Hypothesis Testing Interpretations and Renyi Differential Privacy
Differential privacy is the gold standard in data privacy, with applications in the public and private sectors. While differential privacy is a formal mathematical definition from the theoretical computer science literature, it is also understood by statisticians and data experts thanks to its hypothesis testing interpretation. This informally says that one cannot effectively test whether a specific individual has contributed her data by observing the output of a private mechanism---any test cannot have both high significance and high power. In this paper, we show that recently proposed relaxations of differential privacy based on Rényi divergence do not enjoy a similar interpretation. Specifically, we introduce the notion of k-generatedness for an arbitrary divergence, where the parameter k captures the hypothesis testing complexity of the divergence. We show that the divergence used for differential privacy is 2-generated, and hence it satisfies the hypothesis testing interpretation. In contrast, Rényi divergence is only ∞-generated, and hence has no hypothesis testing interpretation. We also show sufficient conditions for general divergences to be k-generated.
READ FULL TEXT