Multi-User Privacy Mechanism Design with Non-zero Leakage

TL;DR

This paper explores a multi-user privacy mechanism design using information theory, allowing controlled leakage to optimize utility while respecting privacy constraints in correlated data scenarios.

Contribution

It introduces a new framework for privacy-utility trade-offs with correlated private and useful data, extending previous models that assumed deterministic relationships.

Findings

Upper bounds on privacy-utility trade-off are derived.

Bounds are tight within a constant, showing near-optimality.

Disclosed data can be made independent of all but one private variable.

Abstract

A privacy mechanism design problem is studied through the lens of information theory. In this work, an agent observes useful data $Y=(Y_1,...,Y_N)$ that is correlated with private data $X=(X_1,...,X_N)$ which is assumed to be also accessible by the agent. Here, we consider $K$ users where user $i$ demands a sub-vector of $Y$, denoted by $C_{i}$. The agent wishes to disclose $C_{i}$ to user $i$. Since $C_{i}$ is correlated with $X$ it can not be disclosed directly. A privacy mechanism is designed to generate disclosed data $U$ which maximizes a linear combinations of the users utilities while satisfying a bounded privacy constraint in terms of mutual information. In a similar work it has been assumed that $X_i$ is a deterministic function of $Y_i$, however in this work we let $X_i$ and $Y_i$ be arbitrarily correlated. First, an upper bound on the privacy-utility trade-off is obtained by using a specific transformation, Functional Representation Lemma and Strong Functional Representaion Lemma, then we show that the upper bound can be decomposed into $N$ parallel problems. Next, lower bounds on privacy-utility trade-off are derived using Functional Representation Lemma and Strong Functional Representaion Lemma. The upper bound is tight within a constant and the lower bounds assert that the disclosed data is independent of all $\{X_j\}_{i=1}^N$ except one which we allocate the maximum allowed leakage to it. Finally, the obtained bounds are studied in special cases.