Individual Sensitivity Preprocessing for Data Privacy
share
The sensitivity metric in differential privacy, which is informally defined as the largest marginal change in output between neighboring databases, is of substantial significance in determining the accuracy of private data analyses. Techniques for improving accuracy when the average sensitivity is much smaller than the worst-case sensitivity have been developed within the differential privacy literature, including tools such as smooth sensitivity, Sample-and-Aggregate, Propose-Test-Release, and Lipschitz extensions. In this work, we provide a new Sensitivity-Preprocessing framework for this problem that overcomes some of the limitations of the previous techniques and works in a highly generalized setting. Similar to Lipschitz extensions, our framework also approximates a function over databases with another function of smaller sensitivity. However, we exploit the specific metric space structure of neighboring databases to give a more localized exponential-time general construction, compared to Lipschitz extensions which can often be uncomputable. We constructively define a Sensitivity-Preprocessing Function in our framework for which we give approximate optimality and NP-hardness results, and further complement it with the following: (1) For important statistical metrics such as mean, α-trimmed mean, median, maximum, minimum, and variance, we show that our Sensitivity-Preprocessing Function can be implemented in O(n^2) time. (2) We introduce a new notion of individual sensitivity and show that it is an important metric in the variant definition of personalized differential privacy. We show that our algorithm can extend to this context and serve as a useful tool for this variant definition and its applications in markets for privacy. (3) We consider extending our framework to functions mapping to higher dimensions and give both positive and negative results.
READ FULL TEXT
