Formal Definition of Differential Privacy
We have previously discussed that there are two methods for adding noise, "Local Differential Privacy", where noise was added to each datapoint locally. This technique is necessary for some situations, where the data is very sensitive, that the individuals don't trust, or don't rely on noise being added later. Unfortunately, this comes at a very high cost in terms of accuracy.
The second method that we discussed was "Global Differential Privacy", where noise is added after the data has been aggregate by a function. Unlike local dp, global dp allows similar levels of protection, without affecting the accuracy too much. However individuals must be able to trust that no one looked at their datapoints before the query. In some cases this might work well, while in cases like when someone is conducting a hand survey, this technique is not very realistic.
Nevertheless, global differential privacy is very important because it allows us to perform differential privacy on smaller groups of individuals with lower amounts of noise.
Global differential privacy will help us relate to the formal definition of differential privacy.
Formal Definition:
This definition, acts as a constraint that helps us analyse a query with noise, to find out how much this query is leaking information. Where Epsilon and Delta measure the thresholds for leaking.
This definition does not create differential privacy, instead it is a measure of how much privacy is afforded by a query M. Specifically, it’s a comparison between running the query M on a database (x) and a parallel database (y).
Thus, this definition says that for all parallel databases, the maximum distance between a query on database (x) and the same query on database (y) will be epsilon, but that sometimes this constraint won’t hold with a probability delta.
Note
I am writing this article in part with Udacity’s secure and private AI Scholarship Challenge, as a way to share what I have learned so far.
#60daysofudacity #secureandprivateai
