Abstract:We study black-box auditing for machine learning algorithms that claim R \ 'enyi differential privacy (RDP) guarantees. We introduce an auditing framework, based on hypothesis testing, that directly estimates Rényi divergence between neighboring executions using the Donsker-Varadhan (DV) variational estimator. Our analysis yields explicit and non-asymptotic confidence intervals for RDP auditing via class-restricted DV estimators, separating statistical estimation error from algorithmic privacy leakage. We prove matching minimax lower bounds showing that, up to logarithmic factors, our sample-complexity guarantees are information-theoretically optimal, thereby establishing the first optimal guarantees for auditing RDP via DV estimators. Empirically, we instantiate our framework for auditing DP-SGD in a fully black-box setting. Across MNIST and CIFAR-10, and over a wide range of privacy regimes, our auditors produce a strong overall improvement on empirical RDP lower bounds compared to prior state-of-the-art black-box methods especially at small and moderate Rényi orders where accurate auditing is most challenging.
| Comments: | 28 pages, 3 figures |
| Subjects: | Machine Learning (cs.LG); Cryptography and Security (cs.CR); Information Theory (cs.IT) |
| Cite as: | arXiv:2605.21938 [cs.LG] |
| (or arXiv:2605.21938v1 [cs.LG] for this version) | |
| https://doi.org/10.48550/arXiv.2605.21938 arXiv-issued DOI via DataCite (pending registration) |
From: Benjamin D. Kim [view email]
[v1]
Thu, 21 May 2026 03:18:09 UTC (219 KB)
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。