Bayesian Advantage of Re-Identification Attack in the Shuffle Model
Abstract
The shuffle model, which anonymizes data by randomly permuting user messages, has been widely adopted in both cryptography and differential privacy. In this work, we present the first systematic study of the Bayesian advantage in re-identifying a user's message under the shuffle model. We begin with a basic setting: one sample is drawn from a distribution P, and n - 1 samples are drawn from a distribution Q, after which all n samples are randomly shuffled. We define βn(P, Q) as the success probability of a Bayes-optimal adversary in identifying the sample from P, and define the additive and multiplicative Bayesian advantages as Advn+(P, Q) = βn(P,Q) - 1n and Advn×(P, Q) = n · βn(P,Q), respectively. We derive exact analytical expressions and asymptotic characterizations of βn(P, Q), along with evaluations in several representative scenarios. Furthermore, we establish (nearly) tight mutual bounds between the additive Bayesian advantage and the total variation distance. Finally, we extend our analysis beyond the basic setting and present, for the first time, an upper bound on the success probability of Bayesian attacks in shuffle differential privacy. Specifically, when the outputs of n users -- each processed through an -differentially private local randomizer -- are shuffled, the probability that an attacker successfully re-identifies any target user's message is at most e/n.
Turn this paper into a full lesson
ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.