The Privacy-preserving Padding Problem: Non-negative Mechanisms for Conservative Answers with Differential Privacy

TL;DR

This paper introduces mechanisms for differential privacy that produce conservative, one-sided answers, enabling privacy-preserving computations with utility in set operations and multiparty protocols.

Contribution

It presents novel non-negative mechanisms for approximate differential privacy that ensure conservative answers, addressing a paradox in privacy-preserving noisy responses.

Findings

Mechanisms achieve conservative answers within approximate DP framework

Application to private set intersection to reveal set sizes privately

Enables privacy-preserving computation on sparse data in multiparty settings

Abstract

Differentially private noise mechanisms commonly use symmetric noise distributions. This is attractive both for achieving the differential privacy definition, and for unbiased expectations in the noised answers. However, there are contexts in which a noisy answer only has utility if it is conservative, that is, has known-signed error, which we call a padded answer. Seemingly, it is paradoxical to satisfy the DP definition with one-sided error, but we show how it is possible to bury the paradox into approximate DP's delta parameter. We develop a few mechanisms for one-sided padding mechanisms that always give conservative answers, but still achieve approximate differential privacy. We show how these mechanisms can be applied in a few select areas including making the cardinalities of set intersections and unions revealed in Private Set Intersection protocols differential private and enabling multiparty computation protocols to compute on sparse data which has its exact sizes made differential private rather than performing a fully oblivious more expensive computation.