This work addresses the fundamental challenge in privacy mechanism design: maximizing worst-case utility under strict privacy constraints while avoiding inefficient outputs. It introduces, for the first time, the novel privacy metric Pointwise Maximal Leakage (PML) to this setting and proposes a discrete privacy mechanism that optimizes worst-case utility under hard PML constraints. Crucially, the mechanism permits certain conditional probabilities to be exactly zero—a flexibility prohibited under differential privacy—thereby overcoming a key limitation of traditional approaches. By incorporating output support set constraints, the authors formulate a computationally efficient optimization framework. Experimental results demonstrate that the proposed mechanism consistently outperforms conventional differential privacy methods across multiple benchmarks, achieving superior utility-security trade-offs with low computational complexity.

We propose a discrete privacy mechanism exploiting beneficial properties of the novel privacy measure Pointwise Maximal Leakage (PML). Given the utility assignment characterized by every input-output letter pair, we study the mechanism design problem that satisfies PML privacy guarantees and maximizes the worst-case utility. Unlike popular privacy measures like Differential Privacy (DP), PML allows us to set some conditional probabilities in the mechanism to be zero and thereby preventing the occurrence of some low utilities while preserving a strict PML constraint. We show that the utility-safe mechanism, with low computational complexity, is optimal for the worst-case utility problem with an additional constraint on the output support set. We finally demonstrate the effectiveness in several numerical experiments. Due to DP's inability to have zeros in the mechanism, the design of privacy mechanisms that optimize the worst-case utility is underexplored, and this work shows that PML is a privacy measure that is perfectly suited for this purpose.