1 / 21

Exploring Differential Privacy and Privacy Loss Classes

Dive into differential privacy and Privacy Loss Classes to understand privacy guarantees and mechanisms. Enjoy detailed explanations, illustrations, and comparisons for a comprehensive view. Discover concepts like the Central Limit Theorem in Differential Privacy and Probabilistic Differential Privacy. Explore approaches like Approximate Differential Privacy and Rényi Differential Privacy. Gain insights into composition of mechanisms and the superiority of Gaussian mechanisms over Laplace mechanisms. Learn about privacy guarantees and bounds for better data protection strategies.

sylvias
Download Presentation

Exploring Differential Privacy and Privacy Loss Classes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privacy Loss Classes: The Central Limit Theorem in Differential Privacy David Sommer, Sebastian Meiser, EsfandiarMohammadi David Sommer

  2. Privacy: Howtobe verwechselbar David Sommer • Explainhowprivacyisbased on the verwechselbar property • Currentacademicapproach: Differential Privacy • Evtlthey do not know DP • Many (similar) definitions (mentionthemverbaly) • This talkisaboutdataprivacy (mit bild), tryingtoestimatetheprivacyleakagequantitativelyascloseaspossibleunderreasonablecomputationalassumptions.

  3. OurContribution David Sommer Wearegoingtoconnectthem. Weandshowgeneralmethodofcompositionprivacyleakageofconsequitvequeries. Allowscomparisonofmechanisms (exactformulafor Gauss): Gauss betterthanlaplace

  4. Farfetched: UseGaussian Noise David Sommer Ifyouareadding Noise, useGaussian, asitoffersalmost same privacyguarantees (withnegligibledelta) as Laplace, but half thevariance -> Gauss hashigherutilitythan Laplace at similarprivacyguarantees Pictures.

  5. -Differential Privacy (DP) Definition: A mechanism is -differentially private, where ≥ 0, if for all databases and with , and for all sets , where is the range of , the following equation holds: David Sommer • We canlook at atomicevents as • Preparefor Privacy Loss Function

  6. Privacy Loss Definition: for If, then Else, David Sommer • Not new. But explaindetailed. Out ofindistinguishabilityperspective • Giventwodistributions.. Withatomicevents.. • Additive noise -> cannotcontroldistevents • Youcannotcontrolbasesignal, onlydummynoisepossible. Youcannotremoveanything • Automatictruncation at zero. • In ourexample, closerdistributionshave at mosttheleakagewedescibe. • (worstcasedistributions)

  7. Privacy Loss Distribution (PLD) David Sommer HowfromLoss Function. Animatedwithexample Illustrateinner PDL and evtl. dual PLD (backup) Different mechanismsleadto different PLDs Next, wegototheheartofmywork. Illustrate Pure DP in PLD example.

  8. (\eps, \delta)-Probabilistic Differential Privacy (PDP) David Sommer • Whatifthereareleftovers in PLD? • Weget a delta. • This is PDP, Definition • Speakabout Dual PLD • Maybeexplain (eps,delta) graphshere.

  9. Definition: A mechanism is ()-differentially private, where ≥ 0, if for all databases and with , and for all sets , where is the range of , the following equation holds: Approximate Differential Privacy (ADP) David Sommer • PDP is not closedunder post-processing. • Explain: ifyouhave (eps, delta)-PDP andyoumakepostprocessing, youmight not have (eps,delta)-PDP anymore. • Isfixedby ADP, Definition. • This translatesfrom PLD simplyasfollows. • ADP graphsillustration, • speakabout (eps, delta(eps))_epssequences (covering all eps (-infty, infty)) • Speakaboutequivalenceto PLD

  10. Rényi Differential Privacy (RDP) David Sommer • Inflate PLD exponetially, take log-moments, showformula. • This isRényi-DP, • speakabout(alpha, R(alpha))_alphasequences, illustrateas graph. • Speakabout (conditioned) equivalenceto PLD • Umkehrbar ifdistributiondoes not growtoomuch, (isstdresult in Math, Hausdorffor so problem) • usuallythecase, elseprivacyfucked. • Rényi-DP worksonlywithoutdistingusihingevents (onlyinner DP) • but thereisapproximate RDP • Works withotherdefinitionsaswell.

  11. RDP_seq<==> PLD <==> ADP_seq David Sommer Speakabout (conditioned)equivalence Show graph

  12. Composition David Sommer • Whatmeanscomposition in observationspace? Joint productdistribution. • Example • Illustrateon multiplicationofoutput-probabilitiesofmechanism, whichgies an addition in log space (lossfunction) • CompositionofMechanismsisconvolutionof *inner *PLD, evenfor different PLDs

  13. Privacy Loss Classes David Sommer • ConvolutionofinnerPLD -> CLT • CLT requiresonlymu, sigma • Every PLD convergesagainstGaussiianwith Class (mu, sigma, infty) • Thereareeven CLT for non-equal PLDs (Lindenberg Condition) • (we do not havelookedintoitdetailed)

  14. ADP underComposition David Sommer Apply Berry-EseenandNagaev. Show formula (maybe) Show plots

  15. Example: GaussianMecahnismunderComposition David Sommer ConvolutionofGaussianisGaussian Therefore, wefoundexactformulafor 1D Gaussiannoise+ efficientlycomputable. (Balle) Wedidsimilarforrandomizedresponse (exactformula, but not easilycomputable) (maybe same as in kairouz)

  16. Gauss vs. Laplace Mechanism David Sommer Show pictueabout different mechanisms. Giveintuitionwhy Gauss haslowervar (heaviertail) Show graphillustatingnegligibility. Makegraphfor same variance, thatshowssmalereps.

  17. Markov-ADP Bound David Sommer Mironov: PDP boundbased on Markov-bound Made better ADP boundby not over-approximatingbuckets Graph forillustration. Graph forshowingsuperiority.

  18. Summary David Sommer Introduced Privacy Loss Distribution (PLD) (conditioned) Equivalence RDP, PLD, ADP Compositionforarbitarymechanisms CLT andtheexactresultforGaussian ADP boundsbased on CLT Gaussianisbetterthan Laplace Markov-ADP Bound Links toimplementation.

  19. Backup Slides David Sommer

  20. Dual PLD David Sommer Illustrate

  21. Worst Case distributions David Sommer Existforcertainproblems (forward) ourmechanismallows different outputscomputecompositionleakageexactly

More Related