Measurement of Attack Resilience of Differential Privacy
Abstract:
Differential Privacy (DP) is a leading framework for privacy-preserving data analysis,
offering formal guarantees controlled by the privacy budget parameter 𝜀. In practice,
however, it is up to practitioners to select 𝜀—often without clear guidance on how this
choice impacts protection against privacy attacks such as attribute inference and data
reconstruction. There is a need for metrics that capture the privacy risks posed by concrete
adversaries to support such decisions.
Existing metrics like Reconstruction Robustness (ReRo) aim to quantify this risk but po-
tentially overestimate information leakage, leading to overly conservative noise calibration
and unnecessary utility loss.
A new metric, Unbiased Reconstruction Robustness (U-ReRo), was proposed to address
this issue. It is a refined metric that aims to distinguish true privacy leakage from adversarial
prior knowledge and data correlation. While U-ReRo provides tighter bounds than ReRo in
theory, its practical performance has not yet been evaluated. It is therefore unclear whether
U-ReRo improves over ReRo and whether the provided bounds are tight in practice.
In this work, we conduct empirical evaluations using realistic attacks on DP mechanisms
... mehr
offering formal guarantees controlled by the privacy budget parameter 𝜀. In practice,
however, it is up to practitioners to select 𝜀—often without clear guidance on how this
choice impacts protection against privacy attacks such as attribute inference and data
reconstruction. There is a need for metrics that capture the privacy risks posed by concrete
adversaries to support such decisions.
Existing metrics like Reconstruction Robustness (ReRo) aim to quantify this risk but po-
tentially overestimate information leakage, leading to overly conservative noise calibration
and unnecessary utility loss.
A new metric, Unbiased Reconstruction Robustness (U-ReRo), was proposed to address
this issue. It is a refined metric that aims to distinguish true privacy leakage from adversarial
prior knowledge and data correlation. While U-ReRo provides tighter bounds than ReRo in
theory, its practical performance has not yet been evaluated. It is therefore unclear whether
U-ReRo improves over ReRo and whether the provided bounds are tight in practice.
In this work, we conduct empirical evaluations using realistic attacks on DP mechanisms
... mehr
| Zugehörige Institution(en) am KIT | Institut für Informationssicherheit und Verlässlichkeit (KASTEL) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Hochschulschrift |
| Publikationsdatum | 10.10.2025 |
| Sprache | Englisch |
| Identifikator | KITopen-ID: 1000192790 |
| Verlag | Karlsruher Institut für Technologie (KIT) |
| Umfang | VII; 102 S. |
| Art der Arbeit | Abschlussarbeit - Master |
| Prüfungsdaten | Abgabetermin: 10.09.2025 |
| Referent/Betreuer | Guerra Balboa, Patricia Strufe, Thorsten Hwang Arcolezi, Héber |