7 research outputs found
Anonymized Histograms in Intermediate Privacy Models
We study the problem of privately computing the anonymized histogram (a.k.a.
unattributed histogram), which is defined as the histogram without item labels.
Previous works have provided algorithms with - and -errors of
in the central model of differential privacy (DP).
In this work, we provide an algorithm with a nearly matching error guarantee
of in the shuffle DP and pan-private models.
Our algorithm is very simple: it just post-processes the discrete
Laplace-noised histogram! Using this algorithm as a subroutine, we show
applications in privately estimating symmetric properties of distributions such
as entropy, support coverage, and support size.Comment: Neural Information Processing Systems (NeurIPS), 202
Differentially Private Fractional Frequency Moments Estimation with Polylogarithmic Space
We prove that Fp sketch, a well-celebrated streaming algorithm for frequency moments estimation, is differentially private as is when p β (0, 1]. Fp sketch uses only polylogarithmic space, exponentially better than existing DP baselines and only worse than the optimal non-private baseline by a logarithmic factor. The evaluation shows that Fp sketch can achieve reasonable accuracy with differential privacy guarantee. The evaluation code is included in the supplementary material
Private Isotonic Regression
In this paper, we consider the problem of differentially private (DP)
algorithms for isotonic regression. For the most general problem of isotonic
regression over a partially ordered set (poset) and for any
Lipschitz loss function, we obtain a pure-DP algorithm that, given input
points, has an expected excess empirical risk of roughly
, where
is the width of the poset. In contrast, we also
obtain a near-matching lower bound of roughly , that holds even for approximate-DP algorithms.
Moreover, we show that the above bounds are essentially the best that can be
obtained without utilizing any further structure of the poset.
In the special case of a totally ordered set and for and
losses, our algorithm can be implemented in near-linear running time; we also
provide extensions of this algorithm to the problem of private isotonic
regression with additional structural constraints on the output function.Comment: Neural Information Processing Systems (NeurIPS), 202
Differentially Oblivious Database Joins: Overcoming the Worst-Case Curse of Fully Oblivious Algorithms
Numerous high-profile works have shown that access patterns to even encrypted databases can leak secret information and sometimes even lead to reconstruction of the entire database. To thwart access pattern leakage, the literature has focused on oblivious algorithms, where obliviousness requires that the access patterns leak nothing about the input data.
In this paper, we consider the Join operator, an important database primitive that has been extensively studied and optimized. Unfortunately, any fully oblivious Join algorithm would require always padding the result to the worst-case length which is quadratic in the data size N. In comparison, an insecure baseline incurs only O(R + N) cost where R is the true result length, and in the common case in practice, R is relatively short. As a typical example, when R = O(N), any fully oblivious algorithm must inherently incur a prohibitive, N-fold slowdown relative to the insecure baseline. Indeed, the (non-private) database and algorithms literature invariably focuses on studying the instance-specific rather than worst-case performance of database algorithms. Unfortunately, the stringent notion of full obliviousness precludes the design of efficient algorithms with non-trivial instance-specific performance.
To overcome this worst-case performance barrier of full obliviousness and enable algorithms with good instance-specific performance, we consider a relaxed notion of access pattern privacy called (?, ?)-differential obliviousness (DO), originally proposed in the seminal work of Chan et al. (SODA\u2719). Rather than insisting that the access patterns leak no information whatsoever, the relaxed DO notion requires that the access patterns satisfy (?, ?)-differential privacy. We show that by adopting the relaxed DO notion, we can obtain efficient database Join mechanisms whose instance-specific performance approximately matches the insecure baseline, while still offering a meaningful notion of privacy to individual users. Complementing our upper bound results, we also prove new lower bounds regarding the performance of any DO Join algorithm.
Differential obliviousness (DO) is a new notion and is a relatively unexplored territory. Following the pioneering investigations by Chan et al. and others, our work is among the very first to formally explore how DO can help overcome the worst-case performance curse of full obliviousness; moreover, we motivate our work with database applications. Our work shows new evidence why DO might be a promising notion, and opens up several exciting future directions