On-Average KL-Privacy and its equivalence to Generalization for Max-Entropy Mechanisms
This work addresses privacy and generalization challenges in machine learning, offering a new theoretical framework that is incremental but broadens applicability for researchers and practitioners.
The paper introduces On-Average KL-Privacy, a weaker alternative to differential privacy that retains key properties like composition and post-processing closeness, and proves it is equivalent to generalization for mechanisms based on Gibbs distributions, with a byproduct lower bound on generalization error in terms of mutual information.
We define On-Average KL-Privacy and present its properties and connections to differential privacy, generalization and information-theoretic quantities including max-information and mutual information. The new definition significantly weakens differential privacy, while preserving its minimalistic design features such as composition over small group and multiple queries as well as closeness to post-processing. Moreover, we show that On-Average KL-Privacy is **equivalent** to generalization for a large class of commonly-used tools in statistics and machine learning that samples from Gibbs distributions---a class of distributions that arises naturally from the maximum entropy principle. In addition, a byproduct of our analysis yields a lower bound for generalization error in terms of mutual information which reveals an interesting interplay with known upper bounds that use the same quantity.