Differential privacy is increasingly formalized through the lens of hypothesis testing via the robust and interpretable $f$-DP framework, where privacy guarantees are encoded by a baseline Blackwell trade-off function $f_{\infty} = T(P_{\infty}, Q_{\infty})$ involving a pair of distributions $(P_{\infty}, Q_{\infty})$. The problem of choosing the right privacy metric in practice leads to a central question: what is a statistically appropriate baseline $f_{\infty}$ given some prior modeling assumptions? The special case of Gaussian differential privacy (GDP) showed that, under compositions of nearly perfect mechanisms, these trade-off functions exhibit a central limit behavior with a Gaussian limit experiment. Inspired by Le Cam's theory of limits of statistical experiments, we answer this question in full generality in an infinitely divisible setting. We show that suitable composition experiments $(P_n^{\otimes n}, Q_n^{\otimes n})$ converge to a binary limit experiment $(P_{\infty}, Q_{\infty})$ whose log-likelihood ratio $L = \log(dQ_{\infty} / dP_{\infty})$ is infinitely divisible under $P_{\infty}$. Thus any limiting trade-off function $f_{\infty}$ is determined by an infinitely divisible law $P_{\infty}$, characterized by its Levy--Khintchine triplet, and its Esscher tilt defined by $dQ_{\infty}(x) = e^{x} dP_{\infty}(x)$. This characterizes all limiting baseline trade-off functions $f_{\infty}$ arising from compositions of nearly perfect differentially private mechanisms. Our framework recovers GDP as the purely Gaussian case and yields explicit non-Gaussian limits, including Poisson examples. It also positively resolves the empirical $s^2 = 2k$ phenomenon observed in the GDP paper and provides an optimal mechanism for count statistics achieving asymmetric Poisson differential privacy.

翻译：差分隐私日益通过假设检验的视角在鲁棒且可解释的 $f$-DP 框架中被形式化，其中隐私保障由涉及一对分布 $(P_{\infty}, Q_{\infty})$ 的基线 Blackwell 权衡函数 $f_{\infty} = T(P_{\infty}, Q_{\infty})$ 编码。在实践中选择合适隐私度量的问题引出了一个核心问题：给定某些先验建模假设，什么是统计上恰当的基线 $f_{\infty}$？高斯差分隐私（GDP）的特殊情况表明，在近乎完美机制的复合下，这些权衡函数表现出具有高斯极限实验的中心极限行为。受 Le Cam 统计实验极限理论的启发，我们在无限可分设定下全面回答了这一问题。我们证明，合适的复合实验 $(P_n^{\otimes n}, Q_n^{\otimes n})$ 收敛于一个二元极限实验 $(P_{\infty}, Q_{\infty})$，其对数似然比 $L = \log(dQ_{\infty} / dP_{\infty})$ 在 $P_{\infty}$ 下是无限可分的。因此，任何极限权衡函数 $f_{\infty}$ 由一个无限可分律 $P_{\infty}$ 决定，该律由其 Lévy–Khintchine 三元组表征，并由 $dQ_{\infty}(x) = e^{x} dP_{\infty}(x)$ 定义的 Esscher 倾斜所刻画。这刻画了所有由近乎完美差分隐私机制复合产生的极限基线权衡函数 $f_{\infty}$。我们的框架将 GDP 恢复为纯高斯情形，并推导出显式的非高斯极限，包括泊松示例。它还实证地解决了 GDP 论文中观察到的 $s^2 = 2k$ 现象，并为实现非对称泊松差分隐私的计数统计提供了最优机制。