Differential Privacy for Symbolic Trajectories via the Permute-and-Flip Mechanism

TL;DR

This paper introduces a novel differential privacy mechanism for symbolic trajectories in systems like Markov chains, achieving lower error rates without exponential enumeration.

Contribution

It develops a new permute-and-flip based mechanism that privatizes symbolic data efficiently, avoiding exponential complexity and improving accuracy over previous methods.

Findings

Mechanism reduces error by up to 55% compared to prior state-of-the-art.

Provides theoretical guarantees on accuracy and privacy.

Demonstrates effectiveness on real traffic dataset.

Abstract

Privacy techniques have been developed for data-driven systems, but systems with non-numeric data cannot use typical noise-adding techniques. Therefore, we develop a new mechanism for privatizing state trajectories of symbolic systems that may be represented as words over a finite alphabet. Such systems include Markov chains, Markov decision processes, and finite-state automata, and we protect their symbolic trajectories with differential privacy. The mechanism we develop randomly selects a private approximation to be released in place of the original sensitive word, with a bias towards low-error private words. This work is based on the permute-and-flip mechanism for differential privacy, which can be applied to non-numeric data. However, a na\"{\i}ve implementation would have to enumerate an exponentially large list of words to generate a private word. As a result, we develop a new mechanism that generates private words without ever needing to enumerate such a list. We prove that the accuracy of our mechanism is never worse than the prior state of the art, and we empirically show on a real traffic dataset that it introduces up to $55\%$ less error than the prior state of the art under a conventional privacy implementation.