Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Time-Aware Projections: Truly Node-Private Graph Statistics under Continual Observation

Palak Jain, Adam Smith, Connor Wagaman

TL;DR

Time-Aware Projections investigates true node-differential privacy for graph statistics under continual observation, removing the need for input-degree promises. The authors develop time-aware projection mechanisms (BBDS and DLL) and an online Propose-Test-Release framework to transform restricted-DP base algorithms into unconditionally private continual-release algorithms, with linear overhead. They derive near-optimal additive error bounds for edges, triangles, k-stars, connected components, and degree histograms, supported by tight stability analyses and lower bounds via reductions from binary counting. Empirically, the method achieves substantial privacy-utility gains over batch-model baselines on sparse graphs, with practical runtime and space efficiency, enabling scalable private graph monitoring in streaming settings.

Abstract

We describe the first algorithms that satisfy the standard notion of node-differential privacy in the continual release setting (i.e., without an assumed promise on input streams). Previous work addresses node-private continual release by assuming an unenforced promise on the maximum degree in a graph, but leaves open whether such a bound can be verified or enforced privately. Our algorithms are accurate on sparse graphs, for several fundamental graph problems: counting edges, triangles, other subgraphs, and connected components; and releasing degree histograms. Our unconditionally private algorithms generally have optimal error, up to polylogarithmic factors and lower-order terms. We provide general transformations that take a base algorithm for the continual release setting, which need only be private for streams satisfying a promised degree bound, and produce an algorithm that is unconditionally private yet mimics the base algorithm when the stream meets the degree bound (and adds only linear overhead to the time and space complexity of the base algorithm). To do so, we design new projection algorithms for graph streams, based on the batch-model techniques of Day et al. 2016 and Blocki et al. 2013, which modify the stream to limit its degree. Our main technical innovation is to show that the projections are stable -- meaning that similar input graphs have similar projections -- when the input stream satisfies a privately testable safety condition. Our transformation then follows a novel online variant of the Propose-Test-Release framework (Dwork and Lei, 2009), privately testing the safety condition before releasing output at each step.

Time-Aware Projections: Truly Node-Private Graph Statistics under Continual Observation

TL;DR

Time-Aware Projections investigates true node-differential privacy for graph statistics under continual observation, removing the need for input-degree promises. The authors develop time-aware projection mechanisms (BBDS and DLL) and an online Propose-Test-Release framework to transform restricted-DP base algorithms into unconditionally private continual-release algorithms, with linear overhead. They derive near-optimal additive error bounds for edges, triangles, k-stars, connected components, and degree histograms, supported by tight stability analyses and lower bounds via reductions from binary counting. Empirically, the method achieves substantial privacy-utility gains over batch-model baselines on sparse graphs, with practical runtime and space efficiency, enabling scalable private graph monitoring in streaming settings.

Abstract

We describe the first algorithms that satisfy the standard notion of node-differential privacy in the continual release setting (i.e., without an assumed promise on input streams). Previous work addresses node-private continual release by assuming an unenforced promise on the maximum degree in a graph, but leaves open whether such a bound can be verified or enforced privately. Our algorithms are accurate on sparse graphs, for several fundamental graph problems: counting edges, triangles, other subgraphs, and connected components; and releasing degree histograms. Our unconditionally private algorithms generally have optimal error, up to polylogarithmic factors and lower-order terms. We provide general transformations that take a base algorithm for the continual release setting, which need only be private for streams satisfying a promised degree bound, and produce an algorithm that is unconditionally private yet mimics the base algorithm when the stream meets the degree bound (and adds only linear overhead to the time and space complexity of the base algorithm). To do so, we design new projection algorithms for graph streams, based on the batch-model techniques of Day et al. 2016 and Blocki et al. 2013, which modify the stream to limit its degree. Our main technical innovation is to show that the projections are stable -- meaning that similar input graphs have similar projections -- when the input stream satisfies a privately testable safety condition. Our transformation then follows a novel online variant of the Propose-Test-Release framework (Dwork and Lei, 2009), privately testing the safety condition before releasing output at each step.
Paper Structure (25 sections, 32 theorems, 61 equations, 3 figures, 2 tables, 6 algorithms)

This paper contains 25 sections, 32 theorems, 61 equations, 3 figures, 2 tables, 6 algorithms.

Table of Contents

  1. Introduction
  2. Our Results
  3. Techniques
  4. Techniques
  5. Related Work
  6. Organization of This Manuscript
  7. Preliminaries
  8. Stable and Time-Aware Projections
  9. Stability of the Time-Aware Projection Algorithms
  10. Proof of Edge-to-Edge Stability for BBDS
  11. Proof of Node-to-Node Stability for BBDS and DLL
  12. Proof of Node-to-Edge Stability for BBDS
  13. Proof of Node-to-Edge Stability for DLL
  14. (Pruned) Difference Graphs and Their Properties
  15. Proof of Edge-to-Edge Stability for DLL
  16. ...and 10 more sections

Key Result

Lemma 2.11

Let $\mathcal{M}:\mathcal{X}\to \mathcal{Y}$ be a randomized algorithm that is $(\varepsilon,\delta)$-DP. Then, where $x,x'\in \mathcal{X}$ differ in the data of $k$ individuals, $\mathcal{A}(x)$ and $\mathcal{A}(x')$ are $(k\cdot \varepsilon, k\cdot e^{k\varepsilon} \cdot \delta)$-indistinguishable

Figures (3)

  • Figure 1: Order-induced cuts. Let the nodes in the figure represent a left-to-right topological ordering of nodes. Each vertical line defines a distinct order-induced cut, where nodes to the left are in one part of a cut, nodes to the right are in the other part of the cut, and the cut-set for the cut defined by a vertical line is the set of edges intersected by that vertical line.
  • Figure 2: Edges in a difference graph
  • Figure 3: Results from one run of our algorithm (orange) and the batch-model baseline (blue) on three stream/cutoff pairs: a random graph stream with $D=400$ (top row); a random graph stream with $D=1{,}000$; middle row); a two-block graph stream with $D=15{,}000$. For each graph, we provide three plots. Left: Relative error across all $10^6$ time steps. Center: Relative error across first $50{,}000$ steps. Right: True edge counts (green) together with reported counts from each algorithm across first $50{,}000$ steps. The left and center plots include a red dashed line at relative error 1 for visual reference.

Theorems & Definitions (96)

  • Definition 2.1: Graph
  • Definition 2.2: Graph stream
  • Definition 2.3: Flattened graph
  • Definition 2.4: Neighboring graph streams
  • Definition 2.6: $(\varepsilon,\delta)$-indistinguishability
  • Definition 2.7: Differential privacy (DP) in the batch model DworkMNS16
  • Definition 2.8: Privacy of a mechanism under continual observation
  • Definition 2.9: Accuracy of a mechanism
  • Definition 2.10: $D$-restricted DP
  • Lemma 2.11: DP offers group privacy DworkMNS16
  • ...and 86 more