Xinyue Zhang,Jingyi Wang,Hongning Li,Yuanxiong Guo,Qingqi Pei,Pan Li,Miao Pan

DOI: https://doi.org/10.1109/glocom.2018.8647637

2018-01-01

Abstract:Information-centric networking (ICN) is developed for the future Internet because of the tremendous increase of content demands in the Internet. In the ICN architecture, in-network storage for caching plays an important role in improving content delivery efficiency, scalability and availability. To enjoy the benefits of caching users' preferable contents without disclosing the users' privacy, in this paper, we aim to integrate local differential privacy (LDP) techniques into data-driven optimization, and propose a novel scheme to allow content provider (CP) to collect the locally differentially private content preferences of a selected group of users, exploit data-driven approach to predict the content popularity, and offer the cacheenabled access points (APs) economic incentives to cache the selected preferable content. Here, optimized local hashing (OLH) is employed to locally add differential private noise to the users' preference content information and the noisy data is sent to the CP. Besides, we leverage data-driven methodology to predict the content popularity according to the constructed reference distribution of the given noisy preference content data from users. We formulate a data-driven caching revenue optimization, provide feasible solutions, and conduct simulations to show the effectiveness of the proposed scheme.

Xinyue Zhang,Hongning Li,Jingyi Wang,Yuanxiong Guo,Qingqi Pei,Pan Li,Miao Pan

DOI: https://doi.org/10.1109/twc.2021.3069763

IF: 10.4

2021-01-01

IEEE Transactions on Wireless Communications

Abstract:Information-centric networking (ICN) as an emerging networking paradigm has recently gained significant attention, due to the improvement of content delivery efficiency. The built-in network storage for caching is a key component in ICN to provide low latency service and reduce high backhaul traffic by caching popular content. However, users' content preference contains individual sensitive characteristics which is distinguishable from others. Therefore, in this work, we propose a data-driven caching revenue maximization problem with the considerations of users' local differential privacy. Specifically, we employ dBitFlip, a local differential privacy (LDP) mechanism, to locally add differential private noise to the users' preference content information. We leverage data-driven approach to predict the content popularity based on the reference distribution constructed by the reported noisy preference content data from users, mathematically present the distance between the noisy reference distribution and the true distribution by the tolerance level, and prove the relationship among the tolerance level, differential privacy budget and the confidence level. We provide feasible solutions to the proposed revenue maximization problem, and conduct simulations to show the effectiveness of the proposed scheme.

Jingyi Wang,Xinyue Zhang,Haijun Zhang,Hai Lin,Hideki Tode,Miao Pan,Zhu Han

DOI: https://doi.org/10.1109/glocom.2018.8647839

2018-01-01

Abstract:Smart meters migrate conventional electricity grid into digitally enabled Smart Grid (SG), which is more reliable and efficient. Fine-grained energy consumption data collected by smart meters helps utility providers accurately predict users' demands and significantly reduce power generation cost, while it imposes severe privacy risks on consumers and may discourage them from using those ``espionage meters". To enjoy the benefits of smart meter measured data without compromising the users' privacy, in this paper, we try to integrate distributed differential privacy (DDP) techniques into data-driven optimization, and propose a novel scheme that not only minimizes the cost for utility providers but also preserves the DDP of users' energy profiles. Briefly, we add differential private noises to the users' energy consumption data before the smart meters send it to the utility provider. Due to the uncertainty of the users' demand distribution, the utility provider aggregates a given set of historical users' differentially private data, estimates the users' demands, and formulates the data- driven cost minimization based on the collected noisy data. We also develop algorithms for feasible solutions, and verify the effectiveness of the proposed scheme through simulations using the simulated energy consumption data generated from the utility company's real data analysis.

M.A.P. Chamikara,Seung Ick Jang,Ian Oppermann,Dongxi Liu,Musotto Roberto,Sushmita Ruj,Arindam Pal,Meisam Mohammady,Seyit Camtepe,Sylvia Young,Chris Dorrian,Nasir David

2023-06-06

Abstract:Tabular data sharing serves as a common method for data exchange. However, sharing sensitive information without adequate privacy protection can compromise individual privacy. Thus, ensuring privacy-preserving data sharing is crucial. Differential privacy (DP) is regarded as the gold standard in data privacy. Despite this, current DP methods tend to generate privacy-preserving tabular datasets that often suffer from limited practical utility due to heavy perturbation and disregard for the tables' utility dynamics. Besides, there has not been much research on selective attribute release, particularly in the context of controlled partially perturbed data sharing. This has significant implications for scenarios such as cross-agency data sharing in real-world situations. We introduce OptimShare: a utility-focused, multi-criteria solution designed to perturb input datasets selectively optimized for specific real-world applications. OptimShare combines the principles of differential privacy, fuzzy logic, and probability theory to establish an integrated tool for privacy-preserving data sharing. Empirical assessments confirm that OptimShare successfully strikes a balance between better data utility and robust privacy, effectively serving various real-world problem scenarios.

Cryptography and Security,Databases

Honglu Jiang,S M Sarwar,Haotian Yu,Sheikh Ariful Islam

DOI: https://doi.org/10.48550/arXiv.2112.07061

2021-12-14

Abstract:Conventional private data publication mechanisms aim to retain as much data utility as possible while ensuring sufficient privacy protection on sensitive data. Such data publication schemes implicitly assume that all data analysts and users have the same data access privilege levels. However, it is not applicable for the scenario that data users often have different levels of access to the same data, or different requirements of data utility. The multi-level privacy requirements for different authorization levels pose new challenges for private data publication. Traditional PPDP mechanisms only publish one perturbed and private data copy satisfying some privacy guarantee to provide relatively accurate analysis results. To find a good tradeoff between privacy preservation level and data utility itself is a hard problem, let alone achieving multi-level data utility on this basis. In this paper, we address this challenge in proposing a novel framework of data publication with compressive sensing supporting multi-level utility-privacy tradeoffs, which provides differential privacy. Specifically, we resort to compressive sensing (CS) method to project a $n$-dimensional vector representation of users' data to a lower $m$-dimensional space, and then add deliberately designed noise to satisfy differential privacy. Then, we selectively obfuscate the measurement vector under compressive sensing by adding linearly encoded noise, and provide different data reconstruction algorithms for users with different authorization levels. Extensive experimental results demonstrate that ML-DPCS yields multi-level of data utility for specific users at different authorization levels.

Cryptography and Security

Ashutosh Kumar Singh,Rishabh Gupta

DOI: https://doi.org/10.1007/s11042-021-11751-w

IF: 2.577

2022-04-18

Multimedia Tools and Applications

Abstract:A large amount of data and applications need to be shared with various parties and stakeholders in the cloud environment for storage, computation, and data utilization. Since a third party operates the cloud platform, owners cannot fully trust this environment. However, it has become a challenge to ensure privacy preservation when sharing data effectively among different parties. This paper proposes a novel model that partitions data into sensitive and non-sensitive parts, injects the noise into sensitive data, and performs classification tasks using k-anonymization, differential privacy, and machine learning approaches. It allows multiple owners to share their data in the cloud environment for various purposes. The model specifies communication protocol among involved multiple untrusted parties to process owners’ data. The proposed model preserves actual data by providing a robust mechanism. The experiments are performed over Heart Disease, Arrhythmia, Hepatitis, Indian-liver-patient, and Framingham datasets for Support Vector Machine, K-Nearest Neighbor, Random Forest, Naive Bayes, and Artificial Neural Network classifiers to compute the efficiency in terms of accuracy, precision, recall, and F1-score of the proposed model. The achieved results provide high accuracy, precision, recall, and F1-score up to 93.75%, 94.11%, 100%, and 87.99% and improvement up to 16%, 29%, 12%, and 11%, respectively, compared to previous works.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Chang Xia,Jingyu Hua,Wei Tong,Sheng Zhong

DOI: https://doi.org/10.1016/j.cose.2019.101699

IF: 5.105

2020-01-01

Computers & Security

Abstract:In many cases, a service provider might require to aggregate data from end-users to perform mining tasks such as K -means clustering. Nevertheless, since such data often contain sensitive information. In this paper, we propose the first locally differentially private K -means mechanism under this distributed scenario. Differing from standard differentially private clustering mechanisms, the proposed mechanism doesn’t need any trusted third party to collect and preprocess users data. Our mechanism first perturbs users data locally to satisfy local differential privacy (LDP). Then it revises the traditional K -means algorithm to allow the service provider to obtain high-quality clustering results by collaborating with users based on the highly perturbed data. We prove that our mechanism can enable high utility clustering while guaranteeing local differential privacy for each user. We also propose an extended mechanism to improve our basic model in terms of privacy and utility. In this mechanism, we perturb both users’ sensitive data and the intermediate results of users’ clusters in each iteration. Moreover, we consider a more general setting where the users may have different privacy requirements. Extensive experiments are conducted on two real-world datasets, and the results show that our proposal can well preserve the quality of clustering results.

Yuan Liu,Peng Liu,Weipeng Jing,Houbing Herbert Song

DOI: https://doi.org/10.1109/jiot.2023.3295763

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the rapid development of the Internet of things(IoT), massive terminals and emerging applications bring a large amount of data. As an essential prerequisite for mining potential value from these data, data sharing is crucial and getting more and more attention. However, security and privacy concerns, and the lack of effective incentive mechanisms in the decentralized environment hinder the data owners from sharing their data. In this paper, we propose a federated learning and blockchain based privacy-preserving data sharing system, which solve the privacy leakage problem of federated learning and the scalability problem of blockchain by their technical complementarity. Considering the resource shortage and the heterogeneity of terminals, we first design a cross-layer architecture by exploiting the cloud-edge-terminal collaboration, and innovatively propose differential data sharing by dividing the providers into origin data providers and model providers. Then, we design a targeted incentive mechanism to maximize the utility of requesters and two types of data providers by formulating it into a two-stage Stackelberg game. Finally, a gradient-based algorithm is designed to get the optimal solution. Theoretical analysis and numerical simulations show that the proposed data-sharing system could eliminate privacy concerns and motivate more participants to share data. With 500 nodes, DASC is 1.72 seconds faster than SMC and 2.59 seconds faster than SDC. In terms of utility of requster, DASC is 2.0×103 higher than SDC, and 9.27 higher than SMC in average utility of providers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jingyu Hua,An Tang,Yixin Fang,Zhenyu Shen,Sheng Zhong

DOI: https://doi.org/10.1109/tifs.2016.2532839

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In the problem of privacy-preserving collaborative data publishing, a central data publisher is responsible for aggregating sensitive data from multiple parties and then anonymizing it before publishing for data mining. In such scenarios, the data users may have a strong demand to measure the utility of the published data, since most anonymization techniques have side effects on data utility. Nevertheless, this task is non-trivial, because the utility measuring usually requires the aggregated raw data, which is not revealed to the data users due to privacy concerns. Furthermore, the data publishers may even cheat in the raw data, since no one, including the individual providers, knows the full data set. In this paper, we first propose a privacy-preserving utility verification mechanism based upon cryptographic technique for DiffPart-a differentially private scheme designed for set-valued data. This proposal can measure the data utility based upon the encrypted frequencies of the aggregated raw data instead of the plain values, which thus prevents privacy breach. Moreover, it is enabled to privately check the correctness of the encrypted frequencies provided by the publisher, which helps detect dishonest publishers. We also extend this mechanism to DiffGen-another differentially private publishing scheme designed for relational data. Our theoretical and experimental evaluations demonstrate the security and efficiency of the proposed mechanism.

Shaowei Wang,Yuqiu Qian,Jiachun Du,Wei Yang,Liusheng Huang,Hongli Xu

DOI: https://doi.org/10.14778/3389133.3389140

IF: 2.5

2020-01-01

Proceedings of the VLDB Endowment

Abstract:Most user-generated data in online services are presented as set-valued data, e.g., visited website URLs, recently used Apps by a person, and etc. These data are of great value to service providers, but also bring privacy concerns if collected and analyzed directly. To tackle potential privacy threatens, local differential privacy (LDP) attracts increasing attention nowadays. However, existing approaches only provide sub-optimal error bound for set-valued data distribution estimation with LDP. Besides, it is computational expensive and communication expensive to use for high dimensional set-valued data, considering large domains in real scenarios. Thus, existing approaches are unpractical to use on resource-constrained user-side devices (e.g., smartphones and wearable devices). In this paper, we propose a utility-optimal and efficient set-valued data publication method (i.e., wheel mechanism). On the user side, each user contributes only one numerical value to represent their privatized data. The computational complexity is O(min{m log m, meɛ}) and communication cost is O(log(meɛ)) bits, while existing approaches usually depend on O(d) or O(log d), where m is the number of items in the set-valued data (m ≡ 1 for categorical data), d is the domain size (usually d ≫ m) and ɛ is the privacy budget. On the server side, the estimator takes numerical values from users as input and derives an unbiased distribution estimation. Theoretical results show that estimation error bounds are improved from previously known [EQUATION] to the optimal rate [EQUATION]. Results on extensive experiments demonstrate that our proposed wheel mechanism is 3-100× faster than existing approaches, meanwhile has optimal statistical efficiency.

Youyang Qu,Shui Yu,Wanlei Zhou,Shiping Chen,Jun Wu

DOI: https://doi.org/10.1109/tnse.2020.3036855

IF: 6.6

2021-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Privacy leakage becomes increasingly serious because massive volumes of data are constantly shared in diverse booming cyber-physical social networks (CPSN). Differential privacy is one of the dominating privacy-preserving methods, but most of its extensions assume all data users share the same privacy requirement, which fails to satisfy various privacy expectations in practice. To address this issue, customizable privacy preservation based on differential privacy is a potentially promising countermeasure. However, we found that customizable protection will trigger the composition mechanism of differential privacy and leads to unexpected correlations among injected noises that weakens privacy protection and reveal more sensitive inforamtion. As a result, customizable privacy protection is vulnerable to two primary attacks: background knowledge attack and collusion attack. To optimize the tradeoff between customizable privacy preservation and data utility, we propose a customizable reliable differential privacy model (CRDP), which provides customizable protection on each individual while being attack-proof. We define social distance as the shortest path between two nodes, which is used as an index to customize the privacy protection levels, followed by quantitatively modeling the attacks under the framework of differential privacy. We develop a modified Laplacian mechanism in which the noise generation complies with a Markov stochastic process.Consequently, the correlations of noises are properly de-coupled so that CRDP can simultaneously minimize background knowledge attacks and eliminate collusion attacks in this particular scenario. The evaluation results from real-world datasets show the feasibility and superiority of CRDP in terms of customizable privacy preservation and reliable attack resistance.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Shuaiqi Wang,Rongzhe Wei,Mohsen Ghassemi,Eleonora Kreacic,Vamsi K. Potluru

2024-06-13

Abstract:Data sharing enables critical advances in many research areas and business applications, but it may lead to inadvertent disclosure of sensitive summary statistics (e.g., means or quantiles). Existing literature only focuses on protecting a single confidential quantity, while in practice, data sharing involves multiple sensitive statistics. We propose a novel framework to define, analyze, and protect multi-secret summary statistics privacy in data sharing. Specifically, we measure the privacy risk of any data release mechanism by the worst-case probability of an attacker successfully inferring summary statistic secrets. Given an attacker's objective spanning from inferring a subset to the entirety of summary statistic secrets, we systematically design and analyze tailored privacy metrics. Defining the distortion as the worst-case distance between the original and released data distribution, we analyze the tradeoff between privacy and distortion. Our contribution also includes designing and analyzing data release mechanisms tailored for different data distributions and secret types. Evaluations on real-world data demonstrate the effectiveness of our mechanisms in practical applications.

Cryptography and Security

Jasjeet Dhaliwal,Geoffrey So,Aleatha Parker-Wood,Melanie Beck

DOI: https://doi.org/10.48550/arXiv.1901.09858

2019-01-28

Data Structures and Algorithms

Abstract:Differential privacy mechanisms that also make reconstruction of the data impossible come at a cost - a decrease in utility. In this paper, we tackle this problem by designing a private data release mechanism that makes reconstruction of the original data impossible and also preserves utility for a wide range of machine learning algorithms. We do so by combining the Johnson-Lindenstrauss (JL) transform with noise generated from a Laplace distribution. While the JL transform can itself provide privacy guarantees \cite{blocki2012johnson} and make reconstruction impossible, we do not rely on its differential privacy properties and only utilize its ability to make reconstruction impossible. We present novel proofs to show that our mechanism is differentially private under single element changes as well as single row changes to any database. In order to show utility, we prove that our mechanism maintains pairwise distances between points in expectation and also show that its variance is proportional to the dimensionality of the subspace we project the data into. Finally, we experimentally show the utility of our mechanism by deploying it on the task of clustering.

Zhen Gu,Guoyin Zhang,Chen Yang

DOI: https://doi.org/10.1155/2022/7963004

IF: 1.968

2022-08-02

Security and Communication Networks

Abstract:In this paper, we study the privacy-preserving data publishing problem in a distributed environment. The data contain sensitive information; hence, directly pooling and publishing the local data will lead to privacy leaks. To solve this problem, we propose a multiparty horizontally partitioned data publishing method under differential privacy (HPDP-DP). First, in order to make the noise level of the published data in the distributed scenario the same as in the centralized scenario, we use the infinite divisibility of the Laplace distribution to design a distributed noise addition scheme to perturb the locally shared data and use Paillier encryption to transmit the locally shared data to the semitrusted curator. Then, the semitrusted curator obtains the estimator of the covariance matrix of the aggregated data with Laplace noise and then obtains the principal components of the aggregated data and returns them to each data owner. Finally, the data owner utilizes the generative model of probabilistic principal component analysis to generate a synthetic data set for publication. We conducted experiments on different real data sets; the experimental results demonstrate that the synthetic data set released by the HPDP-DP method can maintain high utility.

computer science, information systems,telecommunications

Fragkiskos Koufogiannis,George Pappas

DOI: https://doi.org/10.48550/arXiv.1511.06253

2015-11-20

Abstract:The emergence of social and technological networks has enabled rapid sharing of data and information. This has resulted in significant privacy concerns where private information can be either leaked or inferred from public data. The problem is significantly harder for social networks where we may reveal more information to our friends than to strangers. Nonetheless, our private information can still leak to strangers as our friends are their friends and so on. In order to address this important challenge, in this paper, we present a privacy-preserving mechanism that enables private data to be diffused over a network. In particular, whenever a user wants to access another users' data, the proposed mechanism returns a differentially private response that ensures that the amount of private data leaked depends on the distance between the two users in the network. While allowing global statistics to be inferred by users acting as analysts, our mechanism guarantees that no individual user, or a group of users, can harm the privacy guarantees of any other user. We illustrate our mechanism with two examples: one on synthetic data where the users share their GPS coordinates; and one on a Facebook ego-network where a user shares her infection status.

Data Structures and Algorithms,Cryptography and Security

Xiao-Bai Li,Srinivasan Raghunathan

DOI: https://doi.org/10.1016/j.dss.2013.10.006

IF: 6.969

2014-03-01

Decision Support Systems

Abstract:Organizations today regularly share their customer data with their partners to gain competitive advantages. They are also often requested or even required by a third party to provide customer data that are deemed sensitive. In these circumstances, organizations are obligated to protect the privacy of the individuals involved while still benefiting from sharing data or meeting the requirement for releasing data. In this study, we analyze the tradeoff between privacy and data utility from the perspective of the data owner. We develop an incentive-compatible mechanism for the data owner to price and disseminate private data. With this mechanism, a data user is motivated to reveal his true purpose of data usage and acquire the data that suits to that purpose. Existing economic studies of information privacy primarily consider the interplay between the data owner and the individuals, focusing on problems that occur in the <i>collection</i> of private data. This study, however, examines the privacy issue facing a data owner organization in the <i>distribution</i> of private data to a third party data user when the real purpose of data usage is unclear and the released data could be misused.

computer science, information systems, artificial intelligence,operations research & management science

Youyang Qu,Lichuan Ma,Wenjie Ye,Xuemeng Zhai,Shui Yu,Yunfeng Li,David Smith

DOI: https://doi.org/10.48550/arXiv.2306.16630

2023-06-29

Abstract:The popularization of intelligent healthcare devices and big data analytics significantly boosts the development of smart healthcare networks (SHNs). To enhance the precision of diagnosis, different participants in SHNs share health data that contains sensitive information. Therefore, the data exchange process raises privacy concerns, especially when the integration of health data from multiple sources (linkage attack) results in further leakage. Linkage attack is a type of dominant attack in the privacy domain, which can leverage various data sources for private data mining. Furthermore, adversaries launch poisoning attacks to falsify the health data, which leads to misdiagnosing or even physical damage. To protect private health data, we propose a personalized differential privacy model based on the trust levels among users. The trust is evaluated by a defined community density, while the corresponding privacy protection level is mapped to controllable randomized noise constrained by differential privacy. To avoid linkage attacks in personalized differential privacy, we designed a noise correlation decoupling mechanism using a Markov stochastic process. In addition, we build the community model on a blockchain, which can mitigate the risk of poisoning attacks during differentially private data transmission over SHNs. To testify the effectiveness and superiority of the proposed approach, we conduct extensive experiments on benchmark datasets.

Cryptography and Security,Artificial Intelligence

Shaowei Wang,Yuntong Li,Yusen Zhong,Kongyang Chen,Xianmin Wang,Zhili Zhou,Fei Peng,Yuqiu Qian,Jiachun Du,Wei Yang

DOI: https://doi.org/10.1109/tmc.2023.3342056

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:In many mobile applications, user-generated data are presented as set-valued data. To tackle potential privacy threats in analyzing these valuable data, local differential privacy has been attracting substantial attention. However, existing approaches only provide sub-optimal utility and are expensive in computation and communication for set-valued data distribution estimation and heavy-hitter identification. In this paper, we propose a utility-optimal and efficient set-valued data publication method (i.e., Wheel mechanism ). On the user side, the computational complexity is only $O(\min \lbrace m\log m, m e^\epsilon \rbrace )$ and communication costs are $O(\epsilon +\log m)$ bits, where $m$ is the number of items, $d$ is the domain size and $\epsilon$ is the privacy budget, while existing approaches usually depend on $O(d)$ or $O(\log d)$ ( $d \gg m$ ). Our theoretical analyses reveal the estimation errors have been reduced from the previously known $O(\frac{m^{2} d}{n\epsilon ^{2}})$ to the optimal rate $O(\frac{m d}{n\epsilon ^{2}})$ . Additionally, for heavy-hitter identification, we present a variant of the Wheel mechanism as an efficient frequency oracle, entailing only $O(\sqrt{n})$ computational complexity. This heavy-hitter protocol achieves an identification bar of $\tilde{O}(\frac{1}{\epsilon }\sqrt{\frac{m}{n} \log d})$ , reducing by a factor of $\sqrt{m}$ relative to existing protocols. Extensive experiments demonstrate our methods are 3-100x faster than existing approaches and have optimized statistical efficiency.

Roel Dobbe,Ye Pu,Jingge Zhu,Kannan Ramchandran,Claire Tomlin

DOI: https://doi.org/10.48550/arXiv.1806.06035

2018-06-15

Optimization and Control

Abstract:Real-time data-driven optimization and control problems over networks may require sensitive information of participating users to calculate solutions and decision variables, such as in traffic or energy systems. Adversaries with access to coordination signals may potentially decode information on individual users and put user privacy at risk. We develop local differential privacy, which is a strong notion that guarantees user privacy regardless of any auxiliary information an adversary may have, for a larger family of convex distributed optimization problems. The mechanism allows agent to customize their own privacy level based on local needs and parameter sensitivities. We propose a general sampling based approach for determining sensitivity and derive analytical bounds for specific quadratic problems. We analyze inherent trade-offs between privacy and suboptimality and propose allocation schemes to divide the maximum allowable noise, a privacy budget, among all participating agents. Our algorithm is implemented to enable privacy in distributed optimal power flow for electric grids.

Mangesh Gupte,Mukund Sundararajan

DOI: https://doi.org/10.48550/arXiv.1001.2767

2010-01-16

Abstract:A scheme that publishes aggregate information about sensitive data must resolve the trade-off between utility to information consumers and privacy of the database participants. Differential privacy is a well-established definition of privacy--this is a universal guarantee against all attackers, whatever their side-information or intent. In this paper, we present a universal treatment of utility based on the standard minimax rule from decision theory (in contrast to the utility model in, which is Bayesian). In our model, information consumers are minimax (risk-averse) agents, each possessing some side-information about the query, and each endowed with a loss-function which models their tolerance to inaccuracies. Further, information consumers are rational in the sense that they actively combine information from the mechanism with their side-information in a way that minimizes their loss. Under this assumption of rational behavior, we show that for every fixed count query, a certain geometric mechanism is universally optimal for all minimax information consumers. Additionally, our solution makes it possible to release query results at multiple levels of privacy in a collusion-resistant manner.

Cryptography and Security,Databases,Data Structures and Algorithms