Aleksandar Nikolov - The Power of Factorization Mechanisms in Differential Privacy
From Katie Gentilello on August 28th, 2019
A central goal in private data analysis is to estimate statistics about an unknown distribution from a dataset possibly containing sensitive information, so that the privacy of any individual represented in the dataset is preserved. We study this question in the model of non-interactive local differential privacy (LDP), in which every person in the dataset randomizes their own data in order to preserve its privacy, before sending it to a central server. We give a characterization of the minimum number of samples necessary to get an accurate estimates of a given set of statistical queries, as well as a characterization of the sample complexity of agnostic PAC learning in this model. The characterization is tight up polylogarithmic factors for any given set of statistical queries, respectively any given concept class. The characterization is achieved by a simple and efficient instance-optimal (with respect to the queries/concept class) approximate factorization mechanism, i.e. a mechanism that answers the statistical queries by answering a different set of strategy queries from which the answers to the original queries can be approximately reconstructed. We also show that factorization mechanisms are instance optimal in some parameter regimes in the central curator model of differential privacy.
Based on joint work with Alexander Edmonds and Jonathan Ullman