FLDP: Flexible strategy for local differential privacy

Dan Zhao,Suyun Zhao,Ruixuan Liu,Cuiping Li,Wenjuan Liang,Hong Chen
DOI: https://doi.org/10.48550/arXiv.2203.14875
2022-03-29
Abstract:Local differential privacy (LDP), a technique applying unbiased statistical estimations instead of real data, is often adopted in data collection. In particular, this technique is used with frequency oracles (FO) because it can protect each user's privacy and prevent leakage of sensitive information. However, the definition of LDP is so conservative that it requires all inputs to be indistinguishable after perturbation. Indeed, LDP protects each value; however, it is rarely used in practical scenarios owing to its cost in terms of accuracy. In this paper, we address the challenge of providing weakened but flexible protection where each value only needs to be indistinguishable from part of the domain after perturbation. First, we present this weakened but flexible LDP (FLDP) notion. We then prove the association with LDP and DP. Second, we design an FHR approach for the common FO issue while satisfying FLDP. The proposed approach balances communication cost, computational complexity, and estimation accuracy. Finally, experimental results using practical and synthetic datasets verify the effectiveness and efficiency of our approach.
Cryptography and Security
What problem does this paper attempt to address?
The problem that this paper attempts to solve is that the existing Local Differential Privacy (LDP) mechanisms are too conservative, resulting in the impact on accuracy and practicality in practical applications. Specifically: 1. **Limitations of LDP**: - LDP requires that all inputs are indistinguishable after perturbation, which requires adding a large amount of noise to ensure privacy. - Excessive noise will significantly reduce the accuracy of data, limiting the application of LDP in real - world scenarios. 2. **New problems proposed**: - How to design a more flexible privacy - protection mechanism to improve the accuracy and practicality of data while ensuring a certain level of privacy? - This paper introduces a new privacy concept - FLDP (Flexible Local Differential Privacy), which allows values within part of the output range to be indistinguishable, thus relaxing the strict requirements of LDP. 3. **Specific objectives**: - Design a frequency estimation mechanism (FHR) that satisfies FLDP, which can provide higher query accuracy and lower communication and computational costs while ensuring privacy. - Verify the effectiveness and efficiency of the proposed FLDP and FHR mechanisms through experiments. ### Main contributions - **Introduction of FLDP**: Proposed a weakened but more flexible version of LDP (FLDP), which allows values within part of the output range to be indistinguishable, thus improving the flexibility of mechanism design. - **Design of FHR mechanism**: Designed an algorithm (FHR) for frequency estimation that satisfies FLDP, and analyzed the performance of this mechanism in detail. - **Experimental verification**: Verified the effectiveness and efficiency of the FLDP and FHR mechanisms using synthetic and real - world datasets, demonstrating their superiority in different application scenarios. ### Key formulas - **Definition of FLDP**: \[ \min_{t, t' \in I} \frac{|R(t) \cap R(t')|}{\max\{|R(t)|, |R(t')|\}} \geq \eta \] \[ \max_{s \in R(t) \cap R(t')} \frac{\Pr[M(t) = s]}{\Pr[M(t') = s]} \leq e^\varepsilon \] - **FHR frequency estimation**: \[ \hat{f}_t = \frac{e^\varepsilon + 1}{2(e^\varepsilon - 1)} \cdot (\hat{z} \cdot H(t)) \] Through these improvements, the paper aims to provide a more flexible and efficient solution for privacy protection in practical applications.