Randomness in Computing L ECTURE 27 Last time Stationary - - PowerPoint PPT Presentation

4/29/2020

Randomness in Computing

LECTURE 27

Last time

• Stationary distributions
• Random walks on graphs
• Algorithm for 𝑡-𝑢-PATH

Today

• Sublinear algorithms
• Differential privacy

Sofya Raskhodnikova;Randomness in Computing; based on slides by Baranasuriya et al.

A Sublinear-Time Algorithm

B L A - B L A - B L A - B L A - B L A - B L A - B L A - B L A

approximate answer

randomized algorithm

? L ? B ? L ? A

Quality of approximation Resources

• number of queries
• running time

Goal: Fundamental Understanding

• f Sublinear Computation
• What computational tasks?
• How to measure quality of approximation?
• What type of access to the input?
• Can we make our computations robust

(e.g., to noise or erased data)?

Fundamental Computational Tasks

• Property testing
• need to answer YES or NO
• intuition: only require correct answers on two sets of

instances that are very different from each other

• Learning
• need an approximate representation of an object
• input is from a given class (or is close to it)
• Classical approximation
• need to compute a value
• output should be close to the desired value

4

[Rubinfeld Sudan, Goldreich Goldwasser Ron]

Property Testing: Definition

Property Tester

Close to YES

Far from YES

YES

Reject with probability 2/3 Don’t care Accept with probability ≥ 𝟑/𝟒



Randomized Algorithm

YES

Accept with probability ≥ 𝟑/𝟒 Reject with probability 2/3

NO  far = differs in many places 𝜁- (≥ 𝜁 fraction of places)

𝜁

Example: Lipschitz Testing [Jha R]

6

Input: a list of 𝑜 numbers 𝑦1, 𝑦2 , … , 𝑦𝑜

• A list of numbers is Lipschitz if 𝑦𝑗+1 − 𝑦𝑗 ≤ 1 for all 𝑗.
• Question: Is the list Lipschitz?

Requires reading entire list: (𝑜) time

• Approximate version: Is the list Lipschitz or 𝜁-far from Lipschitz?

(An 𝜁 fraction of 𝑦𝑗 ’s have to be changed to make it Lipschitz.) Our result: O((log 𝑜)/𝜁) time

5 6 5 4 5 4 3 2 2 1

𝒋

1 2 3

𝒚𝒋

4 5 6 7 8 9 10 1 2 3 4 5 6

Lipschitz Testing: Attempts

• 1. Test: Pick a random 𝑗 and reject if 𝑦𝑗+1 − 𝑦𝑗 > 1

Fails on: ← 1/2-far from Lipschitz

• 2. Test: Pick random 𝑗 < 𝑘 and reject if 𝑦𝑘 − 𝑦𝑗 > 𝑘 − 𝑗

Fails on: ← 1/2-far from Lipschitz

0 1 2 3 5 6 7 8 0 2 1 3 2 4 3 5 4 6

𝒋 𝒚𝒋

1 2 3 4 5 6 1 2 3 4 5 6 7 8 9 10

𝒚𝒋

3 4 5 6 2

𝒋

1 1 2 3 4 5 6 7 8

Is a list Lipschitz or 𝜁-far from Lipschitz?

Idea: Associate positions in the list with vertices of the directed line. Construct a graph (2-spanner)

• by adding a few “shortcut” edges (𝑗, 𝑘) for 𝑗 < 𝑘
• where each pair of vertices is connected by a path of length at most 2

… …

≤ 𝑜 log 𝑜 edges

1 2 3 … 𝒐-1 𝒐

[Bhattacharyya Grigorescu Jung R Woodruff]

Is a list Lipschitz or 𝜁-far from Lipschitz?

3 2 2 4 6 6 7

Analysis:

• Call a pair (𝑗, 𝑘) violated if 𝑦𝑘 − 𝑦𝑗 > 𝑘 − 𝑗, and satisfied otherwise.
• If 𝑗 is an endpoint of a violated edge, call 𝑦𝑗 bad. Otherwise, call it good.

Proof: Consider any two good numbers, xi and xj. They are connected by a path of (at most) two satisfied edges 𝑗, 𝑙 , (𝑙, 𝑘) ⇒ 𝑦𝑙 − 𝑦𝑗 ≤ 𝑙 − 𝑗 and 𝑦𝑘 − 𝑦𝑙 ≤ 𝑘 − 𝑙 ⇒ 𝑦𝑘 − 𝑦𝑗 ≤ 𝑦𝑘 − 𝑦𝑙 + 𝑦𝑙 − 𝑦𝑗 ≤ 𝑘 − 𝑙 + 𝑙 − 𝑗 = 𝑘 − 𝑗

2 4 6 xi xj

xk Claim 1. All pairs of good numbers are satisfied. Test Pick a random edge (𝑗, 𝑘) from the 2-spanner and reject if 𝑦𝑘 − 𝑦𝑗 > 𝑘 − 𝑗.

Is a list Lipschitz or 𝜁-far from Lipschitz?

3 2 2 4 6 6 7

Analysis:

• Call a pair (𝑗, 𝑘) violated if 𝑦𝑘 − 𝑦𝑗 > 𝑘 − 𝑗, and satisfied otherwise.
• If 𝑗 is an endpoint of a violated edge, call 𝑦𝑗 bad. Otherwise, call it good.

Proof: If a list is 𝜁-far from Lipschitz, it has ≥ 𝜁𝑜 bad numbers. (Claim 1)

• Each violated edge contributes 2 bad numbers.
• 2-spanner has ≥

𝜁𝑜 2 violated edges out of 𝑜 log 𝑜.

2 4 6 xi xj

xk Claim 1. All pairs of good numbers are satisfied. Test Pick a random edge (𝑗, 𝑘) from the 2-spanner and reject if 𝑦𝑘 − 𝑦𝑗 > 𝑘 − 𝑗. Claim 2. An 𝜁-far list violates ≥ 𝜁/(2 log 𝑜) fraction of edges in 2-spanner.

Is a list Lipschitz or 𝜁-far from Lipschitz?

3 2 2 4 6 6 7

Analysis:

• Call a pair (𝑗, 𝑘) violated if 𝑦𝑘 − 𝑦𝑗 > 𝑘 − 𝑗, and satisfied otherwise.

Sample

4 log 𝑜

𝜁

edges (xi ,xj) from the 2-spanner and reject if 𝑦𝑘 − 𝑦𝑗 > 𝑘 − 𝑗. Guarantee: All Lipschitz lists are accepted. All lists that are 𝜁-far from Lipschitz are rejected with probability ≥ 2/3. Time: O((log n)/²)

11

Claim 2. An 𝜁-far list violates ≥ 𝜁/(2 log 𝑜) fraction of edges in 2-spanner. Algorithm

2 4 6 xi xj

xk Test Pick a random edge (𝑗, 𝑘) from the 2-spanner and reject if 𝑦𝑘 − 𝑦𝑗 > 𝑘 − 𝑗.

Testing if a List is Lipschitz: Summary

• [Jha R]:

We can determine if a list of 𝑜 numbers is Lipschitz or 𝜁-far from Lipschitz in O

log 𝑜

𝜁

time.

• [Jha R, Blais R Yaroslavtsev, Chakrabarty Dixit Jha Seshadhri]:

This cannot be improved.

Testing Properties of High-Dimensional Functions

In polylogarithmic time, we can test a large class of properties of functions 𝑔: 1, … , 𝑜 𝑒 → ℝ, including:

x y

• Lipschitz property [Jha R]
• Monotonicity [Goldreich Goldwasser Lehman Ron,

Dodis Goldreich Lehman R Ron Samorodnitsky]

• Bounded-derivative properties

[Chakrabarty Dixit Jha Seshadhri]

• Unateness

[Baleshzar Chakrabarty Pallavoor R Seshadhri]

Sublinear Algorithms: Summary

• Many problems admit sublinear-time algorithms
• Algorithms are often simple
• Analysis requires creation of interesting combinatorial,

geometric and algebraic tools

• Unexpected connections to other areas
• Many open questions

Private Data Analysis

Individuals Data Analysts Curator x = 𝑦𝑒 𝑦𝑒−1 𝑦3 𝑦2 𝑦1

  (Queries) Answers

Typical examples: census, medical studies, what big companies want to publish about our data… Two conflicting goals

• Protect privacy of individuals
• Differential privacy [Dwork McSherry Nissim Smith 06]
• Give accurate answers

Neighboring Datasets

Two datasets 𝑦, 𝑦′ are neighbors if they differ in one person’s data. 𝑦𝑒 𝑦𝑒−1 𝑦3 𝑦2 𝑦1 𝑦𝑒 𝑦𝑒−1 𝒚′𝟒 𝑦2 𝑦1

 

𝑦 𝑦′

Differential Privacy [Dwork McSherry Nissim Smith]

𝑦𝑒 𝑦𝑒−1 𝑦3 𝑦2 𝑦1 𝑦𝑒 𝑦𝑒−1 𝒚′𝟒 𝑦2 𝑦1

 

𝑦 𝑦′ Privacy Definition An algorithm A is 𝝑-differentially private if for all pairs of neighbors 𝒚, 𝒚′ and all sets of answers S:

𝐐𝐬 𝑩 𝒚 ∈ 𝑻 ≤ 𝒇𝝑 𝐐𝐬 𝑩 𝒚′ ∈ 𝑻

Properties of Differential Privacy

• Composition:

If algorithms 𝐵1 and 𝐵2 are 𝜗-differentially private then algorithm that outputs (𝐵1 𝑦 , 𝐵2(𝑦)) is 2𝜗-differentially private

• Meaningful in the presence of arbitrary external information

18

19

Output Perturbation

Frameworks for designing differentially private algorithms

Output Perturbation

Individuals Data Analysts Curator x = 𝑦𝑒 𝑦𝑒−1 𝑦3 𝑦2 𝑦1

 Evaluate 𝒈(𝒚) A 𝒚 = 𝒈 𝒚 + 𝒐𝒑𝒋𝒕𝒇

Global Sensitivity Framework

Global sensitivity of a function 𝑔 is Example: 𝑦1, … , 𝑦𝑜 ∈ 0,1 , ave 𝑦 =

𝑦1+⋯+𝑦𝑜 𝑜

• 𝐻𝑇ave = ?

𝑯𝑻𝒈 = max

𝐨𝐟𝐣𝐡𝐢𝐜𝐩𝐬𝑡 𝑦,𝑦′ 𝑔 𝑦 − 𝑔 𝑦′ .

Global Sensitivity Framework

Global sensitivity of a function 𝑔 is Example: 𝑦1, … , 𝑦𝑜 ∈ 0,1 , ave 𝑦 =

𝑦1+⋯+𝑦𝑜 𝑜

• 𝐻𝑇ave = 1/𝑜

𝑯𝑻𝒈 = max

𝐨𝐟𝐣𝐡𝐢𝐜𝐩𝐬𝑡 𝑦,𝑦′ 𝑔 𝑦 − 𝑔 𝑦′ .

Theorem [Dwork McSherry Nissim Smith]

If 𝐵 𝑦 = 𝑔 𝑦 + 𝑀𝑏𝑞

𝐻𝑇𝑔 𝜗

then 𝐵 is 𝜗-differentially private.

Global Sensitivity: Noise Distribution

Laplace distribution Lap(𝜇) has density ℎ 𝑧 =

1 2𝜇 ⋅ 𝑓− 𝑧

𝜇

(mean 0, standard deviation 2 ⋅ 𝜇) Laplace Mechanism Theorem [Dwork McSherry Nissim Smith]

If 𝐵 𝑦 = 𝑔 𝑦 + 𝑀𝑏𝑞

𝐻𝑇𝑔 𝜗

then 𝐵 is 𝜗-differentially private. Sliding Property of 𝑀𝑏𝑞

𝐻𝑇𝑔 𝜗

for all 𝑧, 𝜀:

ℎ 𝑧 ℎ 𝑧+𝜀 ≤ 𝑓 𝜗⋅ 𝜀

𝐻𝑇𝑔

When is Laplace Mechanism Useful?

• Laplace mechanism is always private.
• When is it accurate?

Example: 𝑦1, … , 𝑦𝑜 ∈ 0,1 , ave 𝑦 =

𝑦1+⋯+𝑦𝑜 𝑜

• 𝐻𝑇ave = 1/𝑜

Noise= Lap

1 𝜗𝑜

Accurate when GS is low (and 𝑜, the size of the database, is sufficiently large)

Can Global Sensitivity Be Too High?

Example: 𝑦1, … , 𝑦𝑜 ∈ 0,1 , 𝑛𝑓𝑒𝑗𝑏𝑜 𝑦 is median of 𝑦1, … , 𝑦𝑜.

• 𝐻𝑇median = ?
• Noise: Lap

1 𝜗

• But for most neighboring datasets 𝑦 and 𝑦′,

𝑛𝑓𝑒𝑗𝑏𝑜 𝑦 − 𝑛𝑓𝑒𝑗𝑏𝑜 𝑦′ is small

• Can we add less noise on ``good’’ datasets?

ቊ

𝑦 = 0 … 0 0 1 … 1

𝑜 − 1 2

ቊ

𝑜 − 1 2

𝑦′ = 0 … 0 1 1 … 1

𝑜 − 1 2

ቊ

𝑜 − 1 2

ቊ

𝑛𝑓𝑒𝑗𝑏𝑜 𝑦 = 0 𝑛𝑓𝑒𝑗𝑏𝑜 𝑦′ = 1

𝑈𝑝𝑝 𝑛𝑣𝑑ℎ 𝑜𝑝𝑗𝑡𝑓!

26

Smooth Sensitivity Framework

[Nissim Raskhodnikova Smith]

Local Sensitivity

Local sensitivity of a function 𝑔at point 𝑦 is Relationship to GS: 𝐻𝑇𝑔 = max

𝐞𝐛𝐮𝐛𝐭𝐟𝐮𝐭 𝑦 𝑀𝑇 𝑔 𝑦

Example: 𝑛𝑓𝑒𝑗𝑏𝑜 𝑝𝑔 0 ≤ 𝑦1 ≤ ⋯ ≤ 𝑦𝑜 ≤ 1 for odd 𝑜.

• L𝑇median (𝑦)= ?

27

𝑴𝑻𝒈(𝒚) = max

𝑦′: 𝐨𝐟𝐣𝐡𝐢𝐜𝐩𝐬 𝑝𝑔 𝑦 𝑔 𝑦 − 𝑔 𝑦′ .

1 𝒚𝟐 𝒚𝒏−𝟐 𝒚𝒏 𝒚𝒏+𝟐 𝒚𝒐 median

… …

new median when 𝑦1

′ = 1

new median when 𝑦𝑜

′ = 0

Local Sensitivity

Local sensitivity of a function 𝑔at point 𝑦 is Relationship to GS: 𝐻𝑇𝑔 = max

𝐞𝐛𝐮𝐛𝐭𝐟𝐮𝐭 𝑦 𝑀𝑇 𝑔 𝑦

Example: 𝑛𝑓𝑒𝑗𝑏𝑜 𝑝𝑔 0 ≤ 𝑦1 ≤ ⋯ ≤ 𝑦𝑜 ≤ 1 for odd 𝑜.

• L𝑇median (𝑦)= max(𝑦𝑛+1 − 𝑦𝑛, 𝑦𝑛 − 𝑦𝑛−1)

Goal: Release 𝑔(𝑦) with less noise when 𝑀𝑇𝑔 𝑦 is lower.

28

1 𝒚𝟐 𝒚𝒏−𝟐 𝒚𝒏 𝒚𝒏+𝟐 𝒚𝒐 median new median when 𝑦1

′ = 1

new median when 𝑦𝑜

′ = 0

… … 𝑴𝑻𝒈(𝒚) = max

𝑦′: 𝐨𝐟𝐣𝐡𝐢𝐜𝐩𝐬 𝑝𝑔 𝑦 𝑔 𝑦 − 𝑔 𝑦′ .

First Attempt: Local Sensitivity

Noise with magnitude proportional to 𝑀𝑇𝑔(𝑦) instead of 𝐻𝑇𝑔? Problem: noise magnitude might reveal information. Example: median

• Idea: make noise magnitude an ``insensitive’’ function

29

ቊ

𝑦 = 0 … 0 000 1 … 1

𝑜 − 3 2

ቊ

𝑜 − 3 2

𝑦′ = 0 … 0 001 1 … 1

𝑜 − 3 2

ቊ

𝑜 − 3 2

ቊ 𝑛𝑓𝑒𝑗𝑏𝑜 𝑦 = 0 𝑛𝑓𝑒𝑗𝑏𝑜 𝑦′ = 0 𝑀𝑇𝑛𝑓𝑒𝑗𝑏𝑜 𝑦 = 0 𝑀𝑇𝑛𝑓𝑒𝑗𝑏𝑜 𝑦′ = 1 Pr 𝐵 𝑦 = 0 = 1 Pr 𝐵 𝑦′ = 0 = 0 𝐵 is not differentially private

Smooth Bounds on Local Sensitivity

Design sensitivity function 𝑇 𝑦

• 𝑇(𝑦) is an 𝜗-smooth upper bound on 𝑀𝑇𝑔(𝑦) if

– for all 𝑦: 𝑇 𝑦 ≥ 𝑀𝑇𝑔(𝑦) – for all neighbors 𝑦, 𝑦′: 𝑇 𝑦 ≤ 𝑓𝜗 𝑇(𝑦′) Example: 𝐻𝑇𝑔 is a smooth bound on 𝑀𝑇𝑔 𝑦 .

30

Theorem

If 𝐵 𝑦 = 𝑔 𝑦 + 𝑜𝑝𝑗𝑡𝑓

𝑇(𝑦) 𝜗

then 𝐵 is (𝜗′, 𝜀)-diff. private.

𝑇(𝑦)

Smooth Sensitivity

• For two datasets 𝑦 and 𝑧, let 𝑒𝑗𝑡𝑢(𝑦, 𝑧)= 𝑗: 𝑦𝑗 ≠ 𝑧𝑗
• Smooth sensitivity 𝑇𝑔

∗ 𝑦 =

max

𝐞𝐛𝐮𝐛𝐭𝐟𝐮𝐭 𝒛 𝑀𝑇𝑔 𝑧 ⋅ 𝑓−𝜗⋅𝑒𝑗𝑡𝑢(𝑦,𝑧).

• Intuition: 𝑇𝑔

∗ 𝑦 is low when 𝑦 is far from sensitive datasets

31

Lemma

• 1. Smooth sensitivity is an 𝜗-smooth upper bound on 𝑀𝑇𝑔.
• 2. For every 𝜗-smooth upper bound 𝑇 on 𝑀𝑇𝑔:

𝑇𝑔

∗ 𝑦 ≤ 𝑇(𝑦) for all 𝑦.

Computing Smooth Sensitivity

Recall: Smooth sensitivity 𝑇𝑔

∗ 𝑦 = max 𝒛

𝑀𝑇𝑔 𝑧 ⋅ 𝑓−𝜗⋅𝑒𝑗𝑡𝑢(𝑦,𝑧). Example: median 𝑀𝑇median

𝑙

𝑦

=

max

𝒖=𝟏,𝟐,…,𝒍+𝟐(𝑦𝑛+𝑢+𝑙+1−𝑦𝑛+𝑢)

This gives 𝑃(𝑜2) time algorithm for computing 𝑇median

∗

𝑦 . (It can be computed in time 𝑃(𝑜 log 𝑜).)

33

Observation

𝑇𝑔

∗ 𝑦 =

max

𝒍=𝟏,𝟐,…,𝒐 𝑀𝑇𝑔 𝑙 𝑦 ⋅ 𝑓−𝜗⋅𝑙,

where 𝑀𝑇𝑔

𝑙 𝑦

= max

𝒛:𝒆𝒋𝒕𝒖 𝒚,𝒛 ≤𝒍 𝑀𝑇 𝑔 𝑧 .

1 𝒚𝟐 𝒚𝒏−𝒍−𝟐 𝒚𝒏 𝒚𝒏+𝟐 𝒚𝒐

… … …

𝒚𝒏+𝒍+𝟐 …

…

Conclusion: Calibrating Noise

• Adding noise proportional to local sensitivity is not safe.
• Smooth sensitivity framework allows one to calibrate noise to

the input dataset.

– Requires understanding combinatorial structure of the problem.

• There are other frameworks based on local sensitivity:

– Propose-Test-Release [Dwork Lei, Karwa R Smith Yaroslavtsev] – Sample-and-Aggregate [Nissim R Smith]

34

Conclusion: Differential Privacy

• a rigorous and widely applicable notion of privacy
• is defined in terms of algorithm
• requires the algorithm to be randomized
• puts a restriction on the algorithm, requiring that output

distributions on neighboring datasets be close

• is used in 2020 Census, by Apple and Google

35