Differential privacy (DP) is a formal notion that restricts the privacy leakage of an algorithm when running on sensitive data, in which privacy-utility trade-off is one of the central problems in private data analysis. In this work, we investigate the fundamental limits of differential privacy in online learning algorithms and present evidence that separates three types of constraints: no DP, pure DP, and approximate DP. We first describe a hypothesis class that is online learnable under approximate DP but not online learnable under pure DP under the adaptive adversarial setting. This indicates that approximate DP must be adopted when dealing with adaptive adversaries. We then prove that any private online learner must make an infinite number of mistakes for almost all hypothesis classes. This essentially generalizes previous results and shows a strong separation between private and non-private settings since a finite mistake bound is always attainable (as long as the class is online learnable) when there is no privacy requirement.

翻译：差分隐私（DP）是一种形式化概念，用于限制算法在敏感数据上运行时的隐私泄露，其中隐私-效用权衡是私有数据分析的核心问题之一。本文研究了在线学习算法中差分隐私的基本理论极限，并提出了区分三类约束条件的证据：无DP、纯DP和近似DP。我们首先描述了一个假设类，该假设类在近似DP条件下可在线学习，但在自适应对抗环境下无法在纯DP条件下实现在线学习。这表明处理自适应对手时必须采用近似DP。随后我们证明，对于几乎所有假设类，任何私有在线学习器必然产生无限次错误预测。这一结论本质上推广了先前的研究结果，并揭示了私有与非私有设置之间的显著分离——因为在无隐私要求时，只要假设类可在线学习，总能获得有限错误界。