Interactive fingerprinting codes and the hardness of preventing false discovery

We show an essentially tight bound on the number of adaptively chosen statistical queries that a computationally efficient algorithm can answer accurately given n samples from an unknown distribution. A statistical query asks for the expectation of a predicate over the underlying distribution, and an answer to a statistical query is accurate if it is “close” to the correct expectation over the distribution. This question was recently studied by Dwork et al. [DFH+ 15], who showed how to answer Ω(n2) queries efficiently, and also by Hardt and Ullman [HU14], who showed that answering Õ(n3) queries is hard. We close the gap between the two bounds and show that, under a standard hardness assumption, there is no computationally efficient algorithm that, given n samples from an unknown distribution, can give valid answers to O(n2) adaptively chosen statistical queries. An implication of our results is that computationally efficient algorithms for answering arbitrary, adaptively chosen statistical queries may as well be differentially private. We obtain our results using a new connection between the problem of answering adaptively chosen statistical queries and a combinatorial object called an interactive fingerprinting code [FT01]. In order to optimize our hardness result, we give a new Fourier-analytic approach to analyzing fingerprinting codes that is simpler, more flexible, and yields better parameters than previous constructions.

[1]  O. J. Dunn Multiple Comparisons among Means , 1961 .

[2]  Michael Kearns,et al.  Efficient noise-tolerant learning from statistical queries , 1993, STOC.

[3]  Y. Benjamini,et al.  Controlling the false discovery rate: a practical and powerful approach to multiple testing , 1995 .

[4]  Dan Boneh,et al.  Collusion-Secure Fingerprinting for Digital Data , 1998, IEEE Trans. Inf. Theory.

[5]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[6]  Amos Fiat,et al.  Dynamic Traitor Tracing , 2001, Journal of Cryptology.

[7]  Dan Collusion-Secure Fingerprinting for Digital Data , 2002 .

[8]  Gábor Tardos,et al.  Optimal probabilistic fingerprint codes , 2003, STOC '03.

[9]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[10]  Tamir Tassa,et al.  Low Bandwidth Dynamic Traitor Tracing Schemes , 2005, Journal of Cryptology.

[11]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[12]  Moni Naor,et al.  Traitor tracing with constant size ciphertext , 2008, CCS.

[13]  Moni Naor,et al.  On the complexity of differentially private data release: efficient algorithms and hardness results , 2009, STOC '09.

[14]  T. Sanders,et al.  Analysis of Boolean Functions , 2012, ArXiv.

[15]  Jonathan Ullman,et al.  Answering n{2+o(1)} counting queries with differential privacy is hard , 2012, STOC '13.

[16]  Boris Skoric,et al.  Dynamic Tardos Traitor Tracing Schemes , 2011, IEEE Transactions on Information Theory.

[17]  Jonathan Ullman,et al.  Preventing False Discovery in Interactive Data Analysis Is Hard , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[18]  Ryan O'Donnell,et al.  Analysis of Boolean Functions , 2014, ArXiv.

[19]  Toniann Pitassi,et al.  Preserving Statistical Validity in Adaptive Data Analysis , 2014, STOC.

[20]  Jonathan Ullman,et al.  Private Multiplicative Weights Beyond Linear Queries , 2014, PODS.

[21]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2016, J. Priv. Confidentiality.

[22]  Jonathan Ullman Answering n2+o(1) Counting Queries with Differential Privacy is Hard , 2016, SIAM J. Comput..

[23]  Thomas Steinke,et al.  Between Pure and Approximate Differential Privacy , 2015, J. Priv. Confidentiality.

[24]  N. Etemadi ON SOME CLASSICAL RESULTS IN PROBABILITY THEORY , 2016 .

[25]  Jonathan Ullman,et al.  Fingerprinting Codes and the Price of Approximate Differential Privacy , 2018, SIAM J. Comput..