The Gaussian Mechanism (GM), which consists in adding Gaussian noise to a vector-valued query before releasing it, is a standard privacy protection mechanism. In particular, given that the query respects some L2 sensitivity property (the L2 distance between outputs on any two neighboring inputs is bounded), GM guarantees R\'enyi Differential Privacy (RDP). Unfortunately, precisely bounding the L2 sensitivity can be hard, thus leading to loose privacy bounds. In this work, we consider a Relative L2 sensitivity assumption, in which the bound on the distance between two query outputs may also depend on their norm. Leveraging this assumption, we introduce the Relative Gaussian Mechanism (RGM), in which the variance of the noise depends on the norm of the output. We prove tight bounds on the RDP parameters under relative L2 sensitivity, and characterize the privacy loss incurred by using output-dependent noise. In particular, we show that RGM naturally adapts to a latent variable that would control the norm of the output. Finally, we instantiate our framework to show tight guarantees for Private Gradient Descent, a problem that naturally fits our relative L2 sensitivity assumption.

翻译：高斯机制（GM）通过向向量值查询结果添加高斯噪声后再发布，是一种标准的隐私保护机制。具体而言，当查询满足某种L2敏感度性质（即任意两个相邻输入上的输出之间的L2距离有界）时，GM能保证Rényi差分隐私（RDP）。然而，精确界定L2敏感度往往较为困难，导致隐私界过于宽松。本文考虑一种相对L2敏感度假设，即两个查询输出之间的距离上界可能同时依赖于它们的范数。基于此假设，我们提出相对高斯机制（RGM），其中噪声方差取决于输出的范数。我们证明了相对L2敏感度下RDP参数的紧界，并刻画了使用依赖输出的噪声所导致的隐私损失。特别地，研究表明RGM能自适应地调整到控制输出范数的潜在变量。最后，我们将提出的框架实例化，为自然满足相对L2敏感度假设的私有梯度下降问题提供紧隐私保证。