A Framework of Metrics for Differential Privacy from Local Sensitivity

The meaning of differential privacy (DP) is tightly bound with the notion of distance on databases, typically defined as the number of changed rows. Considering the semantics of data, this metric may be not the most suitable one, particularly when a distance comes out as larger than the data owner d...

Full description

Saved in:
Bibliographic Details
Published in:Proceedings on Privacy Enhancing Technologies 2020-04, Vol.2020 (2), p.175-208
Main Authors: Laud, Peeter, Pankova, Alisa, Pettai, Martin
Format: Article
Language:English
Subjects:
differential privacy
sensitivity
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The meaning of differential privacy (DP) is tightly bound with the notion of distance on databases, typically defined as the number of changed rows. Considering the semantics of data, this metric may be not the most suitable one, particularly when a distance comes out as larger than the data owner desired (which would undermine privacy). In this paper, we give a mechanism to specify continuous metrics that depend on the locations and amounts of changes in a much more nuanced manner. Our metrics turn the set of databases into a . In order to construct DP information release mechanisms based on our metrics, we introduce , an analogue to local sensitivity for continuous functions. We use this notion in an analysis that determines the amount of noise to be added to the result of a database query in order to obtain a certain level of differential privacy, and demonstrate that derivative sensitivity allows us to employ powerful mechanisms from calculus to perform the analysis for a variety of queries. We have implemented the analyzer and evaluated its efficiency and precision.
ISSN:2299-0984
2299-0984
DOI:10.2478/popets-2020-0023