1,951 research outputs found
Heavy Hitters and the Structure of Local Privacy
We present a new locally differentially private algorithm for the heavy
hitters problem which achieves optimal worst-case error as a function of all
standardly considered parameters. Prior work obtained error rates which depend
optimally on the number of users, the size of the domain, and the privacy
parameter, but depend sub-optimally on the failure probability.
We strengthen existing lower bounds on the error to incorporate the failure
probability, and show that our new upper bound is tight with respect to this
parameter as well. Our lower bound is based on a new understanding of the
structure of locally private protocols. We further develop these ideas to
obtain the following general results beyond heavy hitters.
Advanced Grouposition: In the local model, group privacy for
users degrades proportionally to , instead of linearly in
as in the central model. Stronger group privacy yields improved max-information
guarantees, as well as stronger lower bounds (via "packing arguments"), over
the central model.
Building on a transformation of Bassily and Smith (STOC 2015), we
give a generic transformation from any non-interactive approximate-private
local protocol into a pure-private local protocol. Again in contrast with the
central model, this shows that we cannot obtain more accurate algorithms by
moving from pure to approximate local privacy
An Improved Interactive Streaming Algorithm for the Distinct Elements Problem
The exact computation of the number of distinct elements (frequency moment
) is a fundamental problem in the study of data streaming algorithms. We
denote the length of the stream by where each symbol is drawn from a
universe of size . While it is well known that the moments can
be approximated by efficient streaming algorithms, it is easy to see that exact
computation of requires space . In previous work, Cormode
et al. therefore considered a model where the data stream is also processed by
a powerful helper, who provides an interactive proof of the result. They gave
such protocols with a polylogarithmic number of rounds of communication between
helper and verifier for all functions in NC. This number of rounds
can quickly make such
protocols impractical.
Cormode et al. also gave a protocol with rounds for the exact
computation of where the space complexity is but the total communication . They managed to give round protocols with
complexity for many other interesting problems
including , Inner product, and Range-sum, but computing exactly with
polylogarithmic space and communication and rounds remained open.
In this work, we give a streaming interactive protocol with rounds
for exact computation of using bits of space and the communication is . The update
time of the verifier per symbol received is .Comment: Submitted to ICALP 201
Can Two Walk Together: Privacy Enhancing Methods and Preventing Tracking of Users
We present a new concern when collecting data from individuals that arises
from the attempt to mitigate privacy leakage in multiple reporting: tracking of
users participating in the data collection via the mechanisms added to provide
privacy. We present several definitions for untrackable mechanisms, inspired by
the differential privacy framework.
Specifically, we define the trackable parameter as the log of the maximum
ratio between the probability that a set of reports originated from a single
user and the probability that the same set of reports originated from two users
(with the same private value). We explore the implications of this new
definition. We show how differentially private and untrackable mechanisms can
be combined to achieve a bound for the problem of detecting when a certain user
changed their private value.
Examining Google's deployed solution for everlasting privacy, we show that
RAPPOR (Erlingsson et al. ACM CCS, 2014) is trackable in our framework for the
parameters presented in their paper.
We analyze a variant of randomized response for collecting statistics of
single bits, Bitwise Everlasting Privacy, that achieves good accuracy and
everlasting privacy, while only being reasonably untrackable, specifically
grows linearly in the number of reports. For collecting statistics about data
from larger domains (for histograms and heavy hitters) we present a mechanism
that prevents tracking for a limited number of responses.
We also present the concept of Mechanism Chaining, using the output of one
mechanism as the input of another, in the scope of Differential Privacy, and
show that the chaining of an -LDP mechanism with an
-LDP mechanism is
-LDP
and that this bound is tight.Comment: 45 pages, 4 figures. To appear on FORC 202
- …