Differential privacy is a widely used notion of security that enables the processing of sensitive information. In short, differentially private algorithms map "neighbouring" inputs to close output distributions. Prior work proposed several quantum extensions of differential privacy, each of them built on substantially different notions of neighbouring quantum states. In this paper, we propose a novel and general definition of neighbouring quantum states. We demonstrate that this definition captures the underlying structure of quantum encodings and can be used to provide exponentially tighter privacy guarantees for quantum measurements. Our approach combines the addition of classical and quantum noise and is motivated by the noisy nature of near-term quantum devices. Moreover, we also investigate an alternative setting where we are provided with multiple copies of the input state. In this case, differential privacy can be ensured with little loss in accuracy combining concentration of measure and noise-adding mechanisms. En route, we prove the advanced joint convexity of the quantum hockey-stick divergence and we demonstrate how this result can be applied to quantum differential privacy. Finally, we complement our theoretical findings with an empirical estimation of the certified adversarial robustness ensured by differentially private measurements.

翻译：差分隐私是一种广泛使用的安全概念，允许对敏感信息进行处理。简而言之，差分隐私算法将“相邻”输入映射到相近的输出分布。先前的工作提出了几种差分隐私的量子扩展，每一种都建立在截然不同的相邻量子态概念之上。在本文中，我们提出了一种新颖且通用的相邻量子态定义。我们证明，该定义捕捉了量子编码的底层结构，并可用于为量子测量提供指数级更严格的隐私保证。我们的方法结合了经典噪声和量子噪声的添加，其动机源于近量子设备的噪声特性。此外，我们还研究了另一种场景，即我们拥有输入态的多个副本。在这种情况下，通过结合集中度测量和噪声添加机制，可以在精度损失很小的情况下确保差分隐私。在此过程中，我们证明了量子曲棍球棒散度的高级联合凸性，并展示了该结果如何应用于量子差分隐私。最后，我们通过实验估计了差分隐私测量所确保的认证对抗鲁棒性，从而补充了我们的理论发现。