Efficient implementation for differential privacy using cryptographic functions
First Claim
1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors of an electronic device, cause the electronic device to perform operations for differential privacy when determining a frequency of values, the operations comprising:
- identifying a value from a known set of values to transmit to a server;
determining a randomized bit position within a representation of the identified value;
outputting a set of bits by randomizing the identified value using a pseudorandom function that inputs the representation of the identified value and the randomized bit position within the representation of the identified value;
selecting a bit value from the set of bits at a bit position based on the randomized bit position;
creating a privatized bit value of the bit value by performing a biased randomization operation to determine whether to flip the bit value; and
transmitting, to the server, the privatized bit value and the randomized bit position, wherein the server precomputes a vector for values of the known set of values using the pseudorandom function, identifies one or more vectors including a bit matching the privatized bit value at the bit position based on the randomized bit position, and updates a frequency estimation of one or more of the known set of values corresponding to one or more identified vectors.
0 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.
-
Citations
31 Claims
-
1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors of an electronic device, cause the electronic device to perform operations for differential privacy when determining a frequency of values, the operations comprising:
-
identifying a value from a known set of values to transmit to a server; determining a randomized bit position within a representation of the identified value; outputting a set of bits by randomizing the identified value using a pseudorandom function that inputs the representation of the identified value and the randomized bit position within the representation of the identified value; selecting a bit value from the set of bits at a bit position based on the randomized bit position; creating a privatized bit value of the bit value by performing a biased randomization operation to determine whether to flip the bit value; and transmitting, to the server, the privatized bit value and the randomized bit position, wherein the server precomputes a vector for values of the known set of values using the pseudorandom function, identifies one or more vectors including a bit matching the privatized bit value at the bit position based on the randomized bit position, and updates a frequency estimation of one or more of the known set of values corresponding to one or more identified vectors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An electronic device comprising:
-
a memory to store instructions; and one or more processors coupled to the memory to execute the instructions, wherein the instructions cause the one or more processors to; identify a value from a known set of values to transmit to a server; determine a randomized bit position within a hash representation of the identified value; randomize the identified value via a cryptographic function, the cryptographic function to receive the hash representation of the identified value as a key and the randomized bit position as data, and output a bit value of a resulting ciphertext at a bit position based on the randomized bit position; create a privatized bit value of the bit value by performing a biased randomization operation to determine whether to flip the bit value; and transmit, to the server, the privatized bit value and the randomized bit position, wherein the server precomputes a vector for each respective value of the known set of values using the cryptographic function, identifies one or more vectors including a bit matching the privatized bit value at the bit position based on the randomized bit position, and updates a frequency estimation of one or more of the known set of values corresponding to the vectors identified. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A data processing system on a server device, the system comprising:
-
a memory to store instructions; and one or more processors coupled to the memory to execute the instructions, wherein the instructions cause the one or more processors to perform operations comprising; receiving, at the server device, a bit value and a randomized bit position from a client device, the bit value representing an output of a cryptographic function performed on the client device to randomize an input from a known set of inputs, wherein the randomized bit position is a position with a representation of the input from the known set of inputs; precomputing a vector for each respective value of the known set of values using the cryptographic function; identifying one or more vectors including a bit matching the bit value at a bit position based on the randomized bit position; and updating a frequency estimation of one or more of the known set of values corresponding to the one or more identified vectors. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
Specification