The Privacy-preserving Padding Problem: Non-negative Mechanisms for Conservative Answers with Differential Privacy

Differentially private noise mechanisms commonly use symmetric noise distributions. This is attractive both for achieving the differential privacy definition, and for unbiased expectations in the noised answers. However, there are contexts in which a noisy answer only has utility if it is conservative, that is, has known-signed error, which we call a padded answer. Seemingly, it is paradoxical to satisfy the DP definition with one-sided error, but we show how it is possible to bury the paradox into approximate DP’s δ parameter. We develop a few mechanisms for onesided padding mechanisms that always give conservative answers, but still achieve approximate differential privacy. We show how these mechanisms can be applied in a few select areas including making the cardinalities of set intersections and unions revealed in Private Set Intersection protocols differential private and enabling multiparty computation protocols to compute on sparse data which has its exact sizes made differential private rather than performing a fully oblivious more expensive computation.

[1]  Bogdan Warinschi,et al.  Encrypted Databases: New Volume Attacks against Range Queries , 2019, IACR Cryptol. ePrint Arch..

[2]  Harrison Quick,et al.  Generating Poisson‐distributed differentially private synthetic data , 2019, Journal of the Royal Statistical Society: Series A (Statistics in Society).

[3]  Moti Yung,et al.  On Deploying Secure Computing: Private Intersection-Sum-with-Cardinality , 2020, 2020 IEEE European Symposium on Security and Privacy (EuroS&P).

[4]  Adam O'Neill,et al.  Accessing Data while Preserving Privacy , 2017, ArXiv.

[5]  Peter Rindal,et al.  Cheaper Private Set Intersection via Differentially Private Leakage , 2019, IACR Cryptol. ePrint Arch..

[6]  Emiliano De Cristofaro,et al.  Fast and Private Computation of Cardinality of Set Intersection and Union , 2012, CANS.

[7]  Elisa Bertino,et al.  Private record matching using differential privacy , 2010, EDBT '10.

[8]  Shubho Sengupta,et al.  Privacy-Preserving Randomized Controlled Trials: A Protocol for Industry Scale Deployment , 2021, CCSW@CCS.

[9]  Janardhan Kulkarni,et al.  An Algorithmic Framework For Differentially Private Data Analysis on Trusted Processors , 2018, NeurIPS.

[10]  Divesh Srivastava,et al.  Composing Differential Privacy and Secure Computation: A Case Study on Scaling Private Record Linkage , 2017, CCS.

[11]  Moti Yung,et al.  Two-Sided Malicious Security for Private Intersection-Sum with Cardinality , 2020, IACR Cryptol. ePrint Arch..

[12]  Ashwin Machanavajjhala,et al.  Privacy: Theory meets Practice on the Map , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[13]  Harrison Quick Improving the Utility of Poisson-Distributed, Differentially Private Synthetic Data via Prior Predictive Truncation with an Application to CDC WONDER , 2021 .

[14]  Elisa Bertino,et al.  A hybrid private record linkage scheme: Separating differentially private synopses from matching records , 2015, 2015 IEEE 31st International Conference on Data Engineering.

[15]  Payman Mohassel,et al.  Private Set Operations from Oblivious Switching , 2021, IACR Cryptol. ePrint Arch..

[16]  Samuel Kotz,et al.  The Laplace Distribution and Generalizations: A Revisit with Applications to Communications, Economics, Engineering, and Finance , 2001 .

[17]  Kobbi Nissim,et al.  εpsolute: Efficiently Querying Databases While Providing Differential Privacy , 2017, CCS.

[18]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[19]  Payman Mohassel,et al.  Multi-key Private Matching for Compute , 2021, IACR Cryptol. ePrint Arch..

[20]  Payman Mohassel,et al.  Private Matching for Compute , 2020, IACR Cryptol. ePrint Arch..

[21]  Ariel J. Feldman,et al.  Hermetic : Privacy-preserving distributed analytics without ( most ) side channels , 2019 .

[22]  Marie-Sarah Lacharité,et al.  Pump up the Volume: Practical Database Reconstruction from Volume Leakage on Range Queries , 2018, CCS.

[23]  Andreas Haeberlen,et al.  Differential Privacy Under Fire , 2011, USENIX Security Symposium.