Computing Maximal Per-Record Leakage and Leakage-Distortion Functions for Privacy Mechanisms under Entropy-Constrained Adversaries
Genqiang Wu, Xiaoying Zhang, Yu Qi, Hao Wang, Jikui Wang, Yeping He
TL;DR
This work addresses privacy under entropy-constrained adversaries by formalizing an information privacy (IP) framework with $H(X) \ge b$, and defines three core optimization problems: maximal per-record leakage $\mathcal{L}(b)$, primal leakage-distortion $\epsilon(D,b)$, and dual minimal-distortion $\mathcal{D}(L,b)$. It develops efficient alternating-optimization algorithms that exploit the convex-concave duality of mutual information and enforces the entropy constraint, with local convergence for the leakage and primal problems and stationary-point convergence for the dual. The authors provide comprehensive convergence analyses and validate their methods on binary symmetric channels and modular-sum queries, showing improved privacy-utility tradeoffs over classical DP mechanisms. The framework enables precise auditing and design of certified mechanisms under bounded-knowledge adversaries, with practical implications for privacy-preserving data sharing and trustworthy AI.
Abstract
The exponential growth of data collection necessitates robust privacy protections that preserve data utility. We address information disclosure against adversaries with bounded prior knowledge, modeled by an entropy constraint $H(X) \geq b$. Within this information privacy framework -- which replaces differential privacy's independence assumption with a bounded-knowledge model -- we study three core problems: maximal per-record leakage, the primal leakage-distortion tradeoff (minimizing worst-case leakage under distortion $D$), and the dual distortion minimization (minimizing distortion under leakage constraint $L$). These problems resemble classical information-theoretic ones (channel capacity, rate-distortion) but are more complex due to high dimensionality and the entropy constraint. We develop efficient alternating optimization algorithms that exploit convexity-concavity duality, with theoretical guarantees including local convergence for the primal problem and convergence to a stationary point for the dual. Experiments on binary symmetric channels and modular sum queries validate the algorithms, showing improved privacy-utility tradeoffs over classical differential privacy mechanisms. This work provides a computational framework for auditing privacy risks and designing certified mechanisms under realistic adversary assumptions.
