Differentially Private Linear Optimization for Multi-Party Resource Sharing

TL;DR

The paper addresses privacy in multi-party resource sharing by recasting the LP as a decomposable problem where each party reveals only allocations. It then enforces local differential privacy using Gaussian noise (Gaussian mechanism) on shared allocations and analyzes convergence and suboptimality bounds under a subgradient framework, including momentum and clipping enhancements to reduce noise impact. The main contributions are a data-hiding decomposition that avoids trusted aggregators, formal LDP guarantees for iterative LP coordination, explicit optimality-gap bounds, and a clipping/adaptive-sensitivity scheme that keeps privacy loss in check while improving practical performance. Numerical experiments on a production-planning scenario illustrate the privacy-utility trade-offs and demonstrate that momentum and clipping can substantially mitigate the adverse effects of privacy noise. Overall, the approach enables privacy-preserving coordination in production planning, logistics, and revenue management without relying on a trusted central party.

Abstract

This study examines a resource-sharing problem involving multiple parties that agree to use a set of capacities together. We start with modeling the whole problem as a mathematical program, where all parties are required to exchange information to obtain the optimal objective function value. This information bears private data from each party in terms of coefficients used in the mathematical program. Moreover, the parties also consider the individual optimal solutions as private. In this setting, the concern for the parties is the privacy of their data and their optimal allocations. We propose a two-step approach to meet the privacy requirements of the parties. In the first step, we obtain a reformulated model that is amenable to a decomposition scheme. Although this scheme eliminates almost all data exchanges, it does not provide a formal privacy guarantee. In the second step, we provide this guarantee with a locally differentially private algorithm, which does not need a trusted aggregator, at the expense of deviating slightly from the optimality. We provide bounds on this deviation and discuss the consequences of these theoretical results. We also propose a novel modification to increase the efficiency of the algorithm in terms of reducing the theoretical optimality gap. The study ends with a numerical experiment on a planning problem that demonstrates an application of the proposed approach. As we work with a general linear optimization model, our analysis and discussion can be used in different application areas including production planning, logistics, and revenue management.

Figures (7)

• Figure 1: Illustration of the dual decomposition approach to obtain the proposed data-hiding algorithm for multi-party resource sharing.
• Figure 2: The percentage differences between the objective function values of the non-private model and the data-hiding model at different iterations. The subfigure shows an enlarged view of the rectangular region marked with the dashed black line on the plot.
• Figure 3: The comparison of data-hiding algorithms (with and without momentum updates) by showing their average percentage differences between the objective function values of the non-private model and the data-hiding models for the first 1,000 iterations.
• Figure 4: The shares of parties when $K = 5$.
• Figure 5: The shares of parties when $K = 10$.

Theorems & Definitions (11)

• Definition 2.1: Dataset
• Definition 2.2: Local Differential Privacy
• Definition 2.3: zCDP bun2016concentrated
• Theorem 2.1: LDP and zCDP bun2016concentrated
• Definition 2.4: Sensitivity
• Theorem 2.2: Gaussian Mechanism bun2016concentrated
• Theorem 2.3: Composition bun2016concentrated
• Proposition 2.1
• Theorem 2.4
• Theorem 2.5