We investigate semantic guarantees of private learning algorithms for their resilience to training Data Reconstruction Attacks (DRAs) by informed adversaries. To this end, we derive non-asymptotic minimax lower bounds on the adversary's reconstruction error against learners that satisfy differential privacy (DP) and metric differential privacy (mDP). Furthermore, we demonstrate that our lower bound analysis for the latter also covers the high dimensional regime, wherein, the input data dimensionality may be larger than the adversary's query budget. Motivated by the theoretical improvements conferred by metric DP, we extend the privacy analysis of popular deep learning algorithms such as DP-SGD and Projected Noisy SGD to cover the broader notion of metric differential privacy.

翻译：我们研究了私有学习算法在面对知情对手的训练数据重构攻击时的语义保证。为此，我们针对满足差分隐私和度量差分隐私的学习器，推导了对手重构误差的非渐近极小化下界。此外，我们证明针对后者的下界分析同样适用于高维场景，即输入数据维度可能超过对手的查询预算。受度量差分隐私在理论上带来的改进启发，我们将DP-SGD和投影噪声SGD等流行深度学习算法的隐私分析扩展到了更广泛的度量差分隐私概念。