-
Information Density Bounds for Privacy
Authors:
Sara Saeidian,
Leonhard Grosse,
Parastoo Sadeghi,
Mikael Skoglund,
Tobias J. Oechtering
Abstract:
This paper explores the implications of guaranteeing privacy by imposing a lower bound on the information density between the private and the public data. We introduce an operationally meaningful privacy measure called pointwise maximal cost (PMC) and demonstrate that imposing an upper bound on PMC is equivalent to enforcing a lower bound on the information density. PMC quantifies the information…
▽ More
This paper explores the implications of guaranteeing privacy by imposing a lower bound on the information density between the private and the public data. We introduce an operationally meaningful privacy measure called pointwise maximal cost (PMC) and demonstrate that imposing an upper bound on PMC is equivalent to enforcing a lower bound on the information density. PMC quantifies the information leakage about a secret to adversaries who aim to minimize non-negative cost functions after observing the outcome of a privacy mechanism. When restricted to finite alphabets, PMC can equivalently be defined as the information leakage to adversaries aiming to minimize the probability of incorrectly guessing randomized functions of the secret. We study the properties of PMC and apply it to standard privacy mechanisms to demonstrate its practical relevance. Through a detailed examination, we connect PMC with other privacy measures that impose upper or lower bounds on the information density. Our results highlight that lower bounding the information density is a more stringent requirement than upper bounding it. Overall, our work significantly bridges the gaps in understanding the relationships between various privacy frameworks and provides insights for selecting a suitable framework for a given application.
△ Less
Submitted 1 July, 2024;
originally announced July 2024.
-
Quantifying Privacy via Information Density
Authors:
Leonhard Grosse,
Sara Saeidian,
Parastoo Sadeghi,
Tobias J. Oechtering,
Mikael Skoglund
Abstract:
We examine the relationship between privacy metrics that utilize information density to measure information leakage between a private and a disclosed random variable. Firstly, we prove that bounding the information density from above or below in turn implies a lower or upper bound on the information density, respectively. Using this result, we establish new relationships between local information…
▽ More
We examine the relationship between privacy metrics that utilize information density to measure information leakage between a private and a disclosed random variable. Firstly, we prove that bounding the information density from above or below in turn implies a lower or upper bound on the information density, respectively. Using this result, we establish new relationships between local information privacy, asymmetric local information privacy, pointwise maximal leakage and local differential privacy. We further provide applications of these relations to privacy mechanism design. Furthermore, we provide statements showing the equivalence between a lower bound on information density and risk-averse adversaries. More specifically, we prove an equivalence between a guessing framework and a cost-function framework that result in the desired lower bound on the information density.
△ Less
Submitted 20 February, 2024;
originally announced February 2024.
-
Extremal Mechanisms for Pointwise Maximal Leakage
Authors:
Leonhard Grosse,
Sara Saeidian,
Tobias Oechtering
Abstract:
Data publishing under privacy constraints can be achieved with mechanisms that add randomness to data points when released to an untrusted party, thereby decreasing the data's utility. In this paper, we analyze this privacy-utility tradeoff for the pointwise maximal leakage privacy measure and a general class of convex utility functions. Pointwise maximal leakage (PML) was recently proposed as an…
▽ More
Data publishing under privacy constraints can be achieved with mechanisms that add randomness to data points when released to an untrusted party, thereby decreasing the data's utility. In this paper, we analyze this privacy-utility tradeoff for the pointwise maximal leakage privacy measure and a general class of convex utility functions. Pointwise maximal leakage (PML) was recently proposed as an operationally meaningful privacy measure based on two equivalent threat models: An adversary guessing a randomized function and an adversary aiming to maximize a general gain function. We study the behavior of the randomized response mechanism designed for local differential privacy under different prior distributions of the private data. Motivated by the findings of this analysis, we derive several closed-form solutions for the optimal privacy-utility tradeoff in the presented PML context using tools from convex analysis. Finally, we present a linear program that can compute optimal mechanisms for PML in a general setting.
△ Less
Submitted 12 October, 2023; v1 submitted 11 October, 2023;
originally announced October 2023.