TY - JOUR
T1 - Tunable Measures for Information Leakage and Applications to Privacy-Utility Tradeoffs
AU - Liao, Jiachun
AU - Kosut, Oliver
AU - Sankar, Lalitha
AU - Du Pin Calmon, Flavio
N1 - Funding Information:
Manuscript received September 24, 2018; revised April 29, 2019; accepted August 1, 2019. Date of publication August 16, 2019; date of current version November 20, 2019. This work was supported in part by the National Science Foundation under Grants CCF-1422358, CCF-1350914, CIF-1815361, and CIF-1901243. This article was presented in part at the 2018 IEEE International Symposium on Information Theory and Information Theory Workshop. J. Liao, O. Kosut, and L. Sankar are with Arizona State University, Tempe, AZ 85281 USA (e-mail: jiachun.liao@asu.edu). F. du Pin Calmon is with Harvard University, Cambridge, MA USA. Communicated by S. Watanabe, Associate Editor for Shannon Theory. Color versions of one or more of the figures in this article are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TIT.2019.2935768
Publisher Copyright:
© 1963-2012 IEEE.
PY - 2019/12
Y1 - 2019/12
N2 - We introduce a tunable measure for information leakage called maximal α -leakage. This measure quantifies the maximal gain of an adversary in inferring any (potentially random) function of a dataset from a release of the data. The inferential capability of the adversary is, in turn, quantified by a class of adversarial loss functions that we introduce as α -loss, α in [1,∞) cup ∞ . The choice of α determines the specific adversarial action and ranges from refining a belief (about any function of the data) for α =1 to guessing the most likely value for α = ∞ while refining the α th moment of the belief for α in between. Maximal α -leakage then quantifies the adversarial gain under α -loss over all possible functions of the data. In particular, for the extremal values of α =1and α =∞ , maximal α -leakage simplifies to mutual information and maximal leakage, respectively. For α in (1,∞) this measure is shown to be the Arimoto channel capacity of order α . We show that maximal α -leakage satisfies data processing inequalities and a sub-additivity property thereby allowing for a weak composition result. Building upon these properties, we use maximal α -leakage as the privacy measure and study the problem of data publishing with privacy guarantees, wherein the utility of the released data is ensured via a hard distortion constraint. Unlike average distortion, hard distortion provides a deterministic guarantee of fidelity. We show that under a hard distortion constraint, for α >1 the optimal mechanism is independent of α , and therefore, the resulting optimal tradeoff is the same for all values of α >1. Finally, the tunability of maximal α -leakage as a privacy measure is also illustrated for binary data with average Hamming distortion as the utility measure.
AB - We introduce a tunable measure for information leakage called maximal α -leakage. This measure quantifies the maximal gain of an adversary in inferring any (potentially random) function of a dataset from a release of the data. The inferential capability of the adversary is, in turn, quantified by a class of adversarial loss functions that we introduce as α -loss, α in [1,∞) cup ∞ . The choice of α determines the specific adversarial action and ranges from refining a belief (about any function of the data) for α =1 to guessing the most likely value for α = ∞ while refining the α th moment of the belief for α in between. Maximal α -leakage then quantifies the adversarial gain under α -loss over all possible functions of the data. In particular, for the extremal values of α =1and α =∞ , maximal α -leakage simplifies to mutual information and maximal leakage, respectively. For α in (1,∞) this measure is shown to be the Arimoto channel capacity of order α . We show that maximal α -leakage satisfies data processing inequalities and a sub-additivity property thereby allowing for a weak composition result. Building upon these properties, we use maximal α -leakage as the privacy measure and study the problem of data publishing with privacy guarantees, wherein the utility of the released data is ensured via a hard distortion constraint. Unlike average distortion, hard distortion provides a deterministic guarantee of fidelity. We show that under a hard distortion constraint, for α >1 the optimal mechanism is independent of α , and therefore, the resulting optimal tradeoff is the same for all values of α >1. Finally, the tunability of maximal α -leakage as a privacy measure is also illustrated for binary data with average Hamming distortion as the utility measure.
KW - Arimoto mutual information
KW - Mutual information
KW - Sibson mutual information
KW - f -divergence
KW - hard distortion
KW - maximal a-leakage
KW - maximal leakage
KW - privacy-utility tradeoff
UR - http://www.scopus.com/inward/record.url?scp=85077365949&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85077365949&partnerID=8YFLogxK
U2 - 10.1109/TIT.2019.2935768
DO - 10.1109/TIT.2019.2935768
M3 - Article
AN - SCOPUS:85077365949
SN - 0018-9448
VL - 65
SP - 8043
EP - 8066
JO - IEEE Transactions on Information Theory
JF - IEEE Transactions on Information Theory
IS - 12
M1 - 8804205
ER -