On the Geometry of Differential Privacy (0907.3754v3)

Abstract: We consider the noise complexity of differentially private mechanisms in the setting where the user asks $d$ linear queries $f\colon\Rn\to\Re$ non-adaptively. Here, the database is represented by a vector in $\Rn$ and proximity between databases is measured in the $\ell_1$-metric. We show that the noise complexity is determined by two geometric parameters associated with the set of queries. We use this connection to give tight upper and lower bounds on the noise complexity for any $d \leq n$. We show that for $d$ random linear queries of sensitivity~1, it is necessary and sufficient to add $\ell_2$-error $\Theta(\min{d\sqrt{d}/\epsilon,d\sqrt{\log (n/d)}/\epsilon})$ to achieve $\epsilon$-differential privacy. Assuming the truth of a deep conjecture from convex geometry, known as the Hyperplane conjecture, we can extend our results to arbitrary linear queries giving nearly matching upper and lower bounds. Our bound translates to error $O(\min{d/\epsilon,\sqrt{d\log(n/d)}/\epsilon})$ per answer. The best previous upper bound (Laplacian mechanism) gives a bound of $O(\min{d/\eps,\sqrt{n}/\epsilon})$ per answer, while the best known lower bound was $\Omega(\sqrt{d}/\epsilon)$. In contrast, our lower bound is strong enough to separate the concept of differential privacy from the notion of approximate differential privacy where an upper bound of $O(\sqrt{d}/\epsilon)$ can be achieved.

• The paper establishes fundamental noise limits by linking differential privacy to geometric parameters of linear query mappings.
• It provides tight upper and lower bounds on the noise, showing that for d random queries the error is Θ(min{d√d, d√log(n/d)}) for privacy.
• The authors introduce an efficient K-norm mechanism using geometric random walks, enabling near-optimal noise performance and practical implementation.

On the Geometry of Differential Privacy

This paper addresses the fundamental problem of quantifying the noise required for maintaining differential privacy in the context of linear queries to a database. The authors, Moritz Hardt and Kunal Talwar, provide a comprehensive paper of the noise complexity associated with differentially private mechanisms, particularly when the analyst issues $d$ linear queries in a non-adaptive manner.

Key Contributions

1. Noise Complexity and Geometric Parameters: The authors establish that the noise complexity for achieving differential privacy in this setting is determined by two geometric parameters tied to the set of queries. Specifically, these parameters relate to the Euclidean behavior of the image of the unit $\ell_1$-ball under the query mapping.
2. Bounds on Noise Complexity: The paper provides tight upper and lower bounds on the necessary noise complexity. For $d$ random linear queries with sensitivity 1, the authors determine that an $\ell_2$-error of $\Theta(\min\{d\sqrt{d},d\sqrt{\log(n/d)}\})$ is necessary and sufficient for ensuring $$-differential privacy.</li> <li><strong>Hyperplane Conjecture Extension</strong>: Assuming the Hyperplane Conjecture from convex geometry, the authors extend their results to arbitrary linear queries. Interestingly, these results suggest that the lower bound for differential privacy is sufficiently strong to distinguish it from approximate differential privacy, where an upper bound of$$O(\sqrt{d}/)$$is achievable.</li> <li><strong>Mechanism Construction and Analysis</strong>: The paper introduces a novel mechanism, the$$K$-norm mechanism, adapted to the geometric properties of the query set. This mechanism is shown to be nearly optimal in terms of error, adding noise proportional to the average norm of a point sampled from a related convex body, conditioned on the Hyperplane Conjecture.
3. Efficient Implementation: Despite the inherent complexity of geometric sampling, the mechanism is shown to be efficiently implementable. The use of geometric random walks enables practical instantiation within polynomial time, maintaining the theoretical guarantees in real-world applications.

Implications and Future Directions

The results in this paper have significant implications for privacy-preserving data analysis, particularly in contexts where the nature of queries can be described linearly. This geometric interplay between privacy and error provides a pathway for developing higher fidelity data analysis tools under privacy constraints.

On the theoretical frontier, the work suggests further exploration into the relationships between convex geometric conjectures, such as the Hyperplane Conjecture, and the limits of data privacy. These ideas open the potential for further refinement of differential privacy bounds using advanced tools from convex geometry.

Additionally, practical applications of these theoretical insights could lead to more efficient privacy-preserving algorithms in real-world systems. By understanding how the noise required for privacy is a function of geometric properties of queries, system designers may tailor their databases and query handling protocols to minimize noise and maximize utility.

In conclusion, this paper makes a robust contribution by tightly relating the noise requisites for differentially private mechanisms to explicit geometric parameters of linear queries, offering a comprehensive framework for both analyzing and designing private querying schemes in practice.