On-Average KL-Privacy and Its Equivalence to Generalization for Max-Entropy Mechanisms

Abstract

We define On-Average KL-Privacy and present its properties and connections to differential privacy, generalization and information-theoretic quantities including max-information and mutual information. The new definition significantly weakens differential privacy, while preserving its minimal design features such as composition over small group and multiple queries as well as closeness to post-processing. Moreover, we show that On-Average KL-Privacy is equivalent to generalization for a large class of commonly-used tools in statistics and machine learning that samples from Gibbs distributions—a class of distributions that arises naturally from the maximum entropy principle. In addition, a byproduct of our analysis yields a lower bound for generalization error in terms of mutual information which reveals an interesting interplay with known upper bounds that use the same quantity.

A Proofs

We now prove Theorem 4 and Lemma 14. Due to space limit, proof of Lemmas 6, 7 and 11 are given in the technical report [36].

Proof of Theorem 4. We start by a ghost sample argument.

$$\begin{aligned}&\ \mathbb {E}_{z\sim \mathcal {D}, Z\sim \mathcal {D}^n} \mathbb {E}_{h\sim \mathcal {A}(Z)}\left[ \ell (z,h) - \frac{1}{n}\sum _{i=1}^n \ell (z_i,h)\right] \\ =&\ \mathbb {E}_{Z'\sim \mathcal {D}^n, Z\sim \mathcal {D}^n} \mathbb {E}_{h\sim \mathcal {A}(Z)}\left[ \frac{1}{n}\sum _{i=1}^n\ell (z_i',h) - \frac{1}{n}\sum _{i=1}^n \ell (z_i,h)\right] \\ =&\ \frac{1}{n}\sum _{i=1}^n \mathbb {E}_{z_i'\sim \mathcal {D}, Z\sim \mathcal {D}^n} \mathbb {E}_{h\sim \mathcal {A}(Z)}\left[ \ell (z_i',h) - \ell (z_i,h)\right] \\ =&\ \frac{1}{n}\sum _{i=1}^n \mathbb {E}_{z_i'\sim \mathcal {D}, Z\sim \mathcal {D}^n} \mathbb {E}_{h\sim \mathcal {A}(Z)}\left[ \ell (z_i',h) + \sum _{j\ne i}\ell (z_j,h) +r(h) - \ell (z_i,h) - \sum _{j\ne i}\ell (z_j,h) -r(h)\right] \\ =&\ \frac{1}{n}\sum _{i=1}^n \mathbb {E}_{z_i'\sim \mathcal {D}, Z\sim \mathcal {D}^n} \mathbb {E}_{\mathcal {A}(Z)}\left[ - \log p_{\mathcal {A}([Z_{-i},z'_i])}(h)+\log p_{\mathcal {A}(Z)(h)}(h) + \log K_{i}- \log K'_{i}\right] \\ =&\ \frac{1}{n}\sum _{i=1}^n \mathbb {E}_{z_i'\sim \mathcal {D}, Z\sim \mathcal {D}^n} \mathbb {E}_{\mathcal {A}(Z)}\left[ \log p_{\mathcal {A}(Z)}(h) - \log p_{\mathcal {A}([Z_{-i},z'_i])}(h) \right] \\ =&\ \mathbb {E}_{z\sim \mathcal {D}, Z\sim \mathcal {D}^n} \mathbb {E}_{h\sim \mathcal {A}(Z)}\left[ \log p_{\mathcal {A}(Z)}(h) - \log p_{ \mathcal {A}([Z_{-1},z])}(h) \right] . \end{aligned}$$

The \(K_i\) and \(K_i'\) are partition functions of \(p_{\mathcal {A}(Z)}(h)\) and \(p_{\mathcal {A}([Z_{-i},z_i'])}(h)\) respectively. Since \(z_i\sim z_i'\), we know \( \mathbb {E}K_i - \mathbb {E}K_i' = 0.\) The proof is complete by noting the non-negativity of On-Average KL-Privacy, which allows us to take absolute value without changing the equivalence.    \(\square \)

Proof of Lemma 14. Denote \(p(\mathcal {A}(Z)) = p(h|Z)\). \(p(h,Z) = p(h|Z) p(Z)\). The marginal distribution of h is therefore \(p(h)=\int _Z p(h,Z) dZ = \mathbb {E}_{Z} p(\mathcal {A}(Z)) \). By definition,

$$\begin{aligned}&\ I(\mathcal {A}(Z);Z) = \mathbb {E}_{Z}\mathbb {E}_{h|Z} \log \frac{p(h|Z) p(Z)}{p(h)p(Z)} \\ =&\ \mathbb {E}_{Z}\mathbb {E}_{h|Z} \log p(h|Z) - \mathbb {E}_{Z}\mathbb {E}_{h|Z}\log \mathbb {E}_{Z'} p(h|Z')\\ =&\ \mathbb {E}_{Z}\mathbb {E}_{h|Z} \log p(h|Z) - \mathbb {E}_{Z,Z'}\mathbb {E}_{h|Z} \log p(h|Z')\\&+\mathbb {E}_{Z,Z'}\mathbb {E}_{h|Z} \log p(h|Z')- \mathbb {E}_{Z}\mathbb {E}_{h|Z}\log \mathbb {E}_{Z'} p(h|Z')\\ =&\ \mathbb {E}_{Z,Z'}\mathbb {E}_{h|Z} \log \frac{p(h|Z)}{p(h|Z')}+\mathbb {E}_{Z,Z'}\mathbb {E}_{h|Z} \log p(h|Z')- \mathbb {E}_{Z}\mathbb {E}_{h|Z}\log \mathbb {E}_{Z'} p(h|Z')\\ =&\ D_{\mathrm {KL}}(\mathcal {A}(Z),\mathcal {A}(Z')) + \mathbb {E}_{Z}\mathbb {E}_{h|Z}\left[ \mathbb {E}_{Z'}\log p(\mathcal {A}(Z')) - \log \mathbb {E}_{Z'}p(\mathcal {A}(Z')) \right] \end{aligned}$$

The inequality remark in the last line follows from Jensen’s inequality.    \(\square \)