Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Differentially private projection-depth-based medians

Kelly Ramsay, Dylan Spicker

TL;DR

This work addresses the problem of privately estimating multivariate location robustly without moment assumptions by introducing projection-depth-based medians privatized via a PTR framework. The authors construct private estimators using the exponential mechanism applied to projected outlyingness and couple this with a privacy-preserving safety test, enabling release only when the input is likely safe. They prove finite-sample deviation bounds and quantify the privacy cost, establishing conditions under which privacy does not compromise robustness, including breakdown-point guarantees. In Gaussian settings, the private estimator attains deviation rates matching the optimal private mean-estimation bounds, while Cauchy/heavy-tail settings reveal an outlier amplification effect that can dominate privacy costs. The paper extends the PTR framework to general mechanisms and provides practical insights supported by simulations, offering a principled approach to affine-equivariant private medians with favorable privacy-utility trade-offs in robust high-dimensional settings.

Abstract

We develop $(ε,δ)$-differentially private projection-depth-based medians using the propose-test-release (PTR) and exponential mechanisms. Under general conditions on the input parameters and the population measure, (e.g. we do not assume any moment bounds), we quantify the probability the test in PTR fails, as well as the cost of privacy via finite sample deviation bounds. Next, we show that when some observations are contaminated, the private projection-depth-based median does not break down, provided its input location and scale estimators do not break down. We demonstrate our main results on the canonical projection-depth-based median, as well as on projection-depth-based medians derived from trimmed estimators. In the Gaussian setting, we show that the resulting deviation bound matches the known lower bound for private Gaussian mean estimation. In the Cauchy setting, we show that the ``outlier error amplification'' effect resulting from the heavy tails outweighs the cost of privacy. This result is then verified via numerical simulations. Additionally, we present results on general PTR mechanisms and a uniform concentration result on the projected spacings of order statistics, which may be of general interest.

Differentially private projection-depth-based medians

TL;DR

This work addresses the problem of privately estimating multivariate location robustly without moment assumptions by introducing projection-depth-based medians privatized via a PTR framework. The authors construct private estimators using the exponential mechanism applied to projected outlyingness and couple this with a privacy-preserving safety test, enabling release only when the input is likely safe. They prove finite-sample deviation bounds and quantify the privacy cost, establishing conditions under which privacy does not compromise robustness, including breakdown-point guarantees. In Gaussian settings, the private estimator attains deviation rates matching the optimal private mean-estimation bounds, while Cauchy/heavy-tail settings reveal an outlier amplification effect that can dominate privacy costs. The paper extends the PTR framework to general mechanisms and provides practical insights supported by simulations, offering a principled approach to affine-equivariant private medians with favorable privacy-utility trade-offs in robust high-dimensional settings.

Abstract

We develop -differentially private projection-depth-based medians using the propose-test-release (PTR) and exponential mechanisms. Under general conditions on the input parameters and the population measure, (e.g. we do not assume any moment bounds), we quantify the probability the test in PTR fails, as well as the cost of privacy via finite sample deviation bounds. Next, we show that when some observations are contaminated, the private projection-depth-based median does not break down, provided its input location and scale estimators do not break down. We demonstrate our main results on the canonical projection-depth-based median, as well as on projection-depth-based medians derived from trimmed estimators. In the Gaussian setting, we show that the resulting deviation bound matches the known lower bound for private Gaussian mean estimation. In the Cauchy setting, we show that the ``outlier error amplification'' effect resulting from the heavy tails outweighs the cost of privacy. This result is then verified via numerical simulations. Additionally, we present results on general PTR mechanisms and a uniform concentration result on the projected spacings of order statistics, which may be of general interest.
Paper Structure (15 sections, 24 theorems, 197 equations, 1 figure, 3 algorithms)

This paper contains 15 sections, 24 theorems, 197 equations, 1 figure, 3 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Outlyingness and projection-depth-based medians
  4. Differential privacy
  5. Main results
  6. Private projection-depth-based medians
  7. Verifying Condition \ref{['cond::LS_Bound']} and example applications
  8. Numerical experiments
  9. General results on propose-test-release mechanisms
  10. Algorithm
  11. Proofs from Section \ref{['sec::PD']}
  12. Proofs from Section \ref{['sec::examples']}
  13. Proofs and related lemmas from Section \ref{['sec::ptr_general']}
  14. Results concerning Condition \ref{['cond::Pop_Bound']}
  15. Cauchy lower bound

Key Result

Theorem 3.1

Suppose that Conditions cond::LS_Bound--cond::bounded-parameters hold. Then there exists a universal constant $C>0$ such that for all $d,n\geq 1$, $\delta\leq 1/2$, $\epsilon,\tau>0$ and $\eta<1$ such that $\tau>4\eta+16c_3/c_1$ and it holds that

Figures (1)

  • Figure 1: Empirical root mean squared error (ERMSE) of the location estimates under (left) Gaussian data and (right) contaminated Gaussian data. The cost of privacy is eclipsed by the outlier error amplification. The private estimates are all relatively close to their non-private counterparts. By contrast, the increase in error for all estimators resulting from contamination is apparent. The usual differences between robust and non-robust estimators are also apparent. Notably, the projection-depth-based median is the most robust.

Theorems & Definitions (62)

  • Definition 2.1
  • Definition 2.2
  • Definition 2.3
  • Definition 3.1
  • Definition 3.2
  • Definition 3.3
  • Theorem 3.1
  • Theorem 3.2
  • Remark 3.3
  • Theorem 3.4
  • ...and 52 more