Hypothesis Testing Interpretations and Renyi Differential Privacy

TL;DR

This paper explores the hypothesis testing interpretation of differential privacy, especially focusing on relaxations based on Renyi divergence, and provides improved conversion rules between these privacy definitions.

Contribution

It identifies conditions under which divergence-based privacy definitions align with hypothesis testing interpretations and enhances conversion methods to standard differential privacy.

Findings

Conditions for divergence-based privacy to satisfy hypothesis testing interpretation

Analysis of Renyi divergence relaxations of differential privacy

Improved conversion rules between divergence-based privacy and standard differential privacy

Abstract

Differential privacy is a de facto standard in data privacy, with applications in the public and private sectors. A way to explain differential privacy, which is particularly appealing to statistician and social scientists is by means of its statistical hypothesis testing interpretation. Informally, one cannot effectively test whether a specific individual has contributed her data by observing the output of a private mechanism---any test cannot have both high significance and high power. In this paper, we identify some conditions under which a privacy definition given in terms of a statistical divergence satisfies a similar interpretation. These conditions are useful to analyze the distinguishability power of divergences and we use them to study the hypothesis testing interpretation of some relaxations of differential privacy based on Renyi divergence. This analysis also results in an improved conversion rule between these definitions and differential privacy.