Restricted Local Differential Privacy for Distribution Estimation with High Data Utility

by   Takao Murakami, et al.

LDP (Local Differential Privacy) has recently attracted much attention as a privacy metric in the local model, in which each user obfuscates her own personal data by herself and the data collector estimates the statistics of the personal data such as a distribution underlying the data. LDP provides a privacy guarantee against adversaries with arbitrary background knowledge, and does not suffer from the data leakage. However, it regards all of the personal data as equally sensitive, which can cause the loss of data utility. In this paper, we introduce the concept of RLDP (Restricted Local Differential Privacy), which provides a privacy guarantee equivalent to LDP only for sensitive data. We first consider the case in which all users use the same obfuscation mechanism, and propose two mechanisms providing RLDP: a restricted RR (Randomized Response) and restricted RAPPOR. We then consider the case in which a mechanism is different from user to user, and propose a personalized restricted mechanism with semantic tags to keep secret what is sensitive for each user while keeping high data utility. We theoretically analyze the data utility of our mechanisms, and prove that our mechanisms provide much higher data utility than the existing mechanisms providing LDP. We also prove that our mechanisms provide almost the same data utility as a non-private mechanism that does not obfuscate the personal data when the privacy budget is epsilon = ln |X|, where X is the set of personal data. We finally show that our mechanisms outperform the existing mechanisms by one or two orders of magnitude using two large-scale datasets.


page 1

page 2

page 3

page 4


Utility-Optimized Local Differential Privacy Mechanisms for Distribution Estimation

LDP (Local Differential Privacy) has been widely studied to estimate sta...

Toward Evaluating Re-identification Risks in the Local Privacy Model

LDP (Local Differential Privacy) has recently attracted much attention a...

Locality Sensitive Hashing with Extended Differential Privacy

Extended differential privacy, a generalization of standard differential...

Pufferfish Privacy Mechanisms for Correlated Data

Many modern databases include personal and sensitive correlated data, su...

BRR: Preserving Privacy of Text Data Efficiently on Device

With the use of personal devices connected to the Internet for tasks suc...

Lclean: A Plausible Approach to Individual Trajectory Data Sanitization

In recent years, with the continuous development of significant data ind...

the Connection between Cryptography and Differential Privacy: a Survey

Due to the successful application of data analysis technology in many fi...

Please sign up or login with your details

Forgot password? Click here to reset