Due to the pervasiveness of image capturing devices in every-day life, images of individuals are routinely captured. Although this has enabled many benefits, it also infringes on personal privacy. A promising direction in research on obfuscation of facial images has been the work in the k-same family of methods which employ the concept of k-anonymity from database privacy. However, there are a number of deficiencies of k-anonymity that carry over to the k-same methods, detracting from their usefulness in practice. In this paper, we first outline several of these deficiencies and discuss their implications in the context of facial obfuscation. We then develop a framework through which we obtain a formal differentially private guarantee for the obfuscation of facial images in generative machine learning models. Our approach provides a provable privacy guarantee that is not susceptible to the outlined deficiencies of k-same obfuscation and produces photo-realistic obfuscated output. In addition, we demonstrate through experimental comparisons that our approach can achieve comparable utility to k-same obfuscation in terms of preservation of useful features in the images. Furthermore, we propose a method to achieve differential privacy for any image (i.e., without restriction to facial images) through the direct modification of pixel intensities. Although the addition of noise to pixel intensities does not provide the high visual quality obtained via generative machine learning models, it offers greater versatility by eliminating the need for a trained model. We demonstrate that our proposed use of the exponential mechanism in this context is able to provide superior visual quality to pixel-space obfuscation using the Laplace mechanism.

由于图像捕获设备在日常生活中无处不在，因此例行捕获个体图像。尽管这带来了许多好处，但它也侵犯了个人隐私。在k-相同方法家族中，采用了来自数据库隐私的k-匿名性的概念，这是对面部图像进行混淆研究的一个有前途的方向。但是，k匿名存在许多缺陷，这些缺陷会延续到k相同的方法中，从而降低了它们在实践中的实用性。在本文中，我们首先概述了这些缺陷中的几个缺陷，并讨论了在面部混淆情况下的缺陷。然后，我们开发一个框架，通过该框架我们可以获得正式的在生成式机器学习模型中对面部图像进行混淆的差分私人担保。我们的方法提供了可证明的隐私保证，该保证不会受到k相同混淆的概述缺陷的影响，并且会产生逼真的混淆输出。此外，我们通过实验比较证明，我们的方法可以达到与k相当的效用-在图像中保留有用特征方面存在相同的混淆。此外，我们提出了一种通过直接修改像素强度来实现任何图像（即，不限于面部图像）的差分隐私的方法。尽管将噪声添加到像素强度并不能提供通过生成式机器学习模型获得的高视觉质量，但是通过消除对训练模型的需求，它可以提供更大的多功能性。我们证明了我们在这种情况下对指数机制的建议使用能够为使用拉普拉斯机制的像素空间混淆提供卓越的视觉质量。