Noise perturbation is one of the most fundamental approaches for achieving $(ε,δ)$-differential privacy (DP) guarantees when releasing the result of a query or function $f(\cdot)\in\mathbb{R}^M$ evaluated on a sensitive dataset $\mathbf{x}$. In this approach, calibrated noise $\mathbf{n}\in\mathbb{R}^M$ is used to obscure the difference vector $f(\mathbf{x})-f(\mathbf{x}')$, where $\mathbf{x}'$ is known as a neighboring dataset. A DP guarantee is obtained by studying the tail probability bound of a privacy loss random variable (PLRV), defined as the Radon-Nikodym derivative between two distributions. When $\mathbf{n}$ follows a multivariate Gaussian distribution, the PLRV is characterized as a specific univariate Gaussian. In this paper, we propose a novel scheme to generate $\mathbf{n}$ by leveraging the fact that the perturbation noise is typically spherically symmetric (i.e., the distribution is rotationally invariant around the origin). The new noise generation scheme allows us to investigate the privacy loss from a geometric perspective and express the resulting PLRV using a product measure, $W\times U$; measure $W$ is related to a radius random variable controlling the magnitude of $\mathbf{n}$, while measure $U$ involves a directional random variable governing the angle between $\mathbf{n}$ and the difference $f(\mathbf{x})-f(\mathbf{x}')$. We derive a closed-form moment bound on the product measure to prove $(ε,δ)$-DP. Under the same $(ε,δ)$-DP guarantee, our mechanism yields a smaller expected noise magnitude than the classic Gaussian noise in high dimensions, thereby significantly improving the utility of the noisy result $f(\mathbf{x})+\mathbf{n}$. To validate this, we consider convex and non-convex empirical risk minimization (ERM) problems in high dimensional space and apply the proposed product noise to achieve privacy.

翻译：噪声扰动是在发布敏感数据集 $\mathbf{x}$ 上查询或函数 $f(\cdot)\in\mathbb{R}^M$ 的评估结果时，实现 $(ε,δ)$-差分隐私（DP）保证的最基本方法之一。该方法通过校准噪声 $\mathbf{n}\in\mathbb{R}^M$ 来掩盖差分向量 $f(\mathbf{x})-f(\mathbf{x}')$，其中 $\mathbf{x}'$ 称为相邻数据集。通过研究隐私损失随机变量（PLRV）的尾概率界获得DP保证，该变量定义为两个分布间的Radon-Nikodym导数。当 $\mathbf{n}$ 服从多元高斯分布时，PLRV可表征为特定的单变量高斯分布。本文提出一种新颖的噪声生成方案，该方案利用扰动噪声通常具有球对称性（即分布绕原点旋转不变）的特性。新的噪声生成机制使我们能够从几何角度研究隐私损失，并使用乘积测度 $W\times U$ 表达所得的PLRV；测度 $W$ 与控制 $\mathbf{n}$ 幅度的半径随机变量相关，而测度 $U$ 涉及控制 $\mathbf{n}$ 与差分 $f(\mathbf{x})-f(\mathbf{x}')$ 之间夹角的方向随机变量。我们推导了乘积测度的闭式矩界以证明 $(ε,δ)$-DP。在相同的 $(ε,δ)$-DP保证下，我们的机制在高维空间中比经典高斯噪声产生更小的期望噪声幅度，从而显著提升噪声化结果 $f(\mathbf{x})+\mathbf{n}$ 的效用。为验证此结论，我们考虑高维空间中的凸与非凸经验风险最小化（ERM）问题，并应用所提出的乘积噪声实现隐私保护。