Differentially Private Release and Learning of Threshold Functions
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
The Limits of Post-Selection Generalization
The Limits of Post-Selection Generalization Kobbi Nissim∗ Adam Smithy Thomas Steinke Georgetown University Boston University IBM Research – Almaden [email protected] [email protected] [email protected] Uri Stemmerz Jonathan Ullmanx Ben-Gurion University Northeastern University [email protected] [email protected] Abstract While statistics and machine learning offers numerous methods for ensuring gener- alization, these methods often fail in the presence of post selection—the common practice in which the choice of analysis depends on previous interactions with the same dataset. A recent line of work has introduced powerful, general purpose algorithms that ensure a property called post hoc generalization (Cummings et al., COLT’16), which says that no person when given the output of the algorithm should be able to find any statistic for which the data differs significantly from the population it came from. In this work we show several limitations on the power of algorithms satisfying post hoc generalization. First, we show a tight lower bound on the error of any algorithm that satisfies post hoc generalization and answers adaptively chosen statistical queries, showing a strong barrier to progress in post selection data analysis. Second, we show that post hoc generalization is not closed under composition, despite many examples of such algorithms exhibiting strong composition properties. 1 Introduction Consider a dataset X consisting of n independent samples from some unknown population P. How can we ensure that the conclusions drawn from X generalize to the population P? Despite decades of research in statistics and machine learning on methods for ensuring generalization, there is an increased recognition that many scientific findings do not generalize, with some even declaring this to be a “statistical crisis in science” [14]. -
The Computational Complexity of Nash Equilibria in Concisely Represented Games∗
The Computational Complexity of Nash Equilibria in Concisely Represented Games¤ Grant R. Schoenebeck y Salil P. Vadhanz August 26, 2009 Abstract Games may be represented in many di®erent ways, and di®erent representations of games a®ect the complexity of problems associated with games, such as ¯nding a Nash equilibrium. The traditional method of representing a game is to explicitly list all the payo®s, but this incurs an exponential blowup as the number of agents grows. We study two models of concisely represented games: circuit games, where the payo®s are computed by a given boolean circuit, and graph games, where each agent's payo® is a function of only the strategies played by its neighbors in a given graph. For these two models, we study the complexity of four questions: determining if a given strategy is a Nash equilibrium, ¯nding a Nash equilibrium, determining if there exists a pure Nash equilibrium, and determining if there exists a Nash equilibrium in which the payo®s to a player meet some given guarantees. In many cases, we obtain tight results, showing that the problems are complete for various complexity classes. 1 Introduction In recent years, there has been a surge of interest at the interface between computer science and game theory. On one hand, game theory and its notions of equilibria provide a rich framework for modeling the behavior of sel¯sh agents in the kinds of distributed or networked environments that often arise in computer science and o®er mechanisms to achieve e±cient and desirable global outcomes in spite of the sel¯sh behavior. -
Individuals and Privacy in the Eye of Data Analysis
Individuals and Privacy in the Eye of Data Analysis Thesis submitted in partial fulfillment of the requirements for the degree of “DOCTOR OF PHILOSOPHY” by Uri Stemmer Submitted to the Senate of Ben-Gurion University of the Negev October 2016 Beer-Sheva This work was carried out under the supervision of Prof. Amos Beimel and Prof. Kobbi Nissim In the Department of Computer Science Faculty of Natural Sciences Acknowledgments I could not have asked for better advisors. I will be forever grateful for their close guidance, their constant encouragement, and the warm shelter they provided. Without them, this thesis could have never begun. I have been fortunate to work with Raef Bassily, Amos Beimel, Mark Bun, Kobbi Nissim, Adam Smith, Thomas Steinke, Jonathan Ullman, and Salil Vadhan. I enjoyed working with them all, and I thank them for everything they have taught me. iii Contents Acknowledgments . iii Contents . iv List of Figures . vi Abstract . vii 1 Introduction1 1.1 Differential Privacy . .2 1.2 The Sample Complexity of Private Learning . .3 1.3 Our Contributions . .5 1.4 Additional Contributions . 10 2 Related Literature 15 2.1 The Computational Price of Differential Privacy . 15 2.2 Interactive Query Release . 18 2.3 Answering Adaptively Chosen Statistical Queries . 19 2.4 Other Related Work . 21 3 Background and Preliminaries 22 3.1 Differential privacy . 22 3.2 Preliminaries from Learning Theory . 24 3.3 Generalization Bounds for Points and Thresholds . 29 3.4 Private Learning . 30 3.5 Basic Differentially Private Mechanisms . 31 3.6 Concentration Bounds . 33 4 The Generalization Properties of Differential Privacy 34 4.1 Main Results . -
Calibrating Noise to Sensitivity in Private Data Analysis
Calibrating Noise to Sensitivity in Private Data Analysis Cynthia Dwork1, Frank McSherry1, Kobbi Nissim2, and Adam Smith3? 1 Microsoft Research, Silicon Valley. {dwork,mcsherry}@microsoft.com 2 Ben-Gurion University. [email protected] 3 Weizmann Institute of Science. [email protected] Abstract. We continue a line of research initiated in [10, 11] on privacy- preserving statistical databases. Consider a trusted server that holds a database of sensitive information. Given a query function f mapping databases to reals, the so-called true answer is the result of applying f to the database. To protect privacy, the true answer is perturbed by the addition of random noise generated according to a carefully chosen distribution, and this response, the true answer plus noise, is returned to the user. Previous work focused on the case of noisy sums, in which f = P i g(xi), where xi denotes the ith row of the database and g maps database rows to [0, 1]. We extend the study to general functions f, proving that privacy can be preserved by calibrating the standard devi- ation of the noise according to the sensitivity of the function f. Roughly speaking, this is the amount that any single argument to f can change its output. The new analysis shows that for several particular applications substantially less noise is needed than was previously understood to be the case. The first step is a very clean characterization of privacy in terms of indistinguishability of transcripts. Additionally, we obtain separation re- sults showing the increased value of interactive sanitization mechanisms over non-interactive. -
Pseudodistributions That Beat All Pseudorandom Generators
Electronic Colloquium on Computational Complexity, Report No. 19 (2021) Pseudodistributions That Beat All Pseudorandom Generators Edward Pyne∗ Salil Vadhany Harvard University Harvard University [email protected] [email protected] February 17, 2021 Abstract A recent paper of Braverman, Cohen, and Garg (STOC 2018) introduced the concept of a pseudorandom pseudodistribution generator (PRPG), which amounts to a pseudorandom gen- erator (PRG) whose outputs are accompanied with real coefficients that scale the acceptance probabilities of any potential distinguisher. They gave an explicit construction of PRPGs for ordered branching programs whose seed length has a better dependence on the error parameter " than the classic PRG construction of Nisan (STOC 1990 and Combinatorica 1992). In this work, we give an explicit construction of PRPGs that achieve parameters that are impossible to achieve by a PRG. In particular, we construct a PRPG for ordered permuta- tion branching programs of unbounded width with a single accept state that has seed length O~(log3=2 n) for error parameter " = 1= poly(n), where n is the input length. In contrast, re- cent work of Hoza et al. (ITCS 2021) shows that any PRG for this model requires seed length Ω(log2 n) to achieve error " = 1= poly(n). As a corollary, we obtain explicit PRPGs with seed length O~(log3=2 n) and error " = 1= poly(n) for ordered permutation branching programs of width w = poly(n) with an arbi- trary number of accept states. Previously, seed length o(log2 n) was only known when both the width and the reciprocal of the error are subpolynomial, i.e. -
Hardness of Non-Interactive Differential Privacy from One-Way
Hardness of Non-Interactive Differential Privacy from One-Way Functions Lucas Kowalczyk* Tal Malkin† Jonathan Ullman‡ Daniel Wichs§ May 30, 2018 Abstract A central challenge in differential privacy is to design computationally efficient non-interactive algorithms that can answer large numbers of statistical queries on a sensitive dataset. That is, we would like to design a differentially private algorithm that takes a dataset D Xn consisting of 2 some small number of elements n from some large data universe X, and efficiently outputs a summary that allows a user to efficiently obtain an answer to any query in some large family Q. Ignoring computational constraints, this problem can be solved even when X and Q are exponentially large and n is just a small polynomial; however, all algorithms with remotely similar guarantees run in exponential time. There have been several results showing that, under the strong assumption of indistinguishability obfuscation (iO), no efficient differentially private algorithm exists when X and Q can be exponentially large. However, there are no strong separations between information-theoretic and computationally efficient differentially private algorithms under any standard complexity assumption. In this work we show that, if one-way functions exist, there is no general purpose differen- tially private algorithm that works when X and Q are exponentially large, and n is an arbitrary polynomial. In fact, we show that this result holds even if X is just subexponentially large (assuming only polynomially-hard one-way functions). This result solves an open problem posed by Vadhan in his recent survey [Vad16]. *Columbia University Department of Computer Science. -
Differential Privacy, Property Testing, and Perturbations
Differential Privacy, Property Testing, and Perturbations by Audra McMillan A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Mathematics) in The University of Michigan 2018 Doctoral Committee: Professor Anna Gilbert, Chair Professor Selim Esedoglu Professor John Schotland Associate Professor Ambuj Tewari Audra McMillan [email protected] ORCID iD: 0000-0003-4231-6110 c Audra McMillan 2018 ACKNOWLEDGEMENTS First and foremost, I would like to thank my advisor, Anna Gilbert. Anna managed to strike the balance between support and freedom that is the goal of many advisors. I always felt that she believed in my ideas and I am a better, more confident researcher because of her. I was fortunate to have a large number of pseudo-advisors during my graduate ca- reer. Martin Strauss, Adam Smith, and Jacob Abernethy deserve special mention. Martin guided me through the early stages of my graduate career and helped me make the tran- sition into more applied research. Martin was the first to suggest that I work on privacy. He taught me that interesting problems and socially-conscious research are not mutually exclusive. Adam Smith hosted me during what became my favourite summer of graduate school. I published my first paper with Adam, which he tirelessly guided towards a pub- lishable version. He has continued to be my guide in the differential privacy community, introducing me to the right people and the right problems. Jacob Abernethy taught me much of what I know about machine learning. He also taught me the importance of being flexible in my research and that research is as much as about exploration as it is about solving a pre-specified problem. -
Zero Knowledge and Soundness Are Symmetric∗
Zero Knowledge and Soundness are Symmetric∗ Shien Jin Ong Salil Vadhan Division of Engineering and Applied Sciences Harvard University Cambridge, Massachusetts, USA. E-mail: {shienjin,salil}@eecs.harvard.edu November 14, 2006 Abstract We give a complexity-theoretic characterization of the class of problems in NP having zero- knowledge argument systems that is symmetric in its treatment of the zero knowledge and the soundness conditions. From this, we deduce that the class of problems in NP ∩ coNP having zero-knowledge arguments is closed under complement. Furthermore, we show that a problem in NP has a statistical zero-knowledge argument system if and only if its complement has a computational zero-knowledge proof system. What is novel about these results is that they are unconditional, i.e. do not rely on unproven complexity assumptions such as the existence of one-way functions. Our characterization of zero-knowledge arguments also enables us to prove a variety of other unconditional results about the class of problems in NP having zero-knowledge arguments, such as equivalences between honest-verifier and malicious-verifier zero knowledge, private coins and public coins, inefficient provers and efficient provers, and non-black-box simulation and black-box simulation. Previously, such results were only known unconditionally for zero-knowledge proof systems, or under the assumption that one-way functions exist for zero-knowledge argument systems. Keywords: zero-knowledge argument systems, statistical zero knowledge, complexity classes, clo- sure under complement, distributional one-way functions. ∗Both the authors were supported by NSF grant CNS-0430336 and ONR grant N00014-04-1-0478. -
Amicus Brief of Data Privacy Experts
Case 3:21-cv-00211-RAH-ECM-KCN Document 99-1 Filed 04/23/21 Page 1 of 27 EXHIBIT A Case 3:21-cv-00211-RAH-ECM-KCN Document 99-1 Filed 04/23/21 Page 2 of 27 UNITED STATES DISTRICT COURT FOR THE MIDDLE DISTRICT OF ALABAMA EASTERN DIVISION THE STATE OF ALABAMA, et al., ) ) Plaintiffs, ) ) v. ) Civil Action No. ) 3:21-CV-211-RAH UNITED STATES DEPARTMENT OF ) COMMERCE, et al., ) ) Defendants. ) AMICUS BRIEF OF DATA PRIVACY EXPERTS Ryan Calo Deirdre K. Mulligan Ran Canetti Omer Reingold Aloni Cohen Aaron Roth Cynthia Dwork Guy N. Rothblum Roxana Geambasu Aleksandra (Seša) Slavkovic Somesh Jha Adam Smith Nitin Kohli Kunal Talwar Aleksandra Korolova Salil Vadhan Jing Lei Larry Wasserman Katrina Ligett Daniel J. Weitzner Shannon L. Holliday Michael B. Jones (ASB-5440-Y77S) Georgia Bar No. 721264 COPELAND, FRANCO, SCREWS [email protected] & GILL, P.A. BONDURANT MIXSON & P.O. Box 347 ELMORE, LLP Montgomery, AL 36101-0347 1201 West Peachtree Street, NW Suite 3900 Atlanta, GA 30309 Counsel for the Data Privacy Experts #3205841v1 Case 3:21-cv-00211-RAH-ECM-KCN Document 99-1 Filed 04/23/21 Page 3 of 27 TABLE OF CONTENTS STATEMENT OF INTEREST ..................................................................................... 1 SUMMARY OF ARGUMENT .................................................................................... 1 ARGUMENT ................................................................................................................. 2 I. Reconstruction attacks Are Real and Put the Confidentiality of Individuals Whose Data are Reflected -
Calibrating Noise to Sensitivity in Private Data Analysis
Calibrating Noise to Sensitivity in Private Data Analysis Cynthia Dwork1, Frank McSherry1, Kobbi Nissim2, and Adam Smith3? 1 Microsoft Research, Silicon Valley. {dwork,mcsherry}@microsoft.com 2 Ben-Gurion University. [email protected] 3 Weizmann Institute of Science. [email protected] Abstract. We continue a line of research initiated in [10, 11] on privacy- preserving statistical databases. Consider a trusted server that holds a database of sensitive information. Given a query function f mapping databases to reals, the so-called true answer is the result of applying f to the database. To protect privacy, the true answer is perturbed by the addition of random noise generated according to a carefully chosen distribution, and this response, the true answer plus noise, is returned to the user. P Previous work focused on the case of noisy sums, in which f = i g(xi), where xi denotes the ith row of the database and g maps data- base rows to [0, 1]. We extend the study to general functions f, proving that privacy can be preserved by calibrating the standard deviation of the noise according to the sensitivity of the function f. Roughly speak- ing, this is the amount that any single argument to f can change its output. The new analysis shows that for several particular applications substantially less noise is needed than was previously understood to be the case. The first step is a very clean characterization of privacy in terms of indistinguishability of transcripts. Additionally, we obtain separation re- sults showing the increased value of interactive sanitization mechanisms over non-interactive. -
Efficiently Querying Databases While Providing Differential Privacy
Epsolute: Efficiently Querying Databases While Providing Differential Privacy Dmytro Bogatov Georgios Kellaris George Kollios Boston University Canada Boston University Boston, MA, USA [email protected] Boston, MA, USA [email protected] [email protected] Kobbi Nissim Adam O’Neill Georgetown University University of Massachusetts, Amherst Washington, D.C., USA Amherst, MA, USA [email protected] [email protected] ABSTRACT KEYWORDS As organizations struggle with processing vast amounts of informa- Differential Privacy; ORAM; differential obliviousness; sanitizers; tion, outsourcing sensitive data to third parties becomes a necessity. ACM Reference Format: To protect the data, various cryptographic techniques are used in Dmytro Bogatov, Georgios Kellaris, George Kollios, Kobbi Nissim, and Adam outsourced database systems to ensure data privacy, while allowing O’Neill. 2021. Epsolute: Efficiently Querying Databases While Providing efficient querying. A rich collection of attacks on such systems Differential Privacy. In Proceedings of the 2021 ACM SIGSAC Conference on has emerged. Even with strong cryptography, just communication Computer and Communications Security (CCS ’21), November 15–19, 2021, volume or access pattern is enough for an adversary to succeed. Virtual Event, Republic of Korea. ACM, New York, NY, USA, 15 pages. https: In this work we present a model for differentially private out- //doi.org/10.1145/3460120.3484786 sourced database system and a concrete construction, Epsolute, that provably conceals the aforementioned leakages, while remaining 1 INTRODUCTION efficient and scalable. In our solution, differential privacy ispre- Secure outsourced database systems aim at helping organizations served at the record level even against an untrusted server that outsource their data to untrusted third parties, without compro- controls data and queries. -
Pseudorandomness and Combinatorial Constructions
Pseudorandomness and Combinatorial Constructions Luca Trevisan∗ September 20, 2018 Abstract In combinatorics, the probabilistic method is a very powerful tool to prove the existence of combinatorial objects with interesting and useful properties. Explicit constructions of objects with such properties are often very difficult, or unknown. In computer science, probabilistic al- gorithms are sometimes simpler and more efficient than the best known deterministic algorithms for the same problem. Despite this evidence for the power of random choices, the computational theory of pseu- dorandomness shows that, under certain complexity-theoretic assumptions, every probabilistic algorithm has an efficient deterministic simulation and a large class of applications of the the probabilistic method can be converted into explicit constructions. In this survey paper we describe connections between the conditional “derandomization” re- sults of the computational theory of pseudorandomness and unconditional explicit constructions of certain combinatorial objects such as error-correcting codes and “randomness extractors.” 1 Introduction 1.1 The Probabilistic Method in Combinatorics In extremal combinatorics, the probabilistic method is the following approach to proving existence of objects with certain properties: prove that a random object has the property with positive probability. This simple idea has beem amazingly successful, and it gives the best known bounds for arXiv:cs/0601100v1 [cs.CC] 23 Jan 2006 most problems in extremal combinatorics. The idea was introduced (and, later, greatly developed) by Paul Erd˝os [18], who originally applied it to the following question: define R(k, k) to be the minimum value n such that every graph on n vertices has either an independent set of size at least k or a clique of size at least k;1 It was known that R(k, k) is finite and that it is at most 4k, and the question was to prove a lower bound.