Yang Cao,Masatoshi Yoshikawa,Yonghui Xiao,Li Xiong

DOI: https://doi.org/10.1109/TKDE.2018.2824328

Abstract:Differential Privacy (DP) has received increasing attention as a rigorous privacy framework. Many existing studies employ traditional DP mechanisms (e.g., the Laplace mechanism) as primitives to continuously release private data for protecting privacy at each time point (i.e., event-level privacy), which assume that the data at different time points are independent, or that adversaries do not have knowledge of correlation between data. However, continuously generated data tend to be temporally correlated, and such correlations can be acquired by adversaries. In this paper, we investigate the potential privacy loss of a traditional DP mechanism under temporal correlations. First, we analyze the privacy leakage of a DP mechanism under temporal correlation that can be modeled using Markov Chain. Our analysis reveals that, the event-level privacy loss of a DP mechanism may increase over time. We call the unexpected privacy loss temporal privacy leakage (TPL). Although TPL may increase over time, we find that its supremum may exist in some cases. Second, we design efficient algorithms for calculating TPL. Third, we propose data releasing mechanisms that convert any existing DP mechanism into one against TPL. Experiments confirm that our approach is efficient and effective.

Xuyang Cao,Yang Cao,Primal Pappachan,Atsuyoshi Nakamura,Masatoshi Yoshikawa

2023-06-26

Abstract:The release of differentially private streaming data has been extensively studied, yet striking a good balance between privacy and utility on temporally correlated data in the stream remains an open problem. Existing works focus on enhancing privacy when applying differential privacy to correlated data, highlighting that differential privacy may suffer from additional privacy leakage under correlations; consequently, a small privacy budget has to be used which worsens the utility. In this work, we propose a post-processing framework to improve the utility of differential privacy data release under temporal correlations. We model the problem as a maximum posterior estimation given the released differentially private data and correlation model and transform it into nonlinear constrained programming. Our experiments on synthetic datasets show that the proposed approach significantly improves the utility and accuracy of differentially private data by nearly a hundred times in terms of mean square error when a strict privacy budget is given.

Databases,Cryptography and Security

Shuya Feng,Meisam Mohammady,Han Wang,Xiaochen Li,Zhan Qin,Yuan Hong

2024-07-20

Abstract:Streaming data, crucial for applications like crowdsourcing analytics, behavior studies, and real-time monitoring, faces significant privacy risks due to the large and diverse data linked to individuals. In particular, recent efforts to release data streams, using the rigorous privacy notion of differential privacy (DP), have encountered issues with unbounded privacy leakage. This challenge limits their applicability to only a finite number of time slots (''finite data stream'') or relaxation to protecting the events (''event or $w$-event DP'') rather than all the records of users. A persistent challenge is managing the sensitivity of outputs to inputs in situations where users contribute many activities and data distributions evolve over time. In this paper, we present a novel technique for Differentially Private data streaming over Infinite disclosure (DPI) that effectively bounds the total privacy leakage of each user in infinite data streams while enabling accurate data collection and analysis. Furthermore, we also maximize the accuracy of DPI via a novel boosting mechanism. Finally, extensive experiments across various streaming applications and real datasets (e.g., COVID-19, Network Traffic, and USDA Production), show that DPI maintains high utility for infinite data streams in diverse settings. Code for DPI is available at <a class="link-external link-https" href="https://github.com/ShuyaFeng/DPI" rel="external noopener nofollow">this https URL</a>.

Cryptography and Security

Yue Fu,Qingqing Ye,Rong Du,Haibo Hu

DOI: https://doi.org/10.1145/3623637

2023-09-13

ACM Transactions on Sensor Networks

Abstract:Local differential privacy (LDP) is a promising privacy model for distributed data collection. It has been widely deployed in real-world systems (e.g. Chrome, iOS, macOS). In LDP-based mechanisms, an aggregator collects private values perturbed by each user and then analyses these values to estimate their statistics, such as frequency and mean. Most existing works focus on simple scalar value types, such as boolean and categorical values. However, with the emergence of smart sensors and Internet of Things, high-dimensional data are gaining increasing popularity. In many cases where more than one type of sensor data are collected simultaneously, correlations exist between various attributes of such data, e.g. temperature and luminance. To ensure LDP for high-dimensional data, existing solutions either partition the privacy budget ε among these correlated attributes or adopt sampling, both of which dilute the density of useful information and thus result in poor data utility. In this paper, we propose a relaxed LDP model, namely, univariate dominance local differential privacy (UDLDP), for high-dimensional data. We quantify the correlations between attributes and present a correlation-bounded perturbation (CBP) mechanism that optimizes the partitioning of privacy budget on each correlated attribute. Furthermore, we extend CBP to support sampling, which is a common bandwidth reduction technique in sensor networks and Internet of Things. We derive the best allocation strategy of sampling probabilities among attributes in terms of data utility, which leads to the correlation-bounded perturbation mechanism with sampling (CBPS). Finally, we discuss how to collect and leverage the correlation from real-time data stream with a by-round algorithm to enhance the utility. The performance of the proposed mechanisms is evaluated and compared with state-of-the-art LDP mechanisms on real-world and synthetic datasets.

computer science, information systems,telecommunications

Taisho Sasada,Yuzo Taenaka,Youki Kadobayashi

DOI: https://doi.org/10.1109/access.2024.3485610

IF: 3.9

2024-11-01

IEEE Access

Abstract:Spatio-temporal data possess intrinsic values, reflecting the spatial and temporal features of people's behaviors. Due to the sensitive nature of this data (e.g., workplace, residence, school locations), privacy protection is essential when collecting spatio-temporal data. Local Differential Privacy (LDP) protocol has gained attention as a method for protecting privacy on data-collecting devices. LDP protocol can make each data indistinguishable but inevitably destroys spatial/temporal characteristics as well. In this paper, we propose a novel method enabling LDP protocol to preserve spatial/temporal trends on privacy protection. If we collect data from users with similar behavior, it is difficult to uniquely identify users from the beginning. In short, processing privacy protection for each user with similar behavior allow us to minimize the removal of intrinsic values by LDP protocol. Our method, termed Dynamic Differentially-Private Spatial Decomposition (D2-PSD), dynamically adjusts and controls the strength of privacy protection (privacy budget) for each group of users exhibiting similar spatial and temporal trends. This allows users to be indistinguishable from each other within a group while preserving spatial and temporal trends across groups. All groups will have a different privacy budget, but the sum of the entire group keeps a constant privacy budget. Even if group with different protection strengths are mixed, privacy is protected for the sum of the group, and our proposed method can always guarantee a constant protection strength. Experimental results demonstrate that our method retains the intrinsic spatial and temporal trends in spatio-temporal data while maintaining robust privacy protection across the entire dataset, thanks to the D2-PSD approach. Specifically, in the most similar groups, D2-PSD reduced the MAE by up to 75% compared to standard LDP, while maintaining an equivalent strength of privacy protection.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhibo Wang,Wenxin Liu,Xiaoyi Pang,Ju Ren,Zhe Liu,Yongle Chen

DOI: https://doi.org/10.1109/INFOCOM41043.2020.9155290

2020-01-01

Abstract:Although time-series data collected from users can be utilized to provide services for various applications, they could reveal sensitive information about users. Recently, local differential privacy (LDP) has emerged as the state-of-art approach to protect data privacy by perturbing data locally before outsourcing. However, existing works based on LDP perturb each data point separately without considering the correlations between consecutive data points in time-series. Thus, the important patterns of each time-series might be distorted by existing LDP-based approaches, leading to severe degradation of data utility. In this paper, we focus on real-time data collection under a honest-but-curious server, and propose a novel pattern-aware privacy-preserving approach, called PatternLDP, to protect data privacy while the pattern of time-series can still be preserved. To this end, instead of providing the same level of privacy protection at each data point, each user only samples remarkable points in time-series and adaptively perturbs them according to their impacts on local patterns. In particular, we propose a pattern-aware sampling method based on Piecewise Linear Approximation (PLA) to determine whether to sample and perturb current data point. To reduce the utility loss caused by pattern change after perturbation, we propose an importance-aware randomization mechanism to adaptively perturb sampled data locally while achieving better trade-off between privacy and utility. A novel metric-based w-event privacy is introduced to measure the privacy protection degree for pattern-rich time-series. We prove that PatternLDP can provide the above privacy guarantee, and extensive experiments on real-world datasets demonstrate that PatternLDP outperforms existing mechanisms and can effectively preserve the important patterns.

Graham Cormode,Tejas Kulkarni,Divesh Srivastava

DOI: https://doi.org/10.48550/arXiv.1710.00608

2017-10-02

Databases

Abstract:Concern about how to aggregate sensitive user data without compromising individual privacy is a major barrier to greater availability of data. The model of differential privacy has emerged as an accepted model to release sensitive information while giving a statistical guarantee for privacy. Many different algorithms are possible to address different target functions. We focus on the core problem of count queries, and seek to design mechanisms to release data associated with a group of n individuals. Prior work has focused on designing mechanisms by raw optimization of a loss function, without regard to the consequences on the results. This can leads to mechanisms with undesirable properties, such as never reporting some outputs (gaps), and overreporting others (spikes). We tame these pathological behaviors by introducing a set of desirable properties that mechanisms can obey. Any combination of these can be satisfied by solving a linear program (LP) which minimizes a cost function, with constraints enforcing the properties. We focus on a particular cost function, and provide explicit constructions that are optimal for certain combinations of properties, and show a closed form for their cost. In the end, there are only a handful of distinct optimal mechanisms to choose between: one is the well-known (truncated) geometric mechanism; the second a novel mechanism that we introduce here, and the remainder are found as the solution to particular LPs. These all avoid the bad behaviors we identify. We demonstrate in a set of experiments on real and synthetic data which is preferable in practice, for different combinations of data distributions, constraints, and privacy parameters.

Lihui Mao,Zhengquan Xu

DOI: https://doi.org/10.3390/e26020138

IF: 2.738

2024-02-04

Entropy

Abstract:Continuous real-time location data is very important in the big data era, but the privacy issues involved is also a considerable topic. It is not only necessary to protect the location privacy at each release moment, but also have to consider the impact of data correlation. Correlated Laplace Mechanism (CLM) is a sophisticated method to implement differential privacy on correlated time series. This paper aims to solve the key problems of applying CLM in continuous location release. Based on the finding that the location increment is approximately stationary in many scenarios, a location correlation estimation method based on the location increment is proposed to solve the problem of nonstationary location data correlation estimation; an adaptive adjustment model for the CLM filter based on parameter quantization idea (QCLM) as well as its effective implementation named QCLM-Lowpass utilizing the lowpass spectral characteristics of location data series is proposed to solve the problem of output deviations due to the undesired transient response of the CLM filter in time-varying environments. Extensive simulations and real data experiments validate the effectiveness of the proposed approach and show that the privacy scheme based on QCLM-Lowpass can offer a better balance between the ability to resist correlation-based attacks and data availability.

physics, multidisciplinary

Yang Cao,Yonghui Xiao,Li Xiong,Liquan Bai,Masatoshi Yoshikawa

DOI: https://doi.org/10.1109/TKDE.2019.2963312

2020-05-16

Abstract:Location privacy-preserving mechanisms (LPPMs) have been extensively studied for protecting users' location privacy by releasing a perturbed location to third parties such as location-based service providers. However, when a user's perturbed locations are released continuously, existing LPPMs may not protect the sensitive information about the user's spatiotemporal activities, such as "visited hospital in the last week" or "regularly commuting between Address 1 and Address 2" (it is easy to infer that Addresses 1 and 2 may be home and office), which we call it \textit{spatiotemporal event}. In this paper, we first formally define {spatiotemporal event} as Boolean expressions between location and time predicates, and then we define $ \epsilon $-\textit{spatiotemporal event privacy} by extending the notion of differential privacy. Second, to understand how much spatiotemporal event privacy that existing LPPMs can provide, we design computationally efficient algorithms to quantify the privacy leakage of state-of-the-art LPPMs when an adversary has prior knowledge of the user's initial probability over possible locations. It turns out that the existing LPPMs cannot adequately protect spatiotemporal event privacy. Third, we propose a framework, PriSTE, to transform an existing LPPM into one protecting spatiotemporal event privacy against adversaries with \textit{any} prior knowledge. Our experiments on real-life and synthetic data verified that the proposed method is effective and efficient.

Databases,Cryptography and Security

Xuebin Ren,Zong-Liang Xu,Shusen Yang,Liang Shi,Weiren Yu,Cong Zhao

DOI: https://doi.org/10.1145/3514221.3526190

2022-04-01

Abstract:Local differential privacy (LDP) is promising for private streaming data collection and analysis. However, existing few LDP studies over streams either apply to finite streams only or may suffer from insufficient protection. This paper investigates this problem by proposing LDP-IDS, a novel w-event LDP paradigm to provide practical privacy guarantee for infinite streams. By constructing a unified error analysis, we adapt the existing budget division framework in centralized differential privacy (CDP) for LDP-IDS, which however incurs prohibitive noise and expensive communication cost. To this end, we propose a novel and extensible framework of population division and recycling, as well as online adaptive population division algorithms for LDP-IDS. We provide theoretical guarantees and demonstrate, through extensive discussions, that our proposed framework not only achieves significant reduction in utility loss and communication overhead, but also enjoys great compatibility for varied analytic tasks and flexibility of incorporating ideas of many existing stream algorithms. Extensive experiments on synthetic and real-world datasets validate the high effectiveness, efficiency, and flexibility of our proposed framework and methods.

Computer Science

Alessandro Epasto,Jieming Mao,Andres Munoz Medina,Vahab Mirrokni,Sergei Vassilvitskii,Peilin Zhong

DOI: https://doi.org/10.48550/arXiv.2301.05605

2023-01-13

Abstract:The streaming model of computation is a popular approach for working with large-scale data. In this setting, there is a stream of items and the goal is to compute the desired quantities (usually data statistics) while making a single pass through the stream and using as little space as possible. Motivated by the importance of data privacy, we develop differentially private streaming algorithms under the continual release setting, where the union of outputs of the algorithm at every timestamp must be differentially private. Specifically, we study the fundamental $\ell_p$ $(p\in [0,+\infty))$ frequency moment estimation problem under this setting, and give an $\varepsilon$-DP algorithm that achieves $(1+\eta)$-relative approximation $(\forall \eta\in(0,1))$ with $\mathrm{poly}\log(Tn)$ additive error and uses $\mathrm{poly}\log(Tn)\cdot \max(1, n^{1-2/p})$ space, where $T$ is the length of the stream and $n$ is the size of the universe of elements. Our space is near optimal up to poly-logarithmic factors even in the non-private setting. To obtain our results, we first reduce several primitives under the differentially private continual release model, such as counting distinct elements, heavy hitters and counting low frequency elements, to the simpler, counting/summing problems in the same setting. Based on these primitives, we develop a differentially private continual release level set estimation approach to address the $\ell_p$ frequency moment estimation problem. We also provide a simple extension of our results to the harder sliding window model, where the statistics must be maintained over the past $W$ data items.

Data Structures and Algorithms

He Gu,Thomas Plagemann,Maik Benndorf,Vera Goebel,Boris Koldehofe

DOI: https://doi.org/10.48550/arXiv.2305.06105

2023-05-11

Abstract:Complex event processing (CEP) is a powerful and increasingly more important tool to analyse data streams for Internet of Things (IoT) applications. These data streams often contain private information that requires proper protection. However, privacy protection in CEP systems is still in its infancy, and most existing privacy-preserving mechanisms (PPMs) are adopted from those designed for data streams. Such approaches undermine the quality of the entire data stream and limit the performance of IoT applications. In this paper, we attempt to break the limitation and establish a new foundation for PPMs of CEP by proposing a novel pattern-level differential privacy (DP) guarantee. We introduce two PPMs that guarantee pattern-level DP. They operate only on data that correlate with private patterns rather than on the entire data stream, leading to higher data quality. One of the PPMs provides adaptive privacy protection and brings more granularity and generalization. We evaluate the performance of the proposed PPMs with two experiments on a real-world dataset and on a synthetic dataset. The results of the experiments indicate that our proposed privacy guarantee and its PPMs can deliver better data quality under equally strong privacy guarantees, compared to multiple well-known PPMs designed for data streams.

Databases,Cryptography and Security

Xingxing Xiong,Shubo Liu,Dan Li,Zhaohui Cai,Xiaoguang Niu

DOI: https://doi.org/10.1016/j.jisa.2020.102633

IF: 4.96

2020-12-01

Journal of Information Security and Applications

Abstract:<p>Technology and usage advances in wireless communication and smart mobile devices with localization capabilities enable a large number of emerging applications of location-based services, e.g. mobile crowdsourcing applications, which are facilitating our daily life. However, collecting and sharing location data to service providers of applications will give rise to mobile users' concerns on their privacy, especially location privacy. In this paper, we investigate the problem of real-time spatio-temporal data aggregation with privacy preservation in the local setting. In response to this, we propose a systematic solution based on stringent local differential privacy preservation technique to deal with the problem. Firstly, we introduce a novel definition of (ε,  δ)-local differential privacy with the ability to capture the temporal correlation in spatio-temporal data and provide differential privacy preservation. Secondly, we develop an efficient framework of generalized randomized response (GRR) based real-time and private spatio-temporal data aggregation with an untrusted server. Finally, we conduct experiments on two real-world datasets to evaluate our framework. The results show that our GRR based framework significantly outperforms that based on PIM and LRM in data utility and demonstrate its superiority to achieve better trade-off of privacy and utility for real-time spatio-temporal data aggregation with stringent privacy preservation.</p>

computer science, information systems

Filipp Valovich,Francesco Aldà

DOI: https://doi.org/10.48550/arXiv.1710.02036

2017-12-02

Abstract:The emerging technologies for large scale data analysis raise new challenges to the security and privacy of sensitive user data. In this work we investigate the problem of private statistical analysis of time-series data in the distributed and semi-honest setting. In particular, we study some properties of Private Stream Aggregation (PSA), first introduced by Shi et al. 2017. This is a computationally secure protocol for the collection and aggregation of data in a distributed network and has a very small communication cost. In the non-adaptive query model, a secure PSA scheme can be built upon any key-homomorphic weak pseudo-random function as shown by Valovich 2017, yielding security guarantees in the standard model which is in contrast to Shi et. al. We show that every mechanism which preserves $(\epsilon,\delta)$-differential privacy in effect preserves computational $(\epsilon,\delta)$-differential privacy when it is executed through a secure PSA scheme. Furthermore, we introduce a novel perturbation mechanism based on the symmetric Skellam distribution that is suited for preserving differential privacy in the distributed setting, and find that its performances in terms of privacy and accuracy are comparable to those of previous solutions. On the other hand, we leverage its specific properties to construct a computationally efficient prospective post-quantum protocol for differentially private time-series data analysis in the distributed model. The security of this protocol is based on the hardness of a new variant of the Decisional Learning with Errors (DLWE) problem. In this variant the errors are taken from the symmetric Skellam distribution. We show that this new variant is hard based on the hardness of the standard Learning with Errors (LWE) problem where the errors are taken from the discrete Gaussian distribution. Thus, we provide a variant of the LWE problem that is hard...

Cryptography and Security

Teng Wang,Jun Zhao,Zhi Hu,Xinyu Yang,Xuebin Ren,Kwok-Yan Lam

DOI: https://doi.org/10.1016/j.neucom.2020.09.073

IF: 6

2021-02-01

Neurocomputing

Abstract:<p>Local Differential Privacy (LDP) can provide each user with strong privacy guarantees under untrusted data curators while ensuring accurate statistics derived from privatized data. Due to its powerfulness, LDP has been widely adopted to protect privacy in various tasks (e.g., heavy hitters discovery, probability estimation) and systems (e.g., Google Chrome, Apple iOS). In particular, <span class="math"><math>(∊,δ)</math></span>-LDP has been studied in related statistical tasks like private learning and hypothesis testing, but is mainly achieved by using Gaussian mechanism, leading to the limited data utility. In this paper, we investigate several novel mechanisms that achieve <span class="math"><math>(∊,δ)</math></span>-LDP with higher data utility in collecting and analyzing users' data. Specifically, we first design two <span class="math"><math>(∊,δ)</math></span>-LDP algorithms for mean estimations on multi-dimensional numeric data, which can ensure higher accuracy than the optimal Gaussian mechanism. Then, we investigate different local protocols for frequency estimations on categorical attributes under <span class="math"><math>(∊,δ)</math></span>-LDP. Based on the proposed mechanisms, we further study on <span class="math"><math>(∊,δ)</math></span>-LDP-compliant stochastic gradient descent algorithms for machine learning models. Besides, the theoretical analysis of the error bound and the variance of the proposed algorithms are also presented in the paper. We have conducted extensive experiments on both real-world and synthetic datasets and demonstrated the high data utility of our proposed algorithms in the perspectives of simple data statistics tasks and complex machine learning tasks. The experimental results have shown that our proposed algorithms can effectively improve the data utility in different tasks while alleviating the privacy concerns of each individual.</p>

computer science, artificial intelligence

Bo Jiang,Ming Li,Ravi Tandon

DOI: https://doi.org/10.1109/tifs.2024.3378008

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Publishing streaming data in a privacy-preserving manner has been a key research focus for many years. This issue presents considerable challenges, particularly due to the correlations prevalent within the data stream. Existing approaches either fall short in effectively leveraging these correlations, leading to a suboptimal utility-privacy tradeoff, or they involve complex mechanism designs that increase the computation complexity with respect to the sequence length. In this paper, we introduce Sequence Information Privacy (SIP), a new privacy notion designed to guarantee privacy for an entire data stream, taking into account the intrinsic data correlations. We show that SIP provides a similar level of privacy guarantee compared to local differential privacy (LDP), and it also enjoys a lightweight modular mechanism design. We further study two online data release models (instantaneous or batched) and propose corresponding privacy-preserving data perturbation mechanisms. We provide a numerical evaluation of how correlations influence noise addition in data streams. Lastly, we conduct experiments using real-world data to compare the utility-privacy tradeoff offered by our approaches with those from existing literature. The results reveal that our mechanisms achieve better utility-privacy tradeoff than the state-of-the-art LDP-based mechanisms. Notably, the improvements become more significant for small privacy budgets.

computer science, theory & methods,engineering, electrical & electronic

Bo Jiang,Ming Li,Ravi Tandon

2023-07-26

Abstract:Publishing streaming data in a privacy-preserving manner has been a key research focus for many years. This issue presents considerable challenges, particularly due to the correlations prevalent within the data stream. Existing approaches either fall short in effectively leveraging these correlations, leading to a suboptimal utility-privacy tradeoff, or they involve complex mechanism designs that increase the computation complexity with respect to the sequence length. In this paper, we introduce Sequence Information Privacy (SIP), a new privacy notion designed to guarantee privacy for an entire data stream, taking into account the intrinsic data correlations. We show that SIP provides a similar level of privacy guarantee compared to local differential privacy (LDP), and it also enjoys a lightweight modular mechanism design. We further study two online data release models (instantaneous or batched) and propose corresponding privacy-preserving data perturbation mechanisms. We provide a numerical evaluation of how correlations influence noise addition in data streams. Lastly, we conduct experiments using real-world data to compare the utility-privacy tradeoff offered by our approaches with those from existing literature. The results reveal that our mechanisms offer utility improvements more than twice those based on LDP-based mechanisms.

Cryptography and Security

Palak Jain,Iden Kalemaj,Sofya Raskhodnikova,Satchit Sivakumar,Adam Smith

2024-07-11

Abstract:Privacy is a central challenge for systems that learn from sensitive data sets, especially when a system's outputs must be continuously updated to reflect changing data. We consider the achievable error for differentially private continual release of a basic statistic - the number of distinct items - in a stream where items may be both inserted and deleted (the turnstile model). With only insertions, existing algorithms have additive error just polylogarithmic in the length of the stream $T$. We uncover a much richer landscape in the turnstile model, even without considering memory restrictions. We show that every differentially private mechanism that handles insertions and deletions has worst-case additive error at least $T^{1/4}$ even under a relatively weak, event-level privacy definition. Then, we identify a parameter of the input stream, its maximum flippancy, that is low for natural data streams and for which we give tight parameterized error guarantees. Specifically, the maximum flippancy is the largest number of times that the contribution of a single item to the distinct elements count changes over the course of the stream. We present an item-level differentially private mechanism that, for all turnstile streams with maximum flippancy $w$, continually outputs the number of distinct elements with an $O(\sqrt{w} \cdot poly\log T)$ additive error, without requiring prior knowledge of $w$. We prove that this is the best achievable error bound that depends only on $w$, for a large range of values of $w$. When $w$ is small, the error of our mechanism is similar to the polylogarithmic in $T$ error in the insertion-only setting, bypassing the hardness in the turnstile model.

Data Structures and Algorithms,Cryptography and Security

Jianping Cai,Ximeng Liu,Qingqing Ye,Yang Liu,Yuyang Wang

DOI: https://doi.org/10.1109/tdsc.2024.3364060

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Federated learning (FL) provides a learning framework without participants sharing local raw data, but individual privacy is still at risk of disclosure through attacking the trained models. Due to the strong privacy guarantee, differential privacy (DP) is widely applied to FL to avoid privacy leakage. Traditional private learning adds noise directly to the gradients. The continuous accumulated noise on parameter models severely impairs learning effectiveness. To solve this problem, we introduce the idea of differentially private continuous data release (DPCR) into FL and propose an FL framework based on DPCR (FL-DPCR). Meanwhile, our proposed Equivalent Aggregation Theorem demonstrates that DPCR effectively reduces the overall error added to parameter models and improves FL&#x27;s accuracy. To improve FL-DPCR&#x27;s learning effectiveness, we introduce Matrix Mechanism to construct a release strategy and design a binary-indexed-tree (BIT) based DPCR model for Gaussian mechanism (BCRG). By solving a complex nonlinear programming problem with negative exponents, BCRG achieves optimal release accuracy efficiently. Besides, we exploit the residual privacy budget to boost the accuracy further and propose an advanced BCRG version (ABCRG). Our experiments show that, compared to traditional FL with DP, our achievements improve the accuracy with gains ranging from $3.4\%$ on FMNIST to $65.7\%$ on PAMAP2.

computer science, information systems, software engineering, hardware & architecture

Yuan Qiu,Ke Yi

2023-10-17

Abstract:A fundamental problem in differential privacy is to release a privatized data structure over a dataset that can be used to answer a class of linear queries with small errors. This problem has been well studied in the static case. In this paper, we consider the dynamic setting where items may be inserted into or deleted from the dataset over time, and we need to continually release data structures so that queries can be answered at any time. We present black-box constructions of such dynamic differentially private mechanisms from static ones with only a polylogarithmic degradation in the utility. For the fully-dynamic case, this is the first such result. For the insertion-only case, similar constructions are known, but we improve them over sparse update streams.

Cryptography and Security