DP-SNP-TIHMM: Differentially Private, Time-Inhomogeneous Hidden Markov Models for Synthesizing Genome-Wide Association Datasets

TL;DR

This work addresses privacy risks in sharing genome-wide SNP data by introducing DP-SNP-TIHMM, a framework that learns a time-inhomogeneous hidden Markov model trained with differential privacy to generate synthetic SNP sequences. By bounding gradient contributions during DP-SGD training and employing locus-dependent transitions, the method preserves locus-specific LD patterns while providing formal privacy guarantees, enabling full-sequence data generation without external LD resources. The authors comprehensively evaluate allele-frequency fidelity, LD structure, Nei’s genetic distance, and downstream GWAS tasks on 1000 Genomes data, demonstrating favorable utility under ε in [1,10] and δ = 10^{-4}. Although not surpassing all task-specific baselines, the approach offers a flexible, privacy-preserving alternative for exploratory genomic analyses and public data sharing, with practical implications for scalable genomic research and data governance.

Abstract

Single nucleotide polymorphism (SNP) datasets are fundamental to genetic studies but pose significant privacy risks when shared. The correlation of SNPs with each other makes strong adversarial attacks such as masked-value reconstruction, kin, and membership inference attacks possible. Existing privacy-preserving approaches either apply differential privacy to statistical summaries of these datasets or offer complex methods that require post-processing and the usage of a publicly available dataset to suppress or selectively share SNPs. In this study, we introduce an innovative framework for generating synthetic SNP sequence datasets using samples derived from time-inhomogeneous hidden Markov models (TIHMMs). To preserve the privacy of the training data, we ensure that each SNP sequence contributes only a bounded influence during training, enabling strong differential privacy guarantees. Crucially, by operating on full SNP sequences and bounding their gradient contributions, our method directly addresses the privacy risks introduced by their inherent correlations. Through experiments conducted on the real-world 1000 Genomes dataset, we demonstrate the efficacy of our method using privacy budgets of $\varepsilon \in [1, 10]$ at $δ=10^{-4}$. Notably, by allowing the transition models of the HMM to be dependent on the location in the sequence, we significantly enhance performance, enabling the synthetic datasets to closely replicate the statistical properties of non-private datasets. This framework facilitates the private sharing of genomic data while offering researchers exceptional flexibility and utility.

Figures (20)

• Figure 1: The same segment of a chromosome for Alice and Bob. The major allele is shown in green and the minor allele in red.
• Figure 2: Causal graph of a hidden Markov model.
• Figure 3: Workflow of our proposed framework. Any component after the privacy barrier is $(\varepsilon, \delta)-$DP.
• Figure 4: Nei's genetic distance between the training data (chromosome X) and synthetic dataset for the time-homogeneous (THom) and time-inhomogeneous (TIH) models with different number of hidden state $H$.
• Figure 5: Histograms of distances to the closest record in training (chromosome X) for the time-homogeneous (THom) and time-inhomogeneous (TIH) models and different number of hidden states $H$.

Theorems & Definitions (6)

• Definition 1: Differential Privacy (DP) dwork2006differential
• Definition 2: $L_2$ Global Sensitivity
• Theorem 1: Gaussian Mechanism Dwork2014book
• Theorem 2: Post-Processing Immunity Dwork2014book
• Definition 3: Local differential privacy (LDP) evfimievski2003limitingkasiviswanathan2011can
• Definition 4: Direct Encoding GRR