On the relation between differential privacy and quantitative information flow
From MaRDI portal
Publication:3012909
Abstract: Differential privacy is a notion that has emerged in the community of statistical databases, as a response to the problem of protecting the privacy of the database's participants when performing statistical queries. The idea is that a randomized query satisfies differential privacy if the likelihood of obtaining a certain answer for a database is not too different from the likelihood of obtaining the same answer on adjacent databases, i.e. databases which differ from for only one individual. Information flow is an area of Security concerned with the problem of controlling the leakage of confidential information in programs and protocols. Nowadays, one of the most established approaches to quantify and to reason about leakage is based on the R'enyi min entropy version of information theory. In this paper, we analyze critically the notion of differential privacy in light of the conceptual framework provided by the R'enyi min information theory. We show that there is a close relation between differential privacy and leakage, due to the graph symmetries induced by the adjacency relation. Furthermore, we consider the utility of the randomized answer, which measures its expected degree of accuracy. We focus on certain kinds of utility functions called "binary", which have a close correspondence with the R'enyi min mutual information. Again, it turns out that there can be a tight correspondence between differential privacy and utility, depending on the symmetries induced by the adjacency relation and by the query. Depending on these symmetries we can also build an optimal-utility randomization mechanism while preserving the required level of differential privacy. Our main contribution is a study of the kind of structures that can be induced by the adjacency relation and the query, and how to use them to derive bounds on the leakage and achieve the optimal utility.
Recommendations
Cites work
- Asymptotic information leakage under one-try attacks
- Compositional Methods for Information-Hiding
- Compositional closure for Bayes risk in probabilistic noninterference
- Computing the leakage of information-hiding systems
- Differential Privacy
- Differential privacy and robust statistics
- Differential privacy in new settings
- On the Foundations of Quantitative Information Flow
- Quantification of integrity
- Quantitative notions of leakage for one-try attacks
- Universally utility-maximizing privacy mechanisms
Cited in
(8)- Information-theoretic foundations of differential privacy
- scientific article; zbMATH DE number 1941236 (Why is no real title available?)
- Generalized differential privacy: regions of priors that admit robust optimal mechanisms
- Quantitative information flow and applications to differential privacy
- Worst- and average-case privacy breaches in randomization mechanisms
- Proving that programs are differentially private
- Thermodynamic aspects of confidentiality
- Worst- and average-case privacy breaches in randomization mechanisms
This page was built for publication: On the relation between differential privacy and quantitative information flow
Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q3012909)
