Proceedings of the 12th ACM conference on Electronic commerce
Unconditional differentially private mechanisms for linear queries
STOC '12 Proceedings of the forty-fourth annual ACM symposium on Theory of computing
On optimal differentially private mechanisms for count-range queries
Proceedings of the 16th International Conference on Database Theory
A differentially private mechanism of optimal utility for a region of priors
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Privacy-preserving data exploration in genome-wide association studies
Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining
The geometry of differential privacy: the sparse and approximate cases
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Hi-index | 0.00 |
The notion of {\em a universally utility-maximizing privacy mechanism} was recently introduced by Ghosh, Rough garden, and Sundararajan~[STOC 2009]. These are mechanisms that guarantee optimal utility to a large class of information consumers, {\em simultaneously}, while preserving {\em Differential Privacy} [Dwork, McSherry, Nissim, and Smith, TCC 2006]. Ghosh, Rough garden and Sundararajan have demonstrated, quite surprisingly, a case where such a universally-optimal differentially-private mechanisms exists, when the information consumers are Bayesian. This result was recently extended by Gupte and Sundararajan~[PODS 2010] to risk-averse consumers. Both positive results deal with mechanisms (approximately) computing a {\em single count query} (i.e., the number of individuals satisfying a specific property in a given population), and the starting point of our work is a trial at extending these results to similar settings, such as sum queries with non-binary individual values, histograms, and two (or more) count queries. We show, however, that universally-optimal mechanisms do not exist for all these queries, both for Bayesian and risk-averse consumers. For the Bayesian case, we go further, and give a characterization of those functions that admit universally-optimal mechanisms, showing that a universally-optimal mechanism exists, essentially, only for a (single) count query. At the heart of our proof is a representation of a query function $f$ by its {\em privacy constraint graph} $G_f$ whose edges correspond to values resulting by applying $f$ to neighboring databases.