Privacy-Preserving Cramér-Rao Lower Bound
Jieming Ke, Jimin Wang, Ji-Feng Zhang
TL;DR
The paper develops a rigorous privacy-preserving CR lower bound theory by treating Fisher information as both a privacy metric and a limit on identification accuracy. It introduces an identifiability criterion under a privacy constraint, derives a precise PPCR lower bound with an explicit privacy-preserving Fisher information matrix, and shows attainability in Gaussian settings. The framework is extended to multi-sensor, multi-measurement systems via an additivity principle, enabling distributed computation and design of privacy-preserving offline and online identification algorithms that reach or approach the bound. Simulations demonstrate that Gaussian privacy noise with the corresponding estimation method achieves the bound, while other noise mechanisms underperform, highlighting the practical impact for privacy-aware distributed identification. The work further extends to privacy-preserving average consensus, linking consensus accuracy with privacy and providing an optimal distributed algorithm under the proposed PPCR framework, with implications for secure data fusion and distributed estimation in networked systems.
Abstract
This paper establishes the privacy-preserving Cramér-Rao (CR) lower bound theory, characterizing the fundamental limit of identification accuracy under privacy constraint. An identifiability criterion under privacy constraint is derived by using Fisher information matrix as the privacy metric. In the identifiable case, the privacy-preserving CR lower bound is established and its attainability is demonstrated, thereby ensuring the existence of the privacy-preserving Fisher information matrix with explicit expression. Then, the privacy-preserving CR lower bound theory is extended to the multi-sensor multi-measurement system. Specifically, the additivity principle of privacy-preserving Fisher information matrices across both spatial and temporal dimensions is established, building a relationship between privacy-preserving CR lower bounds for the multi-sensor multi-measurement system and its subsystems. Using this additivity principle, distributed identification algorithms capable of achieving the privacy-preserving CR lower bound are further proposed. Numerical examples are provided to demonstrate the privacy-preserving CR lower bound and show the effectiveness of the proposed algorithms.