List Privacy Under Function Recoverability
Ajaykrishnan Nageswaran, Prakash Narayan
TL;DR
This work studies list privacy in the context of function-recoverability: a user releases a randomized query response $F(X)$ that permits recovery of the function value $f(X)$ with probability at least $\rho$ while aiming to minimize the probability that an adversary can identify an $l$-sized list containing the data $X$. It defines a likelihood-based list privacy metric $\pi^{(l)}(\rho)$, derives a general converse upper bound $\pi_u^{(l)}(\rho)$, and shows tightness of this bound for binary-valued $f$ via an add-noise mechanism $F(X)=f(X)+N \bmod 2$. The analysis relies on MAP-based list estimators and a construction parameter $\Lambda_{\rho}$ that captures the mix between high-probability elements in $\mathcal X$ and within each preimage $f^{-1}(i)$, with the privacy bound being piecewise affine in $\rho$. While the binary case is resolved, the exact characterization for nonbinary $f$ remains open, with a conjecture that the upper bound is tight and questions about the form of optimal $\rho$-QRs beyond add-noise. Overall, the paper advances an information-theoretic view of privacy under controlled function-recoverability, connecting recoverability constraints to stringent list-based privacy guarantees.
Abstract
For a given function of user data, a querier must recover with at least a prescribed probability, the value of the function based on a user-provided query response. Subject to this requirement, the user forms the query response so as to minimize the likelihood of the querier guessing a list of prescribed size to which the data value belongs based on the query response. We obtain a general converse upper bound for maximum list privacy. This bound is shown to be tight for the case of a binary-valued function through an explicit achievability scheme that involves an add-noise query response.