Huanyu Zhang

DOI: https://doi.org/10.48550/arXiv.2108.05000

2021-08-11

Abstract:In modern settings of data analysis, we may be running our algorithms on datasets that are sensitive in nature. However, classical machine learning and statistical algorithms were not designed with these risks in mind, and it has been demonstrated that they may reveal personal information. These concerns disincentivize individuals from providing their data, or even worse, encouraging intentionally providing fake data. To assuage these concerns, we import the constraint of differential privacy to the statistical inference, considered by many to be the gold standard of data privacy. This thesis aims to quantify the cost of ensuring differential privacy, i.e., understanding how much additional data is required to perform data analysis with the constraint of differential privacy. Despite the maturity of the literature on differential privacy, there is still inadequate understanding in some of the most fundamental settings. In particular, we make progress in the following problems: $\bullet$ What is the sample complexity of DP hypothesis testing? $\bullet$ Can we privately estimate distribution properties with a negligible cost? $\bullet$ What is the fundamental limit in private distribution estimation? $\bullet$ How can we design algorithms to privately estimate random graphs? $\bullet$ What is the trade-off between the sample complexity and the interactivity in private hypothesis selection?

Data Structures and Algorithms,Cryptography and Security,Information Theory,Statistics Theory

Weijie J. Su

2024-10-29

Abstract:Differential privacy is widely considered the formal privacy for privacy-preserving data analysis due to its robust and rigorous guarantees, with increasingly broad adoption in public services, academia, and industry. Despite originating in the cryptographic context, in this review paper we argue that, fundamentally, differential privacy can be considered a \textit{pure} statistical concept. By leveraging David Blackwell's informativeness theorem, our focus is to demonstrate based on prior work that all definitions of differential privacy can be formally motivated from a hypothesis testing perspective, thereby showing that hypothesis testing is not merely convenient but also the right language for reasoning about differential privacy. This insight leads to the definition of $f$-differential privacy, which extends other differential privacy definitions through a representation theorem. We review techniques that render $f$-differential privacy a unified framework for analyzing privacy bounds in data analysis and machine learning. Applications of this differential privacy definition to private deep learning, private convex optimization, shuffled mechanisms, and U.S.\ Census data are discussed to highlight the benefits of analyzing privacy bounds under this framework compared to existing alternatives.

Cryptography and Security,Machine Learning,Statistics Theory

Cynthia Dwork,Aaron Roth

DOI: https://doi.org/10.1561/0400000042

2013-01-01

Foundations and Trends® in Theoretical Computer Science

Abstract:The problem of privacy-preserving data analysis has a long history spanning multiple disciplines. As electronic data about individuals becomes increasingly detailed, and as technology enables ever more powerful collection and curation of these data, the need increases for a robust, meaningful, and mathematically rigorous definition of privacy, together with a computationally rich class of algorithms that satisfy this definition. Differential Privacy is such a definition. After motivating and discussing the meaning of differential privacy, the preponderance of this monograph is devoted to fundamental techniques for achieving differential privacy, and application of these techniques in creative combinations, using the query-release problem as an ongoing example. A key point is that, by rethinking the computational goal, one can often obtain far better results than would be achieved by methodically replacing each step of a non-private computation with a differentially private implementation. Despite some astonishingly powerful computational results, there are still fundamental limitations — not just on what can be achieved with differential privacy but on what can be achieved with any method that protects against a complete breakdown in privacy. Virtually all the algorithms discussed herein maintain differential privacy against adversaries of arbitrary computational power. Certain algorithms are computationally intensive, others are efficient. Computational complexity for the adversary and the algorithm are both discussed. We then turn from fundamentals to applications other than queryrelease, discussing differentially private methods for mechanism design and machine learning. The vast majority of the literature on differentially private algorithms considers a single, static, database that is subject to many analyses. Differential privacy in other models, including distributed databases and computations on data streams is discussed. Finally, we note that this work is meant as a thorough introduction to the problems and techniques of differential privacy, but is not intended to be an exhaustive survey — there is by now a vast amount of work in differential privacy, and we can cover only a small portion of it.

Graham Cormode,Tejas Kulkarni,Divesh Srivastava

DOI: https://doi.org/10.48550/arXiv.1710.00608

2017-10-02

Databases

Abstract:Concern about how to aggregate sensitive user data without compromising individual privacy is a major barrier to greater availability of data. The model of differential privacy has emerged as an accepted model to release sensitive information while giving a statistical guarantee for privacy. Many different algorithms are possible to address different target functions. We focus on the core problem of count queries, and seek to design mechanisms to release data associated with a group of n individuals. Prior work has focused on designing mechanisms by raw optimization of a loss function, without regard to the consequences on the results. This can leads to mechanisms with undesirable properties, such as never reporting some outputs (gaps), and overreporting others (spikes). We tame these pathological behaviors by introducing a set of desirable properties that mechanisms can obey. Any combination of these can be satisfied by solving a linear program (LP) which minimizes a cost function, with constraints enforcing the properties. We focus on a particular cost function, and provide explicit constructions that are optimal for certain combinations of properties, and show a closed form for their cost. In the end, there are only a handful of distinct optimal mechanisms to choose between: one is the well-known (truncated) geometric mechanism; the second a novel mechanism that we introduce here, and the remainder are found as the solution to particular LPs. These all avoid the bad behaviors we identify. We demonstrate in a set of experiments on real and synthetic data which is preferable in practice, for different combinations of data distributions, constraints, and privacy parameters.

C. Dwork

DOI: https://doi.org/10.1145/3465084.3467482

2021-07-21

Abstract:Differential privacy is a mathematically rigorous definition of privacy tailored to statistical analysis of large datasets. Differentially private algorithms are equipped with a parameter which controls the formal measure of privacy loss. All algorithms have utility/privacy tradeoffs, and the goal of algorithmic research in differential privacy is to optimize this tradeoff. Differential privacy is most widely studied in the centralized model, in which a trusted and trustworthy curator has access to raw data. Deployment in industry has focused on the local model, where privacy is "rolled into" the data on the client via randomization before being collected. There is a separation between the power of the centralized and local models. After a brief recap of differential privacy and its properties, we will survey a few highlights of differential privacy in a variety of distributed settings that lie between the local and centralized models, and conclude with suggestions for future research.

Computer Science

Yue Wang,Daniel Kifer,Jaewoo Lee,Vishesh Karwa

DOI: https://doi.org/10.29012/jpc.666

2018-01-01

Abstract:Statistics computed from data are viewed as random variables. When they are used for tasks like hypothesis testing and confidence intervals, their true finite sample distributions are often replaced by approximating distributions that are easier to work with (for example, the Gaussian, which results from using approximations justified by the Central Limit Theorem). When data are perturbed by differential privacy, the approximating distributions also need to be modified. Prior work provided various competing methods for creating such approximating distributions with little formal justification beyond the fact that they worked well empirically. In this paper, we study the question of how to generate statistical approximating distributions for differentially private statistics, provide finite sample guarantees for the quality of the approximations.

Önder Askin,Tim Kutta,Holger Dette

DOI: https://doi.org/10.48550/arXiv.2108.09528

2022-05-02

Abstract:In this work, we introduce a new approach for statistical quantification of differential privacy in a black box setting. We present estimators and confidence intervals for the optimal privacy parameter of a randomized algorithm $A$, as well as other key variables (such as the "data-centric privacy level"). Our estimators are based on a local characterization of privacy and in contrast to the related literature avoid the process of "event selection" - a major obstacle to privacy validation. This makes our methods easy to implement and user-friendly. We show fast convergence rates of the estimators and asymptotic validity of the confidence intervals. An experimental study of various algorithms confirms the efficacy of our approach.

Cryptography and Security,Statistics Theory,Methodology

Ian M. Schmutte,Nathan Yoder

2024-07-03

Abstract:Firms and statistical agencies must protect the privacy of the individuals whose data they collect, analyze, and publish. Increasingly, these organizations do so by using publication mechanisms that satisfy differential privacy. We consider the problem of choosing such a mechanism so as to maximize the value of its output to end users. We show that mechanisms which add noise to the statistic of interest--like most of those used in practice--are generally not optimal when the statistic is a sum or average of magnitude data (e.g., income). However, we also show that adding noise is always optimal when the statistic is a count of data entries with a certain characteristic, and the underlying database is drawn from a symmetric distribution (e.g., if individuals' data are i.i.d.). When, in addition, data users have supermodular payoffs, we show that the simple geometric mechanism is always optimal by using a novel comparative static that ranks information structures according to their usefulness in supermodular decision problems.

Theoretical Economics,Cryptography and Security

Lingling Shen,Xiaotong Wu,Datong Wu,Xiaolong Xu,Lianyong Qi

DOI: https://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00155

2020-01-01

Abstract:High confidence computing is an emerging computing paradigm, which supports the next-generation information system. Statistical learning is a basic research direction of this paradigm, which has been widely applied to various services and applications, such as data mining and data analysis. However, data privacy is one of the most concerned challenges by multiple participants and has an important influence on the development of statistical learning. Local differential privacy is a strong privacy metric in a local setting, which has a rigorous mathematical model. There are a series of research works to propose efficient randomized mechanisms for statistical learning. However, there are few literatures to provide a systematic overview of the existing works.In this paper, we present the existing literatures for randomized mechanisms under local differential privacy. At first, we introduce the basic perturbation mechanisms satisfying local differential privacy. Then, we give a framework and the main components of locally private mechanisms. Next, we describe the detailed content of randomized mechanisms for frequency estimation, heavy hitter identification and distribution estimation. Finally, we discuss the possible trends and challenges of the future research. Our survey provides a systematic and comprehensive understanding about randomized mechanisms for statistical learning under local differential privacy.

Jiannan Yang,Yongzhi Cao,Hanpin Wang

DOI: https://doi.org/10.1016/j.ic.2017.03.002

2017-01-01

Abstract:Ever since proposed by Dwork, differential privacy has been a hot topic in academia. However, few attempts have been made on reasoning about differential privacy at a system level. In this paper, we propose a formal framework to verify differential privacy in probabilistic systems. With a metric on the states of a system, we formalize differential privacy by the ratio of the probabilities in the distributions after the same labeled transitions of relevant states. We explain how traditional differential privacy can be embedded in our framework and raise an infimum metric, the least distance between two states, while not violating differential privacy. It is proven that the infimum metric is also a metric instance of differential privacy itself. Furthermore, we propose a two-level logic, a privacy variant of the familiar HennessyMilner logic, to characterize differential privacy in our framework. Our results have close relations to probabilistic bisimilarity as well.

Yuan Qiu,Ke Yi

2023-10-17

Abstract:A fundamental problem in differential privacy is to release a privatized data structure over a dataset that can be used to answer a class of linear queries with small errors. This problem has been well studied in the static case. In this paper, we consider the dynamic setting where items may be inserted into or deleted from the dataset over time, and we need to continually release data structures so that queries can be answered at any time. We present black-box constructions of such dynamic differentially private mechanisms from static ones with only a polylogarithmic degradation in the utility. For the fully-dynamic case, this is the first such result. For the insertion-only case, similar constructions are known, but we improve them over sparse update streams.

Cryptography and Security

Jianping He,Lin Cai

2016-01-01

Abstract:Differential privacy is a formal mathematical standard for quantifying the degree of that individual privacy in a statistical database is preserved. To guarantee differential privacy, a typical method is adding random noise to the original data for data release. In this paper, we investigate the fundamental theory of differential privacy considering the general random noise adding mechanism, and then apply this framework for privacy analysis of the privacy-preserving consensus algorithm. Specifically, we obtain a necessary and sufficient condition of $epsilon$-differential privacy, and the sufficient conditions of $(epsilon, delta)$-differential privacy. This theoretical framework provides a useful and efficient criterion of achieving differential privacy. We utilize them to analyze the privacy of some common random noises and the theory matches with the existing literature for special cases. Applying the theory, differential privacy property of a privacy-preserving consensus algorithm is investigated based on the framework. We obtain the necessary condition and the sufficient condition for the privacy-preserving consensus algorithm, under which differential privacy is achieved, respectively. In addition, it is proved that the average consensus and $epsilon$-differential privacy cannot be guaranteed simultaneously by any privacy-preserving consensus algorithm.

Gilles Barthe,Rohit Chadha,Vishal Jagannath,A. Prasad Sistla,Mahesh Viswanathan

DOI: https://doi.org/10.1145/3373718.339479

2020-05-02

Abstract:Differential privacy is a de facto standard for statistical computations over databases that contain private data. The strength of differential privacy lies in a rigorous mathematical definition that guarantees individual privacy and yet allows for accurate statistical results. Thanks to its mathematical definition, differential privacy is also a natural target for formal analysis. A broad line of work uses logical methods for proving privacy. However, these methods are not complete, and only partially automated. A recent and complementary line of work uses statistical methods for finding privacy violations. However, the methods only provide statistical guarantees (but no proofs). We propose the first decision procedure for checking the differential privacy of a non-trivial class of probabilistic computations. Our procedure takes as input a program P parametrized by a privacy budget $\epsilon$, and either proves differential privacy for all possible values of $\epsilon$ or generates a counterexample. In addition, our procedure applies both to $\epsilon$-differential privacy and $(\epsilon,\delta)$-differential privacy. Technically, the decision procedure is based on a novel and judicious encoding of the semantics of programs in our class into a decidable fragment of the first-order theory of the reals with exponentiation. We implement our procedure and use it for (dis)proving privacy bounds for many well-known examples, including randomized response, histogram, report noisy max and sparse vector.

Cryptography and Security,Logic in Computer Science,Programming Languages

Chengyi Yang,Jiayin Qi,Aimin Zhou

2024-01-23

Abstract:Differential privacy (DP) has achieved remarkable results in the field of privacy-preserving machine learning. However, existing DP frameworks do not satisfy all the conditions for becoming metrics, which prevents them from deriving better basic private properties and leads to exaggerated values on privacy budgets. We propose Wasserstein differential privacy (WDP), an alternative DP framework to measure the risk of privacy leakage, which satisfies the properties of symmetry and triangle inequality. We show and prove that WDP has 13 excellent properties, which can be theoretical supports for the better performance of WDP than other DP frameworks. In addition, we derive a general privacy accounting method called Wasserstein accountant, which enables WDP to be applied in stochastic gradient descent (SGD) scenarios containing sub-sampling. Experiments on basic mechanisms, compositions and deep learning show that the privacy budgets obtained by Wasserstein accountant are relatively stable and less influenced by order. Moreover, the overestimation on privacy budgets can be effectively alleviated. The code is available at

Machine Learning,Cryptography and Security

Xiaoming Yao,Xiaoyi Zhou,Jixin Ma

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids.2016.9

2016-01-01

Abstract:Differential privacy has seen dramatic development in recent decades as data mining of the statistical private datasets in a distributed big data environment has become an effective paradigm that, it is argued, guarantees the mathematically rigorous privacy of the participants by ensuring the equivalence of the analyzing results with the removal or addition of a single database item. However, challenges relating to the trade-off between privacy and utility still apply with the application of differential privacy. In this survey, we review and re-examine those new improvements of the differential privacy mainly in correlated scenarios, along with different methods of choosing the epsilon for achieving a better trade-off between the privacy and utility of the datasets in conventional settings, so as to build up deeper insights on specific technical aspects of this paradigm and its future trends of development.

Kareem Amin,Alex Kulesza,Sergei Vassilvitskii

2024-08-14

Abstract:Differential privacy is the gold standard for statistical data release. Used by governments, companies, and academics, its mathematically rigorous guarantees and worst-case assumptions on the strength and knowledge of attackers make it a robust and compelling framework for reasoning about privacy. However, even with landmark successes, differential privacy has not achieved widespread adoption in everyday data use and data protection. In this work we examine some of the practical obstacles that stand in the way.

Cryptography and Security

Justin Hsu,Marco Gaboardi,Andreas Haeberlen,Sanjeev Khanna,Arjun Narayan,Benjamin C. Pierce,Aaron Roth

DOI: https://doi.org/10.1109/CSF.2014.35

2014-02-14

Abstract:Differential privacy is becoming a gold standard for privacy research; it offers a guaranteed bound on loss of privacy due to release of query results, even under worst-case assumptions. The theory of differential privacy is an active research area, and there are now differentially private algorithms for a wide range of interesting problems. However, the question of when differential privacy works in practice has received relatively little attention. In particular, there is still no rigorous method for choosing the key parameter $\epsilon$, which controls the crucial tradeoff between the strength of the privacy guarantee and the accuracy of the published results. In this paper, we examine the role that these parameters play in concrete applications, identifying the key questions that must be addressed when choosing specific values. This choice requires balancing the interests of two different parties: the data analyst and the prospective participant, who must decide whether to allow their data to be included in the analysis. We propose a simple model that expresses this balance as formulas over a handful of parameters, and we use our model to choose $\epsilon$ on a series of simple statistical studies. We also explore a surprising insight: in some circumstances, a differentially private study can be more accurate than a non-private study for the same cost, under our model. Finally, we discuss the simplifying assumptions in our model and outline a research agenda for possible refinements.

Databases

Elisabet Lobo-Vesga,Alejandro Russo,Marco Gaboardi

DOI: https://doi.org/10.48550/arXiv.1909.07918

2019-09-11

Abstract:Differential privacy offers a formal framework for reasoning about privacy and accuracy of computations on private data. It also offers a rich set of building blocks for constructing data analyses. When carefully calibrated, these analyses simultaneously guarantee privacy of the individuals contributing their data, and accuracy of their results for inferring useful properties about the population. The compositional nature of differential privacy has motivated the design and implementation of several programming languages aimed at helping a data analyst in programming differentially private analyses. However, most of the programming languages for differential privacy proposed so far provide support for reasoning about privacy but not for reasoning about the accuracy of data analyses. To overcome this limitation, in this work we present DPella, a programming framework providing data analysts with support for reasoning about privacy, accuracy and their trade-offs. The distinguishing feature of DPella is a novel component which statically tracks the accuracy of different data analyses. In order to make tighter accuracy estimations, this component leverages taint analysis for automatically inferring statistical independence of the different noise quantities added for guaranteeing privacy. We show the flexibility of our approach by not only implementing classical counting queries (e.g., CDFs) but also by analyzing hierarchical counting queries (like those done by Census Bureaus), where accuracy have different constraints per level and data analysts should figure out the best manner to calibrate privacy to meet the accuracy requirements.

Cryptography and Security,Databases,Programming Languages

Quan Geng,Pramod Viswanath

DOI: https://doi.org/10.1109/isit.2014.6875258

2014-06-01

Abstract:Differential privacy is a framework to quantify to what extent individual privacy in a statistical database is preserved while releasing useful aggregate information about the database. In this work we study the fundamental tradeoff between privacy and utility in differential privacy. We derive the optimal $\epsilon$-differentially private mechanism for single real-valued query function under a very general utility-maximization (or cost-minimization) framework. The class of noise probability distributions in the optimal mechanism has staircase-shaped probability density functions, which can be viewed as a geometric mixture of uniform probability distributions. In the context of $\ell^{1}$ and $\ell^{2}$ utility functions, we show that the standard Laplacian mechanism, which has been widely used in the literature, is asymptotically optimal in the high privacy regime, while in the low privacy regime, the staircase mechanism performs exponentially better than the Laplacian mechanism. We conclude that the gains of the staircase mechanism are more pronounced in the moderate-low privacy regime.

David B. Smith,Kanchana Thilakarathna,Mohamed Ali Kaafar

DOI: https://doi.org/10.48550/arXiv.1707.01189

2017-07-18

Abstract:There is an increasing demand to make data "open" to third parties, as data sharing has great benefits in data-driven decision making. However, with a wide variety of sensitive data collected, protecting privacy of individuals, communities and organizations, is an essential factor in making data "open". The approaches currently adopted by industry in releasing private data are often ad hoc and prone to a number of attacks, including re-identification attacks, as they do not provide adequate privacy guarantees. While differential privacy has attracted significant interest from academia and industry by providing rigorous and reliable privacy guarantees, the reduced utility and inflexibility of current differentially private algorithms for data release is a barrier to their use in real-life. This paper aims to address these two challenges. First, we propose a novel mechanism to augment the conventional utility of differential privacy by fusing two Laplace or geometric distributions together. We derive closed form expressions for entropy, variance of added noise, and absolute expectation of noise for the proposed piecewise mixtures. Then the relevant distributions are utilised to theoretically prove the privacy and accuracy guarantees of the proposed mechanisms. Second, we show that our proposed mechanisms have greater flexibility, with three parameters to adjust, giving better utility in bounding noise, and mitigating larger inaccuracy, in comparison to typical one-parameter differentially private mechanisms. We then empirically evaluate the performance of piecewise mixture distributions with extensive simulations and with a real-world dataset for both linear count queries and histogram queries. The empirical results show an increase in all utility measures considered, while maintaining privacy, for the piecewise mixture mechanisms compared to standard Laplace or geometric mechanisms.

Cryptography and Security