Single-Order RDP Privacy Regions

Updated 6 February 2026

The paper introduces single-order RDP privacy regions as optimal privacy-utility trade-offs characterized by bounding Rényi divergence at a fixed order.
It reveals that these regions are convex, symmetric, and extremally achieved by two-point mechanisms, simplifying privacy comparisons.
The work underpins efficient black-box conversions to f-DP and (ε,δ)-DP, impacting posterior sampling, subsampled Gaussian, and shuffle mechanism analyses.

A single-order RDP privacy region is the locus of optimal privacy-utility trade-offs determined by a mechanism’s Rényi Differential Privacy (RDP) guarantees at a fixed divergence order. It encodes the hypothesis-testing region—specifically, the attainable Type I and II error pairs—imposed by bounding RDP at a particular order and level. The theory of single-order RDP privacy regions provides both a geometric and an operational understanding of how moment-based privacy guarantees constrain statistical distinguishability, and establishes their role as the foundational building blocks in black-box conversions from RDP to more general hypothesis testing (e.g., $f$ -DP) or classical $(\epsilon,\delta)$ -DP frameworks.

1. Definition and Characterization of Single-Order RDP Privacy Regions

Let $\tau \geq 0.5$ denote the Rényi order and $\rho \geq 0$ the upper bound on the Rényi divergence. For every pair of adjacent databases, a mechanism is said to satisfy $(\tau, \rho)$ -RDP if

$D_\tau(P\,\|\,Q) \leq \rho \quad \text{and} \quad D_\tau(Q\,\|\,P) \leq \rho$

where $P$ and $Q$ are the output distributions under neighboring datasets. In the context of hypothesis testing, for every possible rejection region $S$ , one considers the induced Type I and II errors:

$\alpha = P(S), \qquad \beta = Q(S^c)$

The $\tau$ -order RDP privacy region $R_{D_\tau}(\rho)$ is

$R_{D_\tau}(\rho) = \bigl\{(\alpha, \beta) \in [0,1]^2 : D_\tau(\mathrm{Bern}(\alpha)\,\|\,\mathrm{Bern}(1-\beta)) \leq \rho, D_\tau(\mathrm{Bern}(1-\beta)\,\|\,\mathrm{Bern}(\alpha)) \leq \rho \bigr\}$

The lower boundary of this region, parameterized by $\alpha$ , is the trade-off function $f_{\tau,\rho}(\alpha)$ :

$f_{\tau,\rho}(\alpha) = \inf\{\beta : (\alpha,\beta) \in R_{D_\tau}(\rho)\}, \quad \alpha \in [0,1]$

For $\tau > 1$ , explicit analytic constraints are given by:

$\begin{cases} \alpha^\tau(1-\beta)^{1-\tau} + (1-\alpha)^\tau \beta^{1-\tau} \leq e^{(\tau-1)\rho} \ (1-\beta)^\tau \alpha^{1-\tau} + \beta^\tau (1-\alpha)^{1-\tau} \leq e^{(\tau-1)\rho} \end{cases}$

with analogous forms for $\tau = 1$ (KL-divergence) and $0 < \tau < 1$ (inequalities reverse).

2. Geometric and Structural Properties

The privacy region $R_{D_\tau}(\rho)$ is always convex and symmetric about the line $\alpha = \beta$ . The map $(\alpha, \beta) \mapsto (\mathrm{Bern}(\alpha), \mathrm{Bern}(1-\beta))$ is affine, and the Rényi divergence sublevel sets are convex in distribution space. Symmetry arises because the constraints are invariant under swapping the roles of $\alpha$ and $\beta$ . The fundamental result is that every boundary point of $R_{D_\tau}(\rho)$ is realized by a two-point (randomized response) mechanism, highlighting the sufficiency of binary mechanisms for extremal trade-offs and simplifying the analysis of attainable regions (Riess et al., 4 Feb 2026).

3. Role in Black-box Conversions and Optimality

The intersection of single-order RDP privacy regions across all $\tau \geq 0.5$ , given an RDP profile $\rho(\cdot)$ , yields the tightest hypothesis-testing guarantee (in the $f$ -DP sense) derivable solely from RDP accountants. More precisely, the attainable region is

$\mathcal{R}_{\text{joint}} = \bigcap_{\tau\geq 0.5} R_{D_\tau}(\rho(\tau))$

and the corresponding lower boundary is:

$f_{\rho(\cdot)}(\alpha) = \sup_{\tau \geq 0.5} f_{\tau, \rho(\tau)}(\alpha)$

Any black-box method for converting RDP guarantees to $f$ -DP (or $(\epsilon,\delta)$ -DP) trade-offs cannot uniformly improve upon $f_{\rho(\cdot)}(\alpha)$ . This optimality is universal and holds in the Blackwell sense (Riess et al., 4 Feb 2026). The result marks the mathematical limit of RDP-to- $f$ -DP conversion without knowledge of the internal mechanism.

4. Computational Aspects and Applications

Single-order privacy regions reduce the process of privacy accounting to computing explicit trade-off curves $f_{\tau, \rho(\tau)}$ , which are then combined pointwise over $\tau$ . This avoids complex variational calculus or loose union bounds. In practical privacy analysis workflows, the procedure is:

Evaluate (numerically or analytically) $f_{\tau, \rho(\tau)}(\alpha)$ for a grid of $\tau$ values.
Take the pointwise maximum to obtain $f_{\rho(\cdot)}(\alpha)$ .
For $(\epsilon,\delta)$ -DP conversion, many standard envelopes admit closed-form or efficient numerical evaluation (Mironov, 2017, Koskela et al., 2024).

This approach directly underpins privacy analysis in mechanisms such as:

Posterior sampling in Bayesian models, where the impact of the prior and data sensitivity is fully described by the single-order privacy region (Geumlek et al., 2017).
Subsampled mechanisms and analytical moments accountants for mechanisms such as the Subsampled Gaussian Mechanism (Wang et al., 2018, Mironov et al., 2019).
Shuffle models, where the privacy region informs both the privacy amplification attained under shuffling and the comparison to the central model (Liew et al., 2022).

5. Examples: Mechanisms and Single-Order Curves

In exponential-family posterior sampling, the achievable $(\alpha, \epsilon)$ points trace out a curve with vertical asymptotes determined by the prior; as the prior strengthens, the privacy region broadens and $\epsilon(\alpha)$ decreases. In the sampled Gaussian mechanism, the region is approximately linear: $\epsilon(\alpha) \approx q^2 \alpha / \sigma^2$ for small sampling rate $q$ and large scale $\sigma$ (Mironov et al., 2019). For shuffle mechanisms, single-order regions show a strict gain over the standard central Gaussian mechanism, with the RDP curve lying well below the corresponding non-shuffled bound (Liew et al., 2022).

6. Theoretical and Practical Implications

The geometric structure of single-order RDP privacy regions explains why two-point mechanisms are extremal and why cumulant-based summaries (as in moments accountants) are sufficient for privacy composition (Riess et al., 4 Feb 2026). For practitioners, these regions provide both auditing tools (e.g., verifying claims of $(\epsilon,\delta)$ -DP or $f$ -DP) and a pathway to arbitrarily tight numerical evaluation across complex mechanism compositions (Koskela et al., 2024).

Furthermore, the explicit region characterizes the tradeoff between privacy cost and robustness with respect to higher-order moments, facilitating informed choices along the privacy-utility frontier for specific application requirements.

7. Extensions and Future Directions

Recent developments explore:

Generalization to hypothesis testing beyond binary decisions and to $f$ -DP with arbitrary trade-off functions.
Direct profile accounting in large-scale and adaptive mechanisms (e.g., private selection, hyperparameter tuning), where single-order profiles enable substantial improvement over traditional RDP accounting by avoiding conversion-induced slack (Koskela et al., 2024).
Adaptive privacy accounting for parallel or data-dependent mechanisms, leveraging the modularity of single-order regions.

A plausible implication is that future mechanism designs may further exploit the modularity and tightness of single-order privacy regions, particularly in interactive or federated settings where compositions and privacy amplification effects are subtle and intricate.

References

"Optimal conversion from Rényi Differential Privacy to $f$ -Differential Privacy" (Riess et al., 4 Feb 2026)
"Subsampled Rényi Differential Privacy and Analytical Moments Accountant" (Wang et al., 2018)
"Rényi Differential Privacy Mechanisms for Posterior Sampling" (Geumlek et al., 2017)
"Privacy Profiles for Private Selection" (Koskela et al., 2024)
"Shuffle Gaussian Mechanism for Differential Privacy" (Liew et al., 2022)
"Rényi Differential Privacy of the Sampled Gaussian Mechanism" (Mironov et al., 2019)
"Renyi Differential Privacy" (Mironov, 2017)