Feature: Optional epsilon-Differential Privacy #36
Comments
|
We should definitely keep this. The question is how. The noise that needs to be added probably depends on the sensitivity of the method used to calculate the count for a certain bin. We do not know this sensitivity, however, in EasySMPC. We could have the user specify this as well when adding noise? |
|
Ah. I just saw that the sensitivity is already a parameter in your methods :) |
|
@prasser this is true, but for the subset of counting queries (especially histograms) the sensitivity is 1, so that an appropriate distribution can be chosen (cf. Dwork, Roth "The Algorithmic Foundations of Differential Privacy" Examples 3.1ff.). |
|
I know. But there are a lot of subleties aroubd this. How do we know that bins are counts of individuals? How can we know that the values have been generated by coubt queries? We need to make this cobfigurable at least. But we can do that. The implementation looks fairly straight-forward and should be "correct" ;) One last question: Is this an issue? https://dl.acm.org/doi/10.1145/2382196.2382264 |
|
I know, that you know :) My response was more intended as a documentation of my reasons to implement it. |
That's a good point! |
Some time ago I implemented a machanism to protect the data using DP (last commit of branch 29e943c). I have not merged this branch as it was not automatically tested (which is non trivial due to the probabilistic nature). Should we include this feature as an "advanced study option"? Maybe different epsilons, on/off states per bin?
The text was updated successfully, but these errors were encountered: