The study of leakage measures for privacy has been a subject of intensive research and is an important aspect of understanding how privacy leaks occur in computer programs. Differential privacy has been a focal point in the privacy community for some years and yet its leakage characteristics are not completely understood. In this paper we bring together two areas of research -- information theory and the g-leakage framework of quantitative information flow (QIF) -- to give an operational interpretation for the epsilon parameter of differential privacy. We find that epsilon emerges as a capacity measure in both frameworks; via (log)-lift, a popular measure in information theory; and via max-case g-leakage, which describes the leakage of any system to Bayesian adversaries modelled using ``worst-case'' assumptions under the QIF framework. Our characterisation resolves an important question of interpretability of epsilon and consolidates a number of disparate results covering the literature of both information theory and quantitative information flow.
翻译:隐私泄漏措施的研究一直是深入研究的主题,是了解计算机程序如何发生隐私泄漏的一个重要方面。若干年来,隐私差异一直是隐私界的焦点,但其渗漏特性却没有得到完全理解。在本文件中,我们汇集了两个研究领域 -- -- 信息理论和定量信息流动的G-渗漏框架(QIF) -- -- 以便对差异隐私的普西隆参数进行实用解释。我们发现,在两个框架中,普西隆作为能力尺度出现;在信息理论中,通过(log)提升这一流行措施;通过最大案例(g-渗漏),说明任何系统以“worst-case”假设模式在QIF框架下向巴耶斯敌人渗漏。我们的特点解决了可解释伊西隆的重要问题,并整合了涵盖信息理论文献和定量信息流动的若干不同结果。