ComputationalDifferentialPrivacy IlyaMironov (MICROSOFT) - - PowerPoint PPT Presentation

computational differential privacy
SMART_READER_LITE
LIVE PREVIEW

ComputationalDifferentialPrivacy IlyaMironov (MICROSOFT) - - PowerPoint PPT Presentation

Dec 16, 2022 145 likes •361 views

ComputationalDifferentialPrivacy IlyaMironov (MICROSOFT) OmkantPandey (UCLA) OmerReingold (MICROSOFT) SalilVadhan (HARVARD) FocusoftheTalk

slide-1
SLIDE 1

ComputationalDifferentialPrivacy

IlyaMironov

(MICROSOFT)

OmkantPandey

(UCLA)

OmerReingold

(MICROSOFT)

SalilVadhan

(HARVARD)

slide-2
SLIDE 2

FocusoftheTalk

slide-3
SLIDE 3

Motivation

  • Achievebetterutility
  • StandardMPC doesnotpreventwhatis

leakedbytheoutput

!"#$%&'"#()*

  • Nontrivialdifferentiallyprivatemechanisms

mustberandomized

– + ,

  • *
slide-4
SLIDE 4

DifferentialPrivacy

[Dwork’06]

  • %

" ./

D

  • R ensuresε0DP ifforalladjacentdatasets

1,2 andforallsubsets ofR: D

  • R ensuresε0DP ifforalladjacentdatasets

1,2 andforallsubsets ofR:

1 2

( ) ( )

Pr[ ] Pr[ ]

K D S K D S

∈ ∈

“adjacent” means “differinone individual’sentry” “adjacent” means “differinone individual’sentry”

slide-5
SLIDE 5

PictorialRepresentation

— badoutcome — probabilitywithrecord — probabilitywithoutrecord

slide-6
SLIDE 6

TowardsComputationalNotions

1 2

( ) ( )

Pr[ ] Pr[ ]

K D S K D S

∈ ∈

1 2

( ( )) 1 ( ( )) 1

Pr[ ] A Pr[A ]

K D K D

= =

Equivalently,

slide-7
SLIDE 7

FirstDefinition:IND0CDP

ε0IND0CDP:Mechanism isε0IND0CDP ifforall adjacent12, forallpolynomialsizedcircuits A,andforalllargeenoughλ,itholdsthat, ε0IND0CDP:Mechanism isε0IND0CDP ifforall adjacent12, forallpolynomialsizedcircuits A,andforalllargeenoughλ,itholdsthat,

1 2

( ( )) 1 ( ( )) 1

Pr[ ] Pr[ A ] n g ) A e l(

K D K D

eε λ

= =

≤ +

Necessary

slide-8
SLIDE 8

Simulation0basedApproach

c

D:010110 D:010110

X

M(D) M(D)

Y

K(D) K(D) Differentially PrivateM

slide-9
SLIDE 9

SecondDefinition:SIM0CDP

ε0SIM0CDP:Mechanism isε0SIM0CDP ifthere existsanε0differentially0privatemechanism suchthatforall,distributions and arecomputationallyindistinguishable. ε0SIM0CDP:Mechanism isε0SIM0CDP ifthere existsanε0differentially0privatemechanism suchthatforall,distributions and arecomputationallyindistinguishable.

1 2

, ( , ) M D D ∃ ∀

– MisnotnecessarilyaPPT mechanism – Reversingtheorderofquantifiersyields anotherdefinition,SIM∀∃

∀∃ ∀∃ ∀∃ 0CDP: 1 2

( , ), D D M ∀ ∃

slide-10
SLIDE 10

ImmediateQuestions

  • Arethesedefinitionsequivalent?
  • Nothardtoseethat
  • Mainquestion:

SIM0CDPIND0CDP

IND0CDPSIM0CDP?

slide-11
SLIDE 11

ConnectionwithDenseModels

[RTTV’08,Imp’08]

  • DistributionXisα0dense inYifforalltestsT,
  • Xisα0pseudodenseinYifforallPPT testsT,

( ) 1 ( ) 1

1 Pr[ ] Pr[ ]

X Y

T T α

= =

( ) 1 ( ) 1

1 Pr[ ] Pr[ ] negl

X Y

T T α

= =

≤ +

001"#()2%',%0%3,%0%,%1%4, .4/%5'46##(,

slide-12
SLIDE 12

ConnectionwithDenseModels

[RTTV’08,Imp’08]

  • DifferentialPrivacy:

– –

  • Inthelanguageofdensemodels

– K(D1) iseε0dense in K(D2) – K(D2) iseε0dense inK(D1)

1 2

( ) ( )

Pr[ ] Pr[ ]

K D S K D S

∈ ∈

2 1

( ) ( )

Pr[ ] Pr[ ]

K D S K D S

∈ ∈

≤ ε0DP:K(D1) andK(D2) aremutuallyeε0dense ε0DP:K(D1) andK(D2) aremutuallyeε0dense

slide-13
SLIDE 13

ConnectionwithDenseModels

[RTTV’08,Imp’08]

  • ε 0 IND0CDP:

– –

  • Inthelanguageofdensemodels

– K(D1) iseε0pseudodense in K(D2) – K(D2) iseε0pseudodense inK(D1)

1 2

( )) 1 ( ) 1

Pr[ ( ] Pr[ ( ] negl

K D K D

A e A

ε

= =

≤ + ε0IND0CDP:K(D1) andK(D2) aremutuallyeε0pseudodense ε0IND0CDP:K(D1) andK(D2) aremutuallyeε0pseudodense

2 1

( )) 1 ( ) 1

Pr[ ( ] Pr[ ( ] negl

K D K D

A e A

ε

= =

≤ +

slide-14
SLIDE 14

SomeNotation

X Y

(Xispseudodense inY)

X Y

(X,Yaremutually pseudodense )

X Y

(Xisdense inY)

X Y

(X,Yaremutually dense) (X,Ycomp.indistinguishable)

X Y

slide-15
SLIDE 15

TheDenseModelTheorem

[RTTV’08]

X1 X2 Y

Thm:If1 ispseudodensein2,thereexistsamodel (truly)densein2 suchthat1 iscomputationally indistinguishablefrom. Thm:If1 ispseudodensein2,thereexistsamodel (truly)densein2 suchthat1 iscomputationally indistinguishablefrom.

slide-16
SLIDE 16

X1 X2

X1=K(D1) X2=K(D2) (IND0CDP)

Y1 Y2

Y1=M(D1) Y2=M(D2)

X1 X2

⇑ ⇑

Z1 Z2

?

ProofIdeas

E x t e n s i

  • n
  • f
  • D

M

  • T

X Y: X dense in Y, X Y: X,Y mutually dense X Y: X pseudo-dense in Y, X Y: X,Y mutually pseudo-dense (SIM0CDP)

∀∃

1 2

( , ), D D M ∀ ∃

1 2

, ( , ) M D D ∃ ∀

Z2

slide-17
SLIDE 17

ToRecap

  • -.0

0/ 001"#(),

  • 42
  • 4'72 IND0CDP SIM0CDP

? IND0CDP⇔ SIM∀∃

∀∃ ∀∃ ∀∃0CDP

slide-18
SLIDE 18

Benefits:BetterUtility

CDP:EasilygetΘ Θ Θ Θ(1/ε) errorw/constantprobability.

Alice Bob

x1 x2

xn y1 y2

yn H(x,y)

2 0:8%938:;ε<

SFE

DP:Requires(n½) error![Reingold0Vadhan]

~

slide-19
SLIDE 19

OtherResults

  • AnewprotocolforHammingDistance:

– Differentiallyprivate(standard) – Constantmultiplicative error

  • DifferentiallyPrivateTwo0PartyComputation
slide-20
SLIDE 20

Thankyouforyourattention!