Differential Privacy as a Mutual Information Constraint

TL;DR

This paper presents an equivalent mutual information-based definition of differential privacy, clarifying its guarantees and relationships with other privacy notions, and demonstrating its properties like composition are straightforward to verify.

Contribution

It introduces a mutual information formulation of differential privacy that simplifies understanding and analysis, highlighting its relation to existing privacy definitions and properties.

Findings

Mutual information provides an intuitive alternative to differential privacy.

The mutual information definition is sandwiched between ε-differential privacy and (ε,δ)-differential privacy.

Properties like composition are easily verified under the mutual information framework.

Abstract

Differential privacy is a precise mathematical constraint meant to ensure privacy of individual pieces of information in a database even while queries are being answered about the aggregate. Intuitively, one must come to terms with what differential privacy does and does not guarantee. For example, the definition prevents a strong adversary who knows all but one entry in the database from further inferring about the last one. This strong adversary assumption can be overlooked, resulting in misinterpretation of the privacy guarantee of differential privacy. Herein we give an equivalent definition of privacy using mutual information that makes plain some of the subtleties of differential privacy. The mutual-information differential privacy is in fact sandwiched between $\epsilon$-differential privacy and $(\epsilon,\delta)$-differential privacy in terms of its strength. In contrast to previous works using unconditional mutual information, differential privacy is fundamentally related to conditional mutual information, accompanied by a maximization over the database distribution. The conceptual advantage of using mutual information, aside from yielding a simpler and more intuitive definition of differential privacy, is that its properties are well understood. Several properties of differential privacy are easily verified for the mutual information alternative, such as composition theorems.