Taeho Jung,Xufei Mao,Xiang-Yang Li,Shao-Jie Tang,Wei Gong,Lan Zhang

DOI: https://doi.org/10.1109/infcom.2013.6567071

2013-01-01

Abstract:Much research has been conducted to securely outsource multiple parties' data aggregation to an untrusted aggregator without disclosing each individual's privately owned data, or to enable multiple parties to jointly aggregate their data while preserving privacy. However, those works either require secure pair-wise communication channels or suffer from high complexity. In this paper, we consider how an external aggregator or multiple parties can learn some algebraic statistics (e.g., sum, product) over participants' privately owned data while preserving the data privacy. We assume all channels are subject to eavesdropping attacks, and all the communications throughout the aggregation are open to others. We propose several protocols that successfully guarantee data privacy under this weak assumption while limiting both the communication and computation complexity of each participant to a small constant.

Sachin Kadam,Anna Scaglione,Nikhil Ravi,Sean Peisert,Brent Lunghino,Aram Shumavon

2024-04-08

Abstract:The Differential Privacy (DP) literature often centers on meeting privacy constraints by introducing noise to the query, typically using a pre-specified parametric distribution model with one or two degrees of freedom. However, this emphasis tends to neglect the crucial considerations of response accuracy and utility, especially in the context of categorical or discrete numerical database queries, where the parameters defining the noise distribution are finite and could be chosen optimally. This paper addresses this gap by introducing a novel framework for designing an optimal noise Probability Mass Function (PMF) tailored to discrete and finite query sets. Our approach considers the modulo summation of random noise as the DP mechanism, aiming to present a tractable solution that not only satisfies privacy constraints but also minimizes query distortion. Unlike existing approaches focused solely on meeting privacy constraints, our framework seeks to optimize the noise distribution under an arbitrary $(\epsilon, \delta)$ constraint, thereby enhancing the accuracy and utility of the response. We demonstrate that the optimal PMF can be obtained through solving a Mixed-Integer Linear Program (MILP). Additionally, closed-form solutions for the optimal PMF are provided, minimizing the probability of error for two specific cases. Numerical experiments highlight the superior performance of our proposed optimal mechanisms compared to state-of-the-art methods. This paper contributes to the DP literature by presenting a clear and systematic approach to designing noise mechanisms that not only satisfy privacy requirements but also optimize query distortion. The framework introduced here opens avenues for improved privacy-preserving database queries, offering significant enhancements in response accuracy and utility.

Cryptography and Security,Data Structures and Algorithms,Systems and Control

Huihua Xia,Yan Xiong,Wenchao Huang,Zhaoyi Meng,Fuyou Miao

DOI: https://doi.org/10.1155/2020/8895281

IF: 1.968

2020-01-01

Security and Communication Networks

Abstract:Querying average distances is useful for real-world applications such as business decision and medical diagnosis, as it can help a decision maker to better understand the users’ data in a database. However, privacy has been an increasing concern. People are now suffering serious privacy leakage from various kinds of sources, especially service providers who provide insufficient protection on user’s private data. In this paper, we discover a new type of attack in an average-distance query (AVGD query) with noisy results. The attack is general that it can be used to reveal private data of different dimensions. We theoretically analyze how different factors affect the accuracy of the attack and propose the privacy-preserving mechanism based on the analysis. We experiment on two real-life datasets to show the feasibility and severity of the attack. The results show that the severity of the attack is mainly influenced by the factors including the noise magnitude, the number of queries, and the number of users in each query. Also, we validate the correctness of our theoretical analysis by comparing with the experimental results and confirm the effectiveness of the privacy-preserving mechanism.

Shixi Chen,Shuigeng Zhou,Sourav S. Bhowmick

DOI: https://doi.org/10.1145/2247596.2247605

2012-01-01

Abstract:Differential privacy is a robust principle for privacy preserving data analysis tasks, and has been successfully applied to a variety of applications. However, the number of queries that can be answered is limited for preventing privacy disclosure. Once the privacy budget is exhausted, all succeeding queries must be rejected. Therefore, each of the historical query answers is valuable and it is important to exploit them together to learn more about the data. We propose to integrate all available linear query answers into a consistent form that embodies our knowledge learned from the noisy answers, obtaining more accurate answers to past queries and even new queries, improving the data utility. Two distinct approaches are developed for this purpose, one via principle component analysis, and another via maximum entropy method. The second approach also generates a synthetic database, which is useful for differentially private data publishing. One important goal of our work is to ensure that the running time of our approaches does not grow with the cardinality of the universe of a data tuple, so that high-dimensional data with very large domain can still be tackled efficiently.

Hao Wang,Xiao Peng,Yihang Xiao,Zhengquan Xu,Xian Chen

DOI: https://doi.org/10.1007/s40747-021-00550-3

2021-10-09

Abstract:Abstract Privacy preserving methods supporting for data aggregating have attracted the attention of researchers in multidisciplinary fields. Among the advanced methods, differential privacy (DP) has become an influential privacy mechanism owing to its rigorous privacy guarantee and high data utility. But DP has no limitation on the bound of noise, leading to a low-level utility. Recently, researchers investigate how to preserving rigorous privacy guarantee while limiting the relative error to a fixed bound. However, these schemes destroy the statistical properties, including the mean, variance and MSE, which are the foundational elements for data aggregating and analyzing. In this paper, we explore the optimal privacy preserving solution, including novel definitions and implementing mechanisms, to maintain the statistical properties while satisfying DP with a fixed relative error bound. Experimental evaluation demonstrates that our mechanism outperforms current schemes in terms of security and utility for large quantities of queries.

computer science, artificial intelligence

Eyal Nussbaum,Michael Segal

DOI: https://doi.org/10.48550/arXiv.1905.11694

2019-05-28

Abstract:Vast amounts of information of all types are collected daily about people by governments, corporations and individuals. The information is collected when users register to or use on-line applications, receive health related services, use their mobile phones, utilize search engines, or perform common daily activities. As a result, there is an enormous quantity of privately-owned records that describe individuals' finances, interests, activities, and demographics. These records often include sensitive data and may violate the privacy of the users if published. The common approach to safeguarding user information, or data in general, is to limit access to the storage (usually a database) by using and authentication and authorization protocol. This way, only users with legitimate permissions can access the user data. In many cases though, the publication of user data for statistical analysis and research can be extremely beneficial for both academic and commercial uses, such as statistical research and recommendation systems. To maintain user privacy when such a publication occurs many databases employ anonymization techniques, either on the query results or the data itself. In this paper we examine variants of 2 such techniques, "data perturbation" and "query-set-size control" and discuss their vulnerabilities. Data perturbation deals with changing the values of records in the dataset while maintaining a level of accuracy over the resulting queries. We focus on a relatively new data perturbation method called NeNDS to show a possible partial knowledge attack on its privacy. The query-set-size control allows publication of a query result dependent on having a minimum set size, k, of records satisfying the query parameters. We show some query types relying on this method may still be used to extract hidden information, and prove others maintain privacy even when using multiple queries.

Cryptography and Security

Jack Fitzsimons,James Honaker,Michael Shoemate,Vikrant Singhal

2024-08-22

Abstract:We show that the most well-known and fundamental building blocks of DP implementations -- sum, mean, count (and many other linear queries) -- can be released with substantially reduced noise for the same privacy guarantee. We achieve this by projecting individual data with worst-case sensitivity $R$ onto a simplex where all data now has a constant norm $R$. In this simplex, additional ``free'' queries can be run that are already covered by the privacy-loss of the original budgeted query, and which algebraically give additional estimates of counts or sums, and can be combined for lower final noise.

Cryptography and Security

Hao Zhang,Nenghai Yu,Yonggang Wen,Weiming Zhang

DOI: https://doi.org/10.1016/j.cose.2014.05.009

2014-09-01

Abstract:In aggregation applications, individual privacy is a crucial factor to determine the effectiveness, for which the noise-addition method (i.e., a random noise value is added to the true value) is a simple yet powerful approach. However, improper additive noise could result in bias for the aggregate result. It demands an optimal noise distribution to reduce the deviation. In this paper, we develop a mathematical framework to derive the optimal noise distribution that provides privacy protection under the constraint of a limited value deviation. Specifically, we first derive a generic system dynamic function that the optimal noise distribution must satisfy, and further investigate the special case that the original values obey Gaussian distribution. Then we detailedly investigate the general cases that the original values obey arbitrary continuous distribution, which can be expressed by Gaussian Mixture Model (GMM). Our theoretical analysis suggests that for the Gaussian input Gaussian distribution is the optimal solution, and for the general input, the optimal solution is composed of infinite number of Gaussian components. We further find the general term formula of the components, which reduces the number of unknowns from infinite to three, i.e. the parameters of the first component (variance, expectation, weight). Based on it, we investigate the properties and propose an algorithm in order to calculate the asymptotically optimal solution composed of finite Gaussian components. The numerical evaluation shows that the results has little deviation to the optimal solutions.

computer science, information systems

Zinan Lin,Shuaiqi Wang,Vyas Sekar,Giulia Fanti

2023-10-28

Abstract:We study a setting where a data holder wishes to share data with a receiver, without revealing certain summary statistics of the data distribution (e.g., mean, standard deviation). It achieves this by passing the data through a randomization mechanism. We propose summary statistic privacy, a metric for quantifying the privacy risk of such a mechanism based on the worst-case probability of an adversary guessing the distributional secret within some threshold. Defining distortion as a worst-case Wasserstein-1 distance between the real and released data, we prove lower bounds on the tradeoff between privacy and distortion. We then propose a class of quantization mechanisms that can be adapted to different data distributions. We show that the quantization mechanism's privacy-distortion tradeoff matches our lower bounds under certain regimes, up to small constant factors. Finally, we demonstrate on real-world datasets that the proposed quantization mechanisms achieve better privacy-distortion tradeoffs than alternative privacy mechanisms.

Cryptography and Security,Machine Learning

Natasha Fernandes,Kacem Lefki,Catuscia Palamidessi

DOI: https://doi.org/10.48550/arXiv.1906.12147

2019-06-28

Abstract:Differential privacy (DP) and local differential privacy (LPD) are frameworks to protect sensitive information in data collections. They are both based on obfuscation. In DP the noise is added to the result of queries on the dataset, whereas in LPD the noise is added directly on the individual records, before being collected. The main advantage of LPD with respect to DP is that it does not need to assume a trusted third party. The main disadvantage is that the trade-off between privacy and utility is usually worse than in DP, and typically to retrieve reasonably good statistics from the locally sanitized data it is necessary to have a huge collection of them. In this paper, we focus on the problem of estimating counting queries from collections of noisy answers, and we propose a variant of LDP based on the addition of geometric noise. Our main result is that the geometric noise has a better statistical utility than other LPD mechanisms from the literature.

Cryptography and Security

Hao Zhang,Yonggang Wen,Honggang Hu,Nenghai Yu

DOI: https://doi.org/10.1109/greencom-ithings-cpscom.2013.234

2013-01-01

Abstract:In emerging mobile aggregation applications (e.g., large-scale mobile survey), individual privacy is a crucial factor to determine the effectiveness, for which the noise-addition method (i.e., a random noise value is added to the true value) is a simple yet powerful approach. However, improper additive noise could result in bias for the aggregate result. It demands an optimal noise distribution to reduce the deviation. In this paper, we develop a mathematical framework to derive the optimal noise distribution that provides privacy protection under the constraint of a limited value deviation. Specifically, we first derive a generic system dynamic function that the optimal noise distribution must satisfy, and further investigate two special cases for the distribution of the original value (i.e., Gaussian and Truncated Gaussian distribution). Our theoretical analysis suggests that the Gaussian distribution is the optimal solution for the Gaussian input, and can be regarded as the optimal solution for the truncated Gaussian input under some suitable conditions.

Ian M. Schmutte,Nathan Yoder

2024-07-03

Abstract:Firms and statistical agencies must protect the privacy of the individuals whose data they collect, analyze, and publish. Increasingly, these organizations do so by using publication mechanisms that satisfy differential privacy. We consider the problem of choosing such a mechanism so as to maximize the value of its output to end users. We show that mechanisms which add noise to the statistic of interest--like most of those used in practice--are generally not optimal when the statistic is a sum or average of magnitude data (e.g., income). However, we also show that adding noise is always optimal when the statistic is a count of data entries with a certain characteristic, and the underlying database is drawn from a symmetric distribution (e.g., if individuals' data are i.i.d.). When, in addition, data users have supermodular payoffs, we show that the simple geometric mechanism is always optimal by using a novel comparative static that ranks information structures according to their usefulness in supermodular decision problems.

Theoretical Economics,Cryptography and Security

Shang Shang,Tiance Wang,Paul Cuff,Sanjeev Kulkarni

DOI: https://doi.org/10.48550/arXiv.1409.6831

IF: 14.4

2014-09-24

Artificial Intelligence

Abstract:The potential risk of privacy leakage prevents users from sharing their honest opinions on social platforms. This paper addresses the problem of privacy preservation if the query returns the histogram of rankings. The framework of differential privacy is applied to rank aggregation. The error probability of the aggregated ranking is analyzed as a result of noise added in order to achieve differential privacy. Upper bounds on the error rates for any positional ranking rule are derived under the assumption that profiles are uniformly distributed. Simulation results are provided to validate the probabilistic analysis.

Syomantak Chaudhuri,Thomas A. Courtade

2024-07-16

Abstract:Differential Privacy (DP) is the current gold-standard for measuring privacy. Estimation problems under DP constraints appearing in the literature have largely focused on providing equal privacy to all users. We consider the problems of empirical mean estimation for univariate data and frequency estimation for categorical data, two pillars of data analysis in the industry, subject to heterogeneous privacy constraints. Each user, contributing a sample to the dataset, is allowed to have a different privacy demand. The dataset itself is assumed to be worst-case and we study both the problems in two different formulations -- the correlated and the uncorrelated setting. In the former setting, the privacy demand and the user data can be arbitrarily correlated while in the latter setting, there is no correlation between the dataset and the privacy demand. We prove some optimality results, under both PAC error and mean-squared error, for our proposed algorithms and demonstrate superior performance over other baseline techniques experimentally.

Machine Learning,Cryptography and Security

Jianping He,Lin Cai,Xinping Guan

DOI: https://doi.org/10.1109/tit.2018.2842221

IF: 2.5

2018-01-01

IEEE Transactions on Information Theory

Abstract:Network systems often rely on distributed algorithms to achieve a global computation goal with iterative local information exchanges between neighbor nodes. To preserve data privacy, a node may add a random noise to its original data for information exchange at each iteration. Nevertheless, an eavesdropping node can estimate other’s original data based on the information it received. The estimation accuracy and data privacy can be measured in terms of $(\epsilon, \delta)$ -data-privacy, defined as the probability of $\epsilon $ -accurate estimate (the difference of an estimation and the original data is within $\epsilon $ ) is no larger than $\delta $ (the disclosure probability). How to optimize the estimation and analyze data privacy is a critical and open issue. In this paper, a theoretical framework is developed to investigate how to optimize the estimation of neighbor’s original data using the local information received, named optimal distributed estimation. Then, we study the disclosure probability under the optimal estimation for data privacy analysis. We further apply the developed framework to analyze the data privacy of the privacy-preserving average consensus algorithm and identify the optimal noises for the algorithm.

Shuang Song

2018-01-01

Abstract:Author(s): Song, Shuang | Advisor(s): Chaudhuri, Kamalika | Abstract: Modern machine learning increasingly involves personal data, such as healthcare, financial and user behavioral information. However, models trained on such data can reveal detailed information about the data and cause a serious privacy breach. Consequently, it is important to design algorithms that can analyze the sensitive data while still preserving privacy. This thesis advances the state-of-the-art of privacy-preserving machine learning in the following two major aspects.First, this thesis addresses the challenges in differentially private large-scale machine learning. On the one hand, with a large amount of sensitive user data, privacy-preserving learning algorithms are expected to achieve improved utility. On the other hand, big data imposes additional challenges, including performance (a.k.a Volume), data noise (a.k.a Veracity), a large number of classes and distributed sources (a.k.a Variety). This thesis presents (1) private versions of the widely used stochastic gradient descent (SGD) algorithm with generalization to data from multiple sources of different privacy requirements, and (2) an improved version of the Private Aggregation of Teacher Ensembles (PATE) framework which can scale to learning tasks with a large number of output classes and uncurated, imbalanced training data.Second, this thesis considers privacy-preserving data analysis beyond tabular data. Differential privacy is best suited for tabular data, where each record corresponds to all the information about an individual and records are independent of each other. However, many real-world applications involve non-tabular sensitive data, such as epidemic transmission graphs and measurement of the physical activity of a single subject across time. To analyze disease transmission graphs, or more general, graphs with sensitive information stored in each node, this thesis considers privacy-preserving continual release of graph statistics, such as the percentages of highly-active patients over time. The proposed algorithm outperforms the baselines in utility over a range of parameters. For physical activity measurement, or more generally, data with correlation, this thesis looks at a recent generalization of differential privacy, called Pufferfish privacy, that addresses privacy concerns in correlated data. Two mechanisms that work under different scenarios are proposed, and one of them is evaluated on real and synthetic time-series data.

Shenggang Ying,Mingsheng Ying,Yuan Feng

DOI: https://doi.org/10.48550/arXiv.1702.04420

2017-02-15

Abstract:Data analytics (such as association rule mining and decision tree mining) can discover useful statistical knowledge from a big data set. But protecting the privacy of the data provider and the data user in the process of analytics is a serious issue. Usually, the privacy of both parties cannot be fully protected simultaneously by a classical algorithm. In this paper, we present a quantum protocol for data mining that can much better protect privacy than the known classical algorithms: (1) if both the data provider and the data user are honest, the data user can know nothing about the database except the statistical results, and the data provider can get nearly no information about the results mined by the data user; (2) if the data user is dishonest and tries to disclose private information of the other, she/he will be detected with a high probability; (3) if the data provider tries to disclose the privacy of the data user, she/he cannot get any useful information since the data user hides his privacy among noises.

Quantum Physics,Cryptography and Security,Databases

Yanan Li,Xuebin Ren,Shusen Yang,Xinyu Yang

DOI: https://doi.org/10.1109/tifs.2019.2895970

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:It has been widely understood that differential privacy can guarantee rigorous privacy against adversaries with arbitrary prior knowledge. However, recent studies demonstrate that this may not be true for correlated data, and indicate that three factors could influence privacy leakage: the data correlation pattern, prior knowledge of adversaries, and sensitivity of the query function. This poses a fundamental problem: what is the mathematical relationship between the three factors and privacy leakage? In this paper, we present a unified analysis of this problem. A new privacy definition, named prior differential privacy (PDP), is proposed to evaluate privacy leakage considering the exact prior knowledge possessed by the adversary. We use two models, the weighted hierarchical graph and the multivariate Gaussian model, to analyze discrete and continuous data, respectively. We demonstrate that positive, negative, and hybrid correlations have distinct impacts on privacy leakage. Considering general correlations, a closed-form expression of privacy leakage is derived for continuous data, and a chain rule is presented for discrete data. Our results are valid for general linear queries, including count, sum, mean, and histogram. Numerical experiments are presented to verify our theoretical analysis.

Hao Zhang,Nenghai Yu,Honggang Hu

DOI: https://doi.org/10.1155/2014/678098

IF: 1.938

2014-02-01

International Journal of Distributed Sensor Networks

Abstract:In emerging mobile aggregation applications (e.g., large-scale mobile survey), individual privacy is a crucial factor to determine the effectiveness, for which the noise-addition method (i.e., a random noise value is added to the true value) is a simple yet powerful approach. However, improper additive noise could result in bias for the aggregate result. It demands an optimal noise distribution to reduce the deviation. In this paper, we develop a mathematical framework to derive the optimal noise distribution that provides privacy protection under the constraint of a limited value deviation. Specifically, we first derive a generic system dynamic function that the optimal noise distribution must satisfy and further investigate two special cases for the distribution of the original value (i.e., Gaussian and truncated Gaussian distribution). Our theoretical and numerical analysis suggests that the Gaussian distribution is the optimal solution for the Gaussian input and the asymptotically optimal solution for the truncated Gaussian input.

computer science, information systems,telecommunications

Aleksandar Nikolov

DOI: https://doi.org/10.48550/arXiv.2208.07410

2022-08-16

Abstract:We introduce a new method for releasing answers to statistical queries with differential privacy, based on the Johnson-Lindenstrauss lemma. The key idea is to randomly project the query answers to a lower dimensional space so that the distance between any two vectors of feasible query answers is preserved up to an additive error. Then we answer the projected queries using a simple noise-adding mechanism, and lift the answers up to the original dimension. Using this method, we give, for the first time, purely differentially private mechanisms with optimal worst case sample complexity under average error for answering a workload of $k$ queries over a universe of size $N$. As other applications, we give the first purely private efficient mechanisms with optimal sample complexity for computing the covariance of a bounded high-dimensional distribution, and for answering 2-way marginal queries. We also show that, up to the dependence on the error, a variant of our mechanism is nearly optimal for every given query workload.

Data Structures and Algorithms,Cryptography and Security,Machine Learning