End-to-End Differentially-Private Parameter Tuning in Spatial Histograms

TL;DR

This paper introduces a new method for privately tuning parameters in spatial histograms, ensuring both privacy and utility through a principled, end-to-end differential privacy approach validated by theoretical analysis and experiments.

Contribution

It presents the first end-to-end differentially-private parameter tuning mechanism for spatial histograms, addressing a key gap in existing privacy-preserving location data analysis.

Findings

The proposed method guarantees privacy and utility theoretically.

Experimental results show practical achievement of true end-to-end privacy.

The tuning mechanism improves the accuracy of spatial histograms under privacy constraints.

Abstract

Differentially-private histograms have emerged as a key tool for location privacy. While past mechanisms have included theoretical & experimental analysis, it has recently been observed that much of the existing literature does not fully provide differential privacy. The missing component, private parameter tuning, is necessary for rigorous evaluation of these mechanisms. Instead works frequently tune on training data to optimise parameters without consideration of privacy; in other cases selection is performed arbitrarily and independent of data, degrading utility. We address this open problem by deriving a principled tuning mechanism that privately optimises data-dependent error bounds. Theoretical results establish privacy and utility while extensive experimentation demonstrates that we can practically achieve true end-to-end privacy.