1,660 research outputs found
Heavy Hitters and the Structure of Local Privacy
We present a new locally differentially private algorithm for the heavy
hitters problem which achieves optimal worst-case error as a function of all
standardly considered parameters. Prior work obtained error rates which depend
optimally on the number of users, the size of the domain, and the privacy
parameter, but depend sub-optimally on the failure probability.
We strengthen existing lower bounds on the error to incorporate the failure
probability, and show that our new upper bound is tight with respect to this
parameter as well. Our lower bound is based on a new understanding of the
structure of locally private protocols. We further develop these ideas to
obtain the following general results beyond heavy hitters.
Advanced Grouposition: In the local model, group privacy for
users degrades proportionally to , instead of linearly in
as in the central model. Stronger group privacy yields improved max-information
guarantees, as well as stronger lower bounds (via "packing arguments"), over
the central model.
Building on a transformation of Bassily and Smith (STOC 2015), we
give a generic transformation from any non-interactive approximate-private
local protocol into a pure-private local protocol. Again in contrast with the
central model, this shows that we cannot obtain more accurate algorithms by
moving from pure to approximate local privacy
Better Differentially Private Approximate Histograms and Heavy Hitters using the Misra-Gries Sketch
We consider the problem of computing differentially private approximate histograms and heavy hitters in a stream of elements. In the non-private setting, this is often done using the sketch of Misra and Gries [Science of Computer Programming, 1982]. Chan, Li, Shi, and Xu [PETS 2012] describe a differentially private version of the Misra-Gries sketch, but the amount of noise it adds can be large and scales linearly with the size of the sketch: the more accurate the sketch is, the more noise this approach has to add. We present a better mechanism for releasing a Misra-Gries sketch under (ε,δ)-differential privacy. It adds noise with magnitude independent of the size of the sketch size, in fact, the maximum error coming from the noise is the same as the best known in the private non-streaming setting, up to a constant factor. Our mechanism is simple and likely to be practical. We also give a simple post-processing step of the Misra-Gries sketch that does not increase the worst-case error guarantee. It is sufficient to add noise to this new sketch with less than twice the magnitude of the non-streaming setting. This improves on the previous result for ε-differential privacy where the noise scales linearly to the size of the sketch
Distributed Private Heavy Hitters
In this paper, we give efficient algorithms and lower bounds for solving the
heavy hitters problem while preserving differential privacy in the fully
distributed local model. In this model, there are n parties, each of which
possesses a single element from a universe of size N. The heavy hitters problem
is to find the identity of the most common element shared amongst the n
parties. In the local model, there is no trusted database administrator, and so
the algorithm must interact with each of the parties separately, using a
differentially private protocol. We give tight information-theoretic upper and
lower bounds on the accuracy to which this problem can be solved in the local
model (giving a separation between the local model and the more common
centralized model of privacy), as well as computationally efficient algorithms
even in the case where the data universe N may be exponentially large
Can Two Walk Together: Privacy Enhancing Methods and Preventing Tracking of Users
We present a new concern when collecting data from individuals that arises
from the attempt to mitigate privacy leakage in multiple reporting: tracking of
users participating in the data collection via the mechanisms added to provide
privacy. We present several definitions for untrackable mechanisms, inspired by
the differential privacy framework.
Specifically, we define the trackable parameter as the log of the maximum
ratio between the probability that a set of reports originated from a single
user and the probability that the same set of reports originated from two users
(with the same private value). We explore the implications of this new
definition. We show how differentially private and untrackable mechanisms can
be combined to achieve a bound for the problem of detecting when a certain user
changed their private value.
Examining Google's deployed solution for everlasting privacy, we show that
RAPPOR (Erlingsson et al. ACM CCS, 2014) is trackable in our framework for the
parameters presented in their paper.
We analyze a variant of randomized response for collecting statistics of
single bits, Bitwise Everlasting Privacy, that achieves good accuracy and
everlasting privacy, while only being reasonably untrackable, specifically
grows linearly in the number of reports. For collecting statistics about data
from larger domains (for histograms and heavy hitters) we present a mechanism
that prevents tracking for a limited number of responses.
We also present the concept of Mechanism Chaining, using the output of one
mechanism as the input of another, in the scope of Differential Privacy, and
show that the chaining of an -LDP mechanism with an
-LDP mechanism is
-LDP
and that this bound is tight.Comment: 45 pages, 4 figures. To appear on FORC 202
- …