The study of leakage measures for privacy has been a subject of intensive research and is an important aspect of understanding how privacy leaks occur in computer systems. Differential privacy has been a focal point in the privacy community for some years and yet its leakage characteristics are not completely understood. In this paper we bring together two areas of research -- information theory and the g-leakage framework of quantitative information flow (QIF) -- to give an operational interpretation for the epsilon parameter of local differential privacy. We find that epsilon emerges as a capacity measure in both frameworks; via (log)-lift, a popular measure in information theory; and via max-case g-leakage, which we introduce to describe the leakage of any system to Bayesian adversaries modelled using ``worst-case'' assumptions under the QIF framework. Our characterisation resolves an important question of interpretability of epsilon and consolidates a number of disparate results covering the literature of both information theory and quantitative information flow.

翻译：隐私泄露度量的研究一直是学界重点关注的课题，对于理解计算机系统中隐私如何泄露具有关键意义。差分隐私多年来始终处于隐私研究领域的核心位置，但其泄露特性尚未被完全掌握。本文融合信息理论与量化信息流（QIF）的g-泄露框架两大研究领域，为局部差分隐私中的epsilon参数提供了一种操作性解释。研究发现epsilon在两个框架中均以容量度量形式呈现：在信息论中通过流行的(log)-提升度量呈现，在量化信息流框架下则通过我们提出的最大情形g-泄露呈现，该新概念用于描述采用"最坏情形"假设的贝叶斯攻击者建模下的系统泄露。我们的特征化解决了epsilon可解释性的重要问题，并统一了信息论与量化信息流文献中诸多分散的研究成果。