Bayes Security: A Not So Average Metric

TL;DR

Bayes security introduces a threat-specific, prior-independent metric $\beta^*(\mathcal{C})$ that captures the worst-case risk for the two most vulnerable secrets via the ratio of Bayes risk to random-guessing error. It characterizes $\beta^*$ as the complement of the diameter (in total variation) between channel rows, enabling intuitive interpretation and analytical bounds. The work develops compositionality results for parallel and cascade compositions, relates $\beta^*$ to cryptographic advantage and differential privacy, and provides concrete case studies for Randomized Response, Laplace, and Gaussian mechanisms. It also offers practical methods for estimating $\beta^*$ in white-box and black-box settings, including domain-guided pruning and efficient diameter computations, illustrating Bayes security as a midpoint between average- and worst-case notions with clear utility-security tradeoffs for real-world threat models.

Abstract

Security system designers favor worst-case security metrics, such as those derived from differential privacy (DP), due to the strong guarantees they provide. On the downside, these guarantees result in a high penalty on the system's performance. In this paper, we study Bayes security, a security metric inspired by the cryptographic advantage. Similarly to DP, Bayes security i) is independent of an adversary's prior knowledge, ii) it captures the worst-case scenario for the two most vulnerable secrets (e.g., data records); and iii) it is easy to compose, facilitating security analyses. Additionally, Bayes security iv) can be consistently estimated in a black-box manner, contrary to DP, which is useful when a formal analysis is not feasible; and v) provides a better utility-security trade-off in high-security regimes because it quantifies the risk for a specific threat model as opposed to threat-agnostic metrics such as DP. We formulate a theory around Bayes security, and we provide a thorough comparison with respect to well-known metrics, identifying the scenarios where Bayes Security is advantageous for designers.

Figures (8)

• Figure 1: Posterior probability distribution for 5 secrets obfuscated with a two-dimensional Laplace. The Bayes security metric is the complement of the total variation distance between the posterior of the most distinguishable secrets (shown in red).
• Figure 2: Security games for $\beta^{*}$ (left) and LDP (right).
• Figure 3: Two examples of $n\times m$ matrices $\mathcal{C}\xspace^*\xspace$ which achieve minimum $\beta$ value $\beta^{*}\xspace(\mathcal{C}\xspace^*\xspace)=\frac{2}{1+\exp(\varepsilon)}$. In the first matrix: $a = \frac{\exp(\varepsilon)}{k(1+\exp(\varepsilon))}$, $b = \frac{1}{(m-k)(1+\exp(\varepsilon))}$ and $c= \frac{1}{m}$. In the second matrix: $d = \frac{\exp(\varepsilon)}{ 1+\exp(\varepsilon)}$ and $e = \frac{1}{ 1+\exp(\varepsilon)}$.
• Figure 4: The blue line illustrates the lower bound of $\varepsilon$-DP on $\beta$ expressed by Corollary \ref{['cor:BoundOnBayes']}). The orange line represents the lower bound on $\beta$ derived from the one proved in Yeom et al. yeom2018privacy for the advantage of a membership inference adversary.
• Figure 5: Tightness of the bounds on Bayes security and multiplicative leakage with respect to sparsity. Note that, because the two metrics have different scales, these plots are useful to compare their behavior, and not their actual values.

Theorems & Definitions (44)

• Theorem 1
• Theorem 2
• Theorem 3
• Proposition 1
• proof
• Theorem 4
• Theorem 5
• Proposition 2
• Theorem 6: From Alvim:15:JCS, Theorem 15
• Corollary 1