Search papers, labs, and topics across Lattice.
This paper establishes principled mappings from pure differential privacy (DP) parameters to Gaussian differential privacy (GDP) parameters by analyzing the worst-case performance of membership inference attacks. By evaluating three key metrics—multiplicative advantage at fixed false positive rates, precision at fixed recall, and the standard privacy profile—the authors provide a comprehensive framework for selecting the $μ$ parameter in GDP. Their findings suggest that a conservative choice of $μ \approx \varepsilon/5$ can effectively balance privacy guarantees and practical utility in privacy-preserving machine learning applications.
Mapping pure differential privacy to Gaussian differential privacy reveals that a conservative $μ$ value can significantly enhance privacy without sacrificing performance.
Recent work argues for using Gaussian differential privacy (GDP) to report the privacy guarantees in privacy-preserving machine learning. We provide principled mappings from pure-DP $\varepsilon$ to GDP $μ$ by matching the worst-case success of a strong-adversary membership inference attack in terms of three metrics: multiplicative advantage at fixed FPR, precision at fixed recall, and the standard privacy profile. We tabulate $μ$ values across a useful range of parameters and recommend $μ\approx \varepsilon/5$ as a conservative general-purpose conversion.
