CONSTRAINT -BASED DIFFERENTIAL PRIVACY Releasing Optimal Power - PowerPoint PPT Presentation

CONSTRAINT -BASED DIFFERENTIAL PRIVACY Releasing Optimal Power Flow Benchmarks Privately Ferdinando Fioretto & Pascal Van Hentenryck University of Michigan CPAIOR 2018

Customers Loads optimization

Customers Loads optimization

Content • Private Data Release and Differential Privacy • Optimal Power Flow Problem • The CBDP Mechanism • Experimental Analysis on Private OPF

Private data-release contributors data curator data analyst D Goal 1: Protect the privacy of the contributors Goal 2: The data analyst receives useful data

Differential Privacy (Informal) contributors data curator data analyst ? ˜ D D Contributor: Small participation risk (privacy loss) Data analyst: Analysis on original and modified data are 
 very similar (data distributions)

Differential Privacy (Informal) contributors data curator data analyst ˜ D D ? Contributor: Small participation risk (privacy loss) Data analyst: Analysis on original and modified data are 
 very similar (data distributions)

Differential Privacy • Two datasets are said neighbors ( ) if they D 1 , D 2 D 1 ∼ α D 2 differ by ⍺ in at most one tuple D 2 D 1 name load name load Alice Alice 21.2 21.2 B B Bob 30.1 Bob 30.1 Carl 17.4 Carl 27.4 Diana 20.5 Diana 20.5 … … … … ⍺ = 10

Differential Privacy • In statistical databases, often, the1-hamming distance is used: D 1 ⇠ D 2 , k D 1 � D 2 k 1  1 D 1 D 2 name age gender name age gender Alice Alice 21 F 21 F B B Bob 39 M Bob 39 M Carl 17 M Carl 17 M Diana 25 F Diana 25 F Emily 26 F … … …. … … ….

[Dwork:06] Differential Privacy • Two datasets are said neighbors ( ) if they D 1 , D 2 D 1 ∼ α D 2 differ by ⍺ in at most one tuple A randomized mechanism M : D → R is ✏ -di ff erentially private if, for any pair D 1 , D 2 ∈ D of neighboring datasets and any output O ∈ R : Pr[ M ( D 1 ) = O ] Pr[ M ( D 2 ) = O ] ≤ exp( ✏ ) , ( ✏ > 0) • The risk of a user to join the dataset or to change her value by at most ⍺ is bounded (by ε )

How Can we Achieve DP? [Dwork:06] The Laplace Mechanism = true answer Q ( D ) Q Z ∼ Laplace( ∆ Q / ✏ ) Q ( D ) + Z Theorem (Laplace Mechanism) Let Q : D → R be a numerical query. The Laplace mech- anism M ( D ; Q, ✏ ) = Q ( D ) + Z , where Z ∼ Lap ( ∆ Q ✏ ) achieves ✏ -di ff erentially privacy. ace( ∆ Q / ✏ ) b = ✓ ◆ f ( x | µ = 0 , b ) = 1 − | x | 2 b exp b PDF How much does the output of Q changes if we 
 add/remove one tuple (or ⍺) from D ?

Differential Privacy Notable Properties • No linkage attack: Adversary knows arbitrary auxiliary information • Composability: If M 1 enjoys ε 1 -differential privacy and M 2 enjoys ε 2 differential privacy, then, their composition M 1 (D) , M 2 (D) enjoys ε 1 + ε 2 - differential privacy • Post-Processing immunity: If M enjoys ε -differential privacy and g is an arbitrary mapping, g ֯ M is ε -differential private

Content • Private Data Release and Differential Privacy • Optimal Power Flow Problem • The CBDP Mechanism • Experimental Analysis on Private OPF

Optimal Power Flow (OPF) 1 The AC Optimal Power Flow Problem (AC-OPF) variables: S g i , V i @ i P N, S ij @p i, j q P E Y E R i qq 2 ` c 1 i < p S g ÿ c 2 i p < p S g generators’ cost i q ` c 0 i minimize: i P N subject to: = V r “ 0 , r P N v l i § | V i | § v u @ i P N i engineering limits s ij § = p V i V ˚ ´ θ ∆ j q § θ ∆ ij @p i, j q P E S gl § S g i § S gu @ i P N i i | S ij | § s u ij @p i, j q P E Y E R demands are met S g i ´ S d i “ ∞ p i,j qP E Y E R S ij @ i P N ij | V i | 2 ´ Y ˚ S ij “ Y ˚ ij V i V ˚ @p i, j q P E Y E R j conservation of flow

Optimal Power Flow (OPF) • AC-OPF Relaxations: • SOC Relaxation [ Jabr 2006 ] 
 Relaxes the product of voltage variables with second-order cone constraints • QC Relaxation [ Hijazi, Coffrin, and Van Hentenryck 2017 ] 
 Relaxes voltage constraints by taking tight convex envelops of their nonlinear terms • DC Relaxation [ Wood and Wollenberg 1996 ] 
 Relates real power to voltage phase angles, ignore reactive power, and assume voltages are colse to their nominal values


 Differential Privacy Challenge for OPF • Privacy in OPF test cases: • Hide user participation: not sensitive 
 (load location is typically known) 
 • Load magnitude: sensitive • Associated with customer’s 
 activity • May reveal strategic investments, 
 decreases in sales, etc.

The Laplace mechanism for private OPF • Undesirable outcomes when applied to protect load profiles • Significant higher loads than 
 the actual demand • Recall: Larger privacy budget 
 = less noise Average L1 error

The Laplace mechanism for private OPF Satisfiable OPF solutions % • The Laplace mechanism is oblivious to the structure of the dataset and the constraints and objective of the optimization problem • It produces private datasets that are not representative for the actual OPF Average L1 error

Content • Private Data Release and Differential Privacy • Optimal Power Flow Problem • The CBDP Mechanism • Experimental Analysis on Private OPF


 
 
 
 DP for Complex Optimization Problems • Consider a generic optimization problem 
 q minimize x P R n f p D, x q subject to g i p D, x q § 0 , i “ 1 , . . . , p where D is the data whose privacy we want to protect. • Desiderata: • Data privacy • Faithfulness to the optimal objective value • The private data must satisfy the problem constraints


 
 
 Constraint-Based Differential Privacy • Consider a generic optimization problem 
 q minimize x P R n f p D, x q subject to g i p D, x q § 0 , i “ 1 , . . . , p Definition 3 (( ✏ , � )-CBDP). Given ✏ ° 0 , � • 0 , a DP-data-release mecha- nism M : D Ñ D is p ✏ , � q -CBDP i ff , for each private database ˆ D “ M p D q , there exists a solution x such that 1. ✏ -privacy : M satisfies ✏ -DP; 2. � -faithfulness : | f p ˆ D, x q ´ f p D, x ˚ q| § � ; 3. Consistency : Constraints g i p ˆ D, x q § 0 ( i “ 1 , . . . , p ) are satisfied.


 
 
 
 The CBDP Mechanism 1. Uses the Laplace mechanism to query each dimension of D : 
 
 M Lap p D, Q, ✏ q “ ˜ D “ D ` Lap p 1 { ✏ q n , M where is the vector of noisy values where ˜ D “ p ˜ c 1 , . . . , ˜ c n q 2. Solves the following optimization problem: 
 D, x P R n } ˆ D ´ ˜ D } 2 minimize ˆ 2 | f p ˆ D, x q ´ f ˚ | § β subject to g i p ˆ D, x q § 0 , i “ 1 , . . . , p 3. Releases ˆ D


 
 
 
 The CBDP Mechanism 1. Uses the Laplace mechanism to query each dimension of D : 
 
 M Lap p D, Q, ✏ q “ ˜ D “ D ` Lap p 1 { ✏ q n , M where is the vector of noisy values where ˜ D “ p ˜ c 1 , . . . , ˜ c n q 2. Solves the following optimization problem: 
 D, x P R n } ˆ D ´ ˜ D } 2 Decision variables: minimize ˆ 2 post-processed loads | f p ˆ D, x q ´ f ˚ | § β subject to g i p ˆ D, x q § 0 , i “ 1 , . . . , p 3. Releases ˆ D


 
 
 
 The CBDP Mechanism 1. Uses the Laplace mechanism to query each dimension of D : 
 
 M Lap p D, Q, ✏ q “ ˜ D “ D ` Lap p 1 { ✏ q n , M where is the vector of noisy values where ˜ D “ p ˜ c 1 , . . . , ˜ c n q 2. Solves the following optimization problem: 
 D, x P R n } ˆ D ´ ˜ D } 2 Decision variables: minimize ˆ 2 optimization problem | f p ˆ D, x q ´ f ˚ | § β subject to g i p ˆ D, x q § 0 , i “ 1 , . . . , p 3. Releases ˆ D


 
 
 
 The CBDP Mechanism 1. Uses the Laplace mechanism to query each dimension of D : 
 
 M Lap p D, Q, ✏ q “ ˜ D “ D ` Lap p 1 { ✏ q n , M where is the vector of noisy values where ˜ D “ p ˜ c 1 , . . . , ˜ c n q 2. Solves the following optimization problem: 
 Differential Privacy D, x P R n } ˆ D ´ ˜ D } 2 minimize ˆ 2 | f p ˆ D, x q ´ f ˚ | § β subject to g i p ˆ D, x q § 0 , i “ 1 , . . . , p 3. Releases ˆ D


 
 
 
 The CBDP Mechanism 1. Uses the Laplace mechanism to query each dimension of D : 
 
 M Lap p D, Q, ✏ q “ ˜ D “ D ` Lap p 1 { ✏ q n , M where is the vector of noisy values where ˜ D “ p ˜ c 1 , . . . , ˜ c n q 2. Solves the following optimization problem: 
 Faithfulness to the D, x P R n } ˆ D ´ ˜ D } 2 minimize ˆ 2 objective | f p ˆ D, x q ´ f ˚ | § β subject to g i p ˆ D, x q § 0 , i “ 1 , . . . , p 3. Releases ˆ D


 
 
 
 The CBDP Mechanism 1. Uses the Laplace mechanism to query each dimension of D : 
 
 M Lap p D, Q, ✏ q “ ˜ D “ D ` Lap p 1 { ✏ q n , M where is the vector of noisy values where ˜ D “ p ˜ c 1 , . . . , ˜ c n q 2. Solves the following optimization problem: 
 D, x P R n } ˆ D ´ ˜ D } 2 minimize ˆ 2 | f p ˆ D, x q ´ f ˚ | § β Constraint consistency subject to g i p ˆ D, x q § 0 , i “ 1 , . . . , p 3. Releases ˆ D