Differential Privacy at Risk: Bridging Randomness and Privacy Budget - Archive ouverte HAL Access content directly
Journal Articles Proceedings on Privacy Enhancing Technologies Year : 2021

Differential Privacy at Risk: Bridging Randomness and Privacy Budget

(1) , (2) , (3)
1
2
3
Ashish Dandekar
  • Function : Author
  • PersonId : 1077491

Abstract

The calibration of noise for a privacy-preserving mechanism depends on the sensitivity of the query and the prescribed privacy level. A data steward must make the non-trivial choice of a privacy level that balances the requirements of users and the monetary constraints of the business entity. Firstly, we analyse roles of the sources of randomness, namely the explicit randomness induced by the noise distribution and the implicit randomness induced by the data-generation distribution, that are involved in the design of a privacy-preserving mechanism. The finer analysis enables us to provide stronger privacy guarantees with quantifiable risks. Thus, we propose privacy at risk that is a probabilistic calibration of privacy-preserving mechanisms. We provide a composition theorem that leverages privacy at risk. We instantiate the probabilistic calibration for the Laplace mechanism by providing analytical results. Secondly, we propose a cost model that bridges the gap between the privacy level and the compensation budget estimated by a GDPR compliant business entity. The convexity of the proposed cost model leads to a unique fine-tuning of privacy level that minimises the compensation budget. We show its effectiveness by illustrating a realistic scenario that avoids overestimation of the compensation budget by using privacy at risk for the Laplace mechanism. We quantitatively show that composition using the cost optimal privacy at risk provides stronger privacy guarantee than the classical advanced composition. Although the illustration is specific to the chosen cost model, it naturally extends to any convex cost model. We also provide realistic illustrations of how a data steward uses privacy at risk to balance the trade-off between utility and privacy.
Fichier principal
Vignette du fichier
popets.pdf (741.14 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-02942997 , version 1 (18-09-2020)

Identifiers

Cite

Ashish Dandekar, Debabrota Basu, Stéphane Bressan. Differential Privacy at Risk: Bridging Randomness and Privacy Budget. Proceedings on Privacy Enhancing Technologies, 2021, 2021 (1), pp.64-84. ⟨10.2478/popets-2021-0005⟩. ⟨hal-02942997⟩
63 View
170 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More