Individual Sensitivity Preprocessing for Data Privacy

The sensitivity metric in differential privacy, which is informally defined as the largest marginal change in output between neighboring databases, is of substantial significance in determining the accuracy of private data analyses. Techniques for improving accuracy when the average sensitivity is much smaller than the worst-case sensitivity have been developed within the differential privacy literature, including tools such as smooth sensitivity, Sample-and-Aggregate, Propose-Test-Release, and Lipschitz extensions. In this work, we provide a new Sensitivity-Preprocessing framework for this problem that overcomes some of the limitations of the previous techniques and works in a highly generalized setting. Similar to Lipschitz extensions, our framework also approximates a function over databases with another function of smaller sensitivity. However, we exploit the specific metric space structure of neighboring databases to give a more localized exponential-time general construction, compared to Lipschitz extensions which can often be uncomputable. We constructively define a Sensitivity-Preprocessing Function in our framework for which we give approximate optimality and NP-hardness results, and further complement it with the following: (1) For important statistical metrics such as mean, $\alpha$-trimmed mean, median, maximum, minimum, and variance, we show that our Sensitivity-Preprocessing Function can be implemented in $O(n^2)$ time. (2) We introduce a new notion of individual sensitivity and show that it is an important metric in the variant definition of personalized differential privacy. We show that our algorithm can extend to this context and serve as a useful tool for this variant definition and its applications in markets for privacy. (3) We consider extending our framework to functions mapping to higher dimensions and give both positive and negative results.

[1]  Aaron Roth,et al.  Accuracy for Sale: Aggregating Data with a Variance Constraint , 2015, ITCS.

[2]  Yu-Han Lyu,et al.  Approximately optimal auctions for selling privacy when costs are correlated with data , 2012, EC '12.

[3]  S. Nelson,et al.  Resolving Individuals Contributing Trace Amounts of DNA to Highly Complex Mixtures Using High-Density SNP Genotyping Microarrays , 2008, PLoS genetics.

[4]  Benjamin Livshits,et al.  BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model , 2017, USENIX Security Symposium.

[5]  Aaron Roth,et al.  A learning theory approach to non-interactive database privacy , 2008, STOC.

[6]  Sofya Raskhodnikova,et al.  Analyzing Graphs with Node Differential Privacy , 2013, TCC.

[7]  Jacob D. Abernethy,et al.  A Market Framework for Eliciting Private Data , 2015, NIPS.

[8]  Moshe Tennenholtz,et al.  Approximately optimal mechanism design via differential privacy , 2010, ITCS '12.

[9]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[10]  Xiaoqian Jiang,et al.  Partitioning-Based Mechanisms Under Personalized Differential Privacy , 2017, PAKDD.

[11]  David M. Pennock,et al.  The Possibilities and Limitations of Private Prediction Markets , 2016, EC.

[12]  Sofya Raskhodnikova,et al.  Smooth sensitivity and sampling in private data analysis , 2007, STOC '07.

[13]  Kobbi Nissim,et al.  Privacy-aware mechanism design , 2011, EC '12.

[14]  Avrim Blum,et al.  Differentially private data analysis of social networks via restricted sensitivity , 2012, ITCS '13.

[15]  Stratis Ioannidis,et al.  Truthful Linear Regression , 2015, COLT.

[16]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[17]  Ting Yu,et al.  Conservative or liberal? Personalized differential privacy , 2015, 2015 IEEE 31st International Conference on Data Engineering.

[18]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[19]  Cynthia Dwork,et al.  Differential privacy and robust statistics , 2009, STOC '09.

[20]  Aaron Roth,et al.  Take It or Leave It: Running a Survey When Privacy Comes at a Cost , 2012, WINE.

[21]  Aaron Roth,et al.  Adaptive Learning with Robust Generalization Guarantees , 2016, COLT.

[22]  Aaron Roth,et al.  Buying private data without verification , 2014, EC.

[23]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[24]  Aaron Roth,et al.  Selling privacy at auction , 2015, Games Econ. Behav..

[25]  Jonathan Ullman,et al.  Tight Lower Bounds for Locally Differentially Private Selection , 2018, ArXiv.

[26]  Aaron Roth,et al.  A learning theory approach to noninteractive database privacy , 2011, JACM.

[27]  Stephen Chong,et al.  Truthful mechanisms for agents that value privacy , 2011, EC.

[28]  Sofya Raskhodnikova,et al.  Efficient Lipschitz Extensions for High-Dimensional Graph Statistics and Node Private Degree Distributions , 2015, ArXiv.

[29]  David Sands,et al.  Differential Privacy , 2015, POPL.

[30]  Sofya Raskhodnikova,et al.  What Can We Learn Privately? , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[31]  Anne-Marie Kermarrec,et al.  Heterogeneous Differential Privacy , 2015, J. Priv. Confidentiality.

[32]  Shuigeng Zhou,et al.  Recursive mechanism: towards node differential privacy and unrestricted joins , 2013, SIGMOD '13.