Rényi Differential Privacy

We propose a natural relaxation of differential privacy based on the Rényi divergence. Closely related notions have appeared in several recent papers that analyzed composition of differentially private mechanisms. We argue that the useful analytical tool can be used as a privacy definition, compactly and accurately representing guarantees on the tails of the privacy loss.We demonstrate that the new definition shares many important properties with the standard definition of differential privacy, while additionally allowing tighter analysis of composite heterogeneous mechanisms.

[1]  Guy N. Rothblum,et al.  Boosting and Differential Privacy , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[2]  Anindya De,et al.  Lower Bounds in Differential Privacy , 2011, TCC.

[3]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[4]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[5]  Pramod Viswanath,et al.  The Composition Theorem for Differential Privacy , 2013, IEEE Transactions on Information Theory.

[6]  A. Rényi On Measures of Entropy and Information , 1961 .

[7]  I. Vajda,et al.  Convex Statistical Distances , 2018, Statistical Inference for Engineers and Data Scientists.

[8]  Martin J. Wainwright,et al.  Local privacy and statistical minimax rates , 2013, 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[9]  Jonathan Katz,et al.  Limits of Computational Differential Privacy in the Client/Server Setting , 2011, TCC.

[10]  Guy N. Rothblum,et al.  Concentrated Differential Privacy , 2016, ArXiv.

[11]  Thomas Steinke,et al.  Concentrated Differential Privacy: Simplifications, Extensions, and Lower Bounds , 2016, TCC.

[12]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[13]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[14]  Ron Steinfeld,et al.  GGHLite: More Efficient Multilinear Maps from Ideal Lattices , 2014, IACR Cryptol. ePrint Arch..

[15]  G. Crooks On Measures of Entropy and Information , 2015 .

[16]  Ofer Shayevitz,et al.  On Rényi measures and hypothesis testing , 2011, 2011 IEEE International Symposium on Information Theory Proceedings.

[17]  Yishay Mansour,et al.  Multiple Source Adaptation and the Rényi Divergence , 2009, UAI.

[18]  Peter Harremoës,et al.  Rényi Divergence and Kullback-Leibler Divergence , 2012, IEEE Transactions on Information Theory.

[19]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[20]  Jonathan Katz,et al.  Coupled-Worlds Privacy: Exploiting Adversarial Uncertainty in Statistical Data Privacy , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[21]  Salil Vadhan,et al.  Separating Computational and Statistical Differential Privacy in the Client-Server Model , 2016, TCC.

[22]  Omer Reingold,et al.  Computational Differential Privacy , 2009, CRYPTO.

[23]  Toniann Pitassi,et al.  The Limits of Two-Party Differential Privacy , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[24]  Ashwin Machanavajjhala,et al.  Pufferfish , 2014, ACM Trans. Database Syst..

[25]  Stefan Katzenbeisser,et al.  Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security , 2016, CCS.

[26]  Salil P. Vadhan,et al.  The Complexity of Computing the Optimal Composition of Differential Privacy , 2015, IACR Cryptol. ePrint Arch..