Reasoning about Divergences for Relaxations of Differential Privacy

10/24/2017

∙

by   Tetsuya Sato, et al.

∙

0

∙

share

We develop a semantics framework for verifying recent relaxations of differential privacy: Rényi differential privacy and zero-concentrated differential privacy. Both notions require a bound on a particular statistical divergence between two probability distributions. In order to reason about such properties compositionally, we introduce approximate span-liftings, generalizing approximate relational liftings previously developed for standard differential privacy to a more general class of divergences, and to continuous distributions. To enable verification of possibly non-terminating programs, our framework supports generalized divergences between subprobability measures. As a concrete application, we use approximate span-liftings to develop a program logic that can prove relaxations of differential privacy and other probabilistic properties based on statistical