Bounding privacy leakage over compositions, i.e., privacy accounting, is a key challenge in differential privacy (DP). However, the privacy parameter ($\varepsilon$ or $\delta$) is often easy to estimate but hard to bound. In this paper, we propose a new differential privacy paradigm called estimate-verify-release (EVR), which addresses the challenges of providing a strict upper bound for privacy parameter in DP compositions by converting an estimate of privacy parameter into a formal guarantee. The EVR paradigm first estimates the privacy parameter of a mechanism, then verifies whether it meets this guarantee, and finally releases the query output based on the verification result. The core component of the EVR is privacy verification. We develop a randomized privacy verifier using Monte Carlo (MC) technique. Furthermore, we propose an MC-based DP accountant that outperforms existing DP accounting techniques in terms of accuracy and efficiency. Our empirical evaluation shows the newly proposed EVR paradigm improves the utility-privacy tradeoff for privacy-preserving machine learning.

本文提出了一种基于估计验证释放（EVR）的新差分隐私范式来限制DP组合中的隐私泄露，其中隐私参数的限制通过将其估计转化为严格上限的形式来解决。这个范式包含隐私验证和基于 Monte Carlo 技术的不同的 DP accountant，通过本文的实证研究表明，EVR 增加了隐私保护和机器学习性能的平衡。

一种随机化的严格隐私计帐方法