PrivPfC: differentially private data publication for classification

In this paper, we tackle the problem of constructing a differentially private synopsis for the classification analysis. Several state-of-the-art methods follow the structure of existing classification algorithms and are all iterative, which is suboptimal due to the locally optimal choices and division of the privacy budget among many sequentially composed steps. We propose PrivPfC, a new differentially private method for releasing data for classification. The key idea underlying PrivPfC is to privately select, in a single step, a grid, which partitions the data domain into a number of cells. This selection is done by using the exponential mechanism with a novel quality function, which maximizes the expected number of correctly classified records by a histogram classifier. PrivPfC supports both the binary classification and the multiclass classification. Through extensive experiments on real datasets, we demonstrate PrivPfC ’s superiority over the state-of-the-art methods.

We thank the reviewers for their valuable comments. This paper is based upon work supported by the United States National Science Foundation under grants CNS-1116991 and CNS-1640374 and Key Laboratory on High Performance Computing, Anhui Province, NSFC (61672486, 61672480,11671376), Key Program of NSFC (71631006).

Authors and Affiliations

1. Purdue University, West Lafayette, IN, USA

   Dong Su & Ninghui Li

2. Institute for Infocomm Research, Singapore, Singapore

   Jianneng Cao

3. University of Science and Technology of China, Hefei, China

   Min Lyu

Corresponding author

Correspondence to Dong Su.

Appendix

Lemma 3 gives the distribution of the difference of two i.i.d. Laplace random variables, which will be used in the proof of Lemma 1.

Lemma 3

[20] Let \(Z_1\) and \(Z_2\) be two i.i.d. random variables that follow the Laplace distribution with mean 0 and scale \(\frac{1}{\epsilon }\). Then the density of their difference \(Y = Z_1 - Z_2\) is

and the corresponding cumulative distribution function is

(8)

Proof of Lemma 1

Proof

We show the global sensitivity of the grid quality (Eq. 1) in the binary classification setting can be safely bounded by 1.1.

Given a dataset D, and without loss of generality we assume that D has 2 class labels \(\{1,2\}\) and the neighboring dataset of D is \(D^{\prime } = D - t\) , where the tuple t falls into cell e and has class label 1. Given a grid g, the quality values of all cells of it are the same except the cell e. In the cell e, we have the number of data points with label 1, \(n_{e}^{1}\), \({n'}_{e}^{1}\), and that with label 2, \(n_{e}^{2}\), \({n'}_{e}^{2}\) for D and \(D^{\prime }\), respectively, where \(n_{e}^{1}={n'}_{e}^{1}+1\) and \(n_{e}^{2}={n'}_{e}^{2}\). Each class also has a probability, \(p_{e}^{i}\), being the dominant class in cell e, where \(i = \{1,2\}\).

To compute the global sensitivity of the grid quality (Eq. 1), we first present the difference of the grid quality function for the neighboring datasets D and \(D'\) in terms of \(n_e^1, n_e^2, p_e^1\) and \(p_e^2\). Then we show that the difference can be bounded by 1.1.

The global sensitivity of the grid quality function for binary classification can be computed by,

where \(p_e^1\) is the probability of Class 1 is still the dominant class after adding noise. The last equality holds, because \(p_e^2=1-p_e^1\) and \(p_{e}^{'2}=1-p_{e}^{'1}\).

As for \(p_e^1\), by Lemma 3,

(10)

Since the probability \(p_e^1\) (Eq. 10) takes different forms depending on whether \(n_e^1-n_e^2 \ge 0\) or not, we analyze the global sensitivity \(\varDelta _{\textsf {gq}}\) by two cases: Class 1 is the dominant class in the cell e for D, \(n_e^1-n_e^2 \ge 1\) or not, \(n_e^1-n_e^2 \le 0\). We show that for \(n_e^1-n_e^2 \ge 1\), the upper bound of the global sensitivity is 1.1 and for \(n_e^1-n_e^2 \le 0\), the upper bound is 0.5. Note that the two conditions cover all cases, since \(n_e^1\) and \(n_e^{2}\) are integers. Therefore, the global sensitivity can be bounded by 1.1.

Case 1: \({\mathbf {n_e^1-n_e^2 \ge 1}}\).

In this case, \(n_e^{'1}-n_e^{'2} = n_e^1-1-n_e^2 \ge 0\). By Eqs. (9) and (10), we have

By letting \(x = n_e^1-n_e^2\), we have

where \(x \ge 1\).

For simplicity, let us consider the function \(g_{1}(x)=\frac{xe^{-\epsilon x}}{2}(1+\frac{\epsilon x}{2})\), and thus the sensitivity becomes \( \varDelta _{\textsf {gq}} = \left| 1+g_{1}(x-1)-g_{1}(x)\right| \).

Note that \(g_{1}(x)\) is differentiable and its derivative \(g_{1}^{\prime }(x)=\frac{e^{-\epsilon x}}{4}(2-\epsilon ^2 x^2)\). Thus, by Lagrange’s Mean Value Theorem, for any \(x \ge 1\), there exists some \(\xi \) between \(x-1\) and x (thus \(\xi >0\)), so that

To bound the expression above, consider another function

where \(x>0\). The function h(x) reaches the maximum at the point \(\frac{1+\sqrt{3}}{\epsilon }\) with the maximum value 1.1, increases in the interval \(\left[ 0, \frac{1+\sqrt{3}}{\epsilon }\right] \) and decreases in the interval \(\left( \frac{1+\sqrt{3}}{\epsilon }, \infty \right) \). When \(x \in [0, \frac{1+\sqrt{3}}{\epsilon }]\), \(h(0) \le h(x) \le h(\frac{1+\sqrt{3}}{\epsilon })\) which means \(h(x) \in [0.5, 1.1]\). When \(x \in \left( \frac{1+\sqrt{3}}{\epsilon }, \infty \right) \), h(x) decreases and lies in (1, 1.1], because \(\lim \nolimits _{x\rightarrow +\infty } h(x)=1\). Therefore, in this case,

Case 2: \({\mathbf {n_e^1-n_e^2 \le 0}}\)

In this case,

Similarly, by letting \(x = n_e^1-n_e^2\), we have

where \(x \le 0\).

Similarly to Case 1, let \(g_2(x)=\frac{xe^{\epsilon x }}{2}\left( 1-\frac{\epsilon x }{2}\right) \), and then the sensitivity becomes \(\varDelta _{\textsf {gq}} = \left| g_{2}(x)-g_{2}(x-1)\right| \).

The function \(g_2(x)\) is differentiable and its first order derivative is \(g_{2}^{\prime }(x)=\frac{e^{\epsilon x}}{4}\left( 2-\epsilon ^2 x^2\right) \). The derivative \(g_{2}^{\prime }(x)\) decreases when \(x \in \left( -\infty , -\frac{1+\sqrt{3}}{\epsilon }\right) \), increases when \(x\in \left[ -\frac{1+\sqrt{3}}{\epsilon }, 0\right] \). And when \(x=-\frac{1+\sqrt{3}}{\epsilon }\) the function \(g_{2}^{\prime }(x)\) reaches the minimum value \(-0.09\). Thus, when \(x \le -\frac{1+\sqrt{3}}{\epsilon }\), \(g_{2}^{\prime }(x) \in [-0.09, 0)\) because \(\lim \limits _{x\rightarrow -\infty } g_{2}^{\prime }(x)=0\) and \(g_{2}^{\prime }(x) \in [-0.09, 0.5]\) when \(x\in [-\frac{1+\sqrt{3}}{\epsilon }, 0]\). Applying Lagrange’s Mean Value Theorem to \(g_{2}(x)\), for any \(x \le 0\), there exists some \(\eta \) between \(x-1\) and x, thus \(\eta \le 0\), so that

In summary, by considering the above two cases, the global sensitivity for grid quality on binary classification \(\varDelta _{\textsf {gq}}\) is bounded by 1.1 and reaches its maximum when Case 1 holds, at

The global maximum point \(x^{*}\) is obtained by taking derivative of \(1+g_{1}(x-1)-g_{1}(x)\). This completes the proof. \(\square \)

Proof of Lemma 2

Proof

Given a dataset D, without loss of generality we assume that the neighboring dataset of D is \(D^{\prime } = D - t\), where the tuple t is in cell e. The quality values of all cells other than cell e are the same. Denote \(l_t\) as the class label of t.

Since the approximation of the grid quality (Eq. 5) involves only the top two classes, and the quality values of all cells other than cell e are the same, the difference of the approximated grid quality function \(\varDelta _{\textsf {gq}}=|\textsf {gq} (D, g)-\textsf {gq} (D', g)|\) is 0 or not depends on whether the count of Class \(l_t\) is in the top two class counts of cell e in D and \(D'\). It is worth pointing out that the rank of Class \(l_t\) does not rise in \(D'= D-t\) because deleting the tuple t can only decrease the count of Class \(l_t\). Therefore, we bound \(\varDelta _{\textsf {gq}}\) by considering three separated cases: (1) Class \(l_t\) is not in the top two classes in D and \(D'\), (2) Class \(l_t\) is in the top two classes in D and \(D'\), and (3) Class \(l_t\) is in the top two classes in D but not in \(D'\). For convenience, we use \(l_t \in \{(1), (2)\}\) to represent the fact that the class count of lt is in top 2, and \(l_t \notin \{(1), (2)\}\) to represent that it is not.

Case 1: \(l_t \notin \{(1),(2)\}\) in both D and \(D'\). Class \(l_t\) does not rank in top-2 in both D and \(D'\). In this case, deleting the tuple t does not affect the first 2 classes. \(n_e^{(1)}=n_e^{'(1)}, n_e^{(2)}=n_e^{'(2)}, p_e^{(1)}=p_e^{'(1)}\) and \(p_e^{(2)}=p_e^{'(2)}\). So \(\textsf {gq} (D,g)=\textsf {gq} (D',g)\), which means \(\varDelta _{\textsf {gq}}=0\).

Case 2: \(l_t \in \{(1),(2)\}\) in both D and \(D'\). Class \(l_t\) ranks in top-2 in both D and \(D'\). In this case, the rank of \(l_t\) may change. So let us consider the following subcases.

Subcase 2.1: Class \(l_t\) ranks first (resp. second) in both D and \(D'\). Then, we have \(n_e^{(1)}=n_e^{'(1)}+1\) and \(n_e^{(2)}=n_e^{'(2)}\) (resp. \(n_e^{(1)}=n_e^{'(1)}\) and \(n_e^{(2)}=n_e^{'(2)}+1\) ). Similar to the proof of Lemma 1, we obtain \(\varDelta _{\textsf {gq}} \le 1.1\).

Subcase 2.2: Class \(l_t\) ranks first in D and ranks second in \(D'\). Deleting one tuple makes the class with the highest count become the second highest class, which occurs only when there is a tie between two highest classes in D. (This tie can be resolved the alphabetical order of class labels.) In this case, we have

Thus,

where the third equality holds because of Eq. (11) and the fourth equality holds because \(p_{e}^{(2)}=1-p_{e}^{(1)}\) and \(p_{e}^{'(2)}=1-p_{e}^{'(1)}\).

Case 3: \(l_t \in \{(1),(2)\}\) in D and \(l_t \notin \{(1),(2)\}\) in \(D'\). Class \(l_t\) ranks in top-2 in D, but does not rank in top-2 in \(D'\). Similar to Subcase 2.2, this case occurs only when there is a tie among Class \(l_t\) and other \(s (\ge 1)\) classes which are not ranked in top-2. Deleting the tuple t makes \(l_t\) ranked out of top-2. So, by our tie resolving rule, one of the s classes with the same count as Class \(l_t\) is ranked into top-2. For example, suppose the number of class \(k =3\), \(n_{e}^{1} = n_{e}^{2} = n_{e}^{3} = 10\), the first highest classes with counts \(n_{e}^{(1)}=n_{e}^{(2)}=10\). After removing the tuple t with label 1, we have \(n_{e}^{\prime 2} = n_{e}^{\prime 3} = 10\), and \(n_{e}^{\prime 1} = 9\). The class containing t is ranked out of top-2 and the class with label 3 is ranked into top-2, and the counts of the top two classes in \(D'\) are still the same, which means \(n_{e}^{'(1)}=n_{e}^{'(2)}=10\). That is to say,

Similarly, we have

where the second equality holds because of Eq. (12).

In summary, the global sensitivity for the approximation of grid quality on multiclass classification \(\varDelta _{\textsf {gq}} \le 1.1\). \(\square \)

Reprints and permissions