Search papers, labs, and topics across Lattice.
The paper introduces "reconstruction advantage," a unified metric for quantifying disclosure risk in differentially private (DP) systems, encompassing membership, attribute inference, and data reconstruction attacks. They demonstrate that existing reconstruction robustness (ReRo) metrics can be misleading and violate DP bounds under realistic assumptions. By deriving tight bounds relating DP noise to adversarial advantage, the authors enable risk-driven noise calibration and systematic DP auditing, leading to improved utility-privacy trade-offs.
Reconstruction Robustness (ReRo) can mislead on privacy guarantees in DP systems, but a new "reconstruction advantage" metric offers a unified and tighter risk assessment.
Differential Privacy (DP) is widely adopted in data management systems to enable data sharing with formal disclosure guarantees. A central systems challenge is understanding how DP noise translates into effective protection against inference attacks, since this directly determines achievable utility. Most existing analyses focus only on membership inference -- capturing only a threat -- or rely on reconstruction robustness (ReRo). However, under realistic assumptions, we show that ReRo can yield misleading risk estimates and violate claimed bounds, limiting their usefulness for principled DP calibration and auditing. This paper introduces reconstruction advantage, a unified risk metric that consistently captures risk across membership inference, attribute inference, and data reconstruction. We derive tight bounds that relate DP noise to adversarial advantage and characterize optimal adversarial strategies for arbitrary DP mechanisms and attacker knowledge. These results enable risk-driven noise calibration and provide a foundation for systematic DP auditing. We show that reconstruction advantage improves the accuracy and scope of DP auditing and enables more effective utility-privacy trade-offs in DP-enabled data management systems.
