Our Data, Ourselves: Privacy Via Distributed Noise Generation

Dwork, Cynthia; Kenthapadi, Krishnaram; McSherry, Frank; Mironov, Ilya; Naor, Moni

doi:10.1007/11761679_29

Cited by 1,265 publications

(1,193 citation statements)

References 26 publications

Supporting

Mentioning

1,187

Contrasting

Unclassified

Order By: Relevance

“…However, under the standard assumption of a polynomial time adversary, there exist secure multiparty computation techniques (e.g. [42]) that allow to compute noisy aggregates in a distributed setting. In such a setting users maintain their own data and participate in a protocol in order to directly compute the noisy answer under differental privacy.…”

Section: Obtaining a Differentially Private Global Priormentioning

confidence: 99%

Efficient Utility Improvement for Location Privacy

Chatzikokolakis

ElSalamouny

Palamidessi

2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract:The continuously increasing use of locationbased services poses an important threat to the privacy of users. A natural defense is to employ an obfuscation mechanism, such as those providing geoindistinguishability, a framework for obtaining formal privacy guarantees that has become popular in recent years. Ideally, one would like to employ an optimal obfuscation mechanism, providing the best utility among those satisfying the required privacy level. In theory optimal mechanisms can be constructed via linear programming. In practice, however, this is only feasible for a radically small number of locations. As a consequence, all known applications of geo-indistinguishability simply use noise drawn from a planar Laplace distribution. In this work, we study methods for substantially improving the utility of location obfuscation, while maintaining practical applicability as a main goal. We provide such solutions for both infinite (continuous or discrete) as well as large but finite domains of locations, using a Bayesian remapping procedure as a key ingredient. We evaluate our techniques in two real world complete datasets, without any restriction on the evaluation area, and show important utility improvements with respect to the standard planar Laplace approach.

show abstract

Section: Obtaining a Differentially Private Global Priormentioning

confidence: 99%

Efficient Utility Improvement for Location Privacy

Chatzikokolakis

ElSalamouny

Palamidessi

2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…The existence of such responses violates differential privacy, even if the probability of outputting one of these responses is small. To allow for this sort of situation one can consider a slightly weaker notion of differential privacy, called ( , δ)-differential privacy, that allows a small additive factor in the inequality [4].…”

Section: Summary Of Our Resultsmentioning

confidence: 99%

“…There are several reasons to consider such relaxations of differential privacy. In practice a computational notion of security suffices, yet the stringent notion of (statistical) differential privacy rules out some mechanisms that are intuitively secure: e.g., a differentially private mechanism implemented using pseudorandom noise in place of truly random noise, or a differentially private mechanism implemented using secure multi-party computation [4,11]. One might hope that by considering a relaxed definition we can circumvent limitations or impossibility results that arise in the information-theoretic setting, in the same way that computationally secure notions of encryption allow bypassing known bounds for perfectly secure encryption.…”

Section: Introductionmentioning

confidence: 99%

Limits of Computational Differential Privacy in the Client/Server Setting

Groce

Katz

Yerukhimovich

2011

Theory of Cryptography

View full text Add to dashboard Cite

Abstract. Differential privacy is a well established definition guaranteeing that queries to a database do not reveal "too much" information about specific individuals who have contributed to the database. The standard definition of differential privacy is information theoretic in nature, but it is natural to consider computational relaxations and to explore what can be achieved with respect to such notions. Mironov et al. Left open by prior work was the extent, if any, to which computational differential privacy can help in the usual client/server setting where the entire database resides at the server, and the client poses queries on this data. We show, for queries with output in R n (for constant n) and with respect to a large class of utilities, that any computationally private mechanism can be converted to a statistically private mechanism that is equally efficient and achieves roughly the same utility.

show abstract

“…Such weaker guarantees can still be useful for other definitions of privacy [4,8]. Another relaxation, specific to the Lipschitz property, is to allow the reconstructed function F to be b-Lipschitz, that is, to require only |F (x) − F (y)| ≤ b · x − y 1 for all x, y ∈ {0, 1} d .…”

Section: Discussionmentioning

confidence: 99%

Limitations of Local Filters of Lipschitz and Monotone Functions

Awasthi

Jha

Molinaro

et al. 2012

Approximation, Randomization, and Combinatorial Optimization. Algorithms and Techniques

View full text Add to dashboard Cite

Abstract. We study local filters for two properties of functions f : {0, 1} d → R: the Lipschitz property and monotonicity. A local filter with additive error a is a randomized algorithm that is given black-box access to a function f and a query point x in the domain of f . Its output is a value F (x), such that (i) the reconstructed function F (x) satisfies the property (in our case, is Lipschitz or monotone) and (ii) if the input function f satisfies the property, then for every point x in the domain (with high constant probability) the reconstructed value F (x) differs from f (x) by at most a. Local filters were introduced by Saks and Seshadhri (SICOMP 2010) and the relaxed definition we study is due to Bhattacharyya et al. (RANDOM 2010), except that we further relax it by allowing additive error. Local filters for Lipschitz and monotone functions have applications to areas such as data privacy. We show that every local filter for Lipschitz or monotone functions runs in time exponential in the dimension d, even when the filter is allowed significant additive error. Prior lower bounds (for local filters with no additive error, i.e., with a = 0) applied only to more restrictive class of filters, e.g., nonadaptive filters. To prove our lower bounds, we construct families of hard functions and show that lookups of a local filter on these functions are captured by a combinatorial object that we call a c-connector. Then we present a lower bound on the maximum outdegree of a c-connector, and show that it implies the desired bounds on the running time of local filters. Our lower bounds, in particular, imply the same bound on the running time for a class of privacy mechanisms.

show abstract

Our Data, Ourselves: Privacy Via Distributed Noise Generation

Cited by 1,265 publications

References 26 publications

Efficient Utility Improvement for Location Privacy

Efficient Utility Improvement for Location Privacy

Limits of Computational Differential Privacy in the Client/Server Setting

Limitations of Local Filters of Lipschitz and Monotone Functions

Contact Info

Product

Resources

About