620 likes | 723 Views
Private Approximation of Search Problems. Amos Beimel Paz Carmi Kobbi Nissim Enav Weinreb (Technion). Let’s compute f(x, y)!. x. y. No! You will learn too much information on my input!. x. y. Haven’t you heard of secure function evaluation?. x. y.
E N D
Private Approximation of Search Problems Amos Beimel Paz Carmi Kobbi Nissim Enav Weinreb (Technion)
That’s not a problem! We can approximate f by f* and do SFE on f*! x y
Hmmmm.... I don’t know... x y
What can go wrong? Example: f*(x, y) reveals Bob’s input. f(134, 285) = 64 f*(134, 285) = 64.285 f(847, 121) = 26 f*(847, 121) = 26.121 Hmmm... y
Talk Overview • Background and Previous Work • Definitions for Search Problems • Impossibility Result for Vertex Cover • Algorithms that Leak (Little) Information • Positive Result for MAX-3SAT • Problems in P • Conclusions and Open Problems
Private Approximation [FIMNSW] f* is a private approximation for f: • f* is an approximation of f. • f*(x) gives no more information about x then f(x). Privacy definitions: • f*(x) can be simulated given f(x). • If f(x)=f(x’) then f*(x) and f*(x’) should be indistinguishable.
Positive results [FIMNSW] • Hamming distance: • Private approximation in communication O(√n). • Improved to polylog(n) by [IW] • Permanent: • Private approximation in polynomial time.
PA of NP-Hard Functions [HKKN] Vertex Cover Input: undirected graph G=<E,V>. A set is a vertex cover of G if for every , or . Functional: Return minimum vertex cover size. * We’ll discuss search version later.
G Client-Server Model “Would you tell me the vertex cover size of your graph?” “So, tell me an approximation!” “I would, but it is hard to compute.” “Hmmm…” CLIENT SERVER
Maximal Matching Approximation • Find maximal matching. • Its vertices form a cover. • 2-approximation: solution size is at most 2 times the optimal solution. 1 2 3 4 5 6
G 1 2 1 2 3 3 4 5 4 5 6 6 VC 2 2 4 2 Matching “So, tell me an approximation!” “Hmmm…”
Impossibility results [HKKN] • If NP BPP there is no polynomial private n1-ε-approximation algorithm for vertex cover size. • Impossibility results for other NP-complete functions: • MAX-SAT • Vertex cover in planer graphs.
Talk Overview • Background and Previous Work • Definitions for Search Problems • Impossibility Result for Vertex Cover • Algorithms that Leak (Little) Information • Positive Result for MAX-3SAT • Problems in P • Conclusions and Open Problems
Search problems • Function - one output for every input. • Search - many solutions for one input. Example: vertex cover Return a vertex cover of the graph (a setof vertices). • What is the right definition of privacy? • What pairs of inputs should not be distinguished by the output?
c ≈ Step 1: Privacy w.r.t. a Relation R– Equivalence relation over the inputs A– Probabilistic algorithm A is private with respect toR if: A( ) A( ) x x y y
Step 2: Defining the Relation Let P be a search problem. Let S(x) be the set of solutions to the input x. We say that x ≈Py if x and y have the same set of solutions, that is, S(x)=S(y).
c ≈ 1 1 2 2 3 3 4 4 5 5 6 6 Example – Vertex Cover (Search) • G1 ≈VC G2 if they have the same set of minimum vertex covers. • A is a private approximation algorithm for vertex cover if: • A is an approximation algorithm for vertex cover. • G1 ≈VC G2 A(G1) A(G2) • Can this be done efficiently? ≈VC vertex cover sets: {2,3} and {3,5}
1 2 1 2 4 3 4 3 Search versus Functional • In non-private computation: • A lower bound for functional implies a lower bound for search. • Private computation: • Functional– equivalent (VC size = 2). • Search– not equivalent ({2,4} is a VC only of the right graph).
Search versus Functional Can we use the lower bounds techniques of [HKKN] for functional vertex cover? No. • [HKKN] relies on having few equivalence classes. • In search - Huge number of equivalence classes.
Talk Overview • Background and Previous Work • Definitions for Search Problems • Impossibility Result for Vertex Cover • Algorithms that Leak (Little) Information • Positive Result for MAX-3SAT • Problems in P • Conclusions and Open Problems
Vertex Cover - Impossibility Result Theorem 1 If P ≠NP there is no deterministic polynomial time n1-ε-approximation algorithm for vertex cover. Proof idea: Given a private-approximation algorithm A, we construct a greedy algorithm that solves vertex cover exactly.
A Taste of the Proof Claim: Let be a graph and . If then both and are non critical for . A vertex is critical for if every minimum vertex cover of contains . The approximation’s answer teaches us about the optimal solution!
is non critical for . Proof of the Claim Let be a graph and . If then both and are non critical for . Privacy
RP NP Vertex Cover - Impossibility Result Theorem 1 If P ≠NP there is no deterministic polynomial time n1-ε-approximation algorithm for vertex cover. randomized
MAX-3SAT • Given a 3CNF formula find an assignment that satisfies a maximum fraction of its clauses. • Best approximation ratio: 7/8. • if and have the same set of maximum satisfying assignments. • Again, no private approximation!
Talk Overview • Background and Previous Work • Definitions for Search Problems • Impossibility Result for Vertex Cover • Algorithms that Leak (Little) Information • Positive Result for MAX-3SAT • Problems in P • Conclusions and Open Problems
Almost-Private Algorithms [HKKN] • Let f be a function. • f* is a private approximation for f that leaks k bits: • f*(x) can be simulated from f(x) and another k bits of advice. Example: There is an efficient 4-approximation of vertex cover size that leaks 1 bit.
c ≈ Almost-Private Algorithms - Search ? A( ) A( ) A( ) A( ) x x y y z z w w
Almost-Private Algorithms is k-private with respect to if there exists such that: • . • Every equivalence class of is a union of at most equivalence classes of . • is private with respect to .
Search versus Functional Can we use the ideas of [HKKN] for functions to get efficient almost private algorithms for search problems? No. [HKKN] use rounding of the result of a non-private approximation. Not clear how to generalize to search problems.
Every equivalence class of is divided into subclasses. and have the same set of maximum satisfying assignments. … Almost Private Approximation for MAX-E3SAT …
Lemma 1 There is a set of assignments such that for every 3SAT formula on n variables there exists an that satisfies of the clauses in . Proof: Construct almost 3-wise [NN, AGHP]independent variables . Number of assignments: .
Proof of Lemma 1(cont.) For every 3 random variables and every 3 Boolean values : Conclusion 1: For each clause : over the choice of . Conclusion 2: For every formula there is an assignment that satisfies of its clauses.
Almost Private Approximation for MAX-3SAT Theorem 2 There exists a -private -approximation algorithm for MAX-3SAT. Proof: We use from Lemma 1. Given a formula return the first that satisfies at least of the clauses in .
Solution-List Paradigm • A short list of solutions. • Every input has a good approximation in the list. • 2k solutions k-private algorithm
Talk Overview • Background and Previous Work • Definitions for Search Problems • Impossibility Result for Vertex Cover • Algorithms that Leak (Little) Information • Positive Result for MAX-3SAT • Problems in P • Conclusions and Open Problems
Problems in P - Private Computation Let S be a search problem in P. (Example: shortest-path) Recall that x ≈S y if x and y have the same set of solutions. For a private algorithm we require: A(x) ≈c A(y) Is there a private algorithm for every problem in P? No!
Impossibility result for a Problem in P Input: G=<V, E>, C, k Output: If C is a clique of size k in G then output a clique of size k in G. The problem is in P because C is a legal output. A private algorithm implies a non-uniform algorithm for Clique.
Positive Results for Problems in P Any problem S for which we can find: • The lexicographically first solution • x ≈S y implies x and y have the same lex first solution. • A random solution • x ≈S y implies that a random solution distributes identically for x and y. Examples: perfect matching, shortest path, linear algebra, and more...
Discussion – Strength of Definition We said the definition is minimal – good for impossibility results. Is it strong enough for positive results? Can returning the lex first solution be considered private? What is the right sufficient definition? (work in progress...)
Talk Overview • Background and Previous Work • Definitions for Search Problems • Impossibility Result for Vertex Cover • Algorithms that Leak (Little) Information • Positive Result for MAX-3SAT • Problems in P • Conclusions and Open Problems
Further Results • Impossibility result for (any) (log n)-private -approximation algorithm for vertex cover. • Solution-list -approximation algorithm for vertex cover that leaks bits. [BHN07] improved the lower bound to show that the solution-list algorithm is optimal.
Conclusions • Defined private approximation of search problems • Impossibility result for private approximation of vertex cover • Defined k-private approximation algorithms for search problems • Positive result for MAX-3SAT • Private computation of problems in P
Open Problems • More private approximation algorithms. • Design algorithms that defeat solution list algorithms. • Private computation of problems in P. • What is the right (sufficient) definition? • What search problems admit efficient private computation?
Vertex Cover - Impossibility Result Theorem 1 If P ≠NP there is no deterministic polynomial time n1-ε-approximation algorithm that is private with respect to ≈VC. Proof Idea: Given a private n1-ε-approximation algorithm A, we exactly solve vertex cover.