Efficient implementation for differential privacy using cryptographic functions
First Claim
1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors of a system, cause the system to perform operations for differential privacy when determining a frequency of values, the operations comprising:
- identifying, at a client device, a value from a known set of values to transmit to a server;
determining a random bit position within a representation of the identified value;
randomizing, by the client device, the identified value using a public pseudorandom function that inputs the representation of the identified value and the random bit position and outputs a string of bits;
selecting a single bit value from the string of bits at a bit position based on the random bit position;
creating a privatized bit value of the single bit value by performing a biased coin flip operation to determine whether to flip the single bit value; and
transmitting, to the server, the privatized bit value and the random bit position, wherein the server precomputes a vector for each respective value of the known set of values using the public pseudorandom function, identifies one or more of the vectors including a bit matching the privatized bit value at the bit position based on the random bit position, and updates a frequency estimation of one or more of the known set of values corresponding to the vectors identified.
2 Assignments
0 Petitions
Accused Products
Abstract
The system described may implement a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations of the system may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES. Accordingly, the system provides an efficient mechanism for implementing differential privacy.
-
Citations
31 Claims
-
1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors of a system, cause the system to perform operations for differential privacy when determining a frequency of values, the operations comprising:
-
identifying, at a client device, a value from a known set of values to transmit to a server; determining a random bit position within a representation of the identified value; randomizing, by the client device, the identified value using a public pseudorandom function that inputs the representation of the identified value and the random bit position and outputs a string of bits; selecting a single bit value from the string of bits at a bit position based on the random bit position; creating a privatized bit value of the single bit value by performing a biased coin flip operation to determine whether to flip the single bit value; and transmitting, to the server, the privatized bit value and the random bit position, wherein the server precomputes a vector for each respective value of the known set of values using the public pseudorandom function, identifies one or more of the vectors including a bit matching the privatized bit value at the bit position based on the random bit position, and updates a frequency estimation of one or more of the known set of values corresponding to the vectors identified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A device, comprising:
-
a memory storing instructions; and a processor coupled to the memory to execute the instructions from the memory, the processor being configured to; identify a value from a known set of values to transmit to a server; determine a random bit position within a hash representation of the identified value; randomize the identified value using an Advanced Encryption Standard (AES) function that inputs the hash representation of the identified value as a key and the random bit position as data, and outputs a single bit value of a resulting ciphertext at a bit position based on the random bit position; create a privatized bit value of the single bit value by performing a biased coin flip operation to determine whether to flip the single bit value; and transmit, to the server, the privatized bit value and the random bit position, wherein the server precomputes a vector for each respective value of the known set of values using an AES function, identifies one or more of the vectors including a bit matching the privatized bit value at the bit position based on the random bit position, and updates a frequency estimation of one or more of the known set of values corresponding to the vectors identified. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A device, comprising:
-
a memory storing instructions; and a processor coupled to the memory to execute the instructions from the memory, the processor being configured to; identify a value from a known set of values to transmit to a server; determine a random bit position within a hash of the identified value; randomize the identified value using a Secure Hash Algorithm (SHA) function that inputs the hash of the identified value and the random bit position, and outputs a single bit value of a resulting hash at a bit position based on the random bit position, wherein the SHA function generates both the hash of the identified value and the resulting hash in response to a single function call; create a privatized bit value of the single bit value by performing a biased coin flip operation to determine whether to flip the single bit value; and transmit, to the server, only the privatized bit value and the random bit position, wherein the server precomputes a vector for each respective value of the known set of values using the SHA function, identifies one or more of the vectors including a bit matching the privatized bit value at the bit position based on the random bit position, and updates a frequency estimation of one or more of the known set of values corresponding to the vectors identified. - View Dependent Claims (22, 23, 24)
-
-
25. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors of a system, cause the system to perform operations to achieve differential privacy when determining a frequency of values, the operations comprising:
-
receiving, at a server, a single bit value and a random bit position from a client device, the single bit value representing an output of a cryptographic function performed on the client device to randomize an input from a known set of inputs, wherein the random bit position is a position with a representation of the input from the known set of inputs; precomputing, at the server, a vector for each respective value of the known set of values using the cryptographic function; identifying one or more of the vectors including a bit matching the single bit value at a bit position based on the random bit position; and updating a frequency estimation of one or more of the known set of values corresponding to the vectors identified. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
Specification