Universally Utility-Maximizing Privacy Mechanisms

TL;DR

This paper introduces a geometric mechanism for differentially private data release that guarantees near-optimal utility for all users regardless of their prior information or preferences, ensuring strong utility guarantees.

Contribution

The paper presents a universal geometric mechanism that is simultaneously expected loss-minimizing for all users under differential privacy constraints, a novel strong utility guarantee.

Findings

The geometric mechanism is nearly optimal for all users regardless of their side information.

It provides strong utility guarantees simultaneously for every potential user.

The mechanism is a discrete variant of the Laplace mechanism, tailored for differential privacy.

Abstract

A mechanism for releasing information about a statistical database with sensitive data must resolve a trade-off between utility and privacy. Privacy can be rigorously quantified using the framework of {\em differential privacy}, which requires that a mechanism's output distribution is nearly the same whether or not a given database row is included or excluded. The goal of this paper is strong and general utility guarantees, subject to differential privacy. We pursue mechanisms that guarantee near-optimal utility to every potential user, independent of its side information (modeled as a prior distribution over query results) and preferences (modeled via a loss function). Our main result is: for each fixed count query and differential privacy level, there is a {\em geometric mechanism} $M^*$ -- a discrete variant of the simple and well-studied Laplace mechanism -- that is {\em simultaneously expected loss-minimizing} for every possible user, subject to the differential privacy constraint. This is an extremely strong utility guarantee: {\em every} potential user $u$, no matter what its side information and preferences, derives as much utility from $M^*$ as from interacting with a differentially private mechanism $M_u$ that is optimally tailored to $u$.