approximate privacy: foundations and quantification
DESCRIPTION
Approximate Privacy: Foundations and Quantification. Michael Schapira (Yale and UC Berkeley) Joint work with Joan Feigenbaum (Yale) and Aaron D. Jaggard (DIMACS). Starting Point: Agents’ Privacy in MD. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/1.jpg)
Approximate Privacy:Foundations and
Quantification
Michael Schapira
(Yale and UC Berkeley)
Joint work with Joan Feigenbaum (Yale) and Aaron D. Jaggard (DIMACS)
![Page 2: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/2.jpg)
Starting Point: Agents’ Privacy in MD
• Traditional goal of mechanism design: Incent agents to reveal private information that is needed to compute “good” outcomes.
• Complementary, newly important goal: Enable agents not to reveal private information that is not needed to compute “good” outcomes.
• Example (Naor-Pinkas-Sumner, EC ’99): It’s undesirable for the auctioneer to learn the winning bid in a 2nd–price Vickrey auction.
![Page 3: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/3.jpg)
Privacy is Important!• Sensitive Information: Information that can
harm data subjects, data owners, or data users, if it is mishandled
• There’s a lot more of it than there used to be!– Increased use of computers and networks– Increased processing power and algorithmic knowledge Decreased storage costs
• “Mishandling” can be very harmful.− ID theft− Loss of employment or insurance− “You already have zero privacy. Get over it.”
(Scott McNealy, 1999)
![Page 4: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/4.jpg)
Private, MultipartyFunction Evaluation
. . .
x1
x2
x 3 x n-1
x n
y = f (x 1, …, x n)
• Each i learns y.
• No i can learn anything about xj
(except what he can infer from xi and y ).
• Very general positive results.
![Page 5: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/5.jpg)
Drawbacks of PMFE Protocols
• Information-theoretically private MFE: Requires that a substantial fraction of the agents be obedient rather than strategic.
• Cryptographically private MFE: Requires (plausible but) currently unprovable complexity-theoretic assumptions and (usually) heavy communication overhead.– Not used in many real-life environments
• Brandt and Sandholm (TISSEC ’08): Which auctions of interest are unconditionally privately computable?
![Page 6: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/6.jpg)
Minimum Knowledge Requirements for 2nd–Price
Auction
2, 1
winnerprice
2, 01, 0
1, 1
1, 2 2, 2
1, 3
0
1
2
3
bidder 1
bidder 2
PerfectPrivacy
Auctioneer learns only whichregion corresponds to the bids.
≈
0 1 2 3
input(2,0)
![Page 7: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/7.jpg)
Ascending-Price English Auction
0
1
2
3
0 1 2 3
Same execution for the inputs (1,1), (2,1), and (3,1)
bidder 1
bidder 2
![Page 8: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/8.jpg)
Perfect Privacy for 2nd–Price Auction
[Brandt and Sandholm (TISSEC ’08)]
• The ascending-price, English-auction protocol is perfectly private.
It is essentially the only perfectly private protocol for 2nd–price auctions.
• Note the exponential communication cost of perfect privacy!
![Page 9: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/9.jpg)
Worse Yet…(The Millionaires’ Problem)
0
1
2
3
0 1 2 3
millionaire 1
x1
f(x1,x2) = 1 if x1 ≥ x2 ; else f(x1,x2) = 2
millionaire 2
x2
The Millionaires’ Problem is not perfectly privately computable. [Kushilevitz (SJDM ’92)]
![Page 10: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/10.jpg)
So, What Can We Do?
• Insist on achieving perfect privacy.– sometimes there is no reasonable
alternative– can be costly (communication, PKI, etc.)
• Treat privacy as a design goal.– alongside complexity, optimization, etc.
• We need a way to quantify privacy.
![Page 11: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/11.jpg)
Privacy Approximation Ratios (PARs)
• Intutitively, captures the indistinguishability of inputs.
– natural first step– general distributed function computation
• Other possible definitions:– Semantic (context-specific)– Entropy-based
![Page 12: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/12.jpg)
Outline• Background
– Two-party communication (Yao)– “Tiling” characterization of privately computable
functions (Chor + Kushilevitz)
• Privacy Approximation Ratios (PARs)
• Bisection auction protocol: exponential gap between worst-case and average-case PARs
• Summary of Our Results
• Open Problems
![Page 13: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/13.jpg)
Two-party Communication Model
f: {0,1}k x {0,1}k {0,1}m
Party 1 Party 2
qj {0,1}is a functionof (q1, …, qj-1)
and one player’s
private input.
s(x1,x2) = (q1,…,qr)Δ
qr = f(x1, x2)
qr-1
•••
q2
q1
x1 {0, 1}k x2 {0, 1}k
![Page 14: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/14.jpg)
Example: Millionaires’ Problem
0
1
2
3
0 1 2 3
millionaire 1
millionaire 2
A(f)
f(x1,x2) = 1 if x1 ≥ x2 ; else f(x1,x2) = 2
1
1
1
1
1
1 1
1 1 1
2 2 2
2 2
2
![Page 15: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/15.jpg)
Monochromatic Tilings
• A region of A(f) is any subset of entries (not necessarily a submatrix).A partition of A(f) is a set of disjoint regions whose union is A(f).
• A rectangle in A(f) is a submatrix.A tiling is a partition into rectangles.
• Monochromatic regions and partitions
![Page 16: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/16.jpg)
Bisection Protocol
0
1
2
3
0 1 2 3
In each round, a player “bisects” an interval.
Example: f(2,3)
A communication protocol “zeroes in” on a monochromatic rectangle.
millionaire 1
millionaire 2
![Page 17: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/17.jpg)
Perfectly Private Protocols
• Protocol P for f is perfectly private with respect to party 1 if
f(x1, x2) = f(x’1, x2) s(x1, x2) = s(x’1, x2)
• Similarly, perfectly private wrt party 2
• P achieves perfect subjective privacy if it is perfectly private wrt both parties.
• P achieves perfect objective privacy if f(x1, x2) = f(x’1, x’2) s(x1, x2) = s(x’1, x’2)
![Page 18: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/18.jpg)
Ideal Monochromatic Partitions
• The ideal monochromatic partition of A(f) consists of the maximal monochromatic regions.
• This partition is unique.
0
1
2
3
0 1 2 31
1
1
1
1
1 1
1 1 1
2 2 2
2 2
2
![Page 19: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/19.jpg)
Characterization of Perfect Privacy
• Protocol P for f is perfectly privacy-preserving iff the tiling induced by P is the ideal monochromatic partition of A(f).
2, 1
winnerprice
2, 01, 0
1, 1
1, 2 2, 2
1, 3
0
1
2
3
bidder 1
bidder 2 0 1 2 3
![Page 20: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/20.jpg)
Objective PAR (1)
• Privacy with respect to an outside observer– e.g., auctioneer
• Worst-case objective PAR of protocol P for function f:
• Worst-case PAR of f is the minimum, over all P for f, of worst-case PAR of P.
|R (x1, x2)|
|R (x1, x2)|
I
P
MAX (x1, x2)
![Page 21: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/21.jpg)
Objective PAR (2)• Average-case objective PAR of P for f
wrt distribution D on {0,1}k x {0,1}k :
• Average-case PAR of f is the minimum, over all P for f, of average-case PAR of P.
|R (x1, x2)|
|R (x1, x2)|
I
PED [ ]
![Page 22: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/22.jpg)
Bisection Auction Protocol (BAP)
[Grigorieva, Herings, Muller, & Vermeulen (ORL’06)]
• Bisection protocol on [0,2k-1] to find an interval [L,H] that contains lower bid but not higher bid.
• Bisection protocol on [L,H] to find lower bid p.
• Sell the item to higher bidder for price p.
![Page 23: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/23.jpg)
0 1 2 3 4 5 6 7
0
1
2
3
4
5
6
7
Bisection Auction Protocol (BAP)
A(f)
Example: f(7, 4)
bidder 1
bidder 2
![Page 24: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/24.jpg)
Objective PARs for BAP(k)
• Theorem: Average-case objective PAR of BAP(k) with respect to the uniform distribution is +1.
• Observation: Worst-case objective PAR of BAP(k) is at least 2 .
• Conjecture: The average-case objective PAR of 2nd-Price-Auction(k) is linear in k wrt all distributions.
k
k/2
2
![Page 25: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/25.jpg)
Proof (1)
The monochromatic tiling induced by the Bisection Auction Protocol for k=4
• ak = number of rectangles in induced tiling for BAP(k).
• a0=1, ak = 2ak-1+2k
ak = (k+1)2k
2k-1
2k-1
2k-100
2k-1
Δ
![Page 26: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/26.jpg)
Proof (2)
• R = {R1,…,Ra } is the set of rectangles in the BAP(k) tiling
• RI = rectangle in the ideal partition that contains Rs
• js = 2k - |RI|
• bk = R js
Δ
Δ
Δ
Δ
s
s
s
k
![Page 27: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/27.jpg)
Proof (3)
PAR =
= =
122k
(x1,x2)
|RI(x1,x2)|
|RBAP(k)(x1,x2)|
122k
Rs
|RI|
|Rs|
s .|Rs|122k
Rs
s|RI|
(+)
contribution to (+)
of one (x1,x2) in Rs
number of (x1,x2)’s in Rs
![Page 28: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/28.jpg)
Proof (4)
The monochromatic tiling induced by the Bisection Auction Protocol for k=4
• bk = bk-1+(bk-1+ak-12k-1)
+ ( i ) + ( i )
• b0=0, bk =2bk-1+(k+1)22(k-1)
bk = k22k-1
2k-1
2k-1
2k-100
2k-1
i=0
2k-1-1
i=1
2k-1
![Page 29: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/29.jpg)
Proof (5)
= (2k-js)
= (ak2k-bk)
= ( (k+1)22k- k22k-1 )
= k+1-
= + 1
122k s|RI| 1
22k
122k
122k
k2
k2
QED
![Page 30: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/30.jpg)
Bounded Bisection Auction Protocol (BBAP)
BBAP(r):
• Do (at most) r bisection steps.
• If the winner is still unknown, run the ascending English auction protocol on the remaining interval.
• Ascending auction protocol: BBAP(0)Bisection auction protocol: BBAP(k)
![Page 31: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/31.jpg)
Average-Case Objective PARs for 2nd-price Auction Protocols
English Auction 1
Bounded Bisection Auction, r=1 7 – 1
Bounded Bisection Auction, r=2 19 - 3 k+1
Bounded Bisection Auction, r=3 47 – 7 k+1
Bounded Bisection Auction, general r’s
(1+r)
Bisection Auction k
Sealed-Bid Auction 2k+1 + 1
4 2k+1
8 2
16 2
2
+1
3
(3*2k)
![Page 32: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/32.jpg)
Subjective PARs
• Objective privacy = privacy wrt an outside observer
• Subjective privacy =privacy wrt the other party
• In the millionaires’ problems we (mainly) care about subjective privacy.
• Similar definitions.
![Page 33: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/33.jpg)
Subjective PARs (1)
• The 1-partition of region R in matrix A(f):
{ Rx1 = {x1} x {x2 s.t. (x1, x2) R} }
(similarly, 2-partition)
• The i-induced tiling of protocol P for f is obtained by i-partitioning each rectangle in the tiling induced by P.
• The i-ideal monochromatic partition of A(f) is obtained by i-partitioning each region in the ideal monochromatic partition of A(f).
![Page 34: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/34.jpg)
(Ri defined analogously for protocol P)
P
Subjective PARs (1)The 1-partition of region R in matrix A(f):
{ Rx1 = {x1} x {x2 s.t. (x1, x2) R} }
(similarly, 2-partition)
0
1
2
3
0 1 2 3
millionaire 1
millionaire 2
I I
I IR1 (0, 1) = R1 (0, 2) = R1 (0, 3)I
R1 (1, 2) = R1 (1, 3)
![Page 35: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/35.jpg)
Subjective PARs (2)• Worst-case PAR of protocol P for f wrt
i:
• Worst-case subjective PAR of P for f: maximize over i {1, 2}
• Worst-case subjective PAR of f: minimize over P
• Average-case subjective PAR wrt distribution D: use ED instead of MAX
|Ri (x1, x2)|
|Ri (x1, x2)|
I
P
MAX(x1, x2)
![Page 36: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/36.jpg)
Average-Case PARs for the Millionaires Problem
2
+1
Obj. PAR Subj. PAR
Any protocol ≥ 2k - + 2-
(k+1)
Bisection Protocol
3*2k-1 - k
2
1
2
1
![Page 37: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/37.jpg)
Other Results• More PARs for these problems.
• PARs of other problems– public-good – truthful-public-good [Babaioff-Blumrosen-Naor-Schapira]
– set-disjointness – set-intersection
• Other notions of privacy: first steps– Semantic definitions
( What is better, {1, 8} or {4, 5} ? )– Entropy-based definitions
![Page 38: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/38.jpg)
Open Problems• Upper bounds on non-uniform average-case
PARs– Prove/refute our conjecture!
• Lower bounds on average-case PARs
• PARs of other functions of interest
• Extension to n-party case
• Other definitions of PAR– We take first steps in this direction.
• Relationship between PARs and h-privacy [Bar-Yehuda, Chor, Kushilevitz, and Orlitsky (IEEE-IT ’93)]
![Page 39: Approximate Privacy: Foundations and Quantification](https://reader035.vdocuments.net/reader035/viewer/2022062803/56814643550346895db34dc3/html5/thumbnails/39.jpg)
Thank You