Understanding Disclosure Risk in Differential Privacy with Applications to Noise Calibration and Auditing (Extended Version)
This work addresses a central systems challenge in DP for data management, enabling more effective utility-privacy trade-offs, though it is incremental in refining risk metrics rather than introducing a new paradigm.
The paper tackles the problem of accurately measuring disclosure risk in differential privacy (DP) systems, showing that existing metrics like reconstruction robustness can be misleading and violate bounds under realistic assumptions. It introduces a unified risk metric called reconstruction advantage, which provides tight bounds relating DP noise to adversarial advantage and improves the accuracy and scope of DP auditing.
Differential Privacy (DP) is widely adopted in data management systems to enable data sharing with formal disclosure guarantees. A central systems challenge is understanding how DP noise translates into effective protection against inference attacks, since this directly determines achievable utility. Most existing analyses focus only on membership inference -- capturing only a threat -- or rely on reconstruction robustness (ReRo). However, under realistic assumptions, we show that ReRo can yield misleading risk estimates and violate claimed bounds, limiting their usefulness for principled DP calibration and auditing. This paper introduces reconstruction advantage, a unified risk metric that consistently captures risk across membership inference, attribute inference, and data reconstruction. We derive tight bounds that relate DP noise to adversarial advantage and characterize optimal adversarial strategies for arbitrary DP mechanisms and attacker knowledge. These results enable risk-driven noise calibration and provide a foundation for systematic DP auditing. We show that reconstruction advantage improves the accuracy and scope of DP auditing and enables more effective utility-privacy trade-offs in DP-enabled data management systems.