Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Differential Privacy Overview and Fundamental Techniques

Ferdinando Fioretto, Pascal Van Hentenryck, Juba Ziani

TL;DR

This chapter starts by illustrating various attempts to protect data privacy, emphasizing where and why they failed, and providing the key desiderata of a robust privacy definition, which formalizes the definition of Differential Privacy and its inherent properties.

Abstract

This chapter is meant to be part of the book "Differential Privacy in Artificial Intelligence: From Theory to Practice" and provides an introduction to Differential Privacy. It starts by illustrating various attempts to protect data privacy, emphasizing where and why they failed, and providing the key desiderata of a robust privacy definition. It then defines the key actors, tasks, and scopes that make up the domain of privacy-preserving data analysis. Following that, it formalizes the definition of Differential Privacy and its inherent properties, including composition, post-processing immunity, and group privacy. The chapter also reviews the basic techniques and mechanisms commonly used to implement Differential Privacy in its pure and approximate forms.

Differential Privacy Overview and Fundamental Techniques

TL;DR

This chapter starts by illustrating various attempts to protect data privacy, emphasizing where and why they failed, and providing the key desiderata of a robust privacy definition, which formalizes the definition of Differential Privacy and its inherent properties.

Abstract

This chapter is meant to be part of the book "Differential Privacy in Artificial Intelligence: From Theory to Practice" and provides an introduction to Differential Privacy. It starts by illustrating various attempts to protect data privacy, emphasizing where and why they failed, and providing the key desiderata of a robust privacy definition. It then defines the key actors, tasks, and scopes that make up the domain of privacy-preserving data analysis. Following that, it formalizes the definition of Differential Privacy and its inherent properties, including composition, post-processing immunity, and group privacy. The chapter also reviews the basic techniques and mechanisms commonly used to implement Differential Privacy in its pure and approximate forms.

Paper Structure

This paper contains 45 sections, 11 theorems, 36 equations, 4 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Overview of the chapter.
  3. A Historical Perspective on Privacy
  4. Data Anonymization
  5. Why did anonymization fail?
  6. K-Anonymity
  7. Where does $k$-anonymization fail? Reason #1: Lack of group privacy.
  8. Where does $k$-anonymization fail? Reason #2: Lack of composition.
  9. Any Perfectly Accurate and Deterministic Privacy Notion Must Fail
  10. A Side Note: Other Types of Privacy Breaches
  11. What Protections Does Differential Privacy Provide?
  12. What Does Differential Privacy Promise?
  13. First attempt: No information leakage.
  14. Second attempt: Almost no information leakage.
  15. Refining the definition of privacy.
  16. ...and 30 more sections

Key Result

Theorem 4.1

Let ${\cal M}_i:{\cal D} \to {\cal R}_i$ be an $\varepsilon_i$-differentially private mechanism for $i \in \{1, 2\}$. Then, their composition, defined as ${\cal M}(D) = ({\cal M}_1(D), {\cal M}_2(D))$, is $(\varepsilon_1+\varepsilon_2)$-differentially private.

Figures (4)

  • Figure 1: Actors and models in the Privacy Preserving data processing pipeline. Central privacy model (left) and Local privacy model (right).
  • Figure 2: Example dataset and query.
  • Figure 3: An illustration of the $\varepsilon$-DP guarantee (here, using the Laplace mechanism of Section \ref{['ssub:the_laplace_mechanism']}). The log-probability of a value to be output by a mechanism given two neighboring datasets is bounded by $\varepsilon$.
  • Figure 4: A metaphor for private data analysis: Perturbing each bit of the image on the left by flipping it with a random probability of $25\%$ prevents inferring with high probability whether each single bit was originally an "M" or a ".", while still allowing to observe conclusions from the big picture. Figure adapted from slides presentation of Ulfar Erlingsson RapporTalk2017.

Theorems & Definitions (27)

  • Remark 2.1: Privacy vs. Utility
  • Definition 4.1: Add/remove adjacency
  • Definition 4.2: Exchange adjacency
  • Definition 4.3: Differential Privacy dwork2006calibrating
  • Theorem 4.1: Composition
  • proof
  • Theorem 4.2: Group privacy
  • proof
  • Theorem 4.3: Post-Processing Immunity
  • proof
  • ...and 17 more