differential privacy li xiong outline differential
play

Differential Privacy Li Xiong Outline Differential Privacy - PowerPoint PPT Presentation

Feb 23, 2023 •500 likes •1.15k views

CS573 Data Privacy and Security Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques Composition theorems Statistical Data Privacy Non-interactive vs interactive Privacy goal: individual is

  1. CS573 Data Privacy and Security Differential Privacy Li Xiong

  2. Outline • Differential Privacy Definition • Basic techniques • Composition theorems

  4. Statistical Data Privacy • Non-interactive vs interactive • Privacy goal: individual is protected • Utility goal: statistical information useful for analysis Queries Privacy Original Mechanism Data Statistics/ Data Synthetic analyst data Data curator

  5. Recap • Anonymization or de-identification (input perturbation) – Linkage attacks, homogeneity attacks • Query auditing/restriction – Query denial is itself disclosive, computationally infeasible • Summary statistics – Differencing attacks

  6. Differential Privacy • Promise: an individual will not be affected, adversely or otherwise, by allowing his/her data to be used in any study or analysis, no matter what other studies, datasets, or information sources, are available ” • Paradox: learning nothing about an individual while learning useful statistical information about a population

  7. Differential Privacy • Statistical outcome is indistinguishable regardless whether a particular user (record) is included in the data

  8. Differential Privacy • Statistical outcome is indistinguishable regardless whether a particular user (record) is included in the data

  9. Differential privacy: an example Perturbed histogram Original records Original histogram with differential privacy

  15. Differential Privacy: Some Qualitative Properties • Protection against presence/participation of a single record • Quantification of privacy loss • Composition • Post-processing

  16. Differential Privacy: Additional Remarks • Correlations between records • Granularity of a single record (difference for neighboring database) – Group privacy – Graph database (eg social networks): node vs edge – Movie rating database: user vs event (movie)

  17. Outline • Differential Privacy Definition • Basic techniques – Laplace mechanism – Exponential mechanism – Random Response • Composition theorems

  19. Can deterministic algorithms satisfy differential privacy? Module 2 Tutorial: Differential Privacy in the Wild 19

  20. Non trivial deterministic algorithms do not satisfy differential privacy Space of all inputs Space of all outputs (at least 2 distinct outputs) Module 2 Tutorial: Differential Privacy in the Wild 20

  21. Non-trivial deterministic algorithms do not satisfy differential privacy Each input mapped to a distinct output. Module 2 Tutorial: Differential Privacy in the Wild 21

  22. There exist two inputs that differ in one entry mapped to different outputs. Pr > 0 Pr = 0 Module 2 Tutorial: Differential Privacy in the Wild 22

  23. Output Randomization Query Database Add noise to true answer Researcher • Add noise to answers such that: – Each answer does not leak too much information about the database. – Noisy answers are close to the original answers. Module 2 Tutorial: Differential Privacy in the Wild 23

  24. [DMNS 06] Laplace Mechanism Query q Database True answer q(D) + η q(D) Researcher η Laplace Distribution – Lap(S/ ε ) 0.6 0.4 0.2 0 Module 2 Tutorial: Differential Privacy in the Wild 24 -10 -8 -6 -4 -2 0 2 4 6 8 10

  25. Laplace Distribution • PDF: • Denoted as Lap(b) when u=0 • Mean u • Variance 2b 2

  26. How much noise for privacy? [Dwork et al., TCC 2006] Sensitivity : Consider a query q: I  R. S(q) is the smallest number s.t. for any neighboring tables D, D’, | q(D) – q (D’ ) | ≤ S(q) Theorem : If sensitivity of the query is S , then the algorithm A(D) = q(D) + Lap(S(q)/ ε ) guarantees ε - differential privacy Module 2 Tutorial: Differential Privacy in the Wild 26

  27. Example: COUNT query D Disease • Number of people having disease (Y/N) Y • Sensitivity = 1 Y N • Solution: 3 + η , Y where η is drawn from Lap(1/ ε ) N – Mean = 0 – Variance = 2/ ε 2 N Module 2 Tutorial: Differential Privacy in the Wild 27

  28. Example: SUM query • Suppose all values x are in [a,b] • Sensitivity = b Module 2 Tutorial: Differential Privacy in the Wild 28

  29. Privacy of Laplace Mechanism • Consider neighboring databases D and D’ • Consider some output O Module 2 Tutorial: Differential Privacy in the Wild 29

  30. Utility of Laplace Mechanism • Laplace mechanism works for any function that returns a real number • Error: E(true answer – noisy answer) 2 = Var( Lap(S(q)/ ε ) ) = 2*S(q) 2 / ε 2 • Error bound: very unlikely the result has an error greater than a factor (Roth book Theorem 3.8) Module 2 Tutorial: Differential Privacy in the Wild 30

  31. Outline • Differential Privacy Definition • Basic techniques – Laplace mechanism – Exponential mechanism – Random Response • Composition theorems

  32. Exponential Mechanism • For functions that do not return a real number … – “what is the most common nationality in this room”: Chinese/Indian/American… • When perturbation leads to invalid outputs … – To ensure integrality/non-negativity of output Module 2 Tutorial: Differential Privacy in the Wild 32

  33. [MT 07] Exponential Mechanism Consider some function f (can be deterministic or probabilistic): Inputs Outputs How to construct a differentially private version of f? Module 2 Tutorial: Differential Privacy in the Wild 33

  34. Exponential Mechanism Theorem For a database D, output space R and a utility score function u : D× R → R , the algorithm A Pr[ A ( D ) = r ] ∝ exp ( ε × u ( D, r )/ 2Δ u ) satisfies ε -differential privacy, where Δ u is the sensitivity of the utility score function Δ u = max r & D,D’ | u ( D, r ) - u ( D’, r )|

  35. Example: Exponential Mechanism • Scoring/utility function w: Inputs x Outputs  R • D: nationalities of a set of people • f(D) : most frequent nationality in D • u (D, O) = #(D, O) the number of people with nationality O Module 2 Tutorial: Differential Privacy in the Wild 35

  36. Privacy of Exponential Mechanism The exponential mechanism outputs an element r with probability Pr[ A ( D ) = r ] ∝ exp ( ε × u ( D, r )/ 2Δ u ) Δ u = max r & D,D’ | u ( D, r ) - u ( D’, r )| Approximately Pr[ A ( D ) = r ] /Pr[ A ( D’ ) = r ] <= ε (Exact proof with normalization factor: Roth Book page 39)

  37. Privacy of Exponential Mechanism

  38. Utility of Exponential Mechanism • Can give strong utility guarantees, as it discounts outcomes exponentially based on utility score • Highly unlikely that returned element r has a utility score inferior to max r u(D,r) by an additive factor of (Theorem 3.11 Roth book)

  39. Outline • Differential Privacy Definition • Basic techniques – Laplace mechanism – Exponential mechanism – Random Response • Composition theorems

  40. [W 65] Randomized Response (a.k.a. local randomization) D O Disease Disease (Y/N) (Y/N) Y Y With probability p, Report true value Y N With probability 1-p, Report flipped value N N Y N N Y N N Module 2 Tutorial: Differential Privacy in the Wild 40

  41. Differential Privacy Analysis • Consider 2 databases D, D’ (of size M) that differ in the j th value – D[j] ≠ D’[j]. But, D[ i ] = D’[ i], for all i ≠ j • Consider some output O Module 2 Tutorial: Differential Privacy in the Wild 41

  42. Utility Analysis • Suppose n1 out of n people replied “yes”, and rest said “no” • What is the best estimate for π = fraction of people with disease = Y? π hat = {n1/n – (1-p)}/(2p-1) • E( π hat ) = π • Var( π hat ) = Sampling Variance due to coin flips Module 2 Tutorial: Differential Privacy in the Wild 42

  43. Laplace Mechanism vs Randomized Response Privacy • Provide the same ε -differential privacy guarantee • Laplace mechanism assumes data collector is trusted • Randomized Response does not require data collector to be trusted – Also called a Local Algorithm, since each record is perturbed Module 2 Tutorial: Differential Privacy in the Wild 43

  44. Laplace Mechanism vs Randomized Response Utility • Suppose a database with N records where μN records have disease = Y. • Query: # rows with Disease=Y • Std dev of Laplace mechanism answer: O(1/ ε ) • Std dev of Randomized Response answer: O(√N) Module 2 Tutorial: Differential Privacy in the Wild 44

  45. Outline • Differential Privacy • Basic Algorithms – Laplace – Exponential Mechanism – Randomized Response • Composition Theorems Module 2 Tutorial: Differential Privacy in the Wild 45

  46. Why Composition? • Reasoning about privacy of a complex algorithm is hard. • Helps software design – If building blocks are proven to be private, it would be easy to reason about privacy of a complex algorithm built entirely using these building blocks. Module 2 Tutorial: Differential Privacy in the Wild 46

  47. A bound on the number of queries • In order to ensure utility, a statistical database must leak some information about each individual • We can only hope to bound the amount of disclosure • Hence, there is a limit on number of queries that can be answered Module 2 Tutorial: Differential Privacy in the Wild 47

Recommend

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong Applying Differential Privacy Real world deployments of differential privacy OnTheMap RAPPOR Module 4 Tutorial: Differential Privacy in the Wild

617 views • 30 slides
Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Differential Privacy and Fairness: Foundations and New Frontiers Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New Settings - Pan Privacy - Privacy in multi-party settings - Fairness Outline

947 views • 49 slides
Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor University of Minnesota 1 Differential privacy? Isnt it just adding noise? How to add smart noise to guarantee privacy without sacrificing

592 views • 57 slides
Differential Privacy Tabular Data Li Xiong Outline Tabular data and histogram/range

Differential Privacy Tabular Data Li Xiong Outline Tabular data and histogram/range

CS573 Data Privacy and Security Differential Privacy Tabular Data Li Xiong Outline Tabular data and histogram/range queries Algorithms for low dimensional data Algorithms for high dimensional data Example: statistics/synthetic

758 views • 55 slides
Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

CS573 Data Privacy and Security Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine Learning Under Adversarial Settings Data privacy/confidentiality attacks membership attacks, model inversion

3.44k views • 63 slides
Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue

Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue

Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue University) 1 Outline Motivation of Differential Privacy and Local Differential Privacy (LDP) Frequency Oracles in LDP Tradeoff between

821 views • 53 slides
Implementing Differential Privacy &amp; Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy &amp; Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy &amp; Side-channel attacks CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 14 : 590.03 Fall 12 1 Outline Differential Privacy Implementations PINQ: Privacy Integrated Queries [McSherry SIGMOD

1.22k views • 40 slides
Differential Privacy Privacy &amp; Fairness in Data Science CS848 Fall 2019 2 Outline

Differential Privacy Privacy &amp; Fairness in Data Science CS848 Fall 2019 2 Outline

Differential Privacy Privacy &amp; Fairness in Data Science CS848 Fall 2019 2 Outline Problem Differential Privacy Basic Algorithms 3 Statistical Databases Person 1 Person 2 Person 3 Person N Individuals with r 1 r 2 r 3 r N

1.01k views • 70 slides
CS573 Data Privacy and Security Differential Privacy tabular data and range queries Li Xiong

CS573 Data Privacy and Security Differential Privacy tabular data and range queries Li Xiong

CS573 Data Privacy and Security Differential Privacy tabular data and range queries Li Xiong Outline Tabular data and histogram/range queries Algorithms for low dimensional data Algorithms for high dimensional data Example:

692 views • 57 slides
A Short Tutorial on Differential Privacy Borja Balle Amazon Research Cambridge The Alan Turing

A Short Tutorial on Differential Privacy Borja Balle Amazon Research Cambridge The Alan Turing

A Short Tutorial on Differential Privacy Borja Balle Amazon Research Cambridge The Alan Turing Institute January 26, 2018 Outline 1. We Need Mathematics to Study Privacy? Seriously? 2. Differential Privacy: Definition, Properties and Basic

868 views • 75 slides
Algorithms for Differential Privacy: Exponential &amp; Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential &amp; Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential &amp; Median Mechanism CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 7 : 590.03 Fall 12 1 Recap: Differential Privacy For every pair of inputs For every output that differ in one

445 views • 29 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy Alexandra Wood Berkman Klein Center for Internet &amp; Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka Differential Privacy A randomized computation M provides -differential privacy if for any datasets A and B that differ by 1 record and any set of

193 views • 17 slides
Dependence Makes You Vulnerable: Differential Privacy Under Dependent Tuples Changchang Liu 1 ,

Dependence Makes You Vulnerable: Differential Privacy Under Dependent Tuples Changchang Liu 1 ,

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Dependence Makes You Vulnerable: Differential Privacy Under Dependent Tuples Changchang Liu 1 , Supriyo Chakraborty 2 , Prateek Mittal 1 Email: 1 { cl12, pmittal }

512 views • 38 slides
Providing Input-Discriminative Protection for Local Differential Privacy Xiaolan Gu * , Ming Li *

Providing Input-Discriminative Protection for Local Differential Privacy Xiaolan Gu * , Ming Li *

Providing Input-Discriminative Protection for Local Differential Privacy Xiaolan Gu * , Ming Li * , Li Xiong # and Yang Cao *University of Arizona # Emory University Kyoto University IEEE International Conference on Data Engineering

440 views • 20 slides
-Liftings for Differential Privacy and f -Divergences Gilles Barthe, Thomas Espitau, Justin

-Liftings for Differential Privacy and f -Divergences Gilles Barthe, Thomas Espitau, Justin

-Liftings for Differential Privacy and f -Divergences Gilles Barthe, Thomas Espitau, Justin Hsu, Tetsuya Sato, Pierre-Yves Strub 1 Differential privacy: probabilistic program property 2 Differential privacy: probabilistic program property

668 views • 48 slides
Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly Feldman Ulfar Erlingsson Ilya Mironov Ananth Raghunathan Kunal Talwar Abhradeep Thakurta Local Differential Privacy (LDP) 1 1 For all ,

151 views • 11 slides
Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law

Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law

Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law of Information Reconstruction The release of too many overly accurate statistics gives privacy violations. ( , )-Differential Privacy

1.26k views • 76 slides
Differential Privacy and Redistricting: Investigations On and Off the Census Spine Aloni Cohen,

Differential Privacy and Redistricting: Investigations On and Off the Census Spine Aloni Cohen,

Differential Privacy and Redistricting: Investigations On and Off the Census Spine Aloni Cohen, Moon Duchin, JN Matthews, Bhushan Suwal, Peter Wayner What is differential privacy? And Why is the Census using it? The problem We performed a

393 views • 18 slides
Differential privacy and applications to location privacy Catuscia Palamidessi INRIA &amp; Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA &amp; Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA &amp; Ecole Polytechnique 1 Plan of the talk General introduction to privacy issues A naive approach to privacy protection: anonymization Why it

740 views • 44 slides
Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Do Computer Science Definitions of Privacy Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS LAW Kobbi Nissim Ben-Gurion University Center for Research on Computation and Society

865 views • 62 slides
Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula

Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula

Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula Andrew Russell Brent Waters Hardness of Non-Interactive Differential Privacy from One-Way Functions Lucas Kowalczyk Tal Malkin Jonathan

649 views • 20 slides

More recommend