Hypothesis Testing Interpretations and Renyi Differential Privacy

by   Borja Balle, et al.

Differential privacy is the gold standard in data privacy, with applications in the public and private sectors. While differential privacy is a formal mathematical definition from the theoretical computer science literature, it is also understood by statisticians and data experts thanks to its hypothesis testing interpretation. This informally says that one cannot effectively test whether a specific individual has contributed her data by observing the output of a private mechanism---any test cannot have both high significance and high power. In this paper, we show that recently proposed relaxations of differential privacy based on Rényi divergence do not enjoy a similar interpretation. Specifically, we introduce the notion of k-generatedness for an arbitrary divergence, where the parameter k captures the hypothesis testing complexity of the divergence. We show that the divergence used for differential privacy is 2-generated, and hence it satisfies the hypothesis testing interpretation. In contrast, Rényi divergence is only ∞-generated, and hence has no hypothesis testing interpretation. We also show sufficient conditions for general divergences to be k-generated.


page 1

page 2

page 3

page 4


Privacy Against Hypothesis-Testing Adversaries for Quantum Computing

A novel definition for data privacy in quantum computing based on quantu...

Private Sequential Hypothesis Testing for Statisticians: Privacy, Error Rates, and Sample Size

The sequential hypothesis testing problem is a class of statistical anal...

Gaussian Differential Privacy

Differential privacy has seen remarkable success as a rigorous and pract...

Statistical Inference in the Differential Privacy Model

In modern settings of data analysis, we may be running our algorithms on...

Comparing Population Means under Local Differential Privacy: with Significance and Power

A statistical hypothesis test determines whether a hypothesis should be ...

Hypothesis-based acceptance sampling for modules F and F1 of the European Measuring Instruments Directive

Millions of measuring instruments are verified each year before being pl...

Bounding data reconstruction attacks with the hypothesis testing interpretation of differential privacy

We explore Reconstruction Robustness (ReRo), which was recently proposed...

Please sign up or login with your details

Forgot password? Click here to reset