A unified view on differential privacy and robustness to adversarial examples
This work provides a unified framework for researchers in trustworthy machine learning, though it is incremental as it builds on existing definitions without new empirical results.
The paper connects differential privacy and adversarial robustness by showing they share a common theoretical foundation based on probabilistic mappings and Renyi divergence, enabling transfer of results between these fields.
This short note highlights some links between two lines of research within the emerging topic of trustworthy machine learning: differential privacy and robustness to adversarial examples. By abstracting the definitions of both notions, we show that they build upon the same theoretical ground and hence results obtained so far in one domain can be transferred to the other. More precisely, our analysis is based on two key elements: probabilistic mappings (also called randomized algorithms in the differential privacy community), and the Renyi divergence which subsumes a large family of divergences. We first generalize the definition of robustness against adversarial examples to encompass probabilistic mappings. Then we observe that Renyi-differential privacy (a generalization of differential privacy recently proposed in~\cite{Mironov2017RenyiDP}) and our definition of robustness share several similarities. We finally discuss how can both communities benefit from this connection to transfer technical tools from one research field to the other.