Counting Distinct Elements Under Person-Level Differential Privacy

TL;DR

This paper addresses counting unique elements under person-level differential privacy by transforming the problem into a max-flow computation to manage unbounded user contributions and optimize privacy-utility trade-offs.

Contribution

It introduces a novel approach to handle unbounded user contributions in person-level DP by reducing the problem to a max-flow formulation with optimized sensitivity bounds.

Findings

Developed a max-flow based method for person-level DP counting

Achieved a balance between noise addition and approximation error

Provided theoretical analysis of privacy-utility trade-offs

Abstract

We study the problem of counting the number of distinct elements in a dataset subject to the constraint of differential privacy. We consider the challenging setting of person-level DP (a.k.a. user-level DP) where each person may contribute an unbounded number of items and hence the sensitivity is unbounded. Our approach is to compute a bounded-sensitivity version of this query, which reduces to solving a max-flow problem. The sensitivity bound is optimized to balance the noise we must add to privatize the answer against the error of the approximation of the bounded-sensitivity query to the true number of unique elements.