An information-theoretic privacy mechanism design is studied, where an agent observes useful data $Y$ which is correlated with the private data $X$. The agent wants to reveal the information to a user, hence, the agent utilizes a privacy mechanism to produce disclosed data $U$ that can be revealed. We assume that the agent has no direct access to $X$, i.e., the private data is hidden. We study privacy mechanism design that maximizes the disclosed information about $Y$, measured by the mutual information between $Y$ and $U$, while satisfying a point-wise constraint with different privacy leakage budgets. We introduce a new measure, called the \emph{multi-level point-wise leakage}, which allows us to impose different leakage levels for different realizations of $U$. In contrast to previous studies on point-wise measures, which use the same leakage level for each realization, we consider a more general scenario in which each data point can leak information up to a different threshold. As a result, this concept also covers cases in which some data points should not leak any information about the private data, i.e., they must satisfy perfect privacy. In other words, a combination of perfect privacy and non-zero leakage can be considered. When the leakage is sufficiently small, concepts from information geometry allow us to locally approximate the mutual information. We show that when the leakage matrix $P_{X|Y}$ is invertible, utilizing this approximation leads to a quadratic optimization problem that has closed-form solution under some constraints. In particular, we show that it is sufficient to consider only binary $U$ to attain the optimal utility. This leads to simple privacy designs with low complexity which are based on finding the maximum singular value and singular vector of a matrix.

翻译：本文研究了一种基于信息论的隐私机制设计问题，其中智能体观测到与隐私数据$X$相关的有用数据$Y$。智能体需向用户披露信息，因此通过隐私机制生成可公开的披露数据$U$。我们假设智能体无法直接访问$X$，即隐私数据处于隐藏状态。本研究旨在设计一种隐私机制，在满足不同隐私泄露预算的逐点约束条件下，最大化关于$Y$的披露信息（以$Y$与$U$之间的互信息度量）。我们提出了一种称为“多级逐点泄露”的新度量方法，该方法允许对$U$的不同实现施加不同的泄露级别。与以往对逐点度量的研究（对每个实现采用相同泄露级别）不同，我们考虑更一般的场景，其中每个数据点可泄露的信息量可具有不同阈值。因此，该概念也涵盖某些数据点不应泄露任何隐私信息的情况，即必须满足完美隐私要求。换言之，可以同时考虑完美隐私与非零泄露的组合情况。当泄露量足够小时，信息几何的概念使我们能够对互信息进行局部近似。我们证明当泄露矩阵$P_{X|Y}$可逆时，利用该近似可转化为具有闭式解的二次优化问题（在某些约束条件下）。特别地，我们证明仅需考虑二元$U$即可达到最优效用。这催生了基于矩阵最大奇异值及奇异向量求解的、具有低复杂度的简洁隐私设计方案。