CSC2412: Properties of Di ff erential Privacy & More Mechanisms - - PowerPoint PPT Presentation

csc2412 properties of di ff erential privacy more
SMART_READER_LITE
LIVE PREVIEW

CSC2412: Properties of Di ff erential Privacy & More Mechanisms - - PowerPoint PPT Presentation

Mar 16, 2023 226 likes •353 views

CSC2412: Properties of Di ff erential Privacy & More Mechanisms Sasho Nikolov 1 Review Data model Data set: (multi-)set X of n data points X = { x 1 , . . . , x n } . each data point (or row) x i is the data of one person - so , Bd

slide-1
SLIDE 1

CSC2412: Properties of Differential Privacy & More Mechanisms

Sasho Nikolov

1

slide-2
SLIDE 2

Review

slide-3
SLIDE 3

Data model

Data set: (multi-)set X of n data points X = {x1, . . . , xn}.

  • each data point (or row) xi is the data of one person
  • each data point comes from a universe X

We call two data sets X and X 0 neighbouring if

  • 1. (variable n) we can get X 0 from X by adding or removing an element
  • 2. (fixed n) we can get X 0 from X by replacing an element with another

2

e.g

,

se

  • so , Bd

( →

we will mostly

x~x

'

  • X. X

'

neighbouring

use

this

slide-4
SLIDE 4

Differential Privacy

Definition A mechanism M is ε-differentially private if, for any two neighbouring datasets X, X 0, and any set of outputs S P(M(X) ∈ S) ≤ eεP(M(X 0) ∈ S).

3

C- Range ( M )

slide-5
SLIDE 5

Basic Properties

slide-6
SLIDE 6

Composition motivation

It would be nice if we can:

  • Post-process outputs of DP algorithms without losing privacy.
  • Build complex DP algorithms from simple ones.
  • Allow an analyst to adaptively choose queries to ask

4

  • E. g
.

average

Hete

'

for

the output ( T

, ,

. . .,9n) of RR

E.

g

.

use

RR

to

answer

many

counting

queries

  • E. g
.

" smokers ?

"

" smokers

are

under 25 yrs

  • ld ? '

+

<259

.

slide-7
SLIDE 7

Composition theorem

Suppose

  • M1(·) is ε1-DP
  • M2(·, y) is ε2-DP for any y in the range of M1

Then M(·) given by M(X) = M2(X, M1(X)) is (ε1 + ε2)-DP.

5

M ,

takes

X

M ,

takes

X

and

the

  • utput of ll

,

Epsilon addupost.pro#gy

Ust

, t)

Es

  • f) p

tf

2- c-

Range

( Nz) If

U,

is

O - DP

i.e

.

µ, is only

a

air , nine" 'M

is

an:{

"Itsy

. .?

" / no:¥ Iheu ,

then Mill , 1H)

is

e ,

  • DP
slide-8
SLIDE 8

Proof of the composition theorem

6

Take

some

X

  • X

'

Ito

prove

:

MIX ) -

  • Milt ,MINI

S

E

Range Ilk)

is

CE

, -14) - DP

lP( MIX)

c- S)

=

E

Plucky

) es)

  • PIM , KI
  • y )

ye Range Ill

, )

E E

e' a plucky )

c- S)

  • d

' PIM , IX ')

  • y )

yethauglll

, )

=

elite

2-

BLUE Kyles )

. RCM

, K's

.

  • y)

ye Rangel U. )

=

ee

. -19

.

PCU (t't

c- S )

slide-9
SLIDE 9

Group Privacy

What protection is offered to small groups rather than individuals?

  • E.g., what can an adversary find out about my immediate family?

Definition Two data sets X, X 0 are t-neighbours if they differ in the data of ≤ t individuals. For any ε-DP mechanism M, any t-neighbours X, X 0, and any set S of outputs P(M(X) ∈ S) ≤ etεP(M(X 0) ∈ S).

7

X = { X

, , Xz ,

  • -
, Xi . . -

i Xj

. .
  • -

, Xu }

X

'

  • ha .
  • , ti

'

,

. . .

, xj .

. . . any ¥2- neighbouring
slide-10
SLIDE 10

Proof of group privacy property

8

  • X. t

'

t - neighbouring

⇒ tht

, Nix?

.

. . XIX

'

  • tht

't

,

X

'

  • t}
. . . .tt
  • 'nxt

F-Yi

x

. . K ,

  • - Xi

.

. - i'ji
  • - Yu 's

xk={ ×

, ,x

"

. .,xi

,

.
  • -i'ji
. - in}

X

'

  • ha . . .

, ti

'

,

. - -

, rj

's

. - ith }

"

x2

AS

set of

  • utputs

PLUNKS)EeEp( MIX's c-Sleek plumes)

  • e etc IPIMLX

' )

c- S)