23
个编辑
更改
小第85行:
第85行: − + − + − Sequential composition. If we query an ε-differential privacy mechanism t times, and the randomization of the mechanism is independent for each query, then the result would be \epsilon t-differentially private. In the more general case, if there are n independent mechanisms: \mathcal{M}_1,\dots,\mathcal{M}_n, whose privacy guarantees are \epsilon_1,\dots,\epsilon_n differential privacy, respectively, then any function g of them: g(\mathcal{M}_1,\dots,\mathcal{M}_n) is \left(\sum\limits_{i=1}^{n} \epsilon_i\right)-differentially private.+ − − 连续构图。如果我们对一个 ε- 差分隐私机制进行 t 次查询,并且该机制的随机化独立于每个查询,那么结果将是 epsilon t- 差异私有。在更一般的情况下,如果存在 n 个独立的机制: 数学{ m }1,点,数学{ m } n,它们的隐私保证分别是 epsilon 1,点,epsilon n 差分隐私,那么它们的任何函数 g: g (mathcal { m }1,点,cal { m } n)左(sum limits { i = 1} ^ { n } epsilon i right)-微分私有。 − Parallel composition. If the previous mechanisms are computed on disjoint subsets of the private database then the function g would be (\max_i \epsilon_i)-differentially private instead.+ − − 平行构图。如果前面的机制是在私有数据库的不相交子集上计算的,那么函数 g 将是(max _ i epsilon _ i)-微分私有。 − For any deterministic or randomized function F defined over the image of the mechanism \mathcal{A}, if \mathcal{A} satisfies ε-differential privacy, so does F(\mathcal{A}).+ − − 对于在机制数学{ a }映象上定义的任意确定或随机函数 f,如果数学{ a }满足 ε- 微分隐私性,则 f (数学{ a })也满足 ε- 微分隐私性。 − Together, composability and robustness to post-processing permit modular construction and analysis of differentially private mechanisms and motivate the concept of the privacy loss budget. If all elements that access sensitive data of a complex mechanisms are separately differentially private, so will be their combination, followed by arbitrary post-processing.+ − − 总之,可组合性和对后期处理的健壮性允许模块化构建和分析不同的私有机制,并激励隐私损失预算的概念。如果访问复杂机制的敏感数据的所有元素都是单独的、不同的私有元素,那么它们的组合也是如此,然后是任意的后处理。 第123行:
第115行: − − :\Pr[\mathcal{A}(D_{1})\in S]\leq − \exp(\epsilon c)\cdot\Pr[\mathcal{A}(D_{2})\in S]\,\! − − :Pr [ mathcal { a }(d _ {1}) in s ] leq exp (epsilon c) cdot Pr [ mathcal { a }(d _ {2}) in s ] ,!
edition on 10/11/2021
===Composability===
===Composability===
(Self-)composability refers to the fact that the joint distribution of the outputs of (possibly adaptively chosen) differentially private mechanisms satisfies differential privacy.
'''(Self-)composability''' refers to the fact that the joint distribution of the outputs of (possibly adaptively chosen) differentially private mechanisms satisfies differential privacy.
(Self -)可组合性是指差异私有机制的输出(可能是自适应选择的)的联合分布满足差分隐私的事实。
'''(Self -)可组合性'''是指(可能是自适应选择的)差分隐私机制的输出的联合分布满足差分隐私的条件。
'''Sequential composition.''' If we query an ε-differential privacy mechanism <math>t</math> times, and the randomization of the mechanism is independent for each query, then the result would be <math>\epsilon t</math>-differentially private. In the more general case, if there are <math>n</math> independent mechanisms: <math>\mathcal{M}_1,\dots,\mathcal{M}_n</math>, whose privacy guarantees are <math>\epsilon_1,\dots,\epsilon_n</math> differential privacy, respectively, then any function <math>g</math> of them: <math>g(\mathcal{M}_1,\dots,\mathcal{M}_n)</math> is <math>\left(\sum\limits_{i=1}^{n} \epsilon_i\right)</math>-differentially private.<ref name="PINQ" />
'''Sequential composition.''' If we query an ε-differential privacy mechanism <math>t</math> times, and the randomization of the mechanism is independent for each query, then the result would be <math>\epsilon t</math>-differentially private. In the more general case, if there are <math>n</math> independent mechanisms: <math>\mathcal{M}_1,\dots,\mathcal{M}_n</math>, whose privacy guarantees are <math>\epsilon_1,\dots,\epsilon_n</math> differential privacy, respectively, then any function <math>g</math> of them: <math>g(\mathcal{M}_1,\dots,\mathcal{M}_n)</math> is <math>\left(\sum\limits_{i=1}^{n} \epsilon_i\right)</math>-differentially private.<ref name="PINQ" />
'''连续构图。'''如果我们对一个ε-差分隐私机制进行<math>t</math>次查询,并且该机制的随机化独立于每个查询,那么结果将是<math>\epsilon t</math>- 差分隐私的。在更普遍的情况下,如果存在<math>n</math>个独立的机制:<math>\mathcal{M}_1,\dots,\mathcal{M}_n</math>——其隐私保证分别是<math>\epsilon_1,\dots,\epsilon_n</math>差分隐私,那么它们的任何函数<math>g</math>:<math>g(\mathcal{M}_1,\dots,\mathcal{M}_n)</math>是<math>\left(\sum\limits_{i=1}^{n} \epsilon_i\right)</math>-差分隐私的。
'''Parallel composition.''' If the previous mechanisms are computed on ''disjoint'' subsets of the private database then the function <math>g</math> would be <math>(\max_i \epsilon_i)</math>-differentially private instead.<ref name="PINQ" />
'''Parallel composition.''' If the previous mechanisms are computed on ''disjoint'' subsets of the private database then the function <math>g</math> would be <math>(\max_i \epsilon_i)</math>-differentially private instead.<ref name="PINQ" />
'''平行构图。'''如果前面的机制是在私有数据库的''不相交''子集上计算的,那么函数<math>g</math>将是<math>(\max_i \epsilon_i)</math>-差分隐私的。<ref name="PINQ" />
===Robustness to post-processing ===
===Robustness to post-processing ===
For any deterministic or randomized function <math>F</math> defined over the image of the mechanism <math>\mathcal{A}</math>, if <math>\mathcal{A}</math> satisfies ε-differential privacy, so does <math>F(\mathcal{A})</math>.
For any deterministic or randomized function <math>F</math> defined over the image of the mechanism <math>\mathcal{A}</math>, if <math>\mathcal{A}</math> satisfies ε-differential privacy, so does <math>F(\mathcal{A})</math>.
对于任意在机制<math>\mathcal{A}</math>的映射上定义的确定性函数或随机函数<math>F</math>,如果<math>\mathcal{A}</math>满足ε-差分隐私性,则<math>F(\mathcal{A})</math>也满足ε-差分隐私性。
Together, [[#Composability|composability]] and [[#Robustness to post-processing|robustness to post-processing]] permit modular construction and analysis of differentially private mechanisms and motivate the concept of the ''privacy loss budget''. If all elements that access sensitive data of a complex mechanisms are separately differentially private, so will be their combination, followed by arbitrary post-processing.
Together, [[#Composability|composability]] and [[#Robustness to post-processing|robustness to post-processing]] permit modular construction and analysis of differentially private mechanisms and motivate the concept of the ''privacy loss budget''. If all elements that access sensitive data of a complex mechanisms are separately differentially private, so will be their combination, followed by arbitrary post-processing.
总之,可组合性和对后期处理的鲁棒性允许模块化构建和分析不同的隐私机制,并激励隐私损失预算的概念。如果访问复杂机制的敏感数据的所有部分都是独立差分隐私的,那么它们的组合也是如此,然后是任意的后处理。
===Group privacy===
===Group privacy===
:<math>\Pr[\mathcal{A}(D_{1})\in S]\leq
:<math>\Pr[\mathcal{A}(D_{1})\in S]\leq
\exp(\epsilon c)\cdot\Pr[\mathcal{A}(D_{2})\in S]\,\!</math>
\exp(\epsilon c)\cdot\Pr[\mathcal{A}(D_{2})\in S]\,\!</math>
Thus setting ε instead to <math>\epsilon/c</math> achieves the desired result (protection of <math>c</math> items). In other words, instead of having each item ε-differentially private protected, now every group of <math>c</math> items is ε-differentially private protected (and each item is <math>(\epsilon/c)</math>-differentially private protected).
Thus setting ε instead to <math>\epsilon/c</math> achieves the desired result (protection of <math>c</math> items). In other words, instead of having each item ε-differentially private protected, now every group of <math>c</math> items is ε-differentially private protected (and each item is <math>(\epsilon/c)</math>-differentially private protected).