172990. L Ou, S Liao, S Gao, G Huang, and Z Qin. RDP: Ranked differential privacy for facial feature protection in multi-scale sparsified subspaces.IEEE Internet of Things Journal, 2025. In press. N Papernot, A Thakurta, S Song, S Chien, and ´U Erlingsson. Tempered sigmo...

    work page doi:10.2139/ssrn.5172990 2025

  11. [11]

    Available athttps://arxiv.org/ abs/2305.18447

    arXiv preprint arXiv:2305.18447. Available athttps://arxiv.org/ abs/2305.18447. T Pitk¨ am¨ aki, T Pahikkala, I M Perez, P Movahedi, V Nieminen, T Souther- ington, J Vaiste, M Jafaritadi, M I Khan, E Kontio, P Ranttila, J Pajula, H P¨ ol¨ onen, A Degerli, J Plomp, and A Airola. Finnish perspective on us- ing synthetic health data to protect privacy: the P...

    work page arXiv 2024

  12. [12]

    U.S Census

    Available athttps://www.sciencedirect.com/science/article/ pii/S0020025521012391. U.S Census. Revised data metrics for 2020 disclosure avoidance, 2021a. Available athttps://www2.census.gov/programs-surveys/ decennial/2020/program-management/data-product-planning/ 2010-demonstration-data-products/01-Redistricting_File--PL_ 94-171/2021-04-28_ppmf/2021-04-28...

    work page 2020

  13. [13]

    2021 , journal =

    arXiv preprint arXiv:2110.12884. Available athttps://arxiv.org/ abs/2110.12884. J van den Hooff, D Lazar, M Zaharia, and N Zeldovich. Vuvuzela: scalable private messaging resistant to traffic analysis. InProceedings of the 25th Symposium on Operating Systems Principles, ACM, pages 137–152, 2015. Laurens van der Maaten and Awni Hannun. The trade-offs of pr...

    work page arXiv 2015

  14. [14]

    Available athttps://arxiv.org/ abs/2007.05089

    arXiv preprint arXiv:2007.05089. Available athttps://arxiv.org/ abs/2007.05089. 128 Gowtham Venkatadri, Athanasios Andreou, Yabing Liu, Alan Mislove, Kr- ishna P. Gummadi, Patrick Loiseau, and Olivier Goga. Privacy risks with facebook’s pii-based targeting: Auditing a data broker’s advertising inter- face. In2018 IEEE Symposium on Security and Privacy (SP...

    work page arXiv 2007

  15. [15]

    Available athttps://arxiv.org/ abs/2307.06708, Accepted at LREC-COLING 2024

    arXiv preprint arXiv:2307.06708. Available athttps://arxiv.org/ abs/2307.06708, Accepted at LREC-COLING 2024. Zikai Alex Wen, Jingyu Jia, Hongyang Yan, Yaxing Yao, Zheli Liu, and Changyu Dong. The influence of explanation designs on user understanding differential privacy and making data-sharing decision.Information Sciences, 642:118799,

    work page arXiv 2024

  16. [16]

    Xi Wu, Fengan Li, Arun Kumar, Kamalika Chaudhuri, Somesh Jha, and Jeffrey Naughton

    Available athttps://www.sciencedirect.com/science/article/ pii/S0020025523003201. Xi Wu, Fengan Li, Arun Kumar, Kamalika Chaudhuri, Somesh Jha, and Jeffrey Naughton. Bolt-on differential privacy for scalable stochastic gradient descent- based analytics. InProceedings of the 2017 ACM International Conference 129 on Management of Data, ACM, pages 1307–1322,...

    work page doi:10.1145/3035918.3064047 2017

  17. [17]

    php/jpc/article/view/880

    Available athttps://journalprivacyconfidentiality.org/index. php/jpc/article/view/880. Santiago Zanella-Beguelin, Lukas Wutschitz, Shruti Tople, Ahmed Salem, Vic- tor R¨ uhle, Andrew Paverd, Mohammad Naseri, Boris K¨ opf, and Daniel Jones. Bayesian estimation of differential privacy. In Andreas Krause, Emma Brun- skill, Kyunghyun Cho, Barbara Engelhardt, ...

    work page doi:10.1145/3134428 2023

  18. [18]

    Y Zhao, J Zhao, M Yang, T Wang, N Wang, L Lyu, D Niyato, and K.-Y Lam

    Available athttps://www.sciencedirect.com/science/article/ pii/S0019057821004912. Y Zhao, J Zhao, M Yang, T Wang, N Wang, L Lyu, D Niyato, and K.-Y Lam. Local differential privacy-based federated learning for internet of things.IEEE Internet of Things Journal, 8(11):8836–8853, 2021. Jun Zhou, Nan Wu, Yisong Wang, Shouzhen Gu, Zhenfu Cao, Xiaolei Dong, and...

    work page 2021