Preserving differential privacy under finite-precision semantics

TL;DR

This paper investigates how finite-precision arithmetic affects the guarantees of differential privacy, showing potential privacy violations and proposing conditions for limited privacy degradation in practical implementations.

Contribution

It analyzes the impact of finite-precision semantics on differential privacy guarantees and identifies conditions to maintain a limited privacy loss in real-world computations.

Findings

Finite-precision can cause violations of differential privacy.

Conditions can be established to limit privacy degradation.

Results are demonstrated on Laplacian mechanisms in geolocation privacy.

Abstract

The approximation introduced by finite-precision representation of continuous data can induce arbitrarily large information leaks even when the computation using exact semantics is secure. Such leakage can thus undermine design efforts aimed at protecting sensitive information. We focus here on differential privacy, an approach to privacy that emerged from the area of statistical databases and is now widely applied also in other domains. In this approach, privacy is protected by the addition of noise to a true (private) value. To date, this approach to privacy has been proved correct only in the ideal case in which computations are made using an idealized, infinite-precision semantics. In this paper, we analyze the situation at the implementation level, where the semantics is necessarily finite-precision, i.e. the representation of real numbers and the operations on them, are rounded according to some level of precision. We show that in general there are violations of the differential privacy property, and we study the conditions under which we can still guarantee a limited (but, arguably, totally acceptable) variant of the property, under only a minor degradation of the privacy level. Finally, we illustrate our results on two cases of noise-generating distributions: the standard Laplacian mechanism commonly used in differential privacy, and a bivariate version of the Laplacian recently introduced in the setting of privacy-aware geolocation.