Chernoff Information as a Privacy Constraint for Adversarial Classification and Membership Advantage

This work investigates a privacy metric based on Chernoff information motivated by its importance in characterizing the optimal classifier's performance. Adversarial classification centers on minimizing the probability of error when deciding between two classes in the binary setting. Classical hypothesis testing treats false alarm and mis-detection probabilities separately, resulting in asymmetric optimal error exponents. Here, we instead characterize the relationship between $\varepsilon-$differential privacy (DP), the optimal error exponent of one error probability conditioned on the other, and the optimal average error exponent. Thus, we re-derive Chernoff DP in connection with $\varepsilon-$DP using the Radon-Nikodym derivative and establish its relationship with Kullback-Leibler (KL) DP to prove that Chernoff DP is sandwiched between the two. We then present numerical evaluations demonstrating that Chernoff information outperforms the KL divergence as a function of the privacy parameter, particularly in capturing the impact of adversarial attacks under Laplace mechanisms. Finally, we upper bound the adversary's advantage in membership inference attacks based on Chernoff DP and numerically compare its performance with existing bounds. We re-derive Chernoff DP in connection with $\varepsilon-$DP using the Radon-Nikodym derivative, and prove its relation with KL-DP. Subsequently, we present numerical evaluation results, which demonstrates that Chernoff information outperforms KL divergence as a function of the privacy parameter $\varepsilon$ and the impact of the adversary's attack in Laplace mechanisms. Lastly, we introduce a new upper bound on adversary's membership advantage in membership inference attacks using Chernoff DP and numerically compare its performance with existing alternatives based on $(\varepsilon,δ)-$DP in the literature.