Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Parallel Region-Adaptive Differential Privacy Framework for Image Pixelization

Ming Liu

TL;DR

This work addresses privacy risks in high-resolution visual data by marrying differential privacy with region-aware, GPU-accelerated pixelization. It introduces a parallel region-adaptive DP framework that assigns finer grids to complex regions (e.g., faces) and coarser grids to simple regions (e.g., background), while maintaining a unified privacy budget via local noise scaling and aligned grid sizes. The approach delivers significant runtime and storage efficiency, with formal DP guarantees and extensive evaluations on PETS, Venice-2, PPM-100, and CelebA demonstrating strong privacy protection and retention of structural fidelity. The results support real-time, privacy-critical deployments in surveillance, healthcare, and smart environments, while acknowledging that DP does not guarantee perceptual anonymity and suggesting avenues for combining with structural obfuscation techniques.

Abstract

The widespread deployment of high-resolution visual sensing systems, coupled with the rise of foundation models, has amplified privacy risks in video-based applications. Differentially private pixelization offers mathematically guaranteed protection for visual data through grid-based noise addition, but challenges remain in preserving task-relevant fidelity, achieving scalability, and enabling efficient real-time deployment. To address this, we propose a novel parallel, region-adaptive pixelization framework that combines the theoretical rigor of differential privacy with practical efficiency. Our method adaptively adjusts grid sizes and noise scales based on regional complexity, leveraging GPU parallelism to achieve significant runtime acceleration compared to the classical baseline. A lightweight storage scheme is introduced by retaining only essential noisy statistics, significantly reducing space overhead. Formal privacy analysis is provided under the Laplace mechanism and parallel composition theorem. Extensive experiments on the PETS, Venice-2, and PPM-100 datasets demonstrate favorable privacy-utility trade-offs and significant runtime/storage reductions. A face re-identification attack experiment on CelebA further confirms the method's effectiveness in preventing identity inference. This validates its suitability for real-time privacy-critical applications such as elderly care, smart home monitoring, driver behavior analysis, and crowd behavior monitoring.

A Parallel Region-Adaptive Differential Privacy Framework for Image Pixelization

TL;DR

This work addresses privacy risks in high-resolution visual data by marrying differential privacy with region-aware, GPU-accelerated pixelization. It introduces a parallel region-adaptive DP framework that assigns finer grids to complex regions (e.g., faces) and coarser grids to simple regions (e.g., background), while maintaining a unified privacy budget via local noise scaling and aligned grid sizes. The approach delivers significant runtime and storage efficiency, with formal DP guarantees and extensive evaluations on PETS, Venice-2, PPM-100, and CelebA demonstrating strong privacy protection and retention of structural fidelity. The results support real-time, privacy-critical deployments in surveillance, healthcare, and smart environments, while acknowledging that DP does not guarantee perceptual anonymity and suggesting avenues for combining with structural obfuscation techniques.

Abstract

The widespread deployment of high-resolution visual sensing systems, coupled with the rise of foundation models, has amplified privacy risks in video-based applications. Differentially private pixelization offers mathematically guaranteed protection for visual data through grid-based noise addition, but challenges remain in preserving task-relevant fidelity, achieving scalability, and enabling efficient real-time deployment. To address this, we propose a novel parallel, region-adaptive pixelization framework that combines the theoretical rigor of differential privacy with practical efficiency. Our method adaptively adjusts grid sizes and noise scales based on regional complexity, leveraging GPU parallelism to achieve significant runtime acceleration compared to the classical baseline. A lightweight storage scheme is introduced by retaining only essential noisy statistics, significantly reducing space overhead. Formal privacy analysis is provided under the Laplace mechanism and parallel composition theorem. Extensive experiments on the PETS, Venice-2, and PPM-100 datasets demonstrate favorable privacy-utility trade-offs and significant runtime/storage reductions. A face re-identification attack experiment on CelebA further confirms the method's effectiveness in preventing identity inference. This validates its suitability for real-time privacy-critical applications such as elderly care, smart home monitoring, driver behavior analysis, and crowd behavior monitoring.

Paper Structure

This paper contains 43 sections, 5 theorems, 18 equations, 10 figures, 5 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Notations and Symbol Definitions
  4. The Original Differentially Private Pixelization
  5. Image pixelization
  6. Differential Privacy and the Laplace Mechanism
  7. Parallel Composition Theorem
  8. The Original Differentially Private Pixelization
  9. Time and Space Complexity Analysis of Algorithm \ref{['alg:original_dp_pixelization']}
  10. Parallel Differentially Private Image Pixelization
  11. Parallelizability of Algorithm \ref{['alg:original_dp_pixelization']}
  12. Algorithm Description
  13. Time and Space Complexity of Algorithm \ref{['alg:parallel_dp_image_pixelization']}
  14. Time complexity
  15. Space complexity
  16. ...and 28 more sections

Key Result

Theorem 1

Let $\mathcal{M}_i$ be a differentially private mechanism providing $\epsilon$-differential privacy. Let $D_i$ represent an arbitrary disjoint subset of the input domain $D$, such that: where $i$ and $j$ are indices representing different subsets $D_i$ and $D_j$ of the input data set $D$, $k$ is the total number of disjoint subsets into which the data set $D$ is partitioned. The sequence of mecha

Figures (10)

  • Figure 1: Impact of $b$, $m$, and $\epsilon$ on PETS and Venice-2 datasets: (a) PETS and (b) Venice-2.
  • Figure 2: Impact of $b$, $m$, and $\epsilon$ on pixelization performance. Top: $m=16$, $\epsilon=0.5$, $b \in \{8,12,16,20\}$; middle: $b=16$, $\epsilon=0.5$, $m \in \{16,32,64,128\}$; bottom: $b=16$, $m=16$, $\epsilon \in \{0.1,0.5,1,1.5\}$.
  • Figure 3: Processing time of Algorithm \ref{['alg:parallel_dp_image_pixelization']} versus grid size $b$ on the PETS and Venice-2 datasets. (a) Total processing time. (b) Average processing time.
  • Figure 4: Storage size comparison of NPZ files and PNG images across different grid sizes $b$. (a) Results on the PETS dataset; (b) Results on the Venice-2 dataset.
  • Figure 5: Performance of Algorithm \ref{['alg:dp_pixelization_subgrid']} on PPM-100 dataset across varying $b$ and $n$. Metrics include: (a) IoU (DP Image), (b) Dice (DP Image), (c) MSE (Gray), and (d) SSIM (Gray). Original RGB images achieve IoU = 0.9570 and Dice = 0.9771 with the mattes using rembg (indicated in heatmap annotations).
  • ...and 5 more figures

Theorems & Definitions (9)

  • Theorem 1
  • Theorem 2
  • proof
  • Theorem 3
  • proof
  • Theorem 4
  • proof
  • Theorem 5
  • proof