A Unified Framework for Adversary-Aware Differential Privacy Bounds
For privacy researchers and practitioners, this framework offers a rigorous foundation to evaluate differential privacy protections against a broader class of adversarial attacks, though it is theoretical and incremental in nature.
The paper introduces a unified theoretical framework that generalizes existing differential privacy bounds to cover attacks targeting multiple individuals and measuring success beyond exact matches. It provides high-probability guarantees validated on two novel settings: extracting multiple secrets from DP-finetuned language models and reconstructing tabular data from noisy marginals.
Differential Privacy (DP) bounds the privacy leakage of a mechanism against worst-case membership inference, but the precise tradeoff between complex adversarial models and DP protections remains poorly understood. In this paper, we present a unified framework that generalizes the patchwork of existing bounds across membership inference, attribute inference, and data reconstruction attacks. Crucially, our framework is the first to evaluate attacks that target multiple individuals simultaneously and measure success beyond exact matches under a single cohesive bound. Our bounds capture this broad family of previously unexplored attack settings by relying solely on the privacy parameters and the adversary's baseline success rate (i.e. its prior without access to the mechanism's output). To illustrate this, we compare our high-probability guarantees to empirical attacks in two novel settings: extracting multiple non-uniform secrets (passwords and PII) from DP-finetuned language models, and reconstructing tabular data from noisy marginals. Ultimately, this framework provides a rigorous theoretical foundation to investigate the risk landscape of DP algorithms in new adversarial settings.