A novel analysis of utility in privacy pipelines, using Kronecker products and quantitative information flow

TL;DR

This paper introduces a formal analysis method combining Kronecker products and quantitative information flow to better understand utility in complex privacy pipelines, revealing unexpected utility privacy trade-offs.

Contribution

It presents a novel formal framework for analyzing utility in privacy pipelines, explaining anomalies and complementing existing privacy analysis tools.

Findings

Identified conditions where utility decreases as privacy decreases.

Provided rigorous proofs of utility behaviour in privacy-preserving designs.

Demonstrated the approach on common privacy pipeline examples.

Abstract

We combine Kronecker products, and quantitative information flow, to give a novel formal analysis for the fine-grained verification of utility in complex privacy pipelines. The combination explains a surprising anomaly in the behaviour of utility of privacy-preserving pipelines -- that sometimes a reduction in privacy results also in a decrease in utility. We use the standard measure of utility for Bayesian analysis, introduced by Ghosh at al., to produce tractable and rigorous proofs of the fine-grained statistical behaviour leading to the anomaly. More generally, we offer the prospect of formal-analysis tools for utility that complement extant formal analyses of privacy. We demonstrate our results on a number of common privacy-preserving designs.