Information Leakage Metrics for Adversaries with Incomplete Information: Binary Privacy Mechanism

Maximal leakage is usually defined as the logarithmic increment in the adversary’s probability of correctly guessing the legitimate user’s private data, or some arbitrary function of the private data, when presented with the legitimate user’s publicly disclosed information. However, this definition of maximal leakage implicitly assumes that the privacy mechanism, as well as the prior probability of the original data, are entirely known to the attacker. In reality, this assumption is often impractical. The attacker can usually have access to only an approximate version of the correct privacy mechanism, computed from a limited set of the disclosed data, for which she can access the corresponding un-distorted data. In this scenario, maximal leakage no longer has an operational meaning. To address this problem, in this paper, we propose two novel meaningful information-theoretic metrics for information leakage when the attacker has incomplete information about the privacy mechanism – we call them maximal subjective leakage and maximal objective leakage, respectively. For a simple, binary scenario, we demonstrate how to find the optimal privacy mechanism that minimizes the system’s information leakages.