Jianping He,Lin Cai

DOI: https://doi.org/10.23919/acc.2017.7963193

2017-01-01

Abstract:Differential privacy is a formal mathematical standard for quantifying the degree of that individual privacy in a statistical database is preserved. To guarantee differential privacy, a typical method is adding random noise to the original data for data release. In this paper, we investigate the basic conditions of differential privacy considering the general random noise adding mechanism, and then apply this result for privacy analysis of the privacy-preserving consensus algorithm. Specifically, we obtain a necessary and sufficient condition of differential privacy, which provides a useful and efficient criterion of achieving differential privacy. We utilize the result to analyze the privacy of some common random noises and the theory matches with the existing literature for special cases. Applying the theory, differential privacy property of a privacy-preserving consensus algorithm is investigated based on the proposed theory. We obtain the necessary condition of differential privacy for the privacy-preserving consensus algorithm. In addition, it is proved that the average consensus and differential privacy cannot be guaranteed simultaneously by any privacy-preserving consensus algorithm.

Jianping He,Lin Cai,Xinping Guan

DOI: https://doi.org/10.1109/TSP.2020.3006760

IF: 4.875

2020-01-01

IEEE Transactions on Signal Processing

Abstract:Differential privacy is a formal mathematical framework for quantifying the degree of individual privacy in a statistical database. To guarantee differential privacy, a typical method is to add random noise to the original data for data release. In this paper, we investigate the conditions of differential privacy (single-dimensional case) considering the general random noise adding mechanism, and then apply the obtained results for privacy analysis of the privacy-preserving consensus algorithm. Specifically, we obtain a necessary and sufficient condition of epsilon-differential privacy, and the sufficient conditions of (epsilon, delta)-differential privacy. We apply them to analyze various random noises. For the special cases with known results, our theory not only matches with the literature, but also provides an efficient approach to the privacy parameters' estimation; for other cases that are unknown, our approach provides a simple and effective tool for differential privacy analysis. Applying the obtained theory on privacy-preserving consensus algorithm, we obtain the necessary condition and the sufficient condition to ensure differential privacy.

LIN CAI,XINPING GUAN

2018-01-01

Abstract:Differential privacy is a formal mathematical framework for quantifying the degree of individual privacy in a statistical database. To guarantee differential privacy, a typical method is to add random noise to the original data for data release. In this paper, we investigate the conditions of differential privacy considering the general random noise adding mechanism, and then apply the obtained results for privacy analysis of the privacy-preserving consensus algorithm. Specifically, we obtain a necessary and sufficient condition of -differential privacy, and the sufficient conditions of ( , δ)-differential privacy. We apply them to analyze various random noises. For the special cases with known results, our theory matches with the literature; for other cases that are unknown, our approach provides a simple and effective tool for differential privacy analysis. Applying the obtained theory on privacy-preserving consensus algorithm, we obtain the necessary condition and the sufficient condition to ensure differential privacy.

Shuying Qin,Jianping He,Chongrong Fang,James Lam

DOI: https://doi.org/10.48550/arXiv.2203.10323

2022-03-19

Abstract:Differential privacy is a standard framework to quantify the privacy loss in the data anonymization process. To preserve differential privacy, a random noise adding mechanism is widely adopted, where the trade-off between data privacy level and data utility is of great concern. The privacy and utility properties for the continuous noise adding mechanism have been well studied. However, the related works are insufficient for the discrete random mechanism on discretely distributed data, e.g., traffic data, health records. This paper focuses on the discrete random noise adding mechanisms. We study the basic differential privacy conditions and properties for the general discrete random mechanisms, as well as the trade-off between data privacy and data utility. Specifically, we derive a sufficient and necessary condition for discrete epsilon-differential privacy and a sufficient condition for discrete (epsilon, delta)-differential privacy, with the numerical estimation of differential privacy parameters. These conditions can be applied to analyze the differential privacy properties for the discrete noise adding mechanisms with various kinds of noises. Then, with the differential privacy guarantees, we propose an optimal discrete epsilon-differential private noise adding mechanism under the utility-maximization framework, where the utility is characterized by the similarity of the statistical properties between the mechanism's input and output. For this setup, we find that the class of the discrete noise probability distributions in the optimal mechanism is Staircase-shaped.

Cryptography and Security,Systems and Control

Jianping He,Lin Cai,Xinping Guan

DOI: https://doi.org/10.1109/tit.2018.2842221

IF: 2.5

2018-01-01

IEEE Transactions on Information Theory

Abstract:Network systems often rely on distributed algorithms to achieve a global computation goal with iterative local information exchanges between neighbor nodes. To preserve data privacy, a node may add a random noise to its original data for information exchange at each iteration. Nevertheless, an eavesdropping node can estimate other’s original data based on the information it received. The estimation accuracy and data privacy can be measured in terms of $(\epsilon, \delta)$ -data-privacy, defined as the probability of $\epsilon $ -accurate estimate (the difference of an estimation and the original data is within $\epsilon $ ) is no larger than $\delta $ (the disclosure probability). How to optimize the estimation and analyze data privacy is a critical and open issue. In this paper, a theoretical framework is developed to investigate how to optimize the estimation of neighbor’s original data using the local information received, named optimal distributed estimation. Then, we study the disclosure probability under the optimal estimation for data privacy analysis. We further apply the developed framework to analyze the data privacy of the privacy-preserving average consensus algorithm and identify the optimal noises for the algorithm.

Justin Hsu,Marco Gaboardi,Andreas Haeberlen,Sanjeev Khanna,Arjun Narayan,Benjamin C. Pierce,Aaron Roth

DOI: https://doi.org/10.1109/CSF.2014.35

2014-02-14

Abstract:Differential privacy is becoming a gold standard for privacy research; it offers a guaranteed bound on loss of privacy due to release of query results, even under worst-case assumptions. The theory of differential privacy is an active research area, and there are now differentially private algorithms for a wide range of interesting problems. However, the question of when differential privacy works in practice has received relatively little attention. In particular, there is still no rigorous method for choosing the key parameter $\epsilon$, which controls the crucial tradeoff between the strength of the privacy guarantee and the accuracy of the published results. In this paper, we examine the role that these parameters play in concrete applications, identifying the key questions that must be addressed when choosing specific values. This choice requires balancing the interests of two different parties: the data analyst and the prospective participant, who must decide whether to allow their data to be included in the analysis. We propose a simple model that expresses this balance as formulas over a handful of parameters, and we use our model to choose $\epsilon$ on a series of simple statistical studies. We also explore a surprising insight: in some circumstances, a differentially private study can be more accurate than a non-private study for the same cost, under our model. Finally, we discuss the simplifying assumptions in our model and outline a research agenda for possible refinements.

Databases

Yue Wang,Xintao Wu,Jun Zhu,Yang Xiang

DOI: https://doi.org/10.1007/s13278-013-0127-7

2013-01-01

Social Network Analysis and Mining

Abstract:Enabling accurate analysis of social network data while preserving differential privacy has been challenging since graph features such as clustering coefficient or modularity often have high sensitivity, which is different from traditional aggregate functions (e.g., count and sum) on tabular data. In this paper, we treat a graph statistics as a function f and develop a divide and conquer approach to enforce differential privacy. The basic procedure of this approach is to first decompose the target computation f into several less complex unit computations f1, …, fm connected by basic mathematical operations (e.g., addition, subtraction, multiplication, division), then perturb the output of each fi with Laplace noise derived from its own sensitivity value and the distributed privacy threshold ε i , and finally combine those perturbed fi as the perturbed output of computation f. We examine how various operations affect the accuracy of complex computations. When unit computations have large global sensitivity values, we enforce the differential privacy by calibrating noise based on the smooth sensitivity, rather than the global sensitivity. By doing this, we achieve the strict differential privacy guarantee with smaller magnitude noise. We illustrate our approach by using clustering coefficient, which is a popular statistics used in social network analysis. Empirical evaluations on five real social networks and various synthetic graphs generated from three random graph models show the developed divide and conquer approach outperforms the direct approach.

Larry Wasserman,Shuheng Zhou

DOI: https://doi.org/10.1198/jasa.2009.tm08651

IF: 4.369

2010-03-01

Journal of the American Statistical Association

Abstract:One goal of statistical privacy research is to construct a data release mechanism that protects individual privacy while preserving information content. An example is a random mechanism that takes an input database X and outputs a random database Z according to a distribution Qn(⋅|X). Differential privacy is a particular privacy requirement developed by computer scientists in which Qn(⋅|X) is required to be insensitive to changes in one data point in X. This makes it difficult to infer from Z whether a given individual is in the original database X. We consider differential privacy from a statistical perspective. We consider several data-release mechanisms that satisfy the differential privacy requirement. We show that it is useful to compare these schemes by computing the rate of convergence of distributions and densities constructed from the released data. We study a general privacy method, called the exponential mechanism, introduced by McSherry and Talwar (2007). We show that the accuracy of this method is intimately linked to the rate at which the probability that the empirical distribution concentrates in a small ball around the true distribution.

statistics & probability

Jimin Wang,Jieming Ke,Ji-Feng Zhang

DOI: https://doi.org/10.1109/tac.2024.3351869

IF: 6.549

2024-01-01

IEEE Transactions on Automatic Control

Abstract:This paper investigates the differentially private bipartite consensus problem over signed networks. To solve this problem, a new algorithm is proposed by adding noises with time-varying variances to the cooperative-competitive interactive information. In order to achieve the privacy protection, the variances of the added noises are allowed to increase, which are substantially different from the existing works. In addition, the variances of the added noises can be either decaying or constant. By using a time-varying step-size based on the stochastic approximation method, we show that the algorithm converges in mean-square and almost-surely even with increasing privacy noises. We further develop a method to design the step-size and the noise parameter, affording the algorithm to achieve the average bipartite consensus with the desired accuracy and the predefined differential privacy level. Moreover, we give the mean-square and almost-sure convergence rates of the algorithm, and the privacy level with different forms of the privacy noises. We also reveal the trade-off between the accuracy and the privacy, and extend the results to local differential privacy. Finally, a numerical example verifies the theoretical results and demonstrates the algorithm's superiority against existing methods.

automation & control systems,engineering, electrical & electronic

Xin Wang,Jianping He,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/tnse.2018.2879795

IF: 6.6

2018-01-01

IEEE Transactions on Network Science and Engineering

Abstract:In network systems, calculating maximum element plays a fundamental role for distributed data analysis. Maximum consensus algorithm can accomplish the calculation in a fully distributed way. However, the data for communication are privacy-sensitive in many scenarios, making nodes unwilling to participate in the distributed calculation process. How to ensure privacy and accuracy for distributed calculation of maximum element is essential while challenging. In this paper, we first prove that exact maximum consensus and differential privacy cannot be guaranteed simultaneously. Then, to provide sufficient privacy preservation for nodes, we propose a novel differentially private maximum consensus (DPMC) algorithm where nodes perturb their initial states with Laplacian noises. We prove that DPMC algorithm preserves differential privacy and give the analytical expression of privacy preserving degree. Furthermore, the proposed algorithm also guarantees finite-time convergence and achieves high convergence accuracy. The performance tradeoff is finally analyzed and evaluated by extensive numerical simulations.

Yuval Dagan,Gil Kur

DOI: https://doi.org/10.48550/arXiv.2012.03817

2020-12-07

Data Structures and Algorithms

Abstract:We present an asymptotically optimal $(\epsilon,\delta)$ differentially private mechanism for answering multiple, adaptively asked, $\Delta$-sensitive queries, settling the conjecture of Steinke and Ullman [2020]. Our algorithm has a significant advantage that it adds independent bounded noise to each query, thus providing an absolute error bound. Additionally, we apply our algorithm in adaptive data analysis, obtaining an improved guarantee for answering multiple queries regarding some underlying distribution using a finite sample. Numerical computations show that the bounded-noise mechanism outperforms the Gaussian mechanism in many standard settings.

Hang Yang,Xunbo Li,Zhigui Liu,Witold Pedrycz

DOI: https://doi.org/10.1109/access.2023.3274471

IF: 3.9

2023-01-01

IEEE Access

Abstract:Quantum computing, as an emerging research field, is attracting people’s attention. It has been proven to be superior in many ways to classical computing. Differential privacy provides an easy way to achieve demonstrable privacy, and the most common method is to add noise to datasets. At this stage of quantum computers, noise is a factor that cannot be ignored. Indeed, the existence of noise will negatively affect the performance of quantum computers, but we can apply it to privacy protection. In this work, we will consider two situations: inherent noise and artificially added noise. The noise is added to the variational quantum algorithm to implement quantum machine learning with differential privacy. The importance of each type will be examined and less artificial noise is needed for a common privacy budget over classical machine learning. Composition theory will be invoked to prove the advantage of the entire quantum machine learning process.

Cynthia Dwork,Aaron Roth

DOI: https://doi.org/10.1561/0400000042

2013-01-01

Foundations and Trends® in Theoretical Computer Science

Abstract:The problem of privacy-preserving data analysis has a long history spanning multiple disciplines. As electronic data about individuals becomes increasingly detailed, and as technology enables ever more powerful collection and curation of these data, the need increases for a robust, meaningful, and mathematically rigorous definition of privacy, together with a computationally rich class of algorithms that satisfy this definition. Differential Privacy is such a definition. After motivating and discussing the meaning of differential privacy, the preponderance of this monograph is devoted to fundamental techniques for achieving differential privacy, and application of these techniques in creative combinations, using the query-release problem as an ongoing example. A key point is that, by rethinking the computational goal, one can often obtain far better results than would be achieved by methodically replacing each step of a non-private computation with a differentially private implementation. Despite some astonishingly powerful computational results, there are still fundamental limitations — not just on what can be achieved with differential privacy but on what can be achieved with any method that protects against a complete breakdown in privacy. Virtually all the algorithms discussed herein maintain differential privacy against adversaries of arbitrary computational power. Certain algorithms are computationally intensive, others are efficient. Computational complexity for the adversary and the algorithm are both discussed. We then turn from fundamentals to applications other than queryrelease, discussing differentially private methods for mechanism design and machine learning. The vast majority of the literature on differentially private algorithms considers a single, static, database that is subject to many analyses. Differential privacy in other models, including distributed databases and computations on data streams is discussed. Finally, we note that this work is meant as a thorough introduction to the problems and techniques of differential privacy, but is not intended to be an exhaustive survey — there is by now a vast amount of work in differential privacy, and we can cover only a small portion of it.

Jiaqi Wang,Roei Schuster,Ilia Shumailov,David Lie,Nicolas Papernot

DOI: https://doi.org/10.48550/arXiv.2209.10732

2022-09-22

Abstract:When learning from sensitive data, care must be taken to ensure that training algorithms address privacy concerns. The canonical Private Aggregation of Teacher Ensembles, or PATE, computes output labels by aggregating the predictions of a (possibly distributed) collection of teacher models via a voting mechanism. The mechanism adds noise to attain a differential privacy guarantee with respect to the teachers' training data. In this work, we observe that this use of noise, which makes PATE predictions stochastic, enables new forms of leakage of sensitive information. For a given input, our adversary exploits this stochasticity to extract high-fidelity histograms of the votes submitted by the underlying teachers. From these histograms, the adversary can learn sensitive attributes of the input such as race, gender, or age. Although this attack does not directly violate the differential privacy guarantee, it clearly violates privacy norms and expectations, and would not be possible at all without the noise inserted to obtain differential privacy. In fact, counter-intuitively, the attack becomes easier as we add more noise to provide stronger differential privacy. We hope this encourages future work to consider privacy holistically rather than treat differential privacy as a panacea.

Machine Learning,Cryptography and Security

Jakub Tětek

2023-07-19

Abstract:The exponential increase in the amount of available data makes taking advantage of them without violating users' privacy one of the fundamental problems of computer science. This question has been investigated thoroughly under the framework of differential privacy. However, most of the literature has not focused on settings where the amount of data is so large that we are not even able to compute the exact answer in the non-private setting (such as in the streaming setting, sublinear-time setting, etc.). This can often make the use of differential privacy unfeasible in practice. In this paper, we show a general approach for making Monte-Carlo randomized approximation algorithms differentially private. We only need to assume the error $R$ of the approximation algorithm is sufficiently concentrated around $0$ (e.g.\ $\mathbb{E}[|R|]$ is bounded) and that the function being approximated has a small global sensitivity $\Delta$. Specifically, if we have a randomized approximation algorithm with sufficiently concentrated error which has time/space/query complexity $T(n,\rho)$ with $\rho$ being an accuracy parameter, we can generally speaking get an algorithm with the same accuracy and complexity $T(n,\Theta(\epsilon \rho))$ that is $\epsilon$-differentially private.

Data Structures and Algorithms

Hai Liu,Zhenqiang Wu,Lin Zhang

DOI: https://doi.org/10.1109/nana.2016.67

2016-01-01

Abstract:In data analysis with interactive or non-interactive framework, the common assumption is that the data curators are credible. However, it is not reliable in reality. To that end, we propose, according to the incentive compatible mechanism, a differential privacy truthful mechanism, and in the mechanism, we analyze data privacy, utility and incentive compatible properties. Through analysis our scheme addresses the problem that data curator is not trust, and show it satisfies privacy and utility, and obtains the truthful tell. Another, differential privacy and availability is at odds with each other, the research of balance of between differential privacy and availability has been extensively developed, and availability is formulated as a quality of service. In this paper, to the balance problem of between differential privacy and availability, we only need to directly depend on utility function of the availability related to differential privacy budget, so we construct a game with respect to them and analyze the equilibrium of differential privacy and availability by using linear programming.

Lei Wang,Weijia Liu,Fanghong Guo,Zixin Qiao,Zhengguang Wu

2024-05-05

Abstract:This paper studies the average consensus problem with differential privacy of initial states, for which it is widely recognized that there is a trade-off between the mean-square computation accuracy and privacy level. Considering the trade-off gap between the average consensus algorithm and the centralized averaging approach with differential privacy, we propose a distributed shuffling mechanism based on the Paillier cryptosystem to generate correlated zero-sum randomness. By randomizing each local privacy-sensitive initial state with an i.i.d. Gaussian noise and the output of the mechanism using Gaussian noises, it is shown that the resulting average consensus algorithm can eliminate the gap in the sense that the accuracy-privacy trade-off of the centralized averaging approach with differential privacy can be almost recovered by appropriately designing the variances of the added noises. We also extend such a design framework with Gaussian noises to the one using Laplace noises, and show that the improved privacy-accuracy trade-off is preserved.

Systems and Control

T. Tony Cai,Yichen Wang,Linjun Zhang

DOI: https://doi.org/10.48550/arXiv.1902.04495

2020-11-11

Abstract:Privacy-preserving data analysis is a rising challenge in contemporary statistics, as the privacy guarantees of statistical methods are often achieved at the expense of accuracy. In this paper, we investigate the tradeoff between statistical accuracy and privacy in mean estimation and linear regression, under both the classical low-dimensional and modern high-dimensional settings. A primary focus is to establish minimax optimality for statistical estimation with the $(\varepsilon,\delta)$-differential privacy constraint. To this end, we find that classical lower bound arguments fail to yield sharp results, and new technical tools are called for. By refining the "tracing adversary" technique for lower bounds in the theoretical computer science literature, we formulate a general lower bound argument for minimax risks with differential privacy constraints, and apply this argument to high-dimensional mean estimation and linear regression problems. We also design computationally efficient algorithms that attain the minimax lower bounds up to a logarithmic factor. In particular, for the high-dimensional linear regression, a novel private iterative hard thresholding pursuit algorithm is proposed, based on a privately truncated version of stochastic gradient descent. The numerical performance of these algorithms is demonstrated by simulation studies and applications to real data containing sensitive information, for which privacy-preserving statistical methods are necessary.

Machine Learning,Cryptography and Security,Data Structures and Algorithms

Maurizio Naldi,Giuseppe D'Acquisto

DOI: https://doi.org/10.48550/arXiv.1510.00917

2015-10-04

Abstract:Differential privacy is achieved by the introduction of Laplacian noise in the response to a query, establishing a precise trade-off between the level of differential privacy and the accuracy of the database response (via the amount of noise introduced). However, the amount of noise to add is typically defined through the scale parameter of the Laplace distribution, whose use may not be so intuitive. In this paper we propose to use two parameters instead, related to the notion of interval estimation, which provide a more intuitive picture of how precisely the true output of a counting query may be gauged from the noise-polluted one (hence, how much the individual's privacy is protected).

Cryptography and Security,Databases

Jianping He,Lin Cai,Chengcheng Zhao,Peng Cheng,Xinping Guan

DOI: https://doi.org/10.1109/TSIPN.2018.2866342

2019-01-01

Abstract:Privacy-preserving average consensus aims to guarantee the privacy of initial states and asymptotic consensus on the exact average of the initial values. In this paper, it is achieved by adding variance-decaying and zero-sum random noises to the consensus process. However, there is lack of theoretical analysis to quantify the degree of the data privacy protection. In this paper, we introduce the maximum disclosure probability that other nodes can infer one node's initial state within a given small interval to quantify the data privacy. We utilize a novel privacy definition, named <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$(\alpha, \beta)$</tex-math></inline-formula> -data-privacy, to depict the relationship between the maximum disclosure probability and the estimation accuracy. Then, we prove that the general privacy-preserving average consensus provides <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$(\alpha, \beta)$</tex-math></inline-formula> -data-privacy, and obtain the closed-form expression of the relationship between <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$\alpha$</tex-math></inline-formula> and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$\beta$</tex-math></inline-formula> given the noise distribution. We reveal that the added noise with a uniform distribution is optimal in terms of achieving the highest <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$(\alpha, \beta)$</tex-math></inline-formula> -data-privacy. We also prove that under what condition, the data-privacy will be compromised. Finally, an optimal privacy-preserving average consensus algorithm is proposed to achieve the highest <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$(\alpha, \beta)$</tex-math></inline-formula> -data-privacy. Simulations verify the analytical results.