Smoothed Differential Privacy
Ao Liu, Yu-Xiang Wang, Lirong Xia
TL;DR
This paper introduces smoothed differential privacy, a new privacy measure based on average-case analysis, which better reflects privacy in real-world scenarios without requiring additive noise.
Contribution
It extends differential privacy with a smoothed analysis approach, providing a more realistic privacy measure and analyzing mechanisms without additive noise.
Findings
Discrete mechanisms are more private under smoothed DP than traditional DP predicts.
Some discrete neural networks can be private without additive noise.
Smoothed DP maintains desirable properties like composition and robustness.
Abstract
Differential privacy (DP) is a widely-accepted and widely-applied notion of privacy based on worst-case analysis. Often, DP classifies most mechanisms without additive noise as non-private (Dwork et al., 2014). Thus, additive noises are added to improve privacy (to achieve DP). However, in many real-world applications, adding additive noise is undesirable (Bagdasaryan et al., 2019) and sometimes prohibited (Liu et al., 2020). In this paper, we propose a natural extension of DP following the worst average-case idea behind the celebrated smoothed analysis (Spielman & Teng, May 2004). Our notion, smoothed DP, can effectively measure the privacy leakage of mechanisms without additive noises under realistic settings. We prove that any discrete mechanism with sampling procedures is more private than what DP predicts, while many continuous mechanisms with sampling procedures are still…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Adversarial Robustness in Machine Learning · Cryptography and Data Security