Go to ACL ARR 2026 January homepageReGuard: Regulating Query Rewriting for Utility-Aware Differentially Private Text-to-SQL
Keywords: Text-to-SQL, Differential Privacy, Query Rewriting
Abstract: Text-to-SQL enables natural language access to databases and commonly relies on query rewriting to resolve ambiguity in user queries. As such systems increasingly operate over sensitive data, protecting query privacy has become a practical concern. A natural approach is to apply differential privacy (DP) on top of existing systems by adding noise to query results.
However, under DP constraints, making queries clearer through rewriting inadvertently increases the effective sensitivity of query results, thereby requiring stronger noise addition and negating utility gains.
To address this challenge, we propose ReGuard, a utility-aware Text-to-DP-SQL system that regulates query rewriting and jointly optimizes rewriting and DP-based query answering. ReGuard is built upon three key design modules: i) \emph{rewriting boundary control} to limit sensitivity amplification, ii) \emph{status-aware decision routing} to adapt rewriting under evolving privacy–utility conditions, and iii) \emph{DP-aware Answering} to balance DP noise and result quality.
Extensive experiments show that ReGuard consistently improves query answer quality under identical DP constraints and remains effective across a wide range of privacy budgets and query sensitivities. In particular, ReGuard reduces the mean relative error (MRE) by up to 74.6\% compared to existing DP-enabled Text-to-SQL baselines.
Paper Type: Long
Research Area: Safety and Alignment in LLMs
Research Area Keywords: safety and alignment for agents; LLM agents; tool use
Contribution Types: Model analysis & interpretability, NLP engineering experiment, Data analysis
Languages Studied: English
Submission Number: 10402
Loading