Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Complexity of Differential Privacy Salil Vadhan Harvard University TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.:

Published byKatrina Kennedy Modified over 8 years ago

Similar presentations

Presentation on theme: "The Complexity of Differential Privacy Salil Vadhan Harvard University TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.:"— Presentation transcript:

1 The Complexity of Differential Privacy Salil Vadhan Harvard University TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA A AA

2 Thank you Shafi & Silvio For... inspiring us with beautiful science challenging us to believe in the “impossible” guiding us towards our own journeys And Oded for organizing this wonderful celebration enabling our individual & collective development

3 Data Privacy: The Problem Given a dataset with sensitive information, such as: Census data Health records Social network activity Telecommunications data How can we: enable others to analyze the data while protecting the privacy of the data subjects? open data privacy

4 Traditional approach: “anonymize” by removing “personally identifying information (PII)” Many supposedly anonymized datasets have been subject to reidentification: – Gov. Weld’s medical record reidentified using voter records [Swe97]. – Netflix Challenge database reidentified using IMDb reviews [NS08] – AOL search users reidentified by contents of their queries [BZ06] – Even aggregate genomic data is dangerous [HSR+08] Data Privacy: The Challenge privacy utility

5 Differential Privacy A strong notion of privacy that: Is robust to auxiliary information possessed by an adversary Degrades gracefully under repetition/composition Allows for many useful computations Emerged from a series of papers in theoretical CS: [Dinur-Nissim `03 (+Dwork), Dwork-Nissim `04, Blum-Dwork- McSherry-Nissim `05, Dwork-McSherry-Nissim-Smith `06]

6 Def [DMNS06 ] : A randomized algorithm C is  -differentially private iff  databases D, D’ that differ on one row 8 query sequences q 1,…,q t  sets T  R t, Pr[C(D,q 1,…,q t )  T]  e   Pr[C(D’,q 1,…,q t )  T] +   Pr[C(D’,q 1,…,q t )  T]  small constant, e.g.  =.01,  cryptographically small, e.g.  = 2 -60 Differential Privacy Database D  X n C curator q1q1 a1a1 q2q2 a2a2 q3q3 a3a3 data analysts D‘ “My data has little influence on what the analysts see” cf. indistinguishability [Goldwasser-Micali `82]

7 Differential Privacy Database D  X n C curator q1q1 a1a1 q2q2 a2a2 q3q3 a3a3 data analysts D‘

8 D = (x 1,…,x n )  X n Goal: given q : X ! {0,1} estimate counting query q(D):=  i q(x i )/n within error   Example: X = {0,1} d q = conjunction on  k variables Counting query = k-way marginal e.g. What fraction of people in D are over 40 and were once fans of Van Halen? Differential Privacy: Example Male?VH? 011 110 101 111 010 000

9 Differential Privacy: Example

10 Other Differentially Private Algorithms histograms [DMNS06] contingency tables [BCDKMT07, GHRU11], machine learning [BDMN05,KLNRS08], logistic regression & statistical estimation [CMS11,S11,KST11,ST12] clustering [BDMN05,NRS07] social network analysis [HLMJ09,GRU11,KRSY11,KNRS13,BBDS13] approximation algorithms [GLMRT10] singular value decomposition [HR13] streaming algorithms [DNRY10,DNPR10,MMNW11] mechanism design [MT07,NST10,X11,NOS12,CCKMV12,HK12,KPRU12] …

11 Differential Privacy: More Interpretations Whatever an adversary learns about me, it could have learned from everyone else’s data. Mechanism cannot leak “individual-specific” information. Above interpretations hold regardless of adversary’s auxiliary information. Composes gracefully (k repetitions ) k  differentially private) But No protection for information that is not localized to a few rows. No guarantee that subjects won’t be “harmed” by results of analysis. cf. semantic security [Goldwasser-Micali `82]

12 This talk: Computational Complexity in Differential Privacy Q: Do computational resource constraints change what is possible? Computationally bounded curator – Makes differential privacy harder – Exponential hardness results for unstructured queries or synthetic data. – Subexponential algorithms for structured queries w/other types of data representations. Computationally bounded adversary – Makes differential privacy easier – Provable gain in accuracy for multi-party protocols (e.g. for estimating Hamming distance)

13 A More Ambitious Goal: Noninteractive Data Release Original Database DSanitization C(D) C Goal: From C(D), can answer many questions about D, e.g. all counting queries associated with a large family of predicates Q = {q : X ! {0,1}}

14 Noninteractive Data Release: Possibility Male?VH? 011 110 100 111 010 111 Male?VH? 101 111 010 011 110 C “fake” people

15 Noninteractive Data Release: Complexity [Goldwasser-Micali- Rivest `84] Connection to inapproximability [FGLSS `91, ALMSS `92]

16 Noninteractive Data Release: Complexity

17 Traitor-Tracing Schemes [Chor-Fiat-Naor `94] A TT scheme consists of (Gen,Enc,Dec,Trace)… users broadcaster

18 Traitor-Tracing Schemes [Chor-Fiat-Naor `94] A TT scheme consists of (Gen,Enc,Dec,Trace)… users Q: What if some users try to resell the content? pirate decoder broadcaster

19 Traitor-Tracing Schemes [Chor-Fiat-Naor `94] A TT scheme consists of (Gen,Enc,Dec,Trace)… users Q: What if some users try to resell the content? pirate decoder tracer accuse user i A: Some user in the coalition will be traced!

20 Traitor-tracing vs. Differential Privacy [Dwork-Naor-Reingold-Rothblum-Vadhan `09, Ullman `13] Traitor-tracing: Given any algorithm P that has the “functionality” of the user keys, the tracer can identify one of its user keys Differential privacy: There exists an algorithm C(D) that has the “functionality” of the database but no one can identify any of its records Opposites!

21 broadcaster

22 accuse user i

23 Differential Privacy vs. Traitor-Tracing User Keys Ciphertexts Pirate Decoder Tracing Algorithm

24 Noninteractive Data Release: Complexity

25 Noninteractive Data Release: Algorithms

26 How to go beyond synthetic data? Database D Sanitization C

27 Conclusions Differential Privacy has many interesting questions & connections for complexity theory Computationally Bounded Curators Complexity of answering many “simple” queries still unknown. We know even less about complexity of private PAC learning. Computationally Bounded Curators & Multiparty Differential Privacy Connections to communication complexity, randomness extractors, crypto protocols, dense model theorems. Also many basic open problems!

Download ppt "The Complexity of Differential Privacy Salil Vadhan Harvard University TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.:"

Similar presentations

Computational Complexity & Differential Privacy Salil Vadhan Harvard University Joint works with Cynthia Dwork, Kunal Talwar, Andrew McGregor, Ilya Mironov,

Computational Complexity & Differential Privacy Salil Vadhan Harvard University Joint works with Cynthia Dwork, Kunal Talwar, Andrew McGregor, Ilya Mironov,
When Random Sampling Preserves Privacy Kamalika Chaudhuri U.C.Berkeley Nina Mishra U.Virginia.

When Random Sampling Preserves Privacy Kamalika Chaudhuri U.C.Berkeley Nina Mishra U.Virginia.
I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.
Differentially Private Recommendation Systems Jeremiah Blocki Fall 2009 18739A: Foundations of Security and Privacy.

Differentially Private Recommendation Systems Jeremiah Blocki Fall A: Foundations of Security and Privacy.
Computational Complexity & Differential Privacy Salil Vadhan Harvard University Joint works with Cynthia Dwork, Kunal Talwar, Andrew McGregor, Ilya Mironov,

Computational Complexity & Differential Privacy Salil Vadhan Harvard University Joint works with Cynthia Dwork, Kunal Talwar, Andrew McGregor, Ilya Mironov,
Computational Complexity & Differential Privacy Salil Vadhan Harvard University Joint works with Cynthia Dwork, Kunal Talwar, Andrew McGregor, Ilya Mironov,

Computational Complexity & Differential Privacy Salil Vadhan Harvard University Joint works with Cynthia Dwork, Kunal Talwar, Andrew McGregor, Ilya Mironov,
Randomized Sensing in Adversarial Environments Andreas Krause Joint work with Daniel Golovin and Alex Roper International Joint Conference on Artificial.

Randomized Sensing in Adversarial Environments Andreas Krause Joint work with Daniel Golovin and Alex Roper International Joint Conference on Artificial.
Private Analysis of Graph Structure With Vishesh Karwa, Sofya Raskhodnikova and Adam Smith Pennsylvania State University Grigory Yaroslavtsev

Private Analysis of Graph Structure With Vishesh Karwa, Sofya Raskhodnikova and Adam Smith Pennsylvania State University Grigory Yaroslavtsev
Raef Bassily Adam Smith Abhradeep Thakurta Penn State Yahoo! Labs Private Empirical Risk Minimization: Efficient Algorithms and Tight Error Bounds Penn.

Raef Bassily Adam Smith Abhradeep Thakurta Penn State Yahoo! Labs Private Empirical Risk Minimization: Efficient Algorithms and Tight Error Bounds Penn.
By Claudia Fiorini, Enrico Martinelli, Fabio Massacci

By Claudia Fiorini, Enrico Martinelli, Fabio Massacci
Foundations of Privacy Lecture 6 Lecturer: Moni Naor.

Foundations of Privacy Lecture 6 Lecturer: Moni Naor.
The State of the Art Cynthia Dwork, Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A AA A AAA.

The State of the Art Cynthia Dwork, Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A AA A AAA.
Seminar in Foundations of Privacy 1.Adding Consistency to Differential Privacy 2.Attacks on Anonymized Social Networks Inbal Talgam March 2008.

Seminar in Foundations of Privacy 1.Adding Consistency to Differential Privacy 2.Attacks on Anonymized Social Networks Inbal Talgam March 2008.
Kunal Talwar MSR SVC [Dwork, McSherry, Talwar, STOC 2007] TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A AA A.

Kunal Talwar MSR SVC [Dwork, McSherry, Talwar, STOC 2007] TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A AA A.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Differential Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

Differential Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
Sublinear time algorithms Ronitt Rubinfeld Blavatnik School of Computer Science Tel Aviv University TexPoint fonts used in EMF. Read the TexPoint manual.

Sublinear time algorithms Ronitt Rubinfeld Blavatnik School of Computer Science Tel Aviv University TexPoint fonts used in EMF. Read the TexPoint manual.
Foundations of Privacy Lecture 7 Lecturer: Moni Naor.

Foundations of Privacy Lecture 7 Lecturer: Moni Naor.
April 13, 2010 Towards Publishing Recommendation Data With Predictive Anonymization Chih-Cheng Chang †, Brian Thompson †, Hui Wang ‡, Danfeng Yao † †‡

April 13, 2010 Towards Publishing Recommendation Data With Predictive Anonymization Chih-Cheng Chang †, Brian Thompson †, Hui Wang ‡, Danfeng Yao † †‡
Privacy without Noise Yitao Duan NetEase Youdao R&D Beijing China CIKM 2009.

Privacy without Noise Yitao Duan NetEase Youdao R&D Beijing China CIKM 2009.

Similar presentations

Ads by Google