Constructing Privacy Channels from Information Channels

Data privacy protection studies how to query a dataset while preserving the privacy of individuals whose sensitive information is contained in the dataset. The information privacy model protects the privacy of an individual by using a noisy channel, called privacy channel, to filter out most information of the individual from the query's output. This paper studies how to construct privacy channels, which is challenging since it needs to evaluate the maximal amount of disclosed information of each individual contained in the query's output, called individual channel capacity. Our main contribution is an interesting result which can transform the problem of evaluating a privacy channel's individual channel capacity, which equals the problem of evaluating the capacities of an infinite number of channels, into the problem of evaluating the capacities of a finite number of channels. This result gives us a way to utilize the results in the information theory to construct privacy channels. As some examples, it is used to construct several basic privacy channels, such as the random response privacy channel, the exponential privacy channel and the Gaussian privacy channel, which are respective counterparts of the random response mechanism, the exponential mechanism and the Gaussian mechanism of differential privacy.

[1]  Luciano Floridi,et al.  Semantic conceptions of information , 2005 .

[2]  Toniann Pitassi,et al.  Generalization in Adaptive Data Analysis and Holdout Reuse , 2015, NIPS.

[3]  Ashwin Machanavajjhala,et al.  Principled Evaluation of Differentially Private Algorithms using DPBench , 2015, SIGMOD Conference.

[4]  Genqiang Wu On the Information Privacy Model: the Group and Composition Privacy , 2019, ArXiv.

[5]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[6]  Jonathan Katz,et al.  Coupled-Worlds Privacy: Exploiting Adversarial Uncertainty in Statistical Data Privacy , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[7]  Josep Domingo-Ferrer,et al.  Optimal data-independent noise for differential privacy , 2013, Inf. Sci..

[8]  Genqiang Wu,et al.  Analytic Theory to Differential Privacy , 2017 .

[9]  Genqiang Wu,et al.  Information Theory of Data Privacy , 2017, 1703.07474.

[10]  Johannes Gehrke,et al.  Towards Privacy for Social Networks: A Zero-Knowledge Based Definition of Privacy , 2011, TCC.

[11]  Shuigeng Zhou,et al.  Recursive mechanism: towards node differential privacy and unrestricted joins , 2013, SIGMOD '13.

[12]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[13]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[14]  Arpita Ghosh,et al.  Inferential Privacy Guarantees for Differentially Private Mechanisms , 2016, ITCS.

[15]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[16]  Johannes Gehrke,et al.  Crowd-Blending Privacy , 2012, IACR Cryptol. ePrint Arch..

[17]  Sofya Raskhodnikova,et al.  Analyzing Graphs with Node Differential Privacy , 2013, TCC.

[18]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[19]  Salil P. Vadhan,et al.  The Complexity of Differential Privacy , 2017, Tutorials on the Foundations of Cryptography.

[20]  Aaron Roth,et al.  Max-Information, Differential Privacy, and Post-selection Hypothesis Testing , 2016, 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS).

[21]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[22]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[23]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[24]  Jun Tang,et al.  Privacy Loss in Apple's Implementation of Differential Privacy on MacOS 10.12 , 2017, ArXiv.

[25]  Ashwin Machanavajjhala,et al.  Pufferfish , 2014, ACM Trans. Database Syst..

[26]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[27]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[28]  K. Athreya,et al.  Measure Theory and Probability Theory , 2006 .

[29]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[30]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[31]  Stefan Gottschalk,et al.  Privacy Preserving Data Mining Models And Algorithms , 2016 .

[32]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.