Approximate Privacy: Foundations and Quantification

The proliferation of online sensitive data about individuals and organizations makes concern about the privacy of these data a top priority. There have been many formulations of privacy and, unfortunately, many negative results about the feasibility of maintaining privacy of sensitive data in realistic networked environments. We formulate communication-complexity-based definitions, both worst case and average case, of a problem’s privacy-approximation ratio. We use our definitions to investigate the extent to which approximate privacy is achievable in a number of standard problems: the 2nd-price Vickrey auction, Yao’s millionaires problem, the public-good problem, and the set-theoretic disjointness and intersection problems. For both the 2nd-price Vickrey auction and the millionaires problem, we show that not only is perfect privacy impossible or infeasibly costly to achieve, but even close approximations of perfect privacy suffer from the same lower bounds. By contrast, if the inputs are drawn uniformly at random from { 0,…, 2k-1}, then, for both problems, simple and natural communication protocols have privacy-approximation ratios that are linear in k (i.e., logarithmic in the size of the input space). We also demonstrate tradeoffs between privacy and communication in a family of auction protocols. We show that the privacy-approximation ratio provided by any protocol for the disjointness and intersection problems is necessarily exponential (in k). We also use these ratios to argue that one protocol for each of these problems is significantly fairer than the others we consider (in the sense of relative effects on the privacy of the different players).

[1]  Joan Feigenbaum,et al.  Secure multiparty computation of approximations , 2001, TALG.

[2]  Toniann Pitassi,et al.  The Hardness of Being Private , 2012, Computational Complexity Conference.

[3]  Tim Roughgarden,et al.  Universally utility-maximizing privacy mechanisms , 2008, STOC '09.

[4]  Aaron Roth,et al.  Selling privacy at auction , 2010, EC '11.

[5]  Joan Feigenbaum,et al.  Approximate privacy: foundations and quantification (extended abstract) , 2010, EC '10.

[6]  Joan Feigenbaum,et al.  Distributed algorithmic mechanism design: recent results and future directions , 2002, DIALM '02.

[7]  Andrew Chi-Chih Yao,et al.  Some complexity questions related to distributive computing(Preliminary Report) , 1979, STOC.

[8]  Piotr Sankowski,et al.  Maximum matchings via Gaussian elimination , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[9]  P. Herings,et al.  The Private Value Single Item Bisection Auction , 2002 .

[10]  Rudolf Müller,et al.  Bisection auctions , 2009, SECO.

[11]  N. J. A. Sloane,et al.  The On-Line Encyclopedia of Integer Sequences , 2003, Electron. J. Comb..

[12]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[13]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[14]  Bhaskar DasGupta,et al.  On communication protocols that compute almost privately , 2012, Theor. Comput. Sci..

[15]  Reuven Bar-Yehuda,et al.  Privacy, additional information and communication , 1993, IEEE Trans. Inf. Theory.

[16]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[17]  Gyula Pap,et al.  Packing Non-Returning A-Paths* , 2007, Comb..

[18]  Craig Boutilier,et al.  Efficiency and Privacy Tradeoffs in Mechanism Design , 2011, AAAI.

[19]  Eyal Kushilevitz,et al.  Communication Complexity: Index of Notation , 1996 .

[20]  Paz Carmi,et al.  Private approximation of search problems , 2006, STOC '06.

[21]  Vijay V. Vazirani,et al.  Randomized parallel algorithms for matroid union and intersection, with applications to arboresences and edge-disjoint spanning trees , 1992, SODA '92.

[22]  N. Nisan Introduction to Mechanism Design (for Computer Scientists) , 2007 .

[23]  Satoru Iwata,et al.  Matroid Matching Via Mixed Skew-Symmetric Matrices , 2005, Comb..

[24]  John H. Vande Vate,et al.  Solving the linear matroid parity problem as a sequence of matroid intersection problems , 1990, Math. Program..

[25]  Joan Feigenbaum,et al.  Approximate Privacy: PARs for Set Problems , 2010, ArXiv.

[26]  Noam Nisan,et al.  Auctions with severely bounded communication , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[27]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[28]  Toniann Pitassi,et al.  The Limits of Two-Party Differential Privacy , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[29]  Yoav Shoham,et al.  Speeding Up Ascending-Bid Auctions , 1999, IJCAI.

[30]  Kobbi Nissim,et al.  Privacy-aware mechanism design , 2011, EC '12.

[31]  William Vickrey,et al.  Counterspeculation, Auctions, And Competitive Sealed Tenders , 1961 .

[32]  Robert Krauthgamer,et al.  Private approximation of NP-hard functions , 2001, STOC '01.

[33]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[34]  A. Razborov Communication Complexity , 2011 .

[35]  Moni Naor,et al.  Informational overhead of incentive compatibility , 2008, EC '08.

[36]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[37]  Felix Brandt,et al.  On the Existence of Unconditionally Privacy-Preserving Auction Protocols , 2008, TSEC.

[38]  Shai Halevi,et al.  A Cryptographic Solution to a Game Theoretic Problem , 2000, CRYPTO.

[39]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[40]  Rudolf Müller,et al.  The Communication Complexity of Private Value Single Item Auctions , 2005, Oper. Res. Lett..

[41]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[42]  Rudolf Müller,et al.  On the Fastest Vickrey Algorithm , 2007, Algorithmica.