Entropy-minimizing Mechanism for Differential Privacy of - PowerPoint PPT Presentation

Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems Yu Wang, Zhenqi Huang, Sayan Mitra and Geir E. Dullerud September 25, 2014

General Question Trade-off between ”privacy” and ”accuracy”: a common strategy to protect some data private is to randomize it, but this undermines the accuracy of the data. Example 1 : Adversary A Noise N ( t ) U ( t ) V ( t ) X ( t ) Z ( t ) Plant P Mechanism M + Y ( t ) Controller C Figure: Block Diagram for ǫ -Differentially Private Discrete-time Linear Feedback System 1 Huang et al., HiCoNS 14.

Preliminaries In this work, we use the concept of ǫ -differential privacy as a measure of privacy. It originates from the study of privacy-preserving queries of datasets 2 and later extends to dynamic systems. Definition The mechanism M is ǫ -differentially private if the inequality P [ M ( x 1 ) ⊆ O ] ≤ exp ( ǫ � x 1 − x 2 � 1 ) P [ M ( x 2 ) ⊆ O ] (1) holds for any inputs x 1 , x 2 and a set of possible outputs O , where � x � 1 = � n i =1 | x i | . 2 C. Dwork, 2006.

Preliminaries Accuracy is measured by Shannon entropy. For a random variable X on R n with probability distribution function f ( x ), � H ( X ) = − R n f ( x ) ln( x ) d x (2)

One-shot Query Noise N ( X ) Input X Output Y Mechanism M Figure: Block Diagram for a ǫ -Differentially Private Mechanism Conditions: ◮ X , Y ∈ ( R n , � · � 1 ) ◮ the joint p.d.f. p ( x , y ) is absolute continuous; ◮ the noise N ( X ) is zero-mean; ◮ the accuracy is measured by H ( M ) = sup X H ( Y ).

Theorem For an ǫ -differentially private mechanism M with input set ( R n , � · � 1 ) , we have H ( M ) ≥ n − n ln( ǫ/ 2) and the minimum is � ǫ 2 ) n exp( − ǫ � y − x � 1 ) = � n 2 e − ǫ | y i − x i | � achieved by p ( x , y ) = ( ǫ . i =1 Trade-off: Privacy ↑ = ⇒ ǫ ↓ = ⇒ H ( M ) ↑ = ⇒ Accuracy ↓

Control Systems Adversary A Noise N ( t ) U ( t ) V ( t ) X ( t ) Z ( t ) Plant P Mechanism M + Y ( t ) Controller C Conditions: ◮ X ( t ) , Y ( t ) , Z ( t ) , U ( t ) , V ( t ) ∈ ( R n , � · � 1 ) ◮ zero input: U ( t ) = 0 ◮ unit gain feedback: V ( t ) = Y ( t ) = Z ( t ) ◮ dynamics: X ( t + 1) = AX ( t ) + BV ( t ).

Control Systems Adversary A Noise N ( t ) U ( t ) V ( t ) X ( t ) Z ( t ) Plant P Mechanism M + Y ( t ) Controller C The adversary A only has access to the randomized outputs { Z ( i ) | i ∈ [ t ] } . Since t − 1 � A t − i − 1 BZ ( i ) , X ( t ) = A t X (0) + (3) i =0 protecting the ǫ -differential privacy of the initial system state is equivalent to protecting the ǫ -differential privacy of the whole trajectory.

Control Systems The adversary A estimates the initial system state from the past history of randomized outputs { Z ( i ) | i ∈ [ t ] } by ˜ X ( t ) = E [ X (0) | Z (0) , Z (1) , . . . , Z ( t )] , (4) The accuracy of the output of the mechanism M at time t ∈ N is measured by � � ˜ H ( M , t ) = H X ( t ) . (5)

Control Systems The mechanism L is ǫ -differentially private up to time t ∈ N , if for any pair of initial states x 1 , x 2 ∈ R n , and output history { z ( i ) | i ∈ [ t ] } , P [ Z (1) = z (1) , . . . , Z ( t ) = z ( t ) | X (0) = x 1 ] P [ Z (1) = z (1) , . . . , Z ( t ) = z ( t ) | X (0) = x 2 ] (6) ≤ exp ( ǫ � x 1 − x 2 � ) . By Bayes formula, (6) is equivalent to h t ( x 1 ) ≤ exp ( ǫ � x 1 − x 2 � ) ˜ ˜ h t ( x 2 ) . (7) where ˜ h t is the probability density function of ˜ X ( t ).

Control Systems Theorem If a mechanism is ǫ -differentially private up to time t ≥ 0 , then H ( L , i ) ≥ n − n ln( ǫ 2) (8) for i ∈ 1 , . . . , t. The equality holds when N (0) ∼ Lap (1 /ǫ ) , and for t ≥ 1 , N ( t ) = AN ( t − 1) . In this case H ( L , 1) = H ( L , 2) = . . . = H ( L , t ) = n − n ln( ǫ 2) . (9)

Proof of Theorem Assume X , Y ∈ R . Problem Minimize: H ( M ) subject to: P [ M ( x 1 ) ⊆ O ] ≤ exp ( ǫ � x 1 − x 2 � 1 ) P [ M ( x 2 ) ⊆ O ]

Proof Step 1 Claim 1: for fixed x , p ( x , y − x ) is even. � H + 1 ( M ) = sup − p ( x , y ) ln p ( x , y ) d y , (10) x ∈ R [ x , ∞ ) � H − 1 ( M ) = sup − p ( x , y ) ln p ( x , y ) d y . (11) x ∈ R ( −∞ , x ]  if y > x , H + 1 ( M ) ≤ H − 1 ( M )  p ( x , y )   or y < x , H + 1 ( M ) > H −  1 ( M ) ,  q ( x , y ) = if y > x , H + 1 ( M ) > H − 1 ( M )  p ( x , 2 x − y )   or y < x , H + 1 ( M ) ≤ H −  1 ( M ) .  (12) H ( N ) = 2 min { H + 1 ( M ) , H − 1 ( M ) } ≤ H + 1 ( M ) + H − 1 ( M ) = H ( M ) , (13)

Proof Step 1 Claim 2: for any x , p ( x , y ) = p (2 a − x , 2 a − y ). � H + ( M ) = sup − p ( x , y ) ln p ( x , y ) d y , (14) x > a R � H − ( M ) = sup − p ( x , y ) ln p ( x , y ) d y . (15) x ≤ a R If H + ( M ) ≤ H − ( M ), then define � p ( x , y ) , x > a , q ( x , y ) = (16) p (2 a − x , 2 a − y ) , x ≤ a , otherwise, define � p (2 a − x , 2 a − y ) , x > a , q ( x , y ) = (17) p ( x , y ) , x ≤ a . H ( N ) = min { H + ( M ) , H − ( M ) } ≤ max { H + ( M ) , H − ( M ) } = H ( M ) , (18)

Proof Step 1 Claim 3: p ( x , y ) = f ( y − x ). Let q ( x , y ) = p ( x , y − x ). By Claim 2, q ( x , y ) = q (2 a − x , − y ). By Claim 1, q (2 a − x , − y ) = q (2 a − x , y ). Now the problem becomes, Problem � Minimize: H ( f ) = − f ( x ) ln f ( x ) d x , [0 , ∞ ) subject to: f ( x ) is absolutely continuous , f ( x ) ≥ 0 , | f ′ ( x ) | ≤ ǫ f ( x ) a.e. , � f ( x ) d x = 1 2 . [0 , ∞ )

Proof Step 2 Claim 4: f ( x ) is decreasing. Let x ∗ be a local minimum on (0 , 1). Then there exists x ∗ ∈ [ a , b ] such that f ( a ) = f ( b ) > f ( x ) for x ∈ ( a , b ). Let � b 1 d = a f ( x ) d x and f ( a )  f ( x ) , x ∈ [0 , a ] ,   h ( x ) = f ( b ) , x ∈ [ a , a + d ] , (19)  f ( x + b − a − d ) , x ∈ [ a + d , ∞ ] .  Then H ( h ) < H ( f ).

Proof Step 2 � ∞ Let F ( x ) = f ( y ) d y . x � ∞ � ∞ | f ′ ( x ) | d y ≥ 1 f ′ ( x ) d y | F ( x ) ≥ ǫ | ǫ x x (20) = 1 ǫ | f ( ∞ ) − f ( x ) | = f ( x ) ǫ In particular, f (0) ≥ ǫ F (0) = ǫ 2 .

Proof Step 2 � ∞ H ( f ) = − f ( x ) ln f ( x ) d x 0 � ∞ � x f ′ ( y ) � � = − f ( x ) ln f (0) + f ( y ) d y d x 0 0 � ∞ �� ∞ f ′ ( y ) = − 1 � 2 ln f (0) − f ( x ) d x d y f ( y ) 0 x (21) � ∞ f ′ ( y ) F ( y ) = − 1 2 ln f (0) − d y f ( y ) 0 � ∞ f ′ ( y ) ≥ − 1 2 ln f (0) − d y ǫ 0 = f (0) − 1 2 ln f (0) ≥ 1 2 − ln( ǫ 2) , ǫ The minimum is achieved by f ( x ) = ǫ 2 exp( − ǫ x ) . (22)

Thanks!