Jianping He,Lin Cai

2016-01-01

Abstract:Differential privacy is a formal mathematical standard for quantifying the degree of that individual privacy in a statistical database is preserved. To guarantee differential privacy, a typical method is adding random noise to the original data for data release. In this paper, we investigate the fundamental theory of differential privacy considering the general random noise adding mechanism, and then apply this framework for privacy analysis of the privacy-preserving consensus algorithm. Specifically, we obtain a necessary and sufficient condition of $epsilon$-differential privacy, and the sufficient conditions of $(epsilon, delta)$-differential privacy. This theoretical framework provides a useful and efficient criterion of achieving differential privacy. We utilize them to analyze the privacy of some common random noises and the theory matches with the existing literature for special cases. Applying the theory, differential privacy property of a privacy-preserving consensus algorithm is investigated based on the framework. We obtain the necessary condition and the sufficient condition for the privacy-preserving consensus algorithm, under which differential privacy is achieved, respectively. In addition, it is proved that the average consensus and $epsilon$-differential privacy cannot be guaranteed simultaneously by any privacy-preserving consensus algorithm.

Jianping He,Lin Cai,Xinping Guan

DOI: https://doi.org/10.1109/TSP.2020.3006760

IF: 4.875

2020-01-01

IEEE Transactions on Signal Processing

Abstract:Differential privacy is a formal mathematical framework for quantifying the degree of individual privacy in a statistical database. To guarantee differential privacy, a typical method is to add random noise to the original data for data release. In this paper, we investigate the conditions of differential privacy (single-dimensional case) considering the general random noise adding mechanism, and then apply the obtained results for privacy analysis of the privacy-preserving consensus algorithm. Specifically, we obtain a necessary and sufficient condition of epsilon-differential privacy, and the sufficient conditions of (epsilon, delta)-differential privacy. We apply them to analyze various random noises. For the special cases with known results, our theory not only matches with the literature, but also provides an efficient approach to the privacy parameters' estimation; for other cases that are unknown, our approach provides a simple and effective tool for differential privacy analysis. Applying the obtained theory on privacy-preserving consensus algorithm, we obtain the necessary condition and the sufficient condition to ensure differential privacy.

LIN CAI,XINPING GUAN

2018-01-01

Abstract:Differential privacy is a formal mathematical framework for quantifying the degree of individual privacy in a statistical database. To guarantee differential privacy, a typical method is to add random noise to the original data for data release. In this paper, we investigate the conditions of differential privacy considering the general random noise adding mechanism, and then apply the obtained results for privacy analysis of the privacy-preserving consensus algorithm. Specifically, we obtain a necessary and sufficient condition of -differential privacy, and the sufficient conditions of ( , δ)-differential privacy. We apply them to analyze various random noises. For the special cases with known results, our theory matches with the literature; for other cases that are unknown, our approach provides a simple and effective tool for differential privacy analysis. Applying the obtained theory on privacy-preserving consensus algorithm, we obtain the necessary condition and the sufficient condition to ensure differential privacy.

Shuying Qin,Jianping He,Chongrong Fang,James Lam

DOI: https://doi.org/10.48550/arXiv.2203.10323

2022-03-19

Abstract:Differential privacy is a standard framework to quantify the privacy loss in the data anonymization process. To preserve differential privacy, a random noise adding mechanism is widely adopted, where the trade-off between data privacy level and data utility is of great concern. The privacy and utility properties for the continuous noise adding mechanism have been well studied. However, the related works are insufficient for the discrete random mechanism on discretely distributed data, e.g., traffic data, health records. This paper focuses on the discrete random noise adding mechanisms. We study the basic differential privacy conditions and properties for the general discrete random mechanisms, as well as the trade-off between data privacy and data utility. Specifically, we derive a sufficient and necessary condition for discrete epsilon-differential privacy and a sufficient condition for discrete (epsilon, delta)-differential privacy, with the numerical estimation of differential privacy parameters. These conditions can be applied to analyze the differential privacy properties for the discrete noise adding mechanisms with various kinds of noises. Then, with the differential privacy guarantees, we propose an optimal discrete epsilon-differential private noise adding mechanism under the utility-maximization framework, where the utility is characterized by the similarity of the statistical properties between the mechanism's input and output. For this setup, we find that the class of the discrete noise probability distributions in the optimal mechanism is Staircase-shaped.

Cryptography and Security,Systems and Control

Jianping He,Lin Cai,Xinping Guan

DOI: https://doi.org/10.1109/tit.2018.2842221

IF: 2.5

2018-01-01

IEEE Transactions on Information Theory

Abstract:Network systems often rely on distributed algorithms to achieve a global computation goal with iterative local information exchanges between neighbor nodes. To preserve data privacy, a node may add a random noise to its original data for information exchange at each iteration. Nevertheless, an eavesdropping node can estimate other’s original data based on the information it received. The estimation accuracy and data privacy can be measured in terms of $(\epsilon, \delta)$ -data-privacy, defined as the probability of $\epsilon $ -accurate estimate (the difference of an estimation and the original data is within $\epsilon $ ) is no larger than $\delta $ (the disclosure probability). How to optimize the estimation and analyze data privacy is a critical and open issue. In this paper, a theoretical framework is developed to investigate how to optimize the estimation of neighbor’s original data using the local information received, named optimal distributed estimation. Then, we study the disclosure probability under the optimal estimation for data privacy analysis. We further apply the developed framework to analyze the data privacy of the privacy-preserving average consensus algorithm and identify the optimal noises for the algorithm.

Jimin Wang,Jieming Ke,Ji-Feng Zhang

DOI: https://doi.org/10.1109/tac.2024.3351869

IF: 6.549

2024-01-01

IEEE Transactions on Automatic Control

Abstract:This paper investigates the differentially private bipartite consensus problem over signed networks. To solve this problem, a new algorithm is proposed by adding noises with time-varying variances to the cooperative-competitive interactive information. In order to achieve the privacy protection, the variances of the added noises are allowed to increase, which are substantially different from the existing works. In addition, the variances of the added noises can be either decaying or constant. By using a time-varying step-size based on the stochastic approximation method, we show that the algorithm converges in mean-square and almost-surely even with increasing privacy noises. We further develop a method to design the step-size and the noise parameter, affording the algorithm to achieve the average bipartite consensus with the desired accuracy and the predefined differential privacy level. Moreover, we give the mean-square and almost-sure convergence rates of the algorithm, and the privacy level with different forms of the privacy noises. We also reveal the trade-off between the accuracy and the privacy, and extend the results to local differential privacy. Finally, a numerical example verifies the theoretical results and demonstrates the algorithm's superiority against existing methods.

automation & control systems,engineering, electrical & electronic

Lei Wang,Weijia Liu,Fanghong Guo,Zixin Qiao,Zhengguang Wu

2024-05-05

Abstract:This paper studies the average consensus problem with differential privacy of initial states, for which it is widely recognized that there is a trade-off between the mean-square computation accuracy and privacy level. Considering the trade-off gap between the average consensus algorithm and the centralized averaging approach with differential privacy, we propose a distributed shuffling mechanism based on the Paillier cryptosystem to generate correlated zero-sum randomness. By randomizing each local privacy-sensitive initial state with an i.i.d. Gaussian noise and the output of the mechanism using Gaussian noises, it is shown that the resulting average consensus algorithm can eliminate the gap in the sense that the accuracy-privacy trade-off of the centralized averaging approach with differential privacy can be almost recovered by appropriately designing the variances of the added noises. We also extend such a design framework with Gaussian noises to the one using Laplace noises, and show that the improved privacy-accuracy trade-off is preserved.

Systems and Control

Yue Wang,Xintao Wu,Jun Zhu,Yang Xiang

DOI: https://doi.org/10.1007/s13278-013-0127-7

2013-01-01

Social Network Analysis and Mining

Abstract:Enabling accurate analysis of social network data while preserving differential privacy has been challenging since graph features such as clustering coefficient or modularity often have high sensitivity, which is different from traditional aggregate functions (e.g., count and sum) on tabular data. In this paper, we treat a graph statistics as a function f and develop a divide and conquer approach to enforce differential privacy. The basic procedure of this approach is to first decompose the target computation f into several less complex unit computations f1, …, fm connected by basic mathematical operations (e.g., addition, subtraction, multiplication, division), then perturb the output of each fi with Laplace noise derived from its own sensitivity value and the distributed privacy threshold ε i , and finally combine those perturbed fi as the perturbed output of computation f. We examine how various operations affect the accuracy of complex computations. When unit computations have large global sensitivity values, we enforce the differential privacy by calibrating noise based on the smooth sensitivity, rather than the global sensitivity. By doing this, we achieve the strict differential privacy guarantee with smaller magnitude noise. We illustrate our approach by using clustering coefficient, which is a popular statistics used in social network analysis. Empirical evaluations on five real social networks and various synthetic graphs generated from three random graph models show the developed divide and conquer approach outperforms the direct approach.

Jianping He,Lin Cai,Chengcheng Zhao,Peng Cheng,Xinping Guan

DOI: https://doi.org/10.1109/TSIPN.2018.2866342

2019-01-01

Abstract:Privacy-preserving average consensus aims to guarantee the privacy of initial states and asymptotic consensus on the exact average of the initial values. In this paper, it is achieved by adding variance-decaying and zero-sum random noises to the consensus process. However, there is lack of theoretical analysis to quantify the degree of the data privacy protection. In this paper, we introduce the maximum disclosure probability that other nodes can infer one node's initial state within a given small interval to quantify the data privacy. We utilize a novel privacy definition, named <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$(\alpha, \beta)$</tex-math></inline-formula> -data-privacy, to depict the relationship between the maximum disclosure probability and the estimation accuracy. Then, we prove that the general privacy-preserving average consensus provides <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$(\alpha, \beta)$</tex-math></inline-formula> -data-privacy, and obtain the closed-form expression of the relationship between <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$\alpha$</tex-math></inline-formula> and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$\beta$</tex-math></inline-formula> given the noise distribution. We reveal that the added noise with a uniform distribution is optimal in terms of achieving the highest <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$(\alpha, \beta)$</tex-math></inline-formula> -data-privacy. We also prove that under what condition, the data-privacy will be compromised. Finally, an optimal privacy-preserving average consensus algorithm is proposed to achieve the highest <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$(\alpha, \beta)$</tex-math></inline-formula> -data-privacy. Simulations verify the analytical results.

Larry Wasserman,Shuheng Zhou

DOI: https://doi.org/10.1198/jasa.2009.tm08651

IF: 4.369

2010-03-01

Journal of the American Statistical Association

Abstract:One goal of statistical privacy research is to construct a data release mechanism that protects individual privacy while preserving information content. An example is a random mechanism that takes an input database X and outputs a random database Z according to a distribution Qn(⋅|X). Differential privacy is a particular privacy requirement developed by computer scientists in which Qn(⋅|X) is required to be insensitive to changes in one data point in X. This makes it difficult to infer from Z whether a given individual is in the original database X. We consider differential privacy from a statistical perspective. We consider several data-release mechanisms that satisfy the differential privacy requirement. We show that it is useful to compare these schemes by computing the rate of convergence of distributions and densities constructed from the released data. We study a general privacy method, called the exponential mechanism, introduced by McSherry and Talwar (2007). We show that the accuracy of this method is intimately linked to the rate at which the probability that the empirical distribution concentrates in a small ball around the true distribution.

statistics & probability

Quan Geng,Wei Ding,Ruiqi Guo,Sanjiv Kumar

DOI: https://doi.org/10.48550/arXiv.1809.10224

2018-09-26

Cryptography and Security

Abstract:We derive the optimal $(0, \delta)$-differentially private query-output independent noise-adding mechanism for single real-valued query function under a general cost-minimization framework. Under a mild technical condition, we show that the optimal noise probability distribution is a uniform distribution with a probability mass at the origin. We explicitly derive the optimal noise distribution for general $\ell^p$ cost functions, including $\ell^1$ (for noise magnitude) and $\ell^2$ (for noise power) cost functions, and show that the probability concentration on the origin occurs when $\delta > \frac{p}{p+1}$. Our result demonstrates an improvement over the existing Gaussian mechanisms by a factor of two and three for $(0,\delta)$-differential privacy in the high privacy regime in the context of minimizing the noise magnitude and noise power, and the gain is more pronounced in the low privacy regime. Our result is consistent with the existing result for $(0,\delta)$-differential privacy in the discrete setting, and identifies a probability concentration phenomenon in the continuous setting.

Jakub Tětek

2023-07-19

Abstract:The exponential increase in the amount of available data makes taking advantage of them without violating users' privacy one of the fundamental problems of computer science. This question has been investigated thoroughly under the framework of differential privacy. However, most of the literature has not focused on settings where the amount of data is so large that we are not even able to compute the exact answer in the non-private setting (such as in the streaming setting, sublinear-time setting, etc.). This can often make the use of differential privacy unfeasible in practice. In this paper, we show a general approach for making Monte-Carlo randomized approximation algorithms differentially private. We only need to assume the error $R$ of the approximation algorithm is sufficiently concentrated around $0$ (e.g.\ $\mathbb{E}[|R|]$ is bounded) and that the function being approximated has a small global sensitivity $\Delta$. Specifically, if we have a randomized approximation algorithm with sufficiently concentrated error which has time/space/query complexity $T(n,\rho)$ with $\rho$ being an accuracy parameter, we can generally speaking get an algorithm with the same accuracy and complexity $T(n,\Theta(\epsilon \rho))$ that is $\epsilon$-differentially private.

Data Structures and Algorithms

Xin Wang,Jianping He,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/tnse.2018.2879795

IF: 6.6

2018-01-01

IEEE Transactions on Network Science and Engineering

Abstract:In network systems, calculating maximum element plays a fundamental role for distributed data analysis. Maximum consensus algorithm can accomplish the calculation in a fully distributed way. However, the data for communication are privacy-sensitive in many scenarios, making nodes unwilling to participate in the distributed calculation process. How to ensure privacy and accuracy for distributed calculation of maximum element is essential while challenging. In this paper, we first prove that exact maximum consensus and differential privacy cannot be guaranteed simultaneously. Then, to provide sufficient privacy preservation for nodes, we propose a novel differentially private maximum consensus (DPMC) algorithm where nodes perturb their initial states with Laplacian noises. We prove that DPMC algorithm preserves differential privacy and give the analytical expression of privacy preserving degree. Furthermore, the proposed algorithm also guarantees finite-time convergence and achieves high convergence accuracy. The performance tradeoff is finally analyzed and evaluated by extensive numerical simulations.

Yuval Dagan,Gil Kur

DOI: https://doi.org/10.48550/arXiv.2012.03817

2020-12-07

Data Structures and Algorithms

Abstract:We present an asymptotically optimal $(\epsilon,\delta)$ differentially private mechanism for answering multiple, adaptively asked, $\Delta$-sensitive queries, settling the conjecture of Steinke and Ullman [2020]. Our algorithm has a significant advantage that it adds independent bounded noise to each query, thus providing an absolute error bound. Additionally, we apply our algorithm in adaptive data analysis, obtaining an improved guarantee for answering multiple queries regarding some underlying distribution using a finite sample. Numerical computations show that the bounded-noise mechanism outperforms the Gaussian mechanism in many standard settings.

Li Zhou,Mingsheng Ying

DOI: https://doi.org/10.1109/CSF.2017.23

2017-01-01

Abstract:More and more quantum algorithms have been designed for solving problems in machine learning, database search and data analytics. An important problem then arises: how privacy can be protected when these algorithms are used on private data? For classical computing, the notion of differential privacy provides a very useful conceptual framework in which a great number of mechanisms that protect privacy by introducing certain noises into algorithms have been successfully developed. This paper defines a notion of differential privacy for quantum information processing. We carefully examine how the mechanisms using three important types of quantum noise, the amplitude/phase damping and depolarizing, can protect differential privacy. A composition theorem is proved that enables us to combine multiple privacy-preserving operations in quantum information processing.

Justin Hsu,Marco Gaboardi,Andreas Haeberlen,Sanjeev Khanna,Arjun Narayan,Benjamin C. Pierce,Aaron Roth

DOI: https://doi.org/10.1109/CSF.2014.35

2014-02-14

Abstract:Differential privacy is becoming a gold standard for privacy research; it offers a guaranteed bound on loss of privacy due to release of query results, even under worst-case assumptions. The theory of differential privacy is an active research area, and there are now differentially private algorithms for a wide range of interesting problems. However, the question of when differential privacy works in practice has received relatively little attention. In particular, there is still no rigorous method for choosing the key parameter $\epsilon$, which controls the crucial tradeoff between the strength of the privacy guarantee and the accuracy of the published results. In this paper, we examine the role that these parameters play in concrete applications, identifying the key questions that must be addressed when choosing specific values. This choice requires balancing the interests of two different parties: the data analyst and the prospective participant, who must decide whether to allow their data to be included in the analysis. We propose a simple model that expresses this balance as formulas over a handful of parameters, and we use our model to choose $\epsilon$ on a series of simple statistical studies. We also explore a surprising insight: in some circumstances, a differentially private study can be more accurate than a non-private study for the same cost, under our model. Finally, we discuss the simplifying assumptions in our model and outline a research agenda for possible refinements.

Databases

Jiaqi Wang,Roei Schuster,Ilia Shumailov,David Lie,Nicolas Papernot

DOI: https://doi.org/10.48550/arXiv.2209.10732

2022-09-22

Abstract:When learning from sensitive data, care must be taken to ensure that training algorithms address privacy concerns. The canonical Private Aggregation of Teacher Ensembles, or PATE, computes output labels by aggregating the predictions of a (possibly distributed) collection of teacher models via a voting mechanism. The mechanism adds noise to attain a differential privacy guarantee with respect to the teachers' training data. In this work, we observe that this use of noise, which makes PATE predictions stochastic, enables new forms of leakage of sensitive information. For a given input, our adversary exploits this stochasticity to extract high-fidelity histograms of the votes submitted by the underlying teachers. From these histograms, the adversary can learn sensitive attributes of the input such as race, gender, or age. Although this attack does not directly violate the differential privacy guarantee, it clearly violates privacy norms and expectations, and would not be possible at all without the noise inserted to obtain differential privacy. In fact, counter-intuitively, the attack becomes easier as we add more noise to provide stronger differential privacy. We hope this encourages future work to consider privacy holistically rather than treat differential privacy as a panacea.

Machine Learning,Cryptography and Security

Wenjing Liao,Jianping He,Shanying Zhu,Cailian Chen,Xinping Guan

DOI: https://doi.org/10.1109/padsw.2018.8644952

2018-01-01

Abstract:A typical method for privacy-preserving data publishing mechanism is to add random noise to the original data for publishing. No matter what kind of noise is added, there is a chance that the original state can be estimated in a certain accuracy. The probability of the original data inferred by the malicious receiver in a given interval is measured by $(\alpha,\ \beta)$ -data-privacy. With random noise added to the original data, the utility of the published data will decrease. In this paper, we investigate the tradeoff between data privacy and data utility under $(\alpha,\beta)$ - data-privacy, aiming to seek an optimal noise distribution. To maximize the weighted sum of privacy and utility we prove that when the added noise is symmetric and the data utility is measured by $\ell^{1}$ - or $\ell^2$ -norm function, the optimal noise follows the uniform distribution. Then we further investigate the optimal noise to maximize data utility with a certain privacy guarantee and we derive that the optimal noise is a group of impulse functions. Finally, we compare $(\alpha, \beta)$ -data-privacy with differential privacy and obtain the inequality relationship between the two privacy parameters. Simulations are conducted to validate the correctness of the obtained results.

Shuying Qin,Chongrong Fang,Jianping He

DOI: https://doi.org/10.1109/mass56207.2022.00059

2022-01-01

Abstract:Differential privacy is a widely-used metric, which provides rigorous privacy definitions and strong privacy guarantees. Much of the existing studies on differential privacy are based on datasets where the tuples are independent, and thus are not suitable for correlated data protection. In this paper, we focus on correlated differential privacy, by taking the data correlations and the prior knowledge of the initial data into account. The data correlations are modeled by Bayesian conditional probabilities, and the prior knowledge refers to the exact values of the data. We propose general correlated differential privacy conditions for the discrete and continuous random noise-adding mechanisms, respectively. In case that the conditions are inaccurate due to the insufficient prior knowledge, we introduce the tuple dependence based on rough set theory to improve the correlated differential privacy conditions. The obtained theoretical results reveal the relationship between the correlations and the privacy parameters. Moreover, the improved privacy condition helps strengthen the mechanism utility. Finally, evaluations are conducted over a micro-grid system to verify the privacy protection levels and utility guaranteed by correlated differential private mechanisms.

Cynthia Dwork,Aaron Roth

DOI: https://doi.org/10.1561/0400000042

2013-01-01

Foundations and Trends® in Theoretical Computer Science

Abstract:The problem of privacy-preserving data analysis has a long history spanning multiple disciplines. As electronic data about individuals becomes increasingly detailed, and as technology enables ever more powerful collection and curation of these data, the need increases for a robust, meaningful, and mathematically rigorous definition of privacy, together with a computationally rich class of algorithms that satisfy this definition. Differential Privacy is such a definition. After motivating and discussing the meaning of differential privacy, the preponderance of this monograph is devoted to fundamental techniques for achieving differential privacy, and application of these techniques in creative combinations, using the query-release problem as an ongoing example. A key point is that, by rethinking the computational goal, one can often obtain far better results than would be achieved by methodically replacing each step of a non-private computation with a differentially private implementation. Despite some astonishingly powerful computational results, there are still fundamental limitations — not just on what can be achieved with differential privacy but on what can be achieved with any method that protects against a complete breakdown in privacy. Virtually all the algorithms discussed herein maintain differential privacy against adversaries of arbitrary computational power. Certain algorithms are computationally intensive, others are efficient. Computational complexity for the adversary and the algorithm are both discussed. We then turn from fundamentals to applications other than queryrelease, discussing differentially private methods for mechanism design and machine learning. The vast majority of the literature on differentially private algorithms considers a single, static, database that is subject to many analyses. Differential privacy in other models, including distributed databases and computations on data streams is discussed. Finally, we note that this work is meant as a thorough introduction to the problems and techniques of differential privacy, but is not intended to be an exhaustive survey — there is by now a vast amount of work in differential privacy, and we can cover only a small portion of it.