Smooth Sensitivity for Geo-Privacy
CoRR(2024)
摘要
Suppose each user i holds a private value x_i in some metric space (U,
dist), and an untrusted data analyst wishes to compute ∑_i
f(x_i) for some function f : U →ℝ by asking each user to
send in a privatized f(x_i). This is a fundamental problem in
privacy-preserving population analytics, and the local model of differential
privacy (LDP) is the predominant model under which the problem has been
studied. However, LDP requires any two different x_i, x'_i to be
ε-distinguishable, which can be overly strong for
geometric/numerical data. On the other hand, Geo-Privacy (GP) stipulates that
the level of distinguishability be proportional to dist(x_i, x_i'),
providing an attractive alternative notion of personal data privacy in a metric
space. However, existing GP mechanisms for this problem, which add a uniform
noise to either x_i or f(x_i), are not satisfactory. In this paper, we
generalize the smooth sensitivity framework from Differential Privacy to
Geo-Privacy, which allows us to add noise tailored to the hardness of the given
instance. We provide definitions, mechanisms, and a generic procedure for
computing the smooth sensitivity under GP equipped with a general metric. Then
we present three applications: one-way and two-way threshold functions, and
Gaussian kernel density estimation, to demonstrate the applicability and
utility of our smooth sensitivity framework.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要