Approximate Privacy:
Foundations and Quantification
Joan Feigenbaum
http://www.cs.yale.edu/homes/jf
DIMACS; November 20, 2009
Joint work with A. D. Jaggard and M. Schapira
1
Starting Point: Agents’ Privacy in MD
• Traditional goal of mechanism design: Incent
agents to reveal private information that is
needed to compute optimal results.
• Complementary, newly important goal: Enable
agents not to reveal private information that is
not needed to compute optimal results.
• Example (Naor-Pinkas-Sumner, EC ’99): It’s
undesirable for the auctioneer to learn the
winning bid in a 2nd–price Vickrey auction.
2
Minimum Knowledge Requirements
for 2nd–Price Auction
0
1
0 1, 0
bidder 1
RI (2, 0)
1
2
3
2, 0
1, 1
bidder 2
winner
price
2, 1
2
1, 2 2, 2
3
1, 3
Perfect ≈ Auctioneer learns only which
Privacy
region corresponds to the bids.
3
Two-party Communication Model
f: {0, 1}k x {0, 1}k  {0, 1}t
x1
Party 1
Party 2
q1
q2
•••
qr-1
qr = f(x1, x2)
s(x1, x2) Δ
= (q1, …, qr)
x2
qj  {0, 1}
is a function
of (q1, …, qj-1)
and one player’s
private input.
4
Example: Millionaires’ Problem
0
millionaire 1
1
2
3
millionaire 2
0
1
2
A(f)
3
f(x1, x2) = 1 if x1 ≥ x2 ; else f(x1, x2) = 2
5
Bisection Protocol
In each round, a player “bisects” an interval.
0
1
2
3
0
1
2
3
Example: f(2, 3)
6
Monochromatic Tilings
• A region of A(f) is any subset of entries (not
necessarily a submatrix). A partition of A(f)
is a set of disjoint regions whose union is A(f).
• Monochromatic regions and partitions
• A rectangle in A(f) is a submatrix. A tiling is
a partition into rectangles.
• Tiling T1(f) is a refinement of partition PT2(f)
if every rectangle in T1(f) is contained in some
region in PT2(f).
7
A Protocol “Zeros in on” a
Monochromatic Rectangle
Let A(f) = R x C
While R x C is not monochromatic
– Party i sends bit q.
– If i = 1, q indicates whether x1 is in R1 or R2,
where R = R1 ⊔ R2. If x1  Rk, both parties set
R  Rk.
– If i = 2, q indicates whether x2 is in C1 or C2,
where C = C1 ⊔ C2. If x2  Ck, both parties set
C  C k.
One party sends the value of f in R x C.
8
Example: Ascending-Auction Tiling
0
bidder 1
1
2
3
bidder 2
0
1
2
3
Same execution for f(1, 1), f(2, 1), and f(3, 1)
9
Perfectly Private Protocols
• Protocol P for f is perfectly private with
respect to party 1 if
f(x1, x2) = f(x’1, x2) s(x1, x2) = s(x’1, x2)
• Similarly, perfectly private wrt party 2
• P achieves perfect subjective privacy if it is
perfectly private wrt both parties.
• P achieves perfect objective privacy if
f(x1, x2) = f(x’1, x’2) s(x1, x2) = s(x’1, x’2)
10
Ideal Monochromatic Partitions
• The ideal monochromatic partition of A(f)
consists of the maximal monochromatic
regions.
• Note that this partition is unique.
• Protocol P for f is perfectly privacypreserving iff the tiling induced by P is the
ideal monochromatic partition of A(f).
11
Privacy and Communication Complexity
[Kushilevitz (SJDM ’92)]
• f is perfectly privately computable if and only
if A(f) has no forbidden submatrix.
X2
x1
x’1
X’2
f(x1, x2) = f(x’1, x2) = f(x’1, x’2) = a,
but f(x1, x’2) ≠ a
• Note that the Millionaires’ Problem is not
perfectly privately computable.
• If 1 ≤ r(k) ≤ 2(2k-1), there is an f that is
perfectly privately computable in r(k) rounds
but not r(k)-1 rounds.
12
Perfect Privacy for 2nd–Price Auction
[Brandt and Sandholm (TISSEC ’08)]
• The ascending-price, English-auction
protocol is perfectly private.
It is essentially the only perfectly
private protocol for 2nd–price auctions.
• Note the exponential communication
cost of perfect privacy.
13
Objective PAR (1)
• Worst-case objective privacy-approximation
ratio of protocol P for function f:
I
|R
(x1, x2)|
MAX
(x1, x2)
|R (x1, x2)|
P
• Worst-case PAR of f is the minimum, over all P
for f, of worst-case PAR of P.
14
Objective PAR (2)
• Average-case objective privacy-approximation
ratio of P for f with respect to distribution D
on {0, 1}k x {0,1}k :
ED
|R (x1, x2)|
I
[ |R (x , x )| ]
P
1
2
• Average-case PAR of f is the minimum, over all P
for f, of average-case PAR of P.
15
Bisection Auction Protocol (BAP)
[Grigorieva, Herings, Muller, & Vermeulen (ORL’06)]
• Bisection protocol on [0,2k-1] to find an
interval [L,H] that contains lower bid but
not higher bid.
• Bisection protocol on [L,H] to find lower
bid p.
• Sell the item to higher bidder for
price p.
16
Bisection Auction Protocol
bidder 2
0
1
2
3
4
5
6
7
0
1
2
bidder 1
3
A(f)
4
5
6
7
Example: f(7, 4)
17
Objective PARs for BAP(k)
• Theorem: Average-case objective PAR of
BAP(k) with respect to the uniform
distribution is k2 +1.
• Observation: Worst-case objective PAR
k/2
of BAP(k) is at least 2 .
18
Bounded Bisection Auction
Protocol (BBAP)
• Parametrized by g: N -> N
• Do at most g(k) bisection steps.
• If the winner is still unknown, run the
ascending English auction protocol on
the remaining interval.
• Ascending auction protocol: BBAP(0)
Bisection auction protocol: BBAP(k)
19
Average-Case Objective PAR
• Theorem: For positive g(k), the averagecase objective PAR of BBAP(g(k)) with
respect to the uniform distribution
satisfies
3g(k)+6 ≥ PAR ≥
g(k)
8
+ 41
(for g(k)=0, this PAR is exactly 1)
• Observation: BBAP(g(k)) has
communication complexity Q(k + 2k-g(k)).
20
Average-Case Objective PARs for
2nd-price Auction Protocols
English Auction
1
Bounded Bisection Auction, g(k)=1
7
4
–
1
2k+1
Bounded Bisection Auction, g(k)=2
19
8
-
3
2k+1
Bounded Bisection Auction, g(k)=3
47
16
–
7
2k+1
Bounded Bisection Auction, general g(k)
Q(1+g(k))
Bisection Auction
k
2
Sealed-Bid Auction
+1
2k+1 + 1
(3*2k)
3
21
Average-Case PARs for the
Millionaires Problem
Obj. PAR
Any protocol
Bisection Protocol
≥ 2k -
1
2
3*2k-1
Subj. PAR
+ 2-(k+1)
-
1
2
k
2
+1
22
Remarks
• Coming soon: recent results about PARs
of disjointness and intersection problems
• PAR is provably different from the
notion of h-privacy [Bar-Yehuda, Chor,
Kushilevitz, and Orlitsky (IEEE-IT ’93)].
• Open problem: extension to n-party case
• Open problem: {1, 8} vs. {4, 5}
23
BACK-UP SLIDES
24
Privacy is Important!
• Sensitive Information: Information that can
harm data subjects, data owners, or data users if
it is mishandled
• There’s a lot more of it than there used to be!
– Increased use of computers and networks
– Increased processing power and algorithmic knowledge
 Decreased storage costs
• “Mishandling” can be very harmful.
− ID theft
− Loss of employment or insurance
− “You already have zero privacy. Get over it.”
(Scott McNealy, 1999)
25
Private, Multiparty
Function Evaluation
x n-1
...
xn
x3
x2
x1
y = F (x 1, …, x n)
• Each i learns y.
• No i can learn anything about xj
(except what he can infer from xi and y ).
• Very general positive results.
26
Drawbacks of PMFE Protocols
• Information-theoretically private MFE:
Requires that a substantial fraction of the
agents be obedient rather than strategic.
• Cryptographically private MFE: Requires
(plausible but) currently unprovable
complexity-theoretic assumptions and (usually)
heavy communication overhead.
• Brandt and Sandholm (TISSEC ’08): Which
auctions of interest are unconditionally
privately computable?
27
Outline
• Background
– Two-party communication (Yao)
– “Tiling” characterization of privately computable
functions (Chor + Kushilevitz)
• Privacy Approximation Ratios (PARs)
• Bisection auction protocol: exponential gap
between worst-case and average-case PARs
• Summary of Our Results
• Open Problems
28
Subjective PARs (1)
• The 1-partition of region R in matrix A(f):
{ Rx = {x1} x {x2 s.t. (x1, x2)  R} }
(similarly, 2-partition)
1
• The i-induced tiling of protocol P for f is
obtained by i-partitioning each rectangle in
the tiling induced by P.
• The i-ideal monochromatic partition of A(f) is
obtained by i-partitioning each region in the
ideal monochromatic partition of A(f).
29
Subjective PARs (2)
• Worst-case PAR of protocol P for f wrt i:
MAX
(x1, x2)
|Ri (x1, x2)|
I
|Ri (x1, x2)|
P
• Worst-case subjective PAR of P for f:
maximize over i  {1, 2}
• Worst-case subjective PAR of f:
minimize over P
• Average-case subjective PAR with respect to
distribution D: use ED instead of MAX
30
Example: 1-Ideal Monochromatic
Partition for 2nd–Price Auction
0
0
1
1
2
3
I
I
I
I
I
R1 (0, 1) = R1 (0, 2) = R1 (0, 3)
R1 (1, 2) = R1 (1, 3)
2
3
I
|R1 (x1,x2)| = 1
for all other (x1,x2)
P
(Ri defined analogously for protocol P)
31
Proof (1)
• ak Δ= number of
rectangles in induced
tiling for BAP(k).
• a0=1, ak = 2ak-1+2k
ak =
(k+1)2k
0
0
2k-1
2k-1
2k-1
2k-1
The monochromatic tiling
induced by the Bisection
Auction Protocol for k=4
32
Proof (2)
• R Δ= {R1,…,Rak} is the set of rectangles in the
BAP(k) tiling
• RIs Δ= rectangle in the ideal partition that
contains Rs
• js = 2k - |RIs |
Δ
• bk Δ= SR js
s
33
Proof (3)
1
22k (x
PAR =
=
1
22k
S
Rs
(+)
|RI(x1,x2)|
S |R
1,x2)
BAP(k)(x
.|Rs| =
|Rs|
|RIs|
contribution to (+)
of one (x1,x2) in Rs
1,x2)|
1
22k
S |R |
I
Rs
s
number of (x1,x2)’s in Rs
34
Proof (4)
• bk = bk-1+(bk-1+ak-12k-1)
2k-1-1
2k-1
i=0
i=1
+(Si)+(Si)
• b0=0, bk =2bk-1+(k+1)22(k-1)
bk =
k22k-1
0
0
2k-1
2k-1
2k-1
2k-1
The monochromatic tiling
induced by the Bisection
Auction Protocol for k=4
35
Proof (5)
1
22k
S
|RIs |
=
=
=
=
=
S
1
k-j )
(2
2k
s
2
1
k-b )
(a
2
k
22k k
1 ( (k+1)22k22k
k
k+1- 2
k
+
1
2
k22k-1 )
QED
36