• Corpus ID: 239009825

The Privacy-preserving Padding Problem: Non-negative Mechanisms for Conservative Answers with Differential Privacy

  title={The Privacy-preserving Padding Problem: Non-negative Mechanisms for Conservative Answers with Differential Privacy},
  author={Benjamin M. Case and James Honaker and Mahnush Movahedi},
Differentially private noise mechanisms commonly use symmetric noise distributions. This is attractive both for achieving the differential privacy definition, and for unbiased expectations in the noised answers. However, there are contexts in which a noisy answer only has utility if it is conservative, that is, has known-signed error, which we call a padded answer. Seemingly, it is paradoxical to satisfy the DP definition with one-sided error, but we show how it is possible to bury the paradox… 

Figures from this paper


Privacy-Preserving Randomized Controlled Trials: A Protocol for Industry Scale Deployment
This paper outlines a way to deploy an end-to-end privacy-preserving protocol for learning causal effects from Randomized Controlled Trials, particularly focused on the difficult and important case where one party determines which treatment an individual receives, and another party measures outcomes on individuals, and these parties do not want to leak any of their information to each other.
Vlaskin, “Private matching for compute.
  • IACR Cryptol. ePrint Arch.,
  • 2020
Comparison of poisson-gamma and laplace mechanisms for differential privacy
  • 2021 Workshop on Theory and Practice of Differential Privacy, 2021.
  • 2021
Generating Poisson‐distributed differentially private synthetic data
  • Harrison S. Quick
  • Mathematics, Computer Science
    Journal of the Royal Statistical Society: Series A (Statistics in Society)
  • 2021
The objective for this paper is to help bridge the gap between the disease mapping and the formal privacy literatures by extending an existing approach for generating formally private synthetic data to the case of Poisson-distributed count data in a way that allows for the infusion of prior information.
Improving the Utility of Poisson-Distributed, Differentially Private Synthetic Data via Prior Predictive Truncation with an Application to CDC WONDER
CDC WONDER is a web-based tool for the dissemination of epidemiologic data collected by the National Vital Statistics System. While CDC WONDER has built-in privacy protections, they do not satisfy
Multi-key Private Matching for Compute
An extension to the Private-ID protocol is introduced which outputs a full outer join of two datasets by a match logic that can join rows containing multiple identifiers.
Private Set Operations from Oblivious Switching
This paper introduces a new approach for computing arbitrary functions of the intersection, provided that it is safe to also reveal the cardinality of the intersections, and shows how private set union can be used in a simple way to realize the “Private-ID” functionality suggested by Buddhavarapu et al. (ePrint 2020).
εpsolute: Efficiently Querying Databases While Providing Differential Privacy
This work presents a model for differentially private outsourced database system and a concrete construction, εpsolute, that provably conceals the aforementioned leakages, while remaining efficient and scalable, and provides strong security and privacy guarantees.
On Deploying Secure Computing: Private Intersection-Sum-with-Cardinality
  • M. Ion, Ben Kreuter, +6 authors M. Yung
  • Computer Science
    2020 IEEE European Symposium on Security and Privacy (EuroS&P)
  • 2020
Three PI-Sum with cardinality protocols are presented: the currently deployed protocol, which relies on a Diffie-Hellman style double masking, and two new protocols which leverage more recent techniques for private set intersection (PSI) that use Random Oblivious Transfer and encrypted Bloom filters.
Private Matching for Compute
This work revisits the problem of two-party private set intersection for aggregate computation and introduces two new formulations of the private matching for compute problem, called private-ID and streaming private secret shared set intersection (PSI), and design new DDH-based constructions for both.