{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# A Framework to Understand DP\n", "\n", "This resource introduces differential privacy from the perspective of the OpenDP programming framework.\n", "No prior knowledge is assumed of differential privacy (DP), but you will likely still find this resource useful if you already have a background in DP.\n", "Prior knowledge in basic probability, like random variables, will be useful.\n", "\n", "Assume we have a vector dataset $u$ where each record contains sensitive information about a different individual." ] }, { "cell_type": "code", "execution_count": 13, "metadata": {}, "outputs": [], "source": [ "# u is a small vector dataset with contributions from:\n", "# [Alice, Jane, John, Jack, ...]\n", "u = [12, 10, 8, 7, ]" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "We can use differential privacy to collect measurements (statistics such as means and histograms) on this dataset, without revealing information about specific individuals.\n", "\n", "To understand DP, it is important to first understand: \n", "1. distance between datasets \n", "2. distance between distributions" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Distance Between Datasets - Adjacency\n", "\n", "An adjacent dataset is any dataset that differs from our dataset by a single individual.\n", "Returning to our vector dataset example, assume our dataset $u$ has one record that contains information about a person, Alice.\n", "Then one adjacent dataset $v$ would contain every row in $u$ except for the row with Alice's information. " ] }, { "cell_type": "code", "execution_count": 14, "metadata": {}, "outputs": [], "source": [ "# v is one (of many) datasets that are adjacent to u\n", "# [Jane, John, Jack, ...] (without Alice!)\n", "v = [10, 8, 7, ]" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "You can construct other datasets adjacent to $u$ by dropping a different row or adding a new row.\n", "When one person may contribute up to $k$ rows, adjacent datasets differ by up to $k$ additions and removals. \n", "\n", "The number of additions/removals between any two datasets is equivalent to the cardinality of the symmetric difference between the multisets $u$ and $v$. We call this metric the symmetric distance.\n", "\n", "$$d_{Sym}(u, v) = |u \\triangle v|$$\n", "\n", "And in code:" ] }, { "cell_type": "code", "execution_count": 23, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "1" ] }, "execution_count": 23, "metadata": {}, "output_type": "execute_result" } ], "source": [ "def d_Sym(u, v):\n", " \"\"\"symmetric distance between multisets u and v\"\"\"\n", " # NOT this, as sets are not multisets. Loses multiplicity:\n", " # return len(set(u).symmetric_difference(set(v)))\n", "\n", " from collections import Counter\n", " u, v = Counter(u), Counter(v)\n", " # indirectly compute symmetric difference via the union of asymmetric differences\n", " return sum(((u - v) + (v - u)).values())\n", "\n", "\n", "# compute the symmetric distance between our two example datasets:\n", "d_Sym(u, v)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "$d_{Sym}(\\{12, 10, 8, 7\\}, \\{10, 8, 7\\}) = |\\{12, 10, 8, 7\\} \\triangle \\{10, 8, 7\\}| = |\\{12\\}| = 1$\n", "\n", "In practice, we never directly compute these distances.\n", "In order to apply differentially private methods, you need to establish an upper bound on the distance between adjacent datasets.\n", "Equivalently, this is an upper bound on the number of records any one individual may contribute.\n", "\n", "For instance, in the vector dataset example, it was stipulated that each element contains sensitive information about a different individual. \n", "This statement implies that the symmetric distance between adjacent datasets, where one individual is added or removed, is at most one.\n", "That is, for any choice of datasets $u$ and $v$ such that $u$ is adjacent to $v$ (denoted $u \\sim_{Sym} v$), we have that $d_{Sym}(u, v) \\leq 1$. \n", "\n", "Before moving on, there are some trivial generalizations. \n", "A dataset need not be a vector, it could be a dataframe or any other collection with a concept of records. \n", "There are also other dataset metrics aside from SymmetricDistance (used for unbounded DP), such as ChangeOneDistance (used for bounded DP). There are also variations of metrics that are sensitive to data ordering, metrics for describing distances between graphs, and more!\n", "\n", "You should now have a sense for what an adjacent dataset means, how dataset distances work, and an intuitive understanding of the symmetric distance metric." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Distance Between Distributions - Divergence\n", "You can think of a measurement $M(\\cdot)$ as a differentially private statistic.\n", "Measurements are random variables (RVs), that is, they sample from noise distributions.\n", "The outputs of a measurement are realizations of a random variable that follow a known probability distribution.\n", "Measurements only have one parameter: a dataset (for context, a Laplace RV has parameters for shift and scale).\n", "This section describes how to measure distance between the distributions of measurements on adjacent datasets.\n", "\n", "A common measurement is the Laplace DP sum, which is a sample from the Laplace distribution centered at the dataset sum with a fixed noise scale.\n", "The following plot compares the distribution of the DP sum on dataset $u$ with the distribution of the DP sum on dataset $v$, when the noise scale is fixed to 25." ] }, { "cell_type": "code", "execution_count": 4, "metadata": {}, "outputs": [ { "data": { "image/png": "", "text/plain": [ "