3,126 research outputs found
Nearly Optimal Private Convolution
We study computing the convolution of a private input with a public input
, while satisfying the guarantees of -differential
privacy. Convolution is a fundamental operation, intimately related to Fourier
Transforms. In our setting, the private input may represent a time series of
sensitive events or a histogram of a database of confidential personal
information. Convolution then captures important primitives including linear
filtering, which is an essential tool in time series analysis, and aggregation
queries on projections of the data.
We give a nearly optimal algorithm for computing convolutions while
satisfying -differential privacy. Surprisingly, we follow
the simple strategy of adding independent Laplacian noise to each Fourier
coefficient and bounding the privacy loss using the composition theorem of
Dwork, Rothblum, and Vadhan. We derive a closed form expression for the optimal
noise to add to each Fourier coefficient using convex programming duality. Our
algorithm is very efficient -- it is essentially no more computationally
expensive than a Fast Fourier Transform.
To prove near optimality, we use the recent discrepancy lowerbounds of
Muthukrishnan and Nikolov and derive a spectral lower bound using a
characterization of discrepancy in terms of determinants
Extremal Mechanisms for Local Differential Privacy
Local differential privacy has recently surfaced as a strong measure of
privacy in contexts where personal information remains private even from data
analysts. Working in a setting where both the data providers and data analysts
want to maximize the utility of statistical analyses performed on the released
data, we study the fundamental trade-off between local differential privacy and
utility. This trade-off is formulated as a constrained optimization problem:
maximize utility subject to local differential privacy constraints. We
introduce a combinatorial family of extremal privatization mechanisms, which we
call staircase mechanisms, and show that it contains the optimal privatization
mechanisms for a broad class of information theoretic utilities such as mutual
information and -divergences. We further prove that for any utility function
and any privacy level, solving the privacy-utility maximization problem is
equivalent to solving a finite-dimensional linear program, the outcome of which
is the optimal staircase mechanism. However, solving this linear program can be
computationally expensive since it has a number of variables that is
exponential in the size of the alphabet the data lives in. To account for this,
we show that two simple privatization mechanisms, the binary and randomized
response mechanisms, are universally optimal in the low and high privacy
regimes, and well approximate the intermediate regime.Comment: 52 pages, 10 figures in JMLR 201
Private Pareto Optimal Exchange
We consider the problem of implementing an individually rational,
asymptotically Pareto optimal allocation in a barter-exchange economy where
agents are endowed with goods and have preferences over the goods of others,
but may not use money as a medium of exchange. Because one of the most
important instantiations of such economies is kidney exchange -- where the
"input"to the problem consists of sensitive patient medical records -- we ask
to what extent such exchanges can be carried out while providing formal privacy
guarantees to the participants. We show that individually rational allocations
cannot achieve any non-trivial approximation to Pareto optimality if carried
out under the constraint of differential privacy -- or even the relaxation of
\emph{joint} differential privacy, under which it is known that asymptotically
optimal allocations can be computed in two-sided markets, where there is a
distinction between buyers and sellers and we are concerned only with privacy
of the buyers~\citep{Matching}. We therefore consider a further relaxation that
we call \emph{marginal} differential privacy -- which promises, informally,
that the privacy of every agent is protected from every other agent so long as does not collude or share allocation information with other
agents. We show that, under marginal differential privacy, it is possible to
compute an individually rational and asymptotically Pareto optimal allocation
in such exchange economies
- …