Computational�Differential�Privacy Ilya�Mironov (MICROSOFT) Omkant�Pandey (UCLA) Omer�Reingold�� (MICROSOFT) Salil�Vadhan (HARVARD)
Focus�of�the�Talk • ���������������������������������������� ������������������������� • ����������������������������������������� ���������������� • �������������������������������������� ��������
Motivation • Achieve�better�utility • Standard� MPC does�not�prevent�what�is� leaked�by�the�output – ����������������������������� ��� ��������������� �� ����������� �!���"#$%&�'"#()*� • Nontrivial�differentially�private�mechanisms� must�be�randomized – +�������������������������������������� �������,� -������������������ ���������������������������*
Differential��Privacy� [ Dwork’06 ] “adjacent” means� “adjacent” means� “differ�in�one� “differ�in�one� individual’s�entry” • ���������� � ���������������������������������%���� individual’s�entry” ����������"����������������������������� � �����.������/ � R ensures� ε 0 DP if�for�all�adjacent�datasets� ��� D � � � ��� D � � R ensures� ε 0 DP if�for�all�adjacent�datasets� � � � 1 ,� � 2 and�for�all�subsets� � of� R : � 1 ,� � 2 and�for�all�subsets� � of� R : Pr[ ] ∈ ( ) K D S 1 e ε ≤ Pr[ ] ∈ ( ) K D S 2
Pictorial�Representation — bad�outcome — probability�with�record� � — probability�without�record� �
Towards�Computational�Notions e ε ≤ Pr[ ] Pr[ ] ∈ ∈ K D ( ) S K D ( ) S 1 2 Equivalently, e ε ≤ Pr[ A ] Pr[A ] = = ( K D ( )) 1 ( K D ( )) 1 1 2
First�Definition:� IND0CDP ε 0 IND0CDP� :�Mechanism� � is� ε 0 IND0CDP if�for�all� ε 0 IND0CDP� :�Mechanism� � is� ε 0 IND0CDP if�for�all� adjacent� � 1 ��� 2, for�all�polynomial�sized�circuits adjacent� � 1 ��� 2, for�all�polynomial�sized�circuits A,�and�for�all�large�enough� λ ,�it�holds�that, A,�and�for�all�large�enough� λ ,�it�holds�that, e ε ≤ + λ Pr[ A ] Pr[ A ] n g e l( ) = = ( ( K D )) 1 ( ( K D )) 1 1 2 Necessary
Simulation0based�Approach D�:�010110 D�:�010110 K(D) M(D) K(D) M(D) Differentially� Private���M ≈ X Y c
Second�Definition:� SIM0CDP ε 0 SIM0CDP� :�Mechanism� � is� ε 0 SIM0CDP if�there� ε 0 SIM0CDP� :�Mechanism� � is� ε 0 SIM0CDP if�there� exists�an� ε 0differentially0private�mechanism� � exists�an� ε 0differentially0private�mechanism� � such�that�for�all� � ,�distributions� ���� and� ���� such�that�for�all� � ,�distributions� ���� and� ���� are�computationally�indistinguishable. are�computationally�indistinguishable. ∃ ∀ , ( , ) M D D 1 2 – M�is�not�necessarily�a� PPT mechanism – Reversing�the�order�of�quantifiers�yields� another�definition,� SIM ∀∃ ∀∃ 0CDP : ∀∃ ∀∃ ∀ ∃ ( D , D ), M 1 2
Immediate�Questions • Are�these�definitions�equivalent? • Not�hard�to�see�that ⇒ SIM0CDP����������IND0CDP • Main�question: ⇒ IND0CDP����������SIM0CDP?
Connection�with�Dense�Models [RTTV’08,�Imp’08] • Distribution�X�is�α0dense in�Y�if�for�all�tests�T, 1 ≤ Pr[ ] Pr[ ] T T = = ( ) 1 ( ) 1 X Y α • X�is�α0pseudodense�in�Y�if�for�all� PPT tests�T, 1 ≤ + Pr[ T ] Pr[ T ] negl = = ( X ) 1 ( ) Y 1 α �001"#()�2���������%�',%�0�������%�3,%�0�������%��,%�1�����%�4, .������������������������������4���/%�5'�4�6##(,
Connection�with�Dense�Models [RTTV’08,�Imp’08] • Differential�Privacy: e ε ≤ Pr[ ] Pr[ ] ∈ ∈ K D ( ) S K D ( ) S – 1 2 e ε ≤ Pr[ ] Pr[ ] ∈ ∈ – K D ( ) S K D ( ) S 2 1 • In�the�language�of�dense�models – K ( D 1 ) is� e ε 0dense in K ( D 2 ) – K ( D 2 ) is� e ε 0dense in� K ( D 1 ) ε 0 DP :� K ( D 1 ) and� K ( D 2 ) are�mutually� e ε 0dense ε 0 DP :� K ( D 1 ) and� K ( D 2 ) are�mutually� e ε 0dense
Connection�with�Dense�Models [RTTV�’08,�Imp’08] • ε 0 IND0CDP : ε ≤ + Pr[ ( A ] e Pr[ ( A ] negl = = K D ( )) 1 K D ( ) 1 – 1 2 ε ≤ + Pr[ ( A ] e Pr[ ( A ] negl = = – K D ( )) 1 K D ( ) 1 2 1 • In�the�language�of�dense�models – K ( D 1 ) is� e ε 0pseudodense in K ( D 2 ) – K ( D 2 ) is� e ε 0pseudodense in� K ( D 1 ) ε 0 IND0CDP :� K ( D 1 ) and� K ( D 2 ) are�mutually� e ε 0pseudodense ε 0 IND0CDP :� K ( D 1 ) and� K ( D 2 ) are�mutually� e ε 0pseudodense
Some�Notation (�X�is�pseudodense in�Y�) X Y (�X,Y�are�mutually pseudodense ) X Y (�X�is�dense in�Y�) X Y (�X,Y�are�mutually dense) X Y ≈ (�X,Y�comp.�indistinguishable) X Y
The�Dense�Model�Theorem [RTTV’08] X 1 X 2 Y Thm�:�If� � 1 is�pseudodense�in� � 2 ,�there�exists�a�model� � Thm�:�If� � 1 is�pseudodense�in� � 2 ,�there�exists�a�model� � (truly)�dense�in� � 2 such�that� � 1 is�computationally� (truly)�dense�in� � 2 such�that� � 1 is�computationally� indistinguishable�from� � . indistinguishable�from� � .
Proof�Ideas X 1 =K(D 1 ) X 1 X 2 (IND0CDP) X 2 =K(D 2 ) T � M ⇑ D ⇑ � f ? o � Z 1 n Z 2 Z 2 o i s n e t x E Y 1 =M(D 1 ) X 1 X 2 (SIM����0CDP) Y 2 =M(D 2 ) ∀∃ ∀ ∃ ( D D , ), M 1 2 ∃ ∀ Y 1 Y 2 , ( , ) M D D 1 2 X Y: X dense in Y, X Y: X,Y mutually dense X Y: X pseudo-dense in Y, X Y: X,Y mutually pseudo-dense
To�Recap • -������������������������.0��������������� 0������/ ��� �001"#( ), • 4����������������������2 IND0CDP� ⇔ SIM ∀∃ ∀∃ 0CDP ∀∃ ∀∃ ? ⇒ • 4�����'�7�2 IND0CDP������� SIM0CDP
Benefits:�Better�Utility Alice Bob ��������2 0������������ :� �8 � % �� 93��8:; ε < y 1 x 1 SFE y 2 x 2 H( x , y) … … y n x n ~ DP�:�Requires� � (n ½ ) error�!����������[Reingold0Vadhan] Θ (1/ ε ) error�w/�constant�probability. CDP�:�Easily�get� Θ Θ Θ
Other�Results • A�new�protocol�for�Hamming�Distance: – Differentially�private�(standard) – Constant�multiplicative error • Differentially�Private�Two0Party�Computation
Thank�you�for�your�attention!
Recommend
More recommend