Successive Refinement of Privacy. Girgis, A. M, Data, D., Chaudhuri, K., Fragouli, C., & Diggavi, S. IEEE Journal on Selected Areas in Information Theory (JSAIT), 1(3):745-759, 2020.
Successive Refinement of Privacy [link]Arxiv  doi  abstract   bibtex   2 downloads  
This work examines a novel question: how much randomness is needed to achieve local differential privacy (LDP)? A motivating scenario is providing \em multiple levels of privacy to multiple analysts, either for distribution or for heavy-hitter estimation, using the \emphsame (randomized) output. We call this setting \emphsuccessive refinement of privacy, as it provides hierarchical access to the raw data with different privacy levels. For example, the same randomized output could enable one analyst to reconstruct the input, while another can only estimate the distribution subject to LDP requirements. This extends the classical Shannon (wiretap) security setting to local differential privacy. We provide (order-wise) tight characterizations of privacy-utility-randomness trade-offs in several cases for distribution estimation, including the standard LDP setting under a randomness constraint. We also provide a non-trivial privacy mechanism for multi-level privacy. Furthermore, we show that we cannot reuse random keys over time while preserving privacy of each user.
@article{girgis2020successive,
 abstract = {This work examines a novel question: how much randomness is needed to achieve local differential privacy (LDP)? A motivating scenario is providing {\em multiple levels of privacy} to multiple analysts, either for distribution or for heavy-hitter estimation, using the \emph{same} (randomized) output. We call this setting \emph{successive refinement of privacy}, as it provides hierarchical access to the raw data with different privacy levels. For example, the same randomized output could enable one analyst to reconstruct the input, while another can only estimate the distribution subject to LDP requirements. This extends the classical Shannon (wiretap) security setting to local differential privacy. We provide (order-wise) tight characterizations of privacy-utility-randomness trade-offs in several cases for distribution estimation, including the standard LDP setting under a randomness constraint. We also provide a non-trivial privacy mechanism for multi-level privacy. Furthermore, we show that we cannot reuse random keys over time while preserving privacy of each user.},
 author = {Girgis, Antonious M and Data, Deepesh and Chaudhuri, Kamalika and Fragouli, Christina and Diggavi, Suhas},
 journal = {IEEE Journal on Selected Areas in Information Theory (JSAIT)},
 tags = {journal,DML,PDL},
 title = {Successive Refinement of Privacy},
 type = {2},
 url_arxiv = {https://arxiv.org/abs/2005.11651},
 year = {2020},
 doi={10.1109/JSAIT.2020.3040403},
 volume={1},
 number={3},
 pages={745-759},
}

Downloads: 2