Bayesian Perspective on Memorization and Reconstruction
Haim Kaplan, Yishay Mansour, Kobbi Nissim, Uri Stemmer
TL;DR
This work reframes memorization and data reconstruction through a Bayesian lens, introducing Bayesian extraction-safe as a prior-driven notion that measures attacker lack of knowledge before release. It clarifies that fingerprinting code attacks align more with membership inference than pure reconstruction, showing that safeguards against reconstruction do not automatically block membership inference. The paper proves near-exact reconstruction can be secured under a Tardos-Prior for certain Hamming-type relations and analyzes how attacker side-information can undermine such security, motivating the use of differential privacy and related defenses. Overall, it delineates when classic reconstruction impossibility results apply and provides a flexible framework to separate reconstruction protection from broader privacy concerns.
Abstract
We introduce a new Bayesian perspective on the concept of data reconstruction, and leverage this viewpoint to propose a new security definition that, in certain settings, provably prevents reconstruction attacks. We use our paradigm to shed new light on one of the most notorious attacks in the privacy and memorization literature - fingerprinting code attacks (FPC). We argue that these attacks are really a form of membership inference attacks, rather than reconstruction attacks. Furthermore, we show that if the goal is solely to prevent reconstruction (but not membership inference), then in some cases the impossibility results derived from FPC no longer apply.