The Gaussian Mechanism (GM), which consists in adding Gaussian noise to a vector-valued query before releasing it, is a standard privacy protection mechanism. In particular, given that the query respects some L2 sensitivity property (the L2 distance between outputs on any two neighboring inputs is bounded), GM guarantees R\'enyi Differential Privacy (RDP). Unfortunately, precisely bounding the L2 sensitivity can be hard, thus leading to loose privacy bounds. In this work, we consider a Relative L2 sensitivity assumption, in which the bound on the distance between two query outputs may also depend on their norm. Leveraging this assumption, we introduce the Relative Gaussian Mechanism (RGM), in which the variance of the noise depends on the norm of the output. We prove tight bounds on the RDP parameters under relative L2 sensitivity, and characterize the privacy loss incurred by using output-dependent noise. In particular, we show that RGM naturally adapts to a latent variable that would control the norm of the output. Finally, we instantiate our framework to show tight guarantees for Private Gradient Descent, a problem that naturally fits our relative L2 sensitivity assumption.

翻译：高斯机制（Gaussian Mechanism, GM）通过向向量值查询结果添加高斯噪声实现隐私保护，是标准的隐私保护机制。具体而言，当查询满足某种L2灵敏度性质（任意两个相邻输入输出之间的L2距离存在上界）时，GM可保证Rényi差分隐私（RDP）。然而，精确界定L2灵敏度往往存在困难，导致隐私界限过于宽松。本文考虑相对L2灵敏度假设，即两个查询输出之间的距离上界可能依赖于其范数。基于该假设，我们提出相对高斯机制（Relative Gaussian Mechanism, RGM），其噪声方差取决于输出范数。我们证明了在相对L2灵敏度条件下RDP参数的紧界，并刻画了使用输出相关噪声造成的隐私损失。特别地，RGM可自适应于控制输出范数的隐变量。最后，我们通过实例化框架展示了面向私有梯度下降（Private Gradient Descent）的紧致保证，该问题天然符合相对L2灵敏度假设。