Interpreting Epsilon of Differential Privacy in Terms of Advantage in Guessing or Approximating Sensitive Attributes

TL;DR

This paper links the privacy parameter epsilon in differential privacy to the adversary's advantage in guessing sensitive attributes, providing a method to interpret epsilon in terms of attack success probability.

Contribution

It introduces a way to compute epsilon based on the adversary's advantage in guessing specific properties, clarifying the practical implications of epsilon values.

Findings

Provides a formula to relate epsilon to adversary's advantage

Assumes independence of attributes for guessing attacks

Applicable to distributions with known probability functions

Abstract

There are numerous methods of achieving $\epsilon$-differential privacy (DP). The question is what is the appropriate value of $\epsilon$, since there is no common agreement on a "sufficiently small" $\epsilon$, and its goodness depends on the query as well as the data. In this paper, we show how to compute $\epsilon$ that corresponds to $\delta$, defined as the adversary's advantage in probability of guessing some specific property of the output. The attacker's goal can be stated as Boolean expression over guessing particular attributes, possibly within some precision. The attributes combined in this way should be independent. We assume that both the input and the output distributions have corresponding probability density functions, or probability mass functions.