Differentially private linear queries on histograms

US 9,672,364 B2
Filed: 03/15/2013
Issued: 06/06/2017
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a dataset from a memory of a computing device;

receiving a query by the computing device through a network;

performing base decomposition using the dataset and the query to generate an orthonormal basis, by the computing device;

generating an answer to the query by the computing device;

adding noise to the answer, by the computing device, using the orthonormal basis, to protect differential privacy of the dataset stored in the memory of the computing device by preventing the determination of the presence or absence of a value from the dataset based on the answer with the added noise; and

providing the answer with the added noise by the computing device through the network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The privacy of linear queries on histograms is protected. A database containing private data is queried. Base decomposition is performed to recursively compute an orthonormal basis for the database space. Using correlated (or Gaussian) noise and/or least squares estimation, an answer having differential privacy is generated and provided in response to the query. In some implementations, the differential privacy is ε-differential privacy (pure differential privacy) or is (ε,δ)-differential privacy (i.e., approximate differential privacy). In some implementations, the data in the database may be dense. Such implementations may use correlated noise without using least squares estimation. In other implementations, the data in the database may be sparse. Such implementations may use least squares estimation with or without using correlated noise.

21 Citations

View as Search Results

29 Claims

1. A method comprising:
- receiving a dataset from a memory of a computing device;
  
  receiving a query by the computing device through a network;
  
  performing base decomposition using the dataset and the query to generate an orthonormal basis, by the computing device;
  
  generating an answer to the query by the computing device;
  
  adding noise to the answer, by the computing device, using the orthonormal basis, to protect differential privacy of the dataset stored in the memory of the computing device by preventing the determination of the presence or absence of a value from the dataset based on the answer with the added noise; and
  
  providing the answer with the added noise by the computing device through the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the dataset comprises a database.
  - 3. The method of claim 1, wherein the query comprises a linear query on a histogram.
  - 4. The method of claim 1, wherein the query is a query matrix.
  - 5. The method of claim 4, further comprising performing the base decomposition by determining a set of orthonormal matrices and recursively computing an orthonormal basis for the dataset, based on a minimum volume enclosing ellipsoid of columns of the query matrix.
  - 6. The method of claim 1, wherein adding noise to the answer comprises using correlated noise to add noise to the answer, wherein using the correlated noise comprises:
    - computing a sequence of John ellipsoids and projections based on the query;
      
      determining a correct answer for each of the projections;
      
      adding Gaussian noise to each correct answer according to the corresponding John ellipsoid; and
      
      combining the answers from at least two of the projections.
  - 7. The method of claim 1, wherein adding noise to the answer comprises using least squares estimation to add noise to the answer, wherein using the least squares estimation comprises:
    - receiving a noisy answer; and
      
      performing the least squares estimation on the noisy answer to generate the answer with noise.
  - 8. The method of claim 7, wherein the noisy answer is generated using correlated noise.
  - 9. The method of claim 1, further comprising determining whether the dataset is dense or sparse, and adding noise to the answer using correlated noise if the dataset is dense, and adding noise to the answer using least squares estimation if the dataset is sparse.
  - 10. The method of claim 1, further comprising generating the noise based on the differential privacy.
  - 11. The method of claim 10, wherein the differential privacy comprises ε
    - -differential privacy or (ε
      
      ,δ
      
      )-differential privacy.

12. A method comprising:
- receiving a query at a computing device through a network;
  
  determining an answer to the query, by the computing device, using a database stored in a memory of the computing device;
  
  performing base decomposition using the database and the query, by the computing device, to generate an orthonormal basis;
  
  adding noise to the answer, by the computing device, using the orthonormal basis, to protect differential privacy of the database stored in the memory of the computing device by preventing the determination of the presence or absence of a value from the database based on the answer with the added noise; and
  
  providing the answer with the added noise by the computing device through the network.
- View Dependent Claims (13, 14, 18)
- - 13. The method of claim 12, wherein the differential privacy comprises ε
    - -differential privacy or (ε
      
      ,δ
      
      )-differential privacy.
  - 14. The method of claim 12, wherein adding noise to the answer comprises using correlated noise if the database is dense, and using least squares estimation if the database is sparse.
  - 18. The method of claim 12, wherein the query comprises a linear query on a histogram.

15. An apparatus comprising:
- a processor;
  
  a memory;
  
  a privacy protector that;
  
  receives a dataset from the memory;
  
  receives a query through a network;
  
  performs base decomposition using the dataset and the query to generate an orthonormal basis;
  
  generates an answer to the query;
  
  adds noise to the answer using the orthonormal basis to protect the differential privacy of the dataset stored in the memory by preventing the determination of the presence or absence of a value from the dataset based on the answer with the added noise; and
  
  provides the answer with the added noise through the network.
- View Dependent Claims (16, 17, 19, 20, 21, 22, 23, 24, 25)
- - 16. The apparatus of claim 15, wherein the privacy protector further generates the noise based on the differential privacy.
  - 17. The apparatus of claim 15, wherein the privacy protector further determines whether the dataset is dense or sparse, and adds noise to the answer using correlated noise if the dataset is dense, and adds noise to the answer using least squares estimation if the dataset is sparse.
  - 19. The apparatus of claim 15, wherein the dataset comprises a database.
  - 20. The apparatus of claim 15, wherein the query comprises a linear query on a histogram.
  - 21. The apparatus of claim 15, wherein the query is a query matrix.
  - 22. The apparatus of claim 21, wherein the privacy protector further performs the base decomposition by determining a set of orthonormal matrices and recursively computing an orthonormal basis for the dataset, based on a minimum volume enclosing ellipsoid of columns of the query matrix.
  - 23. The apparatus of claim 15, wherein the privacy protector that adds noise to the answer comprises the privacy protector that uses correlated noise to add noise to the answer, wherein using the correlated noise comprises:
    - computing a sequence of John ellipsoids and projections based on the query;
      
      determining a correct answer for each of the projections;
      
      adding Gaussian noise to each correct answer according to the corresponding John ellipsoid; and
      
      combining the answers from at least two of the projections.
  - 24. The apparatus of claim 15, wherein the privacy protector that adds noise to the answer comprises the privacy protector that uses least squares estimation to add noise to the answer, wherein using the least squares estimation comprises:
    - receiving a noisy answer; and
      
      performing the least squares estimation on the noisy answer to generate the answer with noise.
  - 25. The apparatus of claim 24, wherein the noisy answer is generated using correlated noise.

26. An apparatus comprising:
- a processor;
  
  a memory; and
  
  a privacy protector that;
  
  receives a query through a network;
  
  determines an answer to the query using a database, wherein the database is stored in the memory;
  
  performs base decomposition using the database and the query to generate an orthonormal basis;
  
  adds noise to the answer using the orthonormal basis, to protect differential privacy of the database stored in the memory by preventing the determination of the presence or absence of a value from the database based on the answer with the added noise; and
  
  provides the answer with the added noise through the network.
- View Dependent Claims (27, 28, 29)
- - 27. The apparatus of claim 26, wherein the differential privacy comprises ε
    - -differential privacy or (ε
      
      ,δ
      
      )-differential privacy.
  - 28. The apparatus of claim 26, wherein the privacy protector that adds noise to the answer comprises the privacy protector that uses correlated noise if the database is dense, and uses least squares estimation if the database is sparse.
  - 29. The apparatus of claim 26, wherein the query comprises a linear query on a histogram.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Talwar, Kunal, Zhang, Li, Nikolov, Aleksandar
Primary Examiner(s)
Jeudy, Josnel

Application Number

US13/831,948
Publication Number

US 20140283091A1
Time in Patent Office

1,544 Days
Field of Search

726 4- 11
US Class Current
CPC Class Codes

G06F 16/2455   Query execution

G06F 16/248   Presentation of query results

G06F 17/18   for evaluating statistical ...

G06F 21/60   Protecting data

G06F 21/6245   Protecting personal data, e...

Differentially private linear queries on histograms

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Differentially private linear queries on histograms

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links