Successive Refinement of Privacy
This work examines a novel question: how much randomness is needed to achieve local differential privacy (LDP)? A motivating scenario is providing multiple levels of privacy to multiple analysts, either for distribution or for heavy hitter estimation, using the same (randomized) output. We call this...
Gespeichert in:
| Veröffentlicht in: | IEEE journal on selected areas in information theory 2020-11, Vol.1 (3), p.745-759 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 759 |
|---|---|
| container_issue | 3 |
| container_start_page | 745 |
| container_title | IEEE journal on selected areas in information theory |
| container_volume | 1 |
| creator | Girgis, Antonious M. Data, Deepesh Chaudhuri, Kamalika Fragouli, Christina Diggavi, Suhas N. |
| description | This work examines a novel question: how much randomness is needed to achieve local differential privacy (LDP)? A motivating scenario is providing multiple levels of privacy to multiple analysts, either for distribution or for heavy hitter estimation, using the same (randomized) output. We call this setting successive refinement of privacy , as it provides hierarchical access to the raw data with different privacy levels. For example, the same randomized output could enable one analyst to reconstruct the input, while another can only estimate the distribution subject to LDP requirements. This extends the classical Shannon (wiretap) security setting to local differential privacy. We provide (order-wise) tight characterizations of privacy-utility-randomness trade-offs in several cases for distribution estimation, including the standard LDP setting under a randomness constraint. We also provide a non-trivial privacy mechanism for multi-level privacy. Furthermore, we show that we cannot reuse random keys over time while preserving privacy of each user. |
| doi_str_mv | 10.1109/JSAIT.2020.3040403 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_2531561148</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9270285</ieee_id><sourcerecordid>2531561148</sourcerecordid><originalsourceid>FETCH-LOGICAL-c2543-ffd1b542afd55590a0a44880adb70e2f3984f395cd3bac47cf656244a95ced5c3</originalsourceid><addsrcrecordid>eNpNkN1KAzEQhYMoWGpfQG8WvN46mSSb7GUp_lQKiq3XIZudwBa7W5O20Ld3a4vIwMwwnHMGPsZuOYw5h_LhdTGZLccICGMBsi9xwQZYSJ4breHy337NRimtAACRS230gGWLnfeUUrOn7INC09Ka2m3Whew9NnvnDzfsKrivRKPzHLLPp8fl9CWfvz3PppN57lFJkYdQ80pJdKFWSpXgwElpDLi60kAYRGlk35SvReW81D4UqkApXX-iWnkxZPen3E3svneUtnbV7WLbv7SoBFcF59L0KjypfOxSihTsJjZrFw-Wgz3CsL8w7BGGPcPoTXcnU0NEf4YSNaBR4gfduVj6</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2531561148</pqid></control><display><type>article</type><title>Successive Refinement of Privacy</title><source>IEEE Electronic Library (IEL)</source><creator>Girgis, Antonious M. ; Data, Deepesh ; Chaudhuri, Kamalika ; Fragouli, Christina ; Diggavi, Suhas N.</creator><creatorcontrib>Girgis, Antonious M. ; Data, Deepesh ; Chaudhuri, Kamalika ; Fragouli, Christina ; Diggavi, Suhas N.</creatorcontrib><description>This work examines a novel question: how much randomness is needed to achieve local differential privacy (LDP)? A motivating scenario is providing multiple levels of privacy to multiple analysts, either for distribution or for heavy hitter estimation, using the same (randomized) output. We call this setting successive refinement of privacy , as it provides hierarchical access to the raw data with different privacy levels. For example, the same randomized output could enable one analyst to reconstruct the input, while another can only estimate the distribution subject to LDP requirements. This extends the classical Shannon (wiretap) security setting to local differential privacy. We provide (order-wise) tight characterizations of privacy-utility-randomness trade-offs in several cases for distribution estimation, including the standard LDP setting under a randomness constraint. We also provide a non-trivial privacy mechanism for multi-level privacy. Furthermore, we show that we cannot reuse random keys over time while preserving privacy of each user.</description><identifier>ISSN: 2641-8770</identifier><identifier>EISSN: 2641-8770</identifier><identifier>DOI: 10.1109/JSAIT.2020.3040403</identifier><identifier>CODEN: IJSTL5</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Data privacy ; Differential privacy ; local differential privacy ; multiple levels of privacy ; Privacy ; privacy and learning ; privacy-utility-randomness trade-off ; Randomness ; Upper bound ; Wiretapping</subject><ispartof>IEEE journal on selected areas in information theory, 2020-11, Vol.1 (3), p.745-759</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c2543-ffd1b542afd55590a0a44880adb70e2f3984f395cd3bac47cf656244a95ced5c3</citedby><cites>FETCH-LOGICAL-c2543-ffd1b542afd55590a0a44880adb70e2f3984f395cd3bac47cf656244a95ced5c3</cites><orcidid>0000-0003-1002-5829 ; 0000-0003-3544-8414 ; 0000-0001-9828-6534</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9270285$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9270285$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Girgis, Antonious M.</creatorcontrib><creatorcontrib>Data, Deepesh</creatorcontrib><creatorcontrib>Chaudhuri, Kamalika</creatorcontrib><creatorcontrib>Fragouli, Christina</creatorcontrib><creatorcontrib>Diggavi, Suhas N.</creatorcontrib><title>Successive Refinement of Privacy</title><title>IEEE journal on selected areas in information theory</title><addtitle>JSAIT</addtitle><description>This work examines a novel question: how much randomness is needed to achieve local differential privacy (LDP)? A motivating scenario is providing multiple levels of privacy to multiple analysts, either for distribution or for heavy hitter estimation, using the same (randomized) output. We call this setting successive refinement of privacy , as it provides hierarchical access to the raw data with different privacy levels. For example, the same randomized output could enable one analyst to reconstruct the input, while another can only estimate the distribution subject to LDP requirements. This extends the classical Shannon (wiretap) security setting to local differential privacy. We provide (order-wise) tight characterizations of privacy-utility-randomness trade-offs in several cases for distribution estimation, including the standard LDP setting under a randomness constraint. We also provide a non-trivial privacy mechanism for multi-level privacy. Furthermore, we show that we cannot reuse random keys over time while preserving privacy of each user.</description><subject>Data privacy</subject><subject>Differential privacy</subject><subject>local differential privacy</subject><subject>multiple levels of privacy</subject><subject>Privacy</subject><subject>privacy and learning</subject><subject>privacy-utility-randomness trade-off</subject><subject>Randomness</subject><subject>Upper bound</subject><subject>Wiretapping</subject><issn>2641-8770</issn><issn>2641-8770</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpNkN1KAzEQhYMoWGpfQG8WvN46mSSb7GUp_lQKiq3XIZudwBa7W5O20Ld3a4vIwMwwnHMGPsZuOYw5h_LhdTGZLccICGMBsi9xwQZYSJ4breHy337NRimtAACRS230gGWLnfeUUrOn7INC09Ka2m3Whew9NnvnDzfsKrivRKPzHLLPp8fl9CWfvz3PppN57lFJkYdQ80pJdKFWSpXgwElpDLi60kAYRGlk35SvReW81D4UqkApXX-iWnkxZPen3E3svneUtnbV7WLbv7SoBFcF59L0KjypfOxSihTsJjZrFw-Wgz3CsL8w7BGGPcPoTXcnU0NEf4YSNaBR4gfduVj6</recordid><startdate>20201101</startdate><enddate>20201101</enddate><creator>Girgis, Antonious M.</creator><creator>Data, Deepesh</creator><creator>Chaudhuri, Kamalika</creator><creator>Fragouli, Christina</creator><creator>Diggavi, Suhas N.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-1002-5829</orcidid><orcidid>https://orcid.org/0000-0003-3544-8414</orcidid><orcidid>https://orcid.org/0000-0001-9828-6534</orcidid></search><sort><creationdate>20201101</creationdate><title>Successive Refinement of Privacy</title><author>Girgis, Antonious M. ; Data, Deepesh ; Chaudhuri, Kamalika ; Fragouli, Christina ; Diggavi, Suhas N.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c2543-ffd1b542afd55590a0a44880adb70e2f3984f395cd3bac47cf656244a95ced5c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Data privacy</topic><topic>Differential privacy</topic><topic>local differential privacy</topic><topic>multiple levels of privacy</topic><topic>Privacy</topic><topic>privacy and learning</topic><topic>privacy-utility-randomness trade-off</topic><topic>Randomness</topic><topic>Upper bound</topic><topic>Wiretapping</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Girgis, Antonious M.</creatorcontrib><creatorcontrib>Data, Deepesh</creatorcontrib><creatorcontrib>Chaudhuri, Kamalika</creatorcontrib><creatorcontrib>Fragouli, Christina</creatorcontrib><creatorcontrib>Diggavi, Suhas N.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE journal on selected areas in information theory</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Girgis, Antonious M.</au><au>Data, Deepesh</au><au>Chaudhuri, Kamalika</au><au>Fragouli, Christina</au><au>Diggavi, Suhas N.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Successive Refinement of Privacy</atitle><jtitle>IEEE journal on selected areas in information theory</jtitle><stitle>JSAIT</stitle><date>2020-11-01</date><risdate>2020</risdate><volume>1</volume><issue>3</issue><spage>745</spage><epage>759</epage><pages>745-759</pages><issn>2641-8770</issn><eissn>2641-8770</eissn><coden>IJSTL5</coden><abstract>This work examines a novel question: how much randomness is needed to achieve local differential privacy (LDP)? A motivating scenario is providing multiple levels of privacy to multiple analysts, either for distribution or for heavy hitter estimation, using the same (randomized) output. We call this setting successive refinement of privacy , as it provides hierarchical access to the raw data with different privacy levels. For example, the same randomized output could enable one analyst to reconstruct the input, while another can only estimate the distribution subject to LDP requirements. This extends the classical Shannon (wiretap) security setting to local differential privacy. We provide (order-wise) tight characterizations of privacy-utility-randomness trade-offs in several cases for distribution estimation, including the standard LDP setting under a randomness constraint. We also provide a non-trivial privacy mechanism for multi-level privacy. Furthermore, we show that we cannot reuse random keys over time while preserving privacy of each user.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/JSAIT.2020.3040403</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0003-1002-5829</orcidid><orcidid>https://orcid.org/0000-0003-3544-8414</orcidid><orcidid>https://orcid.org/0000-0001-9828-6534</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 2641-8770 |
| ispartof | IEEE journal on selected areas in information theory, 2020-11, Vol.1 (3), p.745-759 |
| issn | 2641-8770 2641-8770 |
| language | eng |
| recordid | cdi_proquest_journals_2531561148 |
| source | IEEE Electronic Library (IEL) |
| subjects | Data privacy Differential privacy local differential privacy multiple levels of privacy Privacy privacy and learning privacy-utility-randomness trade-off Randomness Upper bound Wiretapping |
| title | Successive Refinement of Privacy |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-08T20%3A41%3A44IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Successive%20Refinement%20of%20Privacy&rft.jtitle=IEEE%20journal%20on%20selected%20areas%20in%20information%20theory&rft.au=Girgis,%20Antonious%20M.&rft.date=2020-11-01&rft.volume=1&rft.issue=3&rft.spage=745&rft.epage=759&rft.pages=745-759&rft.issn=2641-8770&rft.eissn=2641-8770&rft.coden=IJSTL5&rft_id=info:doi/10.1109/JSAIT.2020.3040403&rft_dat=%3Cproquest_RIE%3E2531561148%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2531561148&rft_id=info:pmid/&rft_ieee_id=9270285&rfr_iscdi=true |