Privacy-Utility Trade-offs Under Multi-Level Point-Wise Leakage Constraints

TL;DR

This paper introduces a multi-level point-wise privacy leakage measure for designing privacy mechanisms that maximize data utility while respecting varying privacy constraints, including perfect privacy, using information geometry and matrix analysis.

Contribution

It proposes a novel multi-level point-wise leakage framework, providing closed-form solutions and low-complexity privacy mechanisms based on singular value decomposition.

Findings

Quadratic optimization with closed-form solutions for invertible leakage matrices.

Binary auxiliary variables suffice for optimal utility.

Framework encompasses perfect privacy and non-zero leakage scenarios.

Abstract

An information-theoretic privacy mechanism design is studied, where an agent observes useful data $Y$ which is correlated with the private data $X$. The agent wants to reveal the information to a user, hence, the agent utilizes a privacy mechanism to produce disclosed data $U$ that can be revealed. We assume that the agent has no direct access to $X$, i.e., the private data is hidden. We study privacy mechanism design that maximizes the disclosed information about $Y$, measured by the mutual information between $Y$ and $U$, while satisfying a point-wise constraint with different privacy leakage budgets. We introduce a new measure, called the \emph{multi-level point-wise leakage}, which allows us to impose different leakage levels for different realizations of $U$. In contrast to previous studies on point-wise measures, which use the same leakage level for each realization, we consider a more general scenario in which each data point can leak information up to a different threshold. As a result, this concept also covers cases in which some data points should not leak any information about the private data, i.e., they must satisfy perfect privacy. In other words, a combination of perfect privacy and non-zero leakage can be considered. When the leakage is sufficiently small, concepts from information geometry allow us to locally approximate the mutual information. We show that when the leakage matrix $P_{X|Y}$ is invertible, utilizing this approximation leads to a quadratic optimization problem that has closed-form solution under some constraints. In particular, we show that it is sufficient to consider only binary $U$ to attain the optimal utility. This leads to simple privacy designs with low complexity which are based on finding the maximum singular value and singular vector of a matrix.