Universal Optimality and Robust Utility Bounds for Metric Differential Privacy

by   Natasha Fernandes, et al.

We study the privacy-utility trade-off in the context of metric differential privacy. Ghosh et al. introduced the idea of universal optimality to characterise the best mechanism for a certain query that simultaneously satisfies (a fixed) ϵ-differential privacy constraint whilst at the same time providing better utility compared to any other ϵ-differentially private mechanism for the same query. They showed that the Geometric mechanism is "universally optimal" for the class of counting queries. On the other hand, Brenner and Nissim showed that outside the space of counting queries, and for the Bayes risk loss function, no such universally optimal mechanisms exist. In this paper we use metric differential privacy and quantitative information flow as the fundamental principle for studying universal optimality. Metric differential privacy is a generalisation of both standard (i.e., central) differential privacy and local differential privacy, and it is increasingly being used in various application domains, for instance in location privacy and in privacy preserving machine learning. Using this framework we are able to clarify Nissim and Brenner's negative results, showing (a) that in fact all privacy types contain optimal mechanisms relative to certain kinds of non-trivial loss functions, and (b) extending and generalising their negative results beyond Bayes risk specifically to a wide class of non-trivial loss functions. We also propose weaker universal benchmarks of utility called "privacy type capacities". We show that such capacities always exist and can be computed using a convex optimisation algorithm.


The Laplace Mechanism has optimal utility for differential privacy over continuous queries

Differential Privacy protects individuals' data when statistical queries...

Assessing differentially private deep learning with Membership Inference

Releasing data in the form of trained neural networks with differential ...

What Our Choices Say About Our Preferences?

Taking online decisions is a part of everyday life. Think of buying a ho...

Differential Privacy for Eye Tracking with Temporal Correlations

Head mounted displays bring eye tracking into daily use and this raises ...

Generalised Differential Privacy for Text Document Processing

We address the problem of how to "obfuscate" texts by removing stylistic...

Design of Algorithms under Policy-Aware Local Differential Privacy: Utility-Privacy Trade-offs

Local differential privacy (LDP) enables private data sharing and analyt...

Please sign up or login with your details

Forgot password? Click here to reset