51 research outputs found
Understanding Compressive Adversarial Privacy
Designing a data sharing mechanism without sacrificing too much privacy can
be considered as a game between data holders and malicious attackers. This
paper describes a compressive adversarial privacy framework that captures the
trade-off between the data privacy and utility. We characterize the optimal
data releasing mechanism through convex optimization when assuming that both
the data holder and attacker can only modify the data using linear
transformations. We then build a more realistic data releasing mechanism that
can rely on a nonlinear compression model while the attacker uses a neural
network. We demonstrate in a series of empirical applications that this
framework, consisting of compressive adversarial privacy, can preserve
sensitive information
Extremal Mechanisms for Local Differential Privacy
Local differential privacy has recently surfaced as a strong measure of
privacy in contexts where personal information remains private even from data
analysts. Working in a setting where both the data providers and data analysts
want to maximize the utility of statistical analyses performed on the released
data, we study the fundamental trade-off between local differential privacy and
utility. This trade-off is formulated as a constrained optimization problem:
maximize utility subject to local differential privacy constraints. We
introduce a combinatorial family of extremal privatization mechanisms, which we
call staircase mechanisms, and show that it contains the optimal privatization
mechanisms for a broad class of information theoretic utilities such as mutual
information and -divergences. We further prove that for any utility function
and any privacy level, solving the privacy-utility maximization problem is
equivalent to solving a finite-dimensional linear program, the outcome of which
is the optimal staircase mechanism. However, solving this linear program can be
computationally expensive since it has a number of variables that is
exponential in the size of the alphabet the data lives in. To account for this,
we show that two simple privatization mechanisms, the binary and randomized
response mechanisms, are universally optimal in the low and high privacy
regimes, and well approximate the intermediate regime.Comment: 52 pages, 10 figures in JMLR 201
- …