Understanding Disclosure Risk in Differential Privacy with Applications to Noise Calibration and Auditing (Extended Version)

TL;DR

This paper introduces a unified risk metric called reconstruction advantage to better understand and calibrate disclosure risks in differential privacy, enhancing auditing and utility-privacy trade-offs.

Contribution

It proposes reconstruction advantage as a comprehensive risk measure and derives bounds relating DP noise to adversarial advantage for improved risk assessment.

Findings

Reconstruction advantage captures multiple inference risks.

Tight bounds relate DP noise to adversarial success.

Enhanced DP auditing and utility-privacy trade-offs.

Abstract

Differential Privacy (DP) is widely adopted in data management systems to enable data sharing with formal disclosure guarantees. A central systems challenge is understanding how DP noise translates into effective protection against inference attacks, since this directly determines achievable utility. Most existing analyses focus only on membership inference -- capturing only a threat -- or rely on reconstruction robustness (ReRo). However, under realistic assumptions, we show that ReRo can yield misleading risk estimates and violate claimed bounds, limiting their usefulness for principled DP calibration and auditing. This paper introduces reconstruction advantage, a unified risk metric that consistently captures risk across membership inference, attribute inference, and data reconstruction. We derive tight bounds that relate DP noise to adversarial advantage and characterize optimal adversarial strategies for arbitrary DP mechanisms and attacker knowledge. These results enable risk-driven noise calibration and provide a foundation for systematic DP auditing. We show that reconstruction advantage improves the accuracy and scope of DP auditing and enables more effective utility-privacy trade-offs in DP-enabled data management systems.