On the information leakage of differentially-private mechanisms

Abstract : Differential privacy aims at protecting the privacy of participants in statistical databases. Roughly, a mechanism satisfies differential privacy if the presence or value of a single individual in the database does not significantly change the likelihood of obtaining a certain answer to any statistical query posed by a data analyst. Differentially-private mechanisms are often oblivious: first the query is processed on the database to produce a true answer, and then this answer is adequately randomized before being reported to the data analyst. Ideally, a mechanism should minimize leakage, i.e., obfuscate as much as possible the link between reported answers and individuals' data, while maximizing utility, i.e., report answers as similar as possible to the true ones. These two goals, however, are in conflict with each other, thus imposing a trade-off between privacy and utility. In this paper we use quantitative information flow principles to analyze leakage and utility in oblivious differentially-private mechanisms. We introduce a technique that exploits graph symmetries of the adjacency relation on databases to derive bounds on the min-entropy leakage of the mechanism. We consider a notion of utility based on identity gain functions, which is closely related to min-entropy leakage, and we derive bounds for it. Finally, given some graph symmetries, we provide a mechanism that maximizes utility while preserving the required level of differential privacy.
Complete list of metadatas

Cited literature [28 references]  Display  Hide  Download

https://hal.inria.fr/hal-00940425
Contributor : Konstantinos Chatzikokolakis <>
Submitted on : Tuesday, December 22, 2015 - 6:38:23 PM
Last modification on : Friday, June 28, 2019 - 2:48:03 PM
Long-term archiving on: Wednesday, March 23, 2016 - 2:12:22 PM

File

full(numbered_pages).pdf
Files produced by the author(s)

Identifiers

Citation

Mário Sérgio Alvim, Miguel E. Andrés, Konstantinos Chatzikokolakis, Pierpaolo Degano, Catuscia Palamidessi. On the information leakage of differentially-private mechanisms. Journal of Computer Security, IOS Press, 2015, 23 (4), pp.427-469. ⟨10.3233/JCS-150528⟩. ⟨hal-00940425v2⟩

Share

Metrics

Record views

985

Files downloads

724