Smooth Sensitivity for Geo-Privacy

TL;DR

This work introduces a smooth-sensitivity framework for Geo-Privacy (GP), enabling instance-adaptive noise that scales with the local geometry of the data instead of using a global Lipschitz bound. By defining Lambda-local Lipschitzness and a g-smooth upper bound, the authors construct a smooth sensitivity B^*(x) and instantiate GP mechanisms (GenCauchy and Student's t variants) that achieve (ε,0,Λ)-GP or (ε,δ,Λ)-GP with improved utility. They develop a generic procedure to compute smooth sensitivity in GP and apply it to one-way and two-way threshold functions and Gaussian kernel density estimation, demonstrating empirical gains over noise-a priori and global-Lipschitz baselines on real datasets. The results suggest instance-specific noise calibrated via GP smooth sensitivity can significantly reduce error in privacy-preserving population analytics while preserving distance-based privacy guarantees. This approach broadens the toolkit for privacy-preserving analytics in geometric data and points to broader adoption of DP-inspired techniques within Geo-Privacy.

Abstract

Suppose each user $i$ holds a private value $x_i$ in some metric space $(U, \mathrm{dist})$, and an untrusted data analyst wishes to compute $\sum_i f(x_i)$ for some function $f : U \rightarrow \mathbb{R}$ by asking each user to send in a privatized $f(x_i)$. This is a fundamental problem in privacy-preserving population analytics, and the local model of differential privacy (LDP) is the predominant model under which the problem has been studied. However, LDP requires any two different $x_i, x'_i$ to be $\varepsilon$-distinguishable, which can be overly strong for geometric/numerical data. On the other hand, Geo-Privacy (GP) stipulates that the level of distinguishability be proportional to $\mathrm{dist}(x_i, x_i')$, providing an attractive alternative notion of personal data privacy in a metric space. However, existing GP mechanisms for this problem, which add a uniform noise to either $x_i$ or $f(x_i)$, are not satisfactory. In this paper, we generalize the smooth sensitivity framework from Differential Privacy to Geo-Privacy, which allows us to add noise tailored to the hardness of the given instance. We provide definitions, mechanisms, and a generic procedure for computing the smooth sensitivity under GP equipped with a general metric. Then we present three applications: one-way and two-way threshold functions, and Gaussian kernel density estimation, to demonstrate the applicability and utility of our smooth sensitivity framework.

Figures (11)

• Figure 1: $f_{\tau}$ for one-way threshold, where $T$ is the threshold.
• Figure 2: $f_{\tau}$ for two-way threshold: red region corresponds to function value $1$; green region corresponds to function value $0$; yellow region corresponds to transition band.
• Figure 3: MSE for one-way threshold query. Threshold amounts in USD.
• Figure 4: Two-way threshold query. ASE computed on $33\times 33$ grid. Default parameters: $\varepsilon=1/\$12000$ and $n=1600000$, corresponding to (\ref{['fig:2way_thres_mp']}). $C=\$12000$.
• Figure 5: KDE on New York motor vehicle collision dataset, computed on $60\times 60$ grid. $\varepsilon=1/1000\mathrm{m}, h=w, n=200000$; corresponding error plot given in Fig. \ref{['fig:kde_bar_ref']}.

Theorems & Definitions (60)

• Definition 1: Differential Privacy dwork2006calibrating
• Lemma 2.1: Laplace Mechanism dwork2006calibrating
• Definition 2: Pointwise sensitivity nissim2007smooth
• Definition 3: Smooth upper bound on pointwise sensitivity nissim2007smooth
• Definition 4: Smooth sensitivity nissim2007smooth
• Lemma 2.2: Cauchy and Laplace Mechanisms using Smooth Sensitivity nissim2007smooth
• Definition 5: $(\varepsilon,\delta,\Upsilon)$-GP liang2023concentrated
• Lemma 2.3: Laplace Mechanism for GP chatzikokolakis2013broadening
• Definition 6: $\Lambda$-local Lipschitzness luukkainen1979rings
• Corollary 3.1