TY - JOUR
T1 - Approximate privacy
T2 - Foundations and quantification
AU - Feigenbaum, Joan
AU - Jaggard, Aaron D.
AU - Schapira, Michael
PY - 2014/6
Y1 - 2014/6
N2 - The proliferation of online sensitive data about individuals and organizations makes concern about the privacy of these data a top priority. There have been many formulations of privacy and, unfortunately, many negative results about the feasibility of maintaining privacy of sensitive data in realistic networked environments. We formulate communication-complexity-based definitions, both worst case and average case, of a problem's privacy-approximation ratio.We use our definitions to investigate the extent to which approximate privacy is achievable in a number of standard problems: the 2nd-price Vickrey auction, Yao's millionaires problem, the public-good problem, and the set-theoretic disjointness and intersection problems. For both the 2nd-price Vickrey auction and the millionaires problem, we show that not only is perfect privacy impossible or infeasibly costly to achieve, but even close approximations of perfect privacy suffer from the same lower bounds. By contrast, if the inputs are drawn uniformly at random from {0, ⋯ , 2 k - 1}, then, for both problems, simple and natural communication protocols have privacy-approximation ratios that are linear in k (i.e., logarithmic in the size of the input space). We also demonstrate tradeoffs between privacy and communication in a family of auction protocols. We show that the privacy-approximation ratio provided by any protocol for the disjointness and intersection problems is necessarily exponential (in k). We also use these ratios to argue that one protocol for each of these problems is significantly fairer than the others we consider (in the sense of relative effects on the privacy of the different players).
AB - The proliferation of online sensitive data about individuals and organizations makes concern about the privacy of these data a top priority. There have been many formulations of privacy and, unfortunately, many negative results about the feasibility of maintaining privacy of sensitive data in realistic networked environments. We formulate communication-complexity-based definitions, both worst case and average case, of a problem's privacy-approximation ratio.We use our definitions to investigate the extent to which approximate privacy is achievable in a number of standard problems: the 2nd-price Vickrey auction, Yao's millionaires problem, the public-good problem, and the set-theoretic disjointness and intersection problems. For both the 2nd-price Vickrey auction and the millionaires problem, we show that not only is perfect privacy impossible or infeasibly costly to achieve, but even close approximations of perfect privacy suffer from the same lower bounds. By contrast, if the inputs are drawn uniformly at random from {0, ⋯ , 2 k - 1}, then, for both problems, simple and natural communication protocols have privacy-approximation ratios that are linear in k (i.e., logarithmic in the size of the input space). We also demonstrate tradeoffs between privacy and communication in a family of auction protocols. We show that the privacy-approximation ratio provided by any protocol for the disjointness and intersection problems is necessarily exponential (in k). We also use these ratios to argue that one protocol for each of these problems is significantly fairer than the others we consider (in the sense of relative effects on the privacy of the different players).
KW - Approximate privacy
KW - Bisection auction
UR - http://www.scopus.com/inward/record.url?scp=84904813858&partnerID=8YFLogxK
U2 - 10.1145/2601067
DO - 10.1145/2601067
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:84904813858
SN - 1549-6325
VL - 10
JO - ACM Transactions on Algorithms
JF - ACM Transactions on Algorithms
IS - 3
M1 - 11
ER -