Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Meeting Utility Constraints in Differential Privacy: A Privacy-Boosting Approach

Bo Jiang, Wanrong Zhang, Donghang Lu, Jian Du, Sagar Sharma, Qiang Yan

TL;DR

This paper introduces PB-DP, a privacy-boosting framework that reweights the noise distribution of any kernel DP mechanism to increase the probability that outputs lie in a user-defined preferred region while expanding the overall variance to mitigate privacy leakage. By deriving the privacy loss distribution (PLD) and privacy profile, the authors show how PB-DP achieves $(\\epsilon,\\delta)$-DP or $(\\alpha,\\epsilon)$-RDP under data-dependent, data-independent, or fixed utility regions, and extend to local DP with generalized randomized response. The framework supports efficient optimization of the kernel privacy budget and boosting parameter via offline search, with closed-form expressions for three case studies and a general composition accountant showing significant privacy gains under sequential releases. Empirical results on both synthetic setups and real data demonstrate substantial reductions in privacy loss for target utility constraints, particularly when query sensitivity is large relative to the true answer. Overall, PB-DP offers a flexible, practical approach to designing DP mechanisms that meet specific utility requirements without relaxing DP guarantees in many scenarios, though it may be less suited for pure DP settings due to tail behavior.

Abstract

Data engineering often requires accuracy (utility) constraints on results, posing significant challenges in designing differentially private (DP) mechanisms, particularly under stringent privacy parameter $ε$. In this paper, we propose a privacy-boosting framework that is compatible with most noise-adding DP mechanisms. Our framework enhances the likelihood of outputs falling within a preferred subset of the support to meet utility requirements while enlarging the overall variance to reduce privacy leakage. We characterize the privacy loss distribution of our framework and present the privacy profile formulation for $(ε,δ)$-DP and Rényi DP (RDP) guarantees. We study special cases involving data-dependent and data-independent utility formulations. Through extensive experiments, we demonstrate that our framework achieves lower privacy loss than standard DP mechanisms under utility constraints. Notably, our approach is particularly effective in reducing privacy loss with large query sensitivity relative to the true answer, offering a more practical and flexible approach to designing differentially private mechanisms that meet specific utility constraints.

Meeting Utility Constraints in Differential Privacy: A Privacy-Boosting Approach

TL;DR

This paper introduces PB-DP, a privacy-boosting framework that reweights the noise distribution of any kernel DP mechanism to increase the probability that outputs lie in a user-defined preferred region while expanding the overall variance to mitigate privacy leakage. By deriving the privacy loss distribution (PLD) and privacy profile, the authors show how PB-DP achieves -DP or -RDP under data-dependent, data-independent, or fixed utility regions, and extend to local DP with generalized randomized response. The framework supports efficient optimization of the kernel privacy budget and boosting parameter via offline search, with closed-form expressions for three case studies and a general composition accountant showing significant privacy gains under sequential releases. Empirical results on both synthetic setups and real data demonstrate substantial reductions in privacy loss for target utility constraints, particularly when query sensitivity is large relative to the true answer. Overall, PB-DP offers a flexible, practical approach to designing DP mechanisms that meet specific utility requirements without relaxing DP guarantees in many scenarios, though it may be less suited for pure DP settings due to tail behavior.

Abstract

Data engineering often requires accuracy (utility) constraints on results, posing significant challenges in designing differentially private (DP) mechanisms, particularly under stringent privacy parameter . In this paper, we propose a privacy-boosting framework that is compatible with most noise-adding DP mechanisms. Our framework enhances the likelihood of outputs falling within a preferred subset of the support to meet utility requirements while enlarging the overall variance to reduce privacy leakage. We characterize the privacy loss distribution of our framework and present the privacy profile formulation for -DP and Rényi DP (RDP) guarantees. We study special cases involving data-dependent and data-independent utility formulations. Through extensive experiments, we demonstrate that our framework achieves lower privacy loss than standard DP mechanisms under utility constraints. Notably, our approach is particularly effective in reducing privacy loss with large query sensitivity relative to the true answer, offering a more practical and flexible approach to designing differentially private mechanisms that meet specific utility constraints.

Paper Structure

This paper contains 38 sections, 10 theorems, 95 equations, 7 figures, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related works
  3. Preliminaries of Differential Privacy
  4. Privacy Boosting Framework
  5. Privacy Boosting DP Mechanism
  6. Privacy Analysis
  7. Privacy Accounting for Sequential Composition
  8. Optimal Parameters
  9. Case Study: Mechanisms with Different Types of preferred regions
  10. Mechanisms with data dependent preferred regions
  11. Mechanism with fixed preferred output region
  12. Mechanism with data-independent preferred region
  13. PB-Local DP with General Randomize Response
  14. Privacy Boosting General Randomize Response
  15. Frequency Estimation Protocol
  16. ...and 23 more sections

Key Result

Theorem 1

The PLD of our privacy boosting mechanism for a pair of neighboring datasets $X, X'$, given the PLD of the kernel DP mechanism $f_Z$ can be represented as: where

Figures (7)

  • Figure 1: Illustration of privacy boosting mechanisms for the three special cases studied in this paper. We take one dimensional Gaussian kernel as an example. In each figure, $Q(X)$ and $Q(X')$ denotes true aggregations from neighboring datasets. Solid vertical lines represent boundaries of preferred regions for each case.
  • Figure 2: Boosted privacy comparison with fixed $\rho$, among mechanisms with relative error guarantee, mechanism with fixed output region, and mechanism with absolute error guarantee. Each mechanism shown in figure (a) and (b) achieves $(\epsilon,\delta)$-DP, and in figure (c) and (d) achieves $(\alpha,\epsilon)$-RDP. The preferred output regions for different mechanisms are aligned to be the same. Specifically, (a), (c) corresponds to a high sensitivity to aggregation ratio, and (b), (d) corresponds to low high sensitivity to aggregation ratio.
  • Figure 3: Boosted privacy comparison with fixed $\inf \mathcal{S}(Q(X))$, among mechanisms with relative error guarantee, mechanism with fixed output region, and mechanism with absolute error guarantee. Each mechanism shown in figure (a) and (b) achieves $(\epsilon,\delta)$-DP, and in figure (c) and (d) achieves $(\alpha,\epsilon)$-RDP. The preferred output regions for different mechanisms are aligned to be the same. Specifically, (a), (c) corresponds to a high sensitivity to aggregation ratio, and (b), (d) corresponds to low high sensitivity to aggregation ratio.
  • Figure 4: Runtime comparison between Gaussian-DP and PB-DP with Gaussian Kernel for different $|\mathcal{S}|$.
  • Figure 5: Comparison of the feasibility in the privacy profile for bounded Gaussian DP and PB-GDP with a fixed preferred region: (a) Compares bounded GDP with PB-GDP for $\rho = 0.8$ and various $\mathcal{S}$. (b) shows additional leakage caused by increasing $\rho$.
  • ...and 2 more figures

Theorems & Definitions (28)

  • Definition 1: $(\epsilon,\delta)$-DP Dwork2006
  • Definition 2: Rényi DP mironov2017renyi
  • Definition 3: Privacy Loss Distribution cryptoeprint:2018/820
  • Definition 4: Privacy profile DBLP:journals/corr/abs-1807-01647
  • Theorem 1
  • Proposition 1
  • Proposition 2
  • Theorem 2
  • Proposition 3
  • Remark 1
  • ...and 18 more