Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Generalized Rainbow Differential Privacy

Yuzhou Gu, Ziqi Zhou, Onur Günlü, Rafael G. L. D'Oliveira, Parastoo Sadeghi, Muriel Médard, Rafael F. Schaefer

TL;DR

This work introduces rainbow differential privacy, where datasets are nodes in a neighbor graph and each dataset has a preferred output ordering (rainbow) over a finite output space. Under a boundary homogeneous condition, the authors prove the existence and uniqueness of an optimal $(\epsilon,\delta)$-DP mechanism and provide a closed-form construction that depends only on the boundary distributions, enabling a pullback from a boundary rainbow graph and reducing the problem to line graphs. The core technical device is the $T_{\epsilon,\delta}$ operator, which propagate boundary probabilities inward along line graphs to yield distributions that dominate all $(\epsilon,\delta)$-close competitors, establishing optimality. They also analyze the special case $\delta=0$ and the general case $\delta>0$, providing explicit recursions and phase-transition behavior, plus numerical results, and they discuss limitations under non-homogeneous boundaries, dataset-dependence, and connections to lexicographic ordering and exponential mechanisms. The results extend prior two- and three-color rainbow DP work to arbitrary numbers of outputs with a unified, rigorous approach, with potential implications for dataset-adaptive DP mechanism design and broader ordering-based privacy frameworks.

Abstract

We study a new framework for designing differentially private (DP) mechanisms via randomized graph colorings, called rainbow differential privacy. In this framework, datasets are nodes in a graph, and two neighboring datasets are connected by an edge. Each dataset in the graph has a preferential ordering for the possible outputs of the mechanism, and these orderings are called rainbows. Different rainbows partition the graph of connected datasets into different regions. We show that if a DP mechanism at the boundary of such regions is fixed and it behaves identically for all same-rainbow boundary datasets, then a unique optimal $(ε,δ)$-DP mechanism exists (as long as the boundary condition is valid) and can be expressed in closed-form. Our proof technique is based on an interesting relationship between dominance ordering and DP, which applies to any finite number of colors and for $(ε,δ)$-DP, improving upon previous results that only apply to at most three colors and for $ε$-DP. We justify the homogeneous boundary condition assumption by giving an example with non-homogeneous boundary condition, for which there exists no optimal DP mechanism.

Generalized Rainbow Differential Privacy

TL;DR

This work introduces rainbow differential privacy, where datasets are nodes in a neighbor graph and each dataset has a preferred output ordering (rainbow) over a finite output space. Under a boundary homogeneous condition, the authors prove the existence and uniqueness of an optimal -DP mechanism and provide a closed-form construction that depends only on the boundary distributions, enabling a pullback from a boundary rainbow graph and reducing the problem to line graphs. The core technical device is the operator, which propagate boundary probabilities inward along line graphs to yield distributions that dominate all -close competitors, establishing optimality. They also analyze the special case and the general case , providing explicit recursions and phase-transition behavior, plus numerical results, and they discuss limitations under non-homogeneous boundaries, dataset-dependence, and connections to lexicographic ordering and exponential mechanisms. The results extend prior two- and three-color rainbow DP work to arbitrary numbers of outputs with a unified, rigorous approach, with potential implications for dataset-adaptive DP mechanism design and broader ordering-based privacy frameworks.

Abstract

We study a new framework for designing differentially private (DP) mechanisms via randomized graph colorings, called rainbow differential privacy. In this framework, datasets are nodes in a graph, and two neighboring datasets are connected by an edge. Each dataset in the graph has a preferential ordering for the possible outputs of the mechanism, and these orderings are called rainbows. Different rainbows partition the graph of connected datasets into different regions. We show that if a DP mechanism at the boundary of such regions is fixed and it behaves identically for all same-rainbow boundary datasets, then a unique optimal -DP mechanism exists (as long as the boundary condition is valid) and can be expressed in closed-form. Our proof technique is based on an interesting relationship between dominance ordering and DP, which applies to any finite number of colors and for -DP, improving upon previous results that only apply to at most three colors and for -DP. We justify the homogeneous boundary condition assumption by giving an example with non-homogeneous boundary condition, for which there exists no optimal DP mechanism.
Paper Structure (17 sections, 6 theorems, 23 equations, 5 figures)

This paper contains 17 sections, 6 theorems, 23 equations, 5 figures.

Table of Contents

  1. Introduction
  2. Main Contributions
  3. Organization of the Paper
  4. Notation
  5. Rainbow Differential Privacy
  6. Optimal Rainbow Differential Privacy Mechanisms
  7. Optimal Differentially Private Mechanisms for Line Graphs
  8. Designing the Optimal Differentially Private Mechanism
  9. Special Case delta=0
  10. General Case delta>0
  11. Numerical Results
  12. Discussions
  13. Contributions
  14. Dataset dependency
  15. Lexicographic vs. Dominance Ordering
  16. ...and 2 more sections

Key Result

Theorem 1

Let $g: (\mathcal{D}_1, \overset{1}{\sim}) \rightarrow (\mathcal{D}_2, \overset{2}{\sim})$ be a morphism and $\mathcal{M}_2: \mathcal{D}_2 \rightarrow \mathcal{V}$ be an $(\epsilon,\delta)$-DP mechanism on $(\mathcal{D}_2, \overset{2}{\sim})$. Then, the mechanism $\mathcal{M}_1: \mathcal{D}_1 \right

Figures (5)

  • Figure 1: A rainbow graph and its corresponding boundary graph. A vertex represents a dataset and its neighboring datasets are connected by an edge. The function output space is represented by three colors blue, red, and green. Each dataset has a color preference, represented by the ordering inside the vertex. For instance, vertex $d_1$ prefers blue to red and red to green. We call each such color ordering a rainbow. A DP mechanism is then a probability distribution over colors for every vertex. In (B), we show the boundary rainbow graph of the rainbow graph shown in (A), as described in Definition \ref{['def:boundarymorph']} below. In Theorem \ref{['thm:reduce-to-line']} we show how, for homogeneous boundary conditions (defined in Definition \ref{['def:boundaryhomogeneity']} below), optimal $(\epsilon,\delta)$-DP mechanisms on (A) can be retrieved from optimal ones on (B). For example, for rainbow $c=(\texttt{red}, \texttt{green},\texttt{blue})$, the vertex $(c,0)$ in the boundary rainbow graph corresponds to datasets $d_4,d_9$ in the original rainbow graph because they are on the boundary of $B^c$ in the original graph. There is an edge between $(c=(\texttt{red}, \texttt{green},\texttt{blue}),0)$ and $(c'=(\texttt{red},\texttt{blue},\texttt{green}),0)$ in the boundary rainbow graph, because there is an edge $(d_9,d_{13})$ in the original rainbow graph, with $i\in B^c$, $m\in B^{c'}$.
  • Figure 2: Illustration of the rainbow graph in Example \ref{['eg:no-optimal']}. We use blue, red, green to represent the choices $1,2,3$ respectively.
  • Figure 3: The optimal $(\log (1.2),0)$-DP mechanism with homogeneous boundary condition $\vec{m} =(0.0005,0.0081,0.1364, 0.2727, 0.5822)$. We have $\tau_1= 38, \tau_2= 22, \tau_3= 7, \tau_4= 1,$ and $\tau_5=0$.
  • Figure 4: The optimal $(\log(1.2),10^{-3})$-DP mechanism with homogeneous boundary condition $\vec{m} =(0.0005,0.0081,0.1364, 0.2727, 0.5822)$. We have $\tau_1= 25, \tau_2= 20, \tau_3= 7, \tau_4= 1,$ and $\tau_5=0$.
  • Figure 5: The optimal $(\log (1.2),0.01)$-DP mechanism with the homogeneous boundary condition $\vec{m} =(0.0005,0.0081,0.1364, 0.2727, 0.5822)$. We have $\tau_1= 13, \tau_2= 12, \tau_3= 6, \tau_4= 1,$ and $\tau_5=0.$

Theorems & Definitions (20)

  • Definition 1
  • Definition 2: DworkBook
  • Definition 3
  • Definition 4: RafnoDP2colorPaper
  • Theorem 1: RafnoDP2colorPaper
  • Definition 5
  • Example 1
  • Definition 6
  • Theorem 2
  • Definition 7
  • ...and 10 more