$$ P_{\alpha ,\beta } $$-Privacy: A Composable Formulation of Privacy Guarantees for Data Publishing Based on Permutation

Methods for Privacy-Preserving Data Publishing (PPDP) have been recently shown to be equivalent to essentially performing some permutations of the original data. This insight, called the permutation paradigm, establishes a common ground upon which any method can be evaluated ex-post, but can also be viewed as a general ex-ante method in itself, where data are anonymized with the injection of suitable permutation matrices. It remains to develop around this paradigm a formal privacy model based on permutation. Such model should be sufficiently intuitive to allow non-experts to understand what it really entails for privacy to permute, in the same way that the privacy principles lying behind k-anonymity and differential privacy can be grasp by most. Moreover, similarly to differential privacy this model should ideally exhibit simple composition properties, which are highly handy in practice. Based on these requirements, this paper proposes a new privacy model for PPDP called \( P_{\alpha ,\beta } \)-privacy. Using for benchmark a one-time pad, an absolutely secure encryption method, this model conveys a reasonably intuitive meaning of the privacy guarantees brought by permutation, can be used ex-ante or ex-post, and exhibits simple composition properties. We illustrate the application of this new model using an empirical example.