LDP-Slicing: Local Differential Privacy for Images via Randomized Bit-Plane Slicing

TL;DR

LDP-Slicing introduces a novel bit-plane decomposition approach to apply local differential privacy to images, significantly improving utility while maintaining rigorous privacy guarantees, and demonstrating superior performance in face recognition and image classification tasks.

Contribution

The paper proposes LDP-Slicing, a new framework that applies LDP directly to binary bit-planes of images, overcoming high-dimensional utility loss and enhancing privacy-preserving image analysis.

Findings

Outperforms existing DP/LDP methods under similar privacy budgets.

Maintains high utility for downstream image tasks.

Has negligible computational overhead.

Abstract

Local Differential Privacy (LDP) is the gold standard trust model for privacy-preserving machine learning by guaranteeing privacy at the data source. However, its application to image data has long been considered impractical due to the high dimensionality of pixel space. Canonical LDP mechanisms are designed for low-dimensional data, resulting in severe utility degradation when applied to high-dimensional pixel spaces. This paper demonstrates that this utility loss is not inherent to LDP, but from its application to an inappropriate data representation. We introduce LDP-Slicing, a lightweight, training-free framework that resolves this domain mismatch. Our key insight is to decompose pixel values into a sequence of binary bit-planes. This transformation allows us to apply the LDP mechanism directly to the bit-level representation. To further strengthen privacy and preserve utility, we integrate a perceptual obfuscation module that mitigates human-perceivable leakage and an optimization-based privacy budget allocation strategy. This pipeline satisfies rigorous pixel-level $\varepsilon$-LDP while producing images that retain high utility for downstream tasks. Extensive experiments on face recognition and image classification demonstrate that LDP-Slicing outperforms existing DP/LDP baselines under comparable privacy budgets, with negligible computational overhead.