21,269 research outputs found
Private Pareto Optimal Exchange
We consider the problem of implementing an individually rational,
asymptotically Pareto optimal allocation in a barter-exchange economy where
agents are endowed with goods and have preferences over the goods of others,
but may not use money as a medium of exchange. Because one of the most
important instantiations of such economies is kidney exchange -- where the
"input"to the problem consists of sensitive patient medical records -- we ask
to what extent such exchanges can be carried out while providing formal privacy
guarantees to the participants. We show that individually rational allocations
cannot achieve any non-trivial approximation to Pareto optimality if carried
out under the constraint of differential privacy -- or even the relaxation of
\emph{joint} differential privacy, under which it is known that asymptotically
optimal allocations can be computed in two-sided markets, where there is a
distinction between buyers and sellers and we are concerned only with privacy
of the buyers~\citep{Matching}. We therefore consider a further relaxation that
we call \emph{marginal} differential privacy -- which promises, informally,
that the privacy of every agent is protected from every other agent so long as does not collude or share allocation information with other
agents. We show that, under marginal differential privacy, it is possible to
compute an individually rational and asymptotically Pareto optimal allocation
in such exchange economies
Batching of Tasks by Users of Pseudonymous Forums: Anonymity Compromise and Protection
There are a number of forums where people participate under pseudonyms. One
example is peer review, where the identity of reviewers for any paper is
confidential. When participating in these forums, people frequently engage in
"batching": executing multiple related tasks (e.g., commenting on multiple
papers) at nearly the same time. Our empirical analysis shows that batching is
common in two applications we consider \unicode{x2013} peer review and
Wikipedia edits. In this paper, we identify and address the risk of
deanonymization arising from linking batched tasks. To protect against linkage
attacks, we take the approach of adding delay to the posting time of batched
tasks. We first show that under some natural assumptions, no delay mechanism
can provide a meaningful differential privacy guarantee. We therefore propose a
"one-sided" formulation of differential privacy for protecting against linkage
attacks. We design a mechanism that adds zero-inflated uniform delay to events
and show it can preserve privacy. We prove that this noise distribution is in
fact optimal in minimizing expected delay among mechanisms adding independent
noise to each event, thereby establishing the Pareto frontier of the trade-off
between the expected delay for batched and unbatched events. Finally, we
conduct a series of experiments on Wikipedia and Bitcoin data that corroborate
the practical utility of our algorithm in obfuscating batching without
introducing onerous delay to a system
Differentially Private Publication of Sparse Data
The problem of privately releasing data is to provide a version of a dataset
without revealing sensitive information about the individuals who contribute to
the data. The model of differential privacy allows such private release while
providing strong guarantees on the output. A basic mechanism achieves
differential privacy by adding noise to the frequency counts in the contingency
tables (or, a subset of the count data cube) derived from the dataset. However,
when the dataset is sparse in its underlying space, as is the case for most
multi-attribute relations, then the effect of adding noise is to vastly
increase the size of the published data: it implicitly creates a huge number of
dummy data points to mask the true data, making it almost impossible to work
with.
We present techniques to overcome this roadblock and allow efficient private
release of sparse data, while maintaining the guarantees of differential
privacy. Our approach is to release a compact summary of the noisy data.
Generating the noisy data and then summarizing it would still be very costly,
so we show how to shortcut this step, and instead directly generate the summary
from the input data, without materializing the vast intermediate noisy data. We
instantiate this outline for a variety of sampling and filtering methods, and
show how to use the resulting summary for approximate, private, query
answering. Our experimental study shows that this is an effective, practical
solution, with comparable and occasionally improved utility over the costly
materialization approach
Detecting Communities under Differential Privacy
Complex networks usually expose community structure with groups of nodes
sharing many links with the other nodes in the same group and relatively few
with the nodes of the rest. This feature captures valuable information about
the organization and even the evolution of the network. Over the last decade, a
great number of algorithms for community detection have been proposed to deal
with the increasingly complex networks. However, the problem of doing this in a
private manner is rarely considered. In this paper, we solve this problem under
differential privacy, a prominent privacy concept for releasing private data.
We analyze the major challenges behind the problem and propose several schemes
to tackle them from two perspectives: input perturbation and algorithm
perturbation. We choose Louvain method as the back-end community detection for
input perturbation schemes and propose the method LouvainDP which runs Louvain
algorithm on a noisy super-graph. For algorithm perturbation, we design
ModDivisive using exponential mechanism with the modularity as the score. We
have thoroughly evaluated our techniques on real graphs of different sizes and
verified their outperformance over the state-of-the-art
- …