Joan Feigenbaum
Skip Abstract Section
Abstract
The proliferation of online sensitive data about individuals and organizations makes concern about the privacy of these data a top priority. There have been many formulations of privacy and, unfortunately, many negative results about the feasibility of maintaining privacy of sensitive data in realistic networked environments. We formulate communication-complexity-based definitions, both worst case and average case, of a problem’s privacy-approximation ratio. We use our definitions to investigate the extent to which approximate privacy is achievable in a number of standard problems: the 2nd-price Vickrey auction, Yao’s millionaires problem, the public-good problem, and the set-theoretic disjointness and intersection problems.
For both the 2nd-price Vickrey auction and the millionaires problem, we show that not only is perfect privacy impossible or infeasibly costly to achieve, but even close approximations of perfect privacy suffer from the same lower bounds. By contrast, if the inputs are drawn uniformly at random from { 0,…, 2k-1}, then, for both problems, simple and natural communication protocols have privacy-approximation ratios that are linear in k (i.e., logarithmic in the size of the input space). We also demonstrate tradeoffs between privacy and communication in a family of auction protocols.
We show that the privacy-approximation ratio provided by any protocol for the disjointness and intersection problems is necessarily exponential (in k). We also use these ratios to argue that one protocol for each of these problems is significantly fairer than the others we consider (in the sense of relative effects on the privacy of the different players).
- Anil Ada, Arkadev Chattopadhyay, Stephen Cook, Lila Fontes, Michal Koucky, and Toniann Pitassi. 2012. The hardness of being private. In Proceedings of the 2012 IEEE Conference on Computational Complexity (CCC’12). IEEE Computer Society, Washington, DC, 192--202. DOI: http://dx.doi.org/10.1109/CCC.2012.24 Google Scholar
Digital Library
- Moshe Babaioff, Liad Blumrosen, Moni Naor, and Michael Schapira. 2008. Informational overhead of incentive compatibility. In Proceedings of the 9th ACM Conference on Electronic Commerce (EC’08). ACM, New York, NY, 88--97. DOI: http://dx.doi.org/10.1145/1386790.1386807 Google ScholarDigital Library
- R. Bar-Yehuda, B. Chor, E. Kushilevitz, and A. Orlitsky. 2006. Privacy, additional information and communication. IEEE Trans. Inf. Theor. 39, 6 (Sept. 2006), 1930--1943. DOI: http://dx.doi.org/10.1109/18.265501 Google ScholarDigital Library
- Amos Beimel, Paz Carmi, Kobbi Nissim, and Enav Weinreb. 2008. Private approximation of search problems. SIAM J. Comput. 38, 5 (Dec. 2008), 1728--1760. DOI: http://dx.doi.org/10.1137/060671899 Google ScholarDigital Library
- Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. 1988. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC’88). ACM, New York, NY, 1--10. DOI: http://dx.doi.org/10.1145/62212.62213 Google ScholarDigital Library
- Liad Blumrosen, Noam Nisan, and Ilya Segal. 2007. Auctions with severely bounded communication. J. Artif. Int. Res. 28, 1 (March 2007), 233--266. DOI: http://dx.doi.org/10.1613/jair.2081 Google ScholarDigital Library
- Felix Brandt and Tuomas Sandholm. 2008. On the existence of unconditionally privacy-preserving auction protocols. ACM Trans. Inf. Syst. Secur. 11, 2, Article 6 (May 2008), 21 pages. DOI: http://dx.doi.org/10.1145/1330332.1330338 Google ScholarDigital Library
- David Chaum, Claude Crépeau, and Ivan Damgard. 1988. Multiparty unconditionally secure protocols. In Proceedings of the 20th Annual ACM Symposium on Theory of Computing (STOC’88). ACM, New York, NY, 11--19. DOI: http://dx.doi.org/10.1145/62212.62214 Google ScholarDigital Library
- Benny Chor and Eyal Kushilevitz. 1991. A zero-one law for Boolean privacy. SIAM J. Discret. Math. 4, 1 (Jan. 1991), 36--47. DOI: http://dx.doi.org/10.1137/0404004 Google ScholarDigital Library
- Marco Comi, Bhaskar Dasgupta, Michael Schapira, and Venkatakumar Srinivasan. 2012. On communication protocols that compute almost privately. Theor. Comput. Sci. 457 (Oct. 2012), 45--58. DOI: http://dx.doi.org/10.1016/j.tcs.2012.07.008 Google ScholarDigital Library
- Yevgeniy Dodis, Shai Halevi, and Tal Rabin. 2000. A cryptographic solution to a game theoretic problem. In Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’00). Springer-Verlag, London, UK, 112--130. DOI: http://dx.doi.org/10.1007/3-540-44598-6_7 Google ScholarDigital Library
- Cynthia Dwork. 2006. Differential privacy. In Proceedings of the 33rd International Conference on Automata, Languages and Programming - Volume Part II (ICALP’06). Springer-Verlag, Berlin, 1--12. DOI: http://dx.doi.org/10.1007/11787006_1 Google ScholarDigital Library
- Joan Feigenbaum, Yuval Ishai, Tal Malkin, Kobbi Nissim, Martin J. Strauss, and Rebecca N. Wright. 2006. Secure multiparty computation of approximations. ACM Trans. Algorithms 2, 3 (July 2006), 435--472. DOI: http://dx.doi.org/10.1145/1159892.1159900 Google ScholarDigital Library
- Joan Feigenbaum, Aaron D. Jaggard, and Michael Schapira. 2010a. Approximate privacy: Foundations and quantification (extended abstract). In Proceedings of the 11th ACM Conference on Electronic Commerce (EC’10). ACM, New York, NY, 167--178. DOI: http://dx.doi.org/10.1145/1807342.1807369 Google ScholarDigital Library
- Joan Feigenbaum, Aaron D. Jaggard, and Michael Schapira. 2010b. Approximate privacy: PARs for set problems. Tech. rep. 2010-01. DIMACS. Also arXiv:1001.3388. Google ScholarDigital Library
- Joan Feigenbaum and Scott Shenker. 2002. Distributed algorithmic mechanism design: Recent results and future directions. In Proceedings of the 6th International Workshop on Discrete Algorithms and Methods for Mobile Computing and Communications (DIALM’02). ACM, New York, NY, 1--13. DOI: http://dx.doi.org/10.1145/570810.570812 Google ScholarDigital Library
- Yuzo Fujishima, David McAdams, and Yoav Shoham. 1999. Speeding up ascending-bid auctions. In Proceedings of the 16th International Joint Conference on Artifical Intelligence - Volume 1 (IJCAI’99). Morgan Kaufmann, San Francisco, CA, 554--559. Google ScholarDigital Library
- Arpita Ghosh and Aaron Roth. 2011. Selling privacy at auction. In Proceedings of the 12th ACM Conference on Electronic Commerce (EC’11). ACM, New York, NY, 199--208. DOI: http://dx.doi.org/10.1145/1993574.1993605 Google ScholarDigital Library
- Arpita Ghosh, Tim Roughgarden, and Mukund Sundararajan. 2009. Universally utility-maximizing privacy mechanisms. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC’09). ACM, New York, NY, 351--360. DOI: http://dx.doi.org/10.1145/1536414.1536464 Google ScholarDigital Library
- Elena Grigorieva, P. Jean-Jacques Herings, Rudolf Müller, and Dries Vermeulen. 2006. The communication complexity of private value single-item auctions. Oper. Res. Lett. 34, 5 (Sept. 2006), 491--498. DOI: http://dx.doi.org/10.1016/j.orl.2005.07.011 Google ScholarDigital Library
- Elena Grigorieva, P. Jean-Jacques. Herings, Rudolf Mller, and Dries Vermeulen. 2007. The private value single item bisection auction. Economic Theory 30, 1 (2007), 107--118. DOI: http://dx.doi.org/10.1007/s00199-005-0032-zGoogle ScholarCross Ref
- Elena Grigorieva, P. Jean-Jacques Herings, Rudolf Mller, and Dries Vermeulen. 2010. On the fastest Vickrey algorithm. Algorithmica 58, 3 (2010), 566--590. DOI: http://dx.doi.org/10.1007/s00453-009-9285-4Google ScholarDigital Library
- Shai Halevi, Robert Krauthgamer, Eyal Kushilevitz, and Kobbi Nissim. 2001. Private approximation of NP-hard functions. In Proceedings of the 33rd Annual ACM Symposium on Theory of Computing (STOC’01). ACM, New York, NY, 550--559. DOI: http://dx.doi.org/10.1145/380752.380850 Google ScholarDigital Library
- P. Jean-Jacques Herings, Rudolf Müller, and Dries Vermeulen. 2009. Bisection auctions. SIGecom Exch. 8, 1, Article 6 (July 2009), 5 pages. DOI: http://dx.doi.org/10.1145/1598780.1598786 Google ScholarDigital Library
- Eyal Kushilevitz. 1992. Privacy and communication complexity. SIAM J. Discret. Math. 5, 2 (May 1992), 273--284. DOI: http://dx.doi.org/10.1137/0405021 Google ScholarDigital Library
- Eyal Kushilevitz and Noam Nisan. 1997. Communication Complexity. Cambridge University Press, New York. Google ScholarDigital Library
- Andrew McGregor, Ilya Mironov, Toniann Pitassi, Omer Reingold, Kunal Talwar, and Salil Vadhan. 2010. The limits of two-party differential privacy. In Proceedings of the 2010 IEEE 51st Annual Symposium on Foundations of Computer Science (FOCS’10). IEEE Computer Society, Washington, DC, USA, 81--90. DOI: http://dx.doi.org/10.1109/FOCS.2010.14 Google ScholarDigital Library
- S. Muthukrishnan. 2009. Challenges in Designing Ad Exchanges. (September 2009). Talk at the NSF Workshop on Research Issues at the Interface of Computer Science and Economics, Cornell University. Google ScholarDigital Library
- Moni Naor, Benny Pinkas, and Reuban Sumner. 1999. Privacy preserving auctions and mechanism design. In Proceedings of the 1st ACM Conference on Electronic Commerce (EC’99). ACM, New York, NY, 129--139. DOI: http://dx.doi.org/10.1145/336992.337028 Google ScholarDigital Library
- Noam Nisan. 2007. Introduction to mechanism design (for computer scientists). In Algorithmic Game Theory, Noam Nisan, Tim Roughgarden, Éva Tardos, and Vijay V. Vazirani (Eds.). Cambridge University Press, New York, 209--242. Google ScholarDigital Library
- Kobbi Nissim, Claudio Orlandi, and Rann Smorodinsky. 2012. Privacy-aware mechanism design. In Proceedings of the 13th ACM Conference on Electronic Commerce (EC’12). ACM, New York, NY, 774--789. DOI: http://dx.doi.org/10.1145/2229012.2229073 Google ScholarDigital Library
- OIES. 2010. The On-Line Encyclopedia of Integer Sequences. Retrieved from http://oeis.org.Google Scholar
- Xin Sui and Craig Boutilier. 2011. Efficiency and privacy tradeoffs in mechanism design. In AAAI Conference on Artificial Intelligence. Retrieved from http://www.aaai.org/ocs/index.php/AAAI/AAAI11/paper/view/3527. Google ScholarDigital Library
- William Vickrey. 1961. Counterspeculation, auctions, and competitive sealed tenders. J. Finance 16, 1 (1961), 8--37. DOI: http://dx.doi.org/10.1111/j.1540-6261.1961.tb02789.x Google ScholarDigital Library
- Andrew C. Yao. 1982. Protocols for secure computations. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science (SFCS’82). IEEE Computer Society, Washington, DC, 160--164. DOI: http://dx.doi.org/10.1109/SFCS.1982.88 Google ScholarDigital Library
- Andrew Chi-Chih Yao. 1979. Some complexity questions related to distributive computing (preliminary report). In Proceedings of the 11th Annual ACM Symposium on Theory of Computing (STOC’79). ACM, New York, NY, 1209--213. DOI: http://dx.doi.org/10.1145/800135.804414 Google ScholarDigital Library
- Andrew Chi-Chih Yao. 1986. How to generate and exchange secrets. In Proceedings of the 27th Annual Symposium on Foundations of Computer Science (SFCS’86). IEEE Computer Society, Washington, DC, 162--167. DOI: http://dx.doi.org/10.1109/SFCS.1986.25 Google ScholarDigital Library
Index Terms
- Approximate Privacy: Foundations and Quantification
Recommendations
Approximate privacy: foundations and quantification (extended abstract)
EC '10: Proceedings of the 11th ACM conference on Electronic commerceIncreasing use of computers and networks in business, government, recreation, and almost all aspects of daily life has led to a proliferation of online sensitive data about individuals and organizations. Consequently, concern about the privacy of these ...
The Hardness of Being Private
Kushilevitz [1989] initiated the study of information-theoretic privacy within the context of communication complexity. Unfortunately, it has been shown that most interesting functions are not privately computable [Kushilevitz 1989, Brandt and Sandholm ...
On communication protocols that compute almost privately
SAGT'11: Proceedings of the 4th international conference on Algorithmic game theoryA traditionally desired goal when designing auction mechanisms is incentive compatibility, i.e., ensuring that bidders fare best by truthfully reporting their preferences. A complementary goal, which has, thus far, received significantly less attention, ...
Comments