Privacy-aware Distributed Hypothesis Testing

TL;DR

This paper investigates the trade-offs between communication rate, hypothesis testing accuracy, and privacy in a distributed setting, providing theoretical bounds and characterizations for privacy-aware hypothesis testing.

Contribution

It introduces single-letter bounds and characterizations for privacy-utility trade-offs in distributed hypothesis testing with privacy constraints.

Findings

Established inner bounds on rate-error exponent-privacy trade-offs.

Derived single-letter characterizations for specific testing scenarios.

Showed the strong converse does not hold under privacy constraints.

Abstract

A distributed binary hypothesis testing (HT) problem involving two parties, a remote observer and a detector, is studied. The remote observer has access to a discrete memoryless source, and communicates its observations to the detector via a rate-limited noiseless channel. The detector observes another discrete memoryless source, and performs a binary hypothesis test on the joint distribution of its own observations with those of the observer. While the goal of the observer is to maximize the type II error exponent of the test for a given type I error probability constraint, it also wants to keep a private part of its observations as oblivious to the detector as possible. Considering both equivocation and average distortion under a causal disclosure assumption as possible measures of privacy, the trade-off between the communication rate from the observer to the detector, the type II error exponent, and privacy is studied. For the general HT problem, we establish single-letter inner bounds on both the rate-error exponent-equivocation and rate-error exponent-distortion trade-offs. Subsequently, single-letter characterizations for both trade-offs are obtained (i) for testing against conditional independence of the observer's observations from those of the detector, given some additional side-information at the detector; and (ii) when the communication rate constraint over the channel is zero. Finally, we show by providing a counterexample that, the strong converse which holds for distributed HT without a privacy constraint, does not hold when a privacy constraint is imposed. This implies that, in general, the rate-error exponent-equivocation and rate-error exponent-distortion trade-offs are not independent of the type I error probability constraint.