CSC2412: Properties of Di ff erential Privacy & More Mechanisms - PowerPoint PPT Presentation

CSC2412: Properties of Di ff erential Privacy & More Mechanisms Sasho Nikolov 1

Review

⇐ Data model Data set: (multi-)set X of n data points X = { x 1 , . . . , x n } . • each data point (or row) x i is the data of one person - so , Bd se • each data point comes from a universe X e.g - , We call two data sets X and X 0 neighbouring if 1. ( variable n ) we can get X 0 from X by adding or removing an element 2. ( fixed n ) we can get X 0 from X by replacing an element with another → ( we will mostly neighbouring ' ' X. X x~x this use 2

Di ff erential Privacy Definition A mechanism M is ε -di ff erentially private if, for any two neighbouring datasets X , X 0 , C- Range ( M ) and any set of outputs S P ( M ( X ) ∈ S ) ≤ e ε P ( M ( X 0 ) ∈ S ) . 3

Basic Properties

Composition motivation It would be nice if we can: • Post-process outputs of DP algorithms without losing privacy. the output Hete ' . . . ,9n ) of RR E. g ( T for average , . , • Build complex DP algorithms from simple ones. RR to E. counting queries use answer many g . • Allow an analyst to adaptively choose queries to ask 25 yrs old ? ' " smokers under " smokers ? are E. g " . < 259 + . - - - - 4

Composition theorem Suppose X takes M , • M 1 ( · ) is ε 1 -DP the X and takes M , • M 2 ( · , y ) is ε 2 -DP for any y in the range of M 1 output of ll , Then M ( · ) given by M ( X ) = M 2 ( X , M 1 ( X )) is ( ε 1 + ε 2 )-DP. Epsilon addupost.pro#gy " / O - DP ( Nz ) If U , is Range tf Ust , t ) - f) p 2- c- Es µ , is only a i.e . air , nine " 'M . . ? no :¥ Iheu , " Itsy an :{ is - DP then Mill , 1H ) 5 is e ,

Proof of the composition theorem - Milt , MINI MIX ) - Ito - X ' prove X Take : some , -14 ) - DP Range Ilk ) CE is S E - PIM , KI - y ) ) es ) Plucky c- S ) - lP( MIX ) E = , ) ye Range Ill ' PIM , IX y ) ' ) e' a plucky ) - d c- S ) - - E E yethauglll , ) - y ) , K 's . RCM BLUE Kyles ) . elite 2- = ye Rangel U . ) c- S ) PCU ( t 't ee . -19 = . 6

Group Privacy What protection is o ff ered to small groups rather than individuals? • E.g., what can an adversary find out about my immediate family? i Xj . any ¥2 - neighbouring , Xu } X = { X , Xi , Xz , - - . . - , . - - . - ha . , xj . ' ' X , ti Definition . . . . . - - , Two data sets X , X 0 are t -neighbours if they di ff er in the data of ≤ t individuals. For any ε -DP mechanism M , any t -neighbours X , X 0 , and any set S of outputs - P ( M ( X ) ∈ S ) ≤ e t ε P ( M ( X 0 ) ∈ S ) . 7

Proof of group privacy property t - neighbouring ⇒ tht . . XIX , Nix ? ' ' X. t . tht 't - ' nxt . . .tt - t } ' X o F- Yi , . - - Xi - - Yu 's . K , . - i' ji x . . xk={ × . - in } . ,xi - - i' ji , ,x - ha . . . . - ith } ' ' 's X , rj " , , ti . . . - - , " x2 outputs set of AS PLUNKS )EeEp( MIX 's c- Sleek plumes ) ' ) c- S ) e etc IPIMLX - - - - 8