Sampling and Partitioning for Differential Privacy
Paper in proceedings, 2016

Differential privacy enjoys increasing popularity thanks to both a precise semantics for privacy and effective enforcement mechanisms. Many tools have been proposed to spread its use and ease the task of the concerned data scientist. The most promising among them completely discharge the user of the privacy concerns by transparently taking care of the privacy budget. However, their implementation proves to be delicate, and introduce flaws by falsifying some of the theoretical assumptions made to guarantee differential privacy. Moreover, such tools rely on assumptions leading to over-approximations which artificially reduce utility. In this paper we focus on a key mechanism that tools do not support well: sampling. We demonstrate an attack on PINQ (McSherry, SIGMOD 2009), one of these tools, relying on the difference between its internal mechanics and the formal theory for the sampling operation, and study a range of sampling methods and show how they can be correctly implemented in a system for differential privacy.

Author

Hamid Ebadi Tavallaei

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

David Sands

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

Thibaud Antignac

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Privacy Security & Trust Conference 2016

664-673

Subject Categories

Computer Engineering

Other Computer and Information Science

Computer Science

Areas of Advance

Information and Communication Technology

DOI

10.1109/PST.2016.7906954

ISBN

978-1-5090-4379-8

More information

Created

10/8/2017