Local, Private, Efficient Protocols for Succinct Histograms
- 14 June 2015
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
Abstract
We give efficient protocols and matching accuracy lower bounds for frequency estimation in the local model for differential privacy. In this model, individual users randomize their data themselves, sending differentially private reports to an untrusted server that aggregates them. We study protocols that produce a succinct histogram representation of the data. A succinct histogram is a list of the most frequent items in the data (often called "heavy hitters") along with estimates of their frequencies; the frequency of all other items is implicitly estimated as 0. If there are n users whose items come from a universe of size d, our protocols run in time polynomial in n and log(d). With high probability, they estimate the accuracy of every item up to error O(√{log(d)/(ε2n)}). Moreover, we show that this much error is necessary, regardless of computational efficiency, and even for the simple setting where only one item appears with significant frequency in the data set. Previous protocols (Mishra and Sandler, 2006; Hsu, Khanna and Roth, 2012) for this task either ran in time Ω(d) or had much worse error (about √[6]{log(d)/(ε2n)}), and the only known lower bound on error was Ω(1/√{n}). We also adapt a result of McGregor et al (2010) to the local setting. In a model with public coins, we show that each user need only send 1 bit to the server. For all known local protocols (including ours), the transformation preserves computational efficiency.Keywords
Funding Information
- National Science Foundation (0941553,1447700, 0747294)
This publication has 19 references indexed in Scilit:
- Local, Private, Efficient Protocols for Succinct HistogramsPublished by Association for Computing Machinery (ACM) ,2015
- RAPPORPublished by Association for Computing Machinery (ACM) ,2014
- Local Privacy and Statistical Minimax RatesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2013
- The Johnson-Lindenstrauss Transform Itself Preserves Differential PrivacyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- Differential privacy under continual observationPublished by Association for Computing Machinery (ACM) ,2010
- Calibrating Noise to Sensitivity in Private Data AnalysisLecture Notes in Computer Science, 2006
- A Framework for High-Accuracy Privacy-Preserving MiningPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Privacy-Preserving Datamining on Vertically Partitioned DatabasesLecture Notes in Computer Science, 2004
- Limiting privacy breaches in privacy preserving data miningPublished by Association for Computing Machinery (ACM) ,2003
- Near-optimal sparse fourier representations via samplingPublished by Association for Computing Machinery (ACM) ,2002