Abstract
Local differential privacy (LDP), as a state-of-the-art privacy notion, enables users to share protected data safely while the private real data never leaves user’s device. The privacy regime is one of the critical parameters balancing between the correctness of the statistical result and the level of user’s privacy. In the majority of current work, authors assume that the privacy regime is totally determined by the service provider and dispatched to all users. However, it is inelegant and unpromising for all users to accept the same privacy level in real world. In this paper, we propose a new LDP estimation method MLE which is applicable for the scenario of multiple privacy regimes. MLE uses the idea of parameter estimation to merge the results generated by users of different privacy levels. We also propose an extension of MLE to handle the situation when all users’ regimes are in a continuous distribution. We also provide an Adapt estimator which assigns users to use different LDP schemes based on their regimes, and it performs better than the estimator with only one fixed LDP scheme. Experiments show that our methods provide a higher level of accuracy than previous proposals in this multiple regimes scenario.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Akter, M., Hashem, T.: Computing aggregates over numeric data with personalized local differential privacy. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 249–260. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59870-3_14
Apple2017: macos sierra: share analytics information with apple. https://support.apple.com/kb/PH25654?locale=en_US&viewlocale=en_US
Bassily, R., Smith, A.: Local, private, efficient protocols for succinct histograms. In: Proceedings of the Forty-Seventh Annual ACM Symposium on Theory of Computing, pp. 127–135. ACM (2015)
Bassily, R., Stemmer, U., Thakurta, A.G., et al.: Practical locally private heavy hitters. In: Advances in Neural Information Processing Systems, pp. 2285–2293 (2017)
Chen, R., Li, H., Qin, A.K., Kasiviswanathan, S.P., Jin, H.: Private spatial data aggregation in the local setting. In: IEEE International Conference on Data Engineering, pp. 289–300 (2016)
Dwork, C.: Differential privacy. In: International Colloquium on Automata, Languages, and Programming, pp. 1–12 (2006)
Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_14
Dwork, C., Roth, A.: The Algorithmic Foundations of Differential Privacy. Now Publishers Inc., Hanover (2014)
Erlingsson, Ú., Korolova, A., Pihur, V.: RAPPOR: randomized aggregatable privacy-preserving ordinal response. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 1054–1067 (2014)
Jorgensen, Z., Yu, T., Cormode, G.: Conservative or liberal? Personalized differential privacy. In: 2015 IEEE 31st International Conference on Data Engineering (ICDE), pp. 1023–1034. IEEE (2015)
Kairouz, P., Bonawitz, K., Ramage, D.: Discrete distribution estimation under local privacy. arXiv preprint arXiv:1602.07387 (2016)
Kairouz, P., Oh, S., Viswanath, P.: Extremal mechanisms for local differential privacy. In: Advances in Neural Information Processing Systems, pp. 2879–2887 (2014)
Kasiviswanathan, S.P., Lee, H.K., Nissim, K., Raskhodnikova, S.: What can we learn privately? In: Proceedings IEEE Annual IEEE Symposium on Foundations of Computer Science, vol. 40, no. 3, pp. 793–826 (2008)
Li, H., Xiong, L., Ji, Z., Jiang, X.: Partitioning-based mechanisms under personalized differential privacy. In: Kim, J., Shim, K., Cao, L., Lee, J.-G., Lin, X., Moon, Y.-S. (eds.) PAKDD 2017. LNCS (LNAI), vol. 10234, pp. 615–627. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57454-7_48
Narayanan, A., Shmatikov, V.: How to break anonymity of the Netflix prize dataset. Comput. Sci. (2007)
Qin, Z., Yang, Y., Yu, T., Khalil, I., Xiao, X., Ren, K.: Heavy hitter estimation over set-valued data with local differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 192–203. ACM (2016)
Tang, J., Korolova, A., Bai, X., Wang, X., Wang, X.: Privacy loss in Apple’s implementation of differential privacy on macOS 10.12. arXiv preprint arXiv:1709.02753 (2017)
Wang, T., Blocki, J., Li, N., Jha, S.: Locally differentially private protocols for frequency estimation. In: Proceedings of the 26th USENIX Security Symposium, pp. 729–745 (2017)
Wang, T., Li, N., Jha, S.: Locally differentially private heavy hitter identification. arXiv preprint arXiv:1708.06674 (2017)
Wang, T., Li, N., Jha, S.: Locally differentially private frequent itemset mining. In: IEEE Symposium on Security and Privacy, p. 0. IEEE (2018)
Warner, S.L.: Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60(309), 63–69 (1965)
Ye, M., Barg, A.: Optimal schemes for discrete distribution estimation under local differential privacy. In: 2017 IEEE International Symposium on Information Theory (ISIT), pp. 759–763. IEEE (2017)
Acknowledgments
This work is supported by the National Natural Science Foundation of China (No. U1636216) and National Key R&D Program of China (No. 2016YFB0502302).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
9 Appendix
9 Appendix
A. Proof of Theorem 1
Proof
\(({\hat{f_{(1)}}, \hat{f_{(2)}}, ...,\hat{f_{(M)}}})\) are drawn from different normal distributions, normal distribution has probability density function as follows:
According to probability density function g(x), we know the closer estimation \(\hat{f_{(m)}}\) is to the expectation, the greater the \(g(\hat{f_{(m)}})\). For ease of calculation, we use Eq. 2 to ignore the effect of \(f_i\) on variance. \(g(\hat{f_{(m)}})\) actually has only one variable–expectation. Separately bring each \(\hat{f_{(m)}}\) into function and multiply these functions according to maximum likelihood, we get the final target function which needs to be maximized.
We first turn it to logarithmic function \(y = ln(F(f))\), and after derivation, the first derivative and the two derivative of F(f) are obtained sequentially.
Through simple analysis, \(y''\) is always bigger than 0 and \(y'\) is a strictly monotone increasing function. So F(f) is a convex function with a max value. Then set the first derivative function to zero, here when \(\hat{f}=(\sum _{m=1}^{M}\frac{\hat{f_{(m)}}}{\sigma _m^2}) / (\sum _{m=1}^{M}\frac{1}{\sigma _m^2})\), we can get the maximum of the F(f).
B. Proof of Theorem 2
Proof
First use \(t_m\) to denote \(var(\hat{f_{(m)}})\), the final estimation using maximum likelihood is \(\hat{f}=(\sum _{m=1}^{M}\frac{\hat{f_{(m)}}}{t_m}) / (\sum _{m=1}^{M}\frac{1}{t_m})\). When we calculate the variance of \(\hat{f}\) as follows:
Since the estimations \(f_m (m\in [M])\) are independent of each other, and \(t_m\) here is actually a constant number.
C. Proof of Lemma 3
Proof
We still judge the accuracy of the final estimation from the perspective of variance. The Lemma 1 shows base rappor’s estimation variance is \(var(\hat{f_i} )= \frac{e^{\epsilon /2}}{n (e^{\epsilon /2} -1)^2}\), for the sake of simplicity, let’s first assume \(e^{\epsilon /2}\gg 1\) and use \(t_m\) to denote \(var(\hat{f_{(m)}})\). So that \(t_m=(1/(n_m e^{\epsilon _m/2}))\).
We are clear that the \(\hat{f}\) ’s variance and \(\hat{f_{(m)}} \)’s variance are the same format, because f is regarded as using Base RAPPOR on the whole population while all users have the same privacy regime \(\epsilon '\).
Combining the above equations and Theorem 2 together, we can find \(\epsilon '=2*ln \frac{\sum n_m*exp(\epsilon _m)}{\sum n_m}\). If \(e^{\epsilon /2}\gg 1\) doesn’t hold in some situation, the calculation can still be based on the above formula and the result will become a little more complicated.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ye, Y., Zhang, M., Feng, D., Li, H., Chi, J. (2019). Multiple Privacy Regimes Mechanism for Local Differential Privacy. In: Li, G., Yang, J., Gama, J., Natwichai, J., Tong, Y. (eds) Database Systems for Advanced Applications. DASFAA 2019. Lecture Notes in Computer Science(), vol 11447. Springer, Cham. https://doi.org/10.1007/978-3-030-18579-4_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-18579-4_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18578-7
Online ISBN: 978-3-030-18579-4
eBook Packages: Computer ScienceComputer Science (R0)