research-article

The laplace mechanism has optimal utility for differential privacy over continuous queries

Authors:

Natasha Fernandes,

Annabelle McIver,

Carroll MorganAuthors Info & Claims

LICS '21: Proceedings of the 36th Annual ACM/IEEE Symposium on Logic in Computer Science

Article No.: 50, Pages 1 - 12

https://doi.org/10.1109/LICS52264.2021.9470718

Published: 24 November 2021 Publication History

Abstract

Differential Privacy protects individuals' data when statistical queries are published from aggregated databases: applying "obfuscating" mechanisms to the query results makes the released information less specific but, unavoidably, also decreases its utility. Yet it has been shown that for discrete data (e.g. counting queries), a mandated degree of privacy and a reasonable interpretation of loss of utility, the Geometric obfuscating mechanism is optimal: it loses as little utility as possible [Ghosh et al.[1]].

For continuous query results however (e.g. real numbers) the optimality result does not hold. Our contribution here is to show that optimality is regained by using the Laplace mechanism for the obfuscation.

The technical apparatus involved includes the earlier discrete result [Ghosh op. cit.], recent work on abstract channels and their geometric representation as hyper-distributions [Alvim et al.[2]], and the dual interpretations of distance between distributions provided by the Kantorovich-Rubinstein Theorem.

References

[1]

A. Ghosh, T. Roughgarden, and M. Sundarajan, "Universally utility-maximising privacy mechanisms," SIAM J. COMPUT, vol. 41, no. 6, pp. 1673--1693, 2012.

[2]

M. S. Alvim, K. Chatzikokolakis, A. McIver, C. Morgan, C. Palamidessi, and G. Smith, "Additive and multiplicative notions of leakage, and their capacities," in IEEE 27th Computer Security Foundations Symposium, CSF 2014, Vienna, Austria, 19--22 July, 2014. IEEE, 2014, pp. 308--322. [Online].

Digital Library

[3]

C. Dwork, F. McSherry, K. Nissim, and A. D. Smith, "Calibrating noise to sensitivity in private data analysis," in Theory of Cryptography, Third Theory of Cryptography Conference, TCC 2006, New York, NY, USA, March 4--7, 2006, Proceedings, ser. Lecture Notes in Computer Science, S. Halevi and T. Rabin, Eds., vol. 3876. Springer, 2006, pp. 265--284. [Online].

Digital Library

[4]

K. Chatzikokolakis, M. Andrés, N. Bordenabe, and C. Palamidessi, "Broadening the scope of differential privacy using metrics," in International Symposium on Privacy Enhancing Technologies Symposium, ser. LNCS, vol. 7981. Springer, 2013.

[5]

K. Chatzikokolakis, N. Fernandes, and C. Palamidessi, "Comparing systems: Max-case refinement orders and application to differential privacy," in Proc. CSF. IEEE Press, 2019.

[6]

C. Shannon, "A mathematical theory of communication," Bell System Technical Journal, vol. 27, pp. 379--423, 623--656, 1948.

[7]

M. S. Alvim, M. E. Andrés, K. Chatzikokolakis, and C. Palamidessi, "On the relation between differential privacy and quantitative information flow," in Automata, Languages and Programming - 38th International Colloquium, ICALP 2011, Zurich, Switzerland, July 4--8, 2011, Proceedings, Part II, 2011, pp. 60--76. [Online].

Digital Library

[8]

M. S. Alvim, K. Chatzikokolakis, A. McIver, C. Morgan, C. Palamidessi, and G. Smith, The Science of Quantitative Information Flow, ser. Information Security and Cryptography. Springer International Publishing, 2020.

[9]

M. S. Alvim, K. Chatzikokolakis, C. Palamidessi, and G. Smith, "Measuring information leakage using generalized gain functions," in Proc. 25th IEEE Computer Security Foundations Symposium (CSF 2012), Jun. 2012, pp. 265--279.

Digital Library

[10]

A. McIver, C. Morgan, L. Meinicke, G. Smith, and B. Espinoza, "Abstract channels, gain functions and the information order," in FCS 2013 Workshop on Foundations of Computer Security, 2013.

[11]

S. Rachev and L. Ruschendorf, Mass transportation problems. Springer, 1998, vol. 1.

[12]

Y. Deng and W. Du, "The Kantorovich Metric in computer science: A brief survey," Electron. Notes Theor. Comput. Sci., vol. 253, no. 3, pp. 73--82, Nov. 2009. [Online].

Digital Library

[13]

A. McIver, L. Meinicke, and C. Morgan, "A Kantorovich-monadic powerdomain for information hiding, with probability and nondeterminism," in Proc. LiCS 2012, 2012.

Digital Library

[14]

E. Lawler, Combinatorial optimization: Networks and Matroids. Holt, Rinehart and Winston, 1976.

[15]

N. Fernandes, A. McIver, and C. Morgan, "The Laplace Mechanism has optimal utility for differential privacy over continuous queries," April 2021, full version of this paper with appendices. [Online]. Available at http://www.cse.unsw.edu.au/~carrollm/LiCS2021-210420.pdf

Digital Library

[16]

P. Meyer-Nieberg, Banach Lattices. Springer-Verlag, 1991.

[17]

E. Wilson, "First and second laws of error," JASA, vol. 18, no. 143, 1923.

[18]

M. M. Pai and A. Roth, "Privacy and mechanism design," SIGecom Exch., vol. 12, no. 1, pp. 8--29, 2013. [Online].

Digital Library

[19]

I. Dinur and K. Nissim, "Revealing information while preserving privacy," in Proceedings of the Twenty-Second ACM SIGACTSIGMOD-SIGART Symposium on Principles of Database Systems, June 9--12, 2003, San Diego, CA, USA, F. Neven, C. Beeri, and T. Milo, Eds. ACM, 2003, pp. 202--210. [Online].

Digital Library

[20]

C. Dwork and A. Roth, "The algorithmic foundations of differential privacy," Foundations and Trends in Theoretical Computer Science, vol. 9, no. 3--4, pp. 211--407, 2014.

Digital Library

[21]

J. Soria-Comas and J. Domingo-Ferrer, "Optimal data-independent noise for differential privacy," Information Sciences, vol. 250, pp. 200--214, 2012.

[22]

Q. Geng, P. Kairouz, S. Oh, and P. Viswanath, "The staircase mechanism in differential privacy," IEEE Journal of Selected Topics in Signal Processing, vol. 9, no. 7, 2015.

[23]

M. Gupte and M. Sundararajan, "Universally optimal privacy mechanisms for minimax agents," in Proc. Symp. Principles of Database Sytems, ser. PODS '10. New York, NY, USA: Association for Computing Machinery, 2010, pp. 135--146. [Online].

Digital Library

[24]

F. Koufogiannis, S. Han, and G. J. Pappas, "Optimality of the laplace mechanism in differential privacy," arXiv preprint arXiv:1504.00065, 2015.

[25]

Y. Wang, Z. Huang, S. Mitra, and G. E. Dullerud, "Entropy-minimizing mechanism for differential privacy of discrete-time linear feedback systems," in 53rd IEEE conference on decision and control. IEEE, 2014, pp. 2130--2135.

[26]

H. Brenner and K. Nissim, "Impossibility of differentially private universally optimal mechanisms," in 2013 IEEE 54th Annual Symposium on Foundations of Computer Science. Los Alamitos, CA, USA: IEEE Computer Society, oct 2010, pp. 71--80. [Online].

Digital Library

[27]

M. S. Alvim, M. E. Andrés, K. Chatzikokolakis, P. Degano, and C. Palamidessi, "On the information leakage of differentially-private mechanisms," Journal of Computer Security, vol. 23, no. 4, pp. 427--469, 2015. [Online].

[28]

H. Asi and J. C. Duchi, "Near instance-optimality in differential privacy," 2020, arXiv:2005.10630v1, 2020.

[29]

Y. Wang, X. Wu, and L. Wu, "Differential privacy preserving spectral graph analysis," in Advances in Knowledge Discovery and Data Mining, J. Pei, V. S. Tseng, L. Cao, H. Motoda, and G. Xu, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013, pp. 329--340.

[30]

N. Phan, X. Wu, H. Hu, and D. Dou, "Adaptive laplace mechanism: Differential privacy preservation in deep learning," in 2017 IEEE International Conference on Data Mining (ICDM), 2017, pp. 385--394.

[31]

A. Ghosh, T. Roughgarden, and M. Sundararajan, "Universally utility-maximizing privacy mechanisms," in Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, ser. STOC '09. New York, NY, USA: Association for Computing Machinery, 2009, pp. 351--360. [Online].

Digital Library

Cited By

Salim SAli IElsawah SLi XHandl J(2024)A Secure Simulation-optimisation Framework for Fleet Mix Problem: A Defence-based Real-world ApplicationProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3638530.3654170(207-210)Online publication date: 14-Jul-2024
https://dl.acm.org/doi/10.1145/3638530.3654170
Fernandes N(2023)Quantitative Information Flow Techniques for Studying Optimality in Differential PrivacyACM SIGLOG News10.1145/3584676.358468010:1(4-22)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1145/3584676.3584680

Recommendations

Universally utility-maximizing privacy mechanisms
STOC '09: Proceedings of the forty-first annual ACM symposium on Theory of computing

A mechanism for releasing information about a statistical database with sensitive data must resolve a trade-off between utility and privacy. Publishing fully accurate information maximizes utility while minimizing privacy, while publishing random noise ...
The optimal upper bound of the number of queries for Laplace mechanism under differential privacy
Abstract
Differential privacy is a state-of-the-art technology for privacy preserving, and Laplace mechanism is a simple and powerful tool to realize differential privacy. However, there is an obvious flaw in differential privacy, which is each ...
Differential Privacy via a Truncated and Normalized Laplace Mechanism
Abstract
When querying databases containing sensitive information, the privacy of individuals stored in the database has to be guaranteed. Such guarantees are provided by differentially private mechanisms which add controlled noise to the query responses. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

LICS '21: Proceedings of the 36th Annual ACM/IEEE Symposium on Logic in Computer Science

June 2021

1227 pages

ISBN:9781665448956

Conference Chair:
Daniele Gorla
Università di Roma "La Sapienza"

Sponsors

SIGLOG: ACM Special Interest Group on Logic and Computation

In-Cooperation

EACSL: European Association for Computer Science Logic
IEEE-CS: Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 November 2021

Check for updates

Author Tags

Qualifiers

Research-article

Conference

LICS '21

Sponsor:

SIGLOG

LICS '21: 36th Annual ACM/IEEE Symposium on Logic in Computer Science

June 29 - July 2, 2021

Rome, Italy

Acceptance Rates

Overall Acceptance Rate 215 of 622 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
29
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)3

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Salim SAli IElsawah SLi XHandl J(2024)A Secure Simulation-optimisation Framework for Fleet Mix Problem: A Defence-based Real-world ApplicationProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3638530.3654170(207-210)Online publication date: 14-Jul-2024
https://dl.acm.org/doi/10.1145/3638530.3654170
Fernandes N(2023)Quantitative Information Flow Techniques for Studying Optimality in Differential PrivacyACM SIGLOG News10.1145/3584676.358468010:1(4-22)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1145/3584676.3584680

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents