Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Approximate Privacy: Foundations and Quantification Joan Feigenbaum Northwest Univ.; May 20, 2009 Joint work with A.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Approximate Privacy: Foundations and Quantification Joan Feigenbaum Northwest Univ.; May 20, 2009 Joint work with A."— Presentation transcript:

1 1 Approximate Privacy: Foundations and Quantification Joan Feigenbaum http://www.cs.yale.edu/homes/jf Northwest Univ.; May 20, 2009 Joint work with A. D. Jaggard and M. Schapira

2 2 Starting Point: Agents’ Privacy in MD Traditional goal of mechanism design: Incent agents to reveal private information that is needed to compute optimal results. Complementary, newly important goal: Enable agents not to reveal private information that is not needed to compute optimal results. Example (Naor-Pinkas-Sumner, EC ’99): It’s undesirable for the auctioneer to learn the winning bid in a 2 nd –price Vickrey auction.

3 3 Privacy is Important! Sensitive Information: Information that can harm data subjects, data owners, or data users if it is mishandled There’s a lot more of it than there used to be! –Increased use of computers and networks –Increased processing power and algorithmic knowledge  Decreased storage costs “Mishandling” can be very harmful. −ID theft −Loss of employment or insurance −“You already have zero privacy. Get over it.” (Scott McNealy, 1999)

4 4 Private, Multiparty Function Evaluation... x1x1 x2x2 x 3x 3 x n-1 x nx n y = F (x 1, …, x n ) Each i learns y. No i can learn anything about x j (except what he can infer from x i and y ). Very general positive results.

5 5 Drawbacks of PMFE Protocols Information-theoretically private MFE: Requires that a substantial fraction of the agents be obedient rather than strategic. Cryptographically private MFE: Requires (plausible but) currently unprovable complexity-theoretic assumptions and (usually) heavy communication overhead. Brandt and Sandholm (TISSEC ’08): Which auctions of interest are unconditionally privately computable?

6 6 Minimum Knowledge Requirements for 2 nd –Price Auction 2, 1 winner price 2, 0 1, 0 1, 1 1, 2 2, 2 1, 3 01230123 bidder 1 bidder 2 Perfect Privacy Auctioneer learns only which region corresponds to the bids. ≈ 0 1 2 3 R I (2, 0)

7 7 Outline Background –Two-party communication (Yao) –“Tiling” characterization of privately computable functions (Chor + Kushilevitz) Privacy Approximation Ratios (PARs) Bisection auction protocol: exponential gap between worst-case and average-case PARs Summary of Our Results Open Problems

8 8 Two-party Communication Model f: {0, 1} k x {0, 1} k  {0, 1} t x 1 Party 1 Party 2 x 2 q j  {0, 1} is a function of (q 1, …, q j-1 ) and one player’s private input. s(x 1, x 2 ) = (q 1, …, q r ) Δ q r = f(x 1, x 2 ) q r-1 q2q2 q1q1

9 9 Example: Millionaires’ Problem 01230123 0 1 2 3 millionaire 1 millionaire 2 A(f) f(x 1, x 2 ) = 1 if x 1 ≥ x 2 ; else f(x 1, x 2 ) = 2

10 10 Bisection Protocol 01230123 0 1 2 3 In each round, a player “bisects” an interval. Example: f(2, 3)

11 11 Monochromatic Tilings A region of A(f) is any subset of entries (not necessarily a submatrix). A partition of A(f) is a set of disjoint regions whose union is A(f). Monochromatic regions and partitions A rectangle in A(f) is a submatrix. A tiling is a partition into rectangles. Tiling T 1 (f) is a refinement of partition PT 2 (f) if every rectangle in T 1 (f) is contained in some region in PT 2 (f).

12 12 A Protocol “Zeros in on” a Monochromatic Rectangle Let A(f) = R x C While R x C is not monochromatic –Party i sends bit q. –If i = 1, q indicates whether x 1 is in R 1 or R 2, where R = R 1 ⊔ R 2. If x 1  R k, both parties set R  R k. –If i = 2, q indicates whether x 2 is in C 1 or C 2, where C = C 1 ⊔ C 2. If x 2  C k, both parties set C  C k. One party sends the value of f in R x C.

13 13 Example: Ascending-Auction Tiling 01230123 0 1 2 3 Same execution for f(1, 1), f(2, 1), and f(3, 1) bidder 1 bidder 2

14 14 Perfectly Private Protocols Protocol P for f is perfectly private with respect to party 1 if f(x 1, x 2 ) = f(x’ 1, x 2 ) s(x 1, x 2 ) = s(x’ 1, x 2 ) Similarly, perfectly private wrt party 2 P achieves perfect subjective privacy if it is perfectly private wrt both parties. P achieves perfect objective privacy if f(x 1, x 2 ) = f(x’ 1, x’ 2 ) s(x 1, x 2 ) = s(x’ 1, x’ 2 )

15 15 Ideal Monochromatic Partitions The ideal monochromatic partition of A(f) consists of the maximal monochromatic regions. Note that this partition is unique. Protocol P for f is perfectly privacy- preserving iff the tiling induced by P is the ideal monochromatic partition of A(f).

16 16 Privacy and Communication Complexity [Kushilevitz (SJDM ’92)] f is perfectly privately computable if and only if A(f) has no forbidden submatrix. Note that the Millionaires’ Problem is not perfectly privately computable. If 1 ≤ r(k) ≤ 2(2 k -1), there is an f that is perfectly privately computable in r(k) rounds but not r(k)-1 rounds. f(x 1, x 2 ) = f ( x’ 1, x 2 ) = f(x’ 1, x’ 2 ) = a, but f ( x 1, x’ 2 ) ≠ a x 1 x’ 1 X 2 X’ 2

17 17 Perfect Privacy for 2 nd –Price Auction [Brandt and Sandholm (TISSEC ’08)] The ascending-price, English-auction protocol is perfectly private.  It is essentially the only perfectly private protocol for 2 nd –price auctions. Note the exponential communication cost of perfect privacy.

18 18 Objective PAR (1) Worst-case objective privacy-approximation ratio of protocol P for function f: Worst-case PAR of f is the minimum, over all P for f, of worst-case PAR of P. |R (x 1, x 2 )| I P MAX (x 1, x 2 )

19 19 Objective PAR (2) Average-case objective privacy-approximation ratio of P for f with respect to distribution D on {0, 1} k x {0,1} k : Average-case PAR of f is the minimum, over all P for f, of average-case PAR of P. |R (x 1, x 2 )| I P EDED []

20 20 Subjective PARs (1) The 1-partition of region R in matrix A(f): { R x 1 = {x 1 } x {x 2 s.t. (x 1, x 2 )  R} } (similarly, 2-partition) The i-induced tiling of protocol P for f is obtained by i-partitioning each rectangle in the tiling induced by P. The i-ideal monochromatic partition of A(f) is obtained by i-partitioning each region in the ideal monochromatic partition of A(f).

21 21 Example: 1-Ideal Monochromatic Partition for 2 nd –Price Auction 01230123 0 1 2 3 (R i defined analogously for protocol P) P R 1 (0, 1) = R 1 (0, 2) = R 1 (0, 3) III R 1 (1, 2) = R 1 (1, 3) II |R 1 (x 1,x 2 )| = 1 for all other (x 1,x 2 ) I

22 22 Subjective PARs (2) Worst-case PAR of protocol P for f wrt i: Worst-case subjective PAR of P for f: maximize over i  {1, 2} Worst-case subjective PAR of f: minimize over P Average-case subjective PAR with respect to distribution D: use E D instead of MAX |R i (x 1, x 2 )| I P MAX (x 1, x 2 )

23 23 Bisection Auction Protocol (BAP) [Grigorieva, Herings, Muller, & Vermeulen (ORL’06)] Bisection protocol on [0,2 k -1] to find an interval [L,H] that contains lower bid but not higher bid. Bisection protocol on [L,H] to find lower bid p. Sell the item to higher bidder for price p.

24 24 0 1 2 3 4 5 6 7 0123456701234567 Bisection Auction Protocol A(f) Example: f(7, 4) bidder 1 bidder 2

25 25 Objective PARs for BAP(k) Theorem: Average-case objective PAR of BAP(k) with respect to the uniform distribution is +1. Observation: Worst-case objective PAR of BAP(k) is at least 2. k k/2 2

26 26 Proof (1) The monochromatic tiling induced by the Bisection Auction Protocol for k=4 a k = number of rectangles in induced tiling for BAP(k). a 0 =1, a k = 2a k-1 +2 k a k = (k+1)2 k 2 k-1 0 0 Δ

27 27 Proof (2) R = {R 1,…,R a } is the set of rectangles in the BAP(k) tiling R I = rectangle in the ideal partition that contains R s j s = 2 k - |R I | b k =  R j s Δ Δ Δ Δ s s s k

28 28 Proof (3) PAR =  =  =  1 2 2k (x 1,x 2 ) |R I (x 1,x 2 )| |R BAP(k) (x 1,x 2 )| 1 2 2k RsRs |R I | |R s | s. 1 2 2k RsRs s |R I | (+) contribution to (+) of one (x 1,x 2 ) in R s number of (x 1,x 2 )’s in R s

29 29 Proof (4) The monochromatic tiling induced by the Bisection Auction Protocol for k=4 b k = b k-1 +(b k-1 +a k-1 2 k-1 ) + (  i ) + (  i ) b 0 =0, b k =2b k-1 +(k+1)2 2(k-1) b k = k2 2k-1 2 k-1 0 0 i=0 2 k-1 -1 i=1 2 k-1

30 30 Proof (5)  =  (2 k -j s ) = (a k 2 k -b k ) = ( (k+1)2 2k - k2 2k-1 ) = k+1- = + 1 1 2 2k s |R I | 1 2 2k 1 1 k 2 k 2 QED

31 31 Bounded Bisection Auction Protocol (BBAP) Parametrized by g: N -> N Do at most g(k) bisection steps. If the winner is still unknown, run the ascending English auction protocol on the remaining interval. Ascending auction protocol: BBAP(0) Bisection auction protocol: BBAP(k)

32 32 Average-Case Objective PAR Theorem: For positive g(k), the average- case objective PAR of BBAP(g(k)) with respect to the uniform distribution satisfies 3g(k)+6 ≥ PAR ≥ g(k) + 1 (for g(k)=0, this PAR is exactly 1) Observation: BBAP(g(k)) has communication complexity  (k + 2 k-g(k) ). 84

33 33 Average-Case Objective PARs for 2 nd -price Auction Protocols English Auction1 Bounded Bisection Auction, g(k)=1 7 – 1 Bounded Bisection Auction, g(k)=2 19 - 3 k+1 Bounded Bisection Auction, g(k)=3 47 – 7 k+1 Bounded Bisection Auction, general g(k)  (1+g(k)) Bisection Auction k Sealed-Bid Auction 2 k+1 + 1 4 2 k+1 82 16 2 2 +1+1 3 (3*2 k )

34 34 Average-Case PARs for the Millionaires Problem 2 +1+1 Obj. PARSubj. PAR Any protocol ≥ 2 k - + 2 -( k+1 ) Bisection Protocol 3 * 2 k-1 - k 2 1 2 1

35 35 Open Problems Upper bounds on non-uniform average- case PARs Lower bounds on average-case PARs PARs of other functions Extension to n-party case Relationship between PARs and h-privacy [Bar-Yehuda, Chor, Kushilevitz, and Orlitsky (IEEE-IT ’93)]

Download ppt "1 Approximate Privacy: Foundations and Quantification Joan Feigenbaum Northwest Univ.; May 20, 2009 Joint work with A."

Similar presentations

1+eps-Approximate Sparse Recovery Eric Price MIT David Woodruff IBM Almaden.

1+eps-Approximate Sparse Recovery Eric Price MIT David Woodruff IBM Almaden.
Truthful Mechanisms for Combinatorial Auctions with Subadditive Bidders Speaker: Shahar Dobzinski Based on joint works with Noam Nisan & Michael Schapira.

Truthful Mechanisms for Combinatorial Auctions with Subadditive Bidders Speaker: Shahar Dobzinski Based on joint works with Noam Nisan & Michael Schapira.
Combinatorial Auctions with Complement-Free Bidders – An Overview Speaker: Michael Schapira Based on joint works with Shahar Dobzinski & Noam Nisan.

Combinatorial Auctions with Complement-Free Bidders – An Overview Speaker: Michael Schapira Based on joint works with Shahar Dobzinski & Noam Nisan.
6.896: Topics in Algorithmic Game Theory Lecture 21 Yang Cai.

6.896: Topics in Algorithmic Game Theory Lecture 21 Yang Cai.
Auction Theory Class 5 – single-parameter implementation and risk aversion 1.

Auction Theory Class 5 – single-parameter implementation and risk aversion 1.
Class 4 – Some applications of revenue equivalence

Class 4 – Some applications of revenue equivalence
Approximating optimal combinatorial auctions for complements using restricted welfare maximization Pingzhong Tang and Tuomas Sandholm Computer Science.

Approximating optimal combinatorial auctions for complements using restricted welfare maximization Pingzhong Tang and Tuomas Sandholm Computer Science.
The Communication Complexity of Approximate Set Packing and Covering

The Communication Complexity of Approximate Set Packing and Covering
USING LOTTERIES TO APPROXIMATE THE OPTIMAL REVENUE Paul W. GoldbergUniversity of Liverpool Carmine VentreTeesside University.

USING LOTTERIES TO APPROXIMATE THE OPTIMAL REVENUE Paul W. GoldbergUniversity of Liverpool Carmine VentreTeesside University.
Seminar in Auctions and Mechanism Design Based on J. Hartline’s book: Approximation in Economic Design Presented by: Miki Dimenshtein & Noga Levy.

Seminar in Auctions and Mechanism Design Based on J. Hartline’s book: Approximation in Economic Design Presented by: Miki Dimenshtein & Noga Levy.
Prompt Mechanisms for Online Auctions Speaker: Shahar Dobzinski Joint work with Richard Cole and Lisa Fleischer.

Prompt Mechanisms for Online Auctions Speaker: Shahar Dobzinski Joint work with Richard Cole and Lisa Fleischer.
An Approximate Truthful Mechanism for Combinatorial Auctions An Internet Mathematics paper by Aaron Archer, Christos Papadimitriou, Kunal Talwar and Éva.

An Approximate Truthful Mechanism for Combinatorial Auctions An Internet Mathematics paper by Aaron Archer, Christos Papadimitriou, Kunal Talwar and Éva.
Bidding Strategy and Auction Design Josh Ruffin, Dennis Langer, Kevin Hyland and Emmet Ferriter.

Bidding Strategy and Auction Design Josh Ruffin, Dennis Langer, Kevin Hyland and Emmet Ferriter.
Michael R. Baye, Managerial Economics and Business Strategy, 3e. ©The McGraw-Hill Companies, Inc., 1999 Managerial Economics & Business Strategy Chapter.

Michael R. Baye, Managerial Economics and Business Strategy, 3e. ©The McGraw-Hill Companies, Inc., 1999 Managerial Economics & Business Strategy Chapter.
Multi-item auctions with identical items limited supply: M items (M smaller than number of bidders, n). Three possible bidder types: –Unit-demand bidders.

Multi-item auctions with identical items limited supply: M items (M smaller than number of bidders, n). Three possible bidder types: –Unit-demand bidders.
What I Really Wanted To Know About Combinatorial Auctions Arne Andersson Trade Extensions Uppsala University.

What I Really Wanted To Know About Combinatorial Auctions Arne Andersson Trade Extensions Uppsala University.
Game Theory in Wireless and Communication Networks: Theory, Models, and Applications Lecture 6 Auction Theory Zhu Han, Dusit Niyato, Walid Saad, Tamer.

Game Theory in Wireless and Communication Networks: Theory, Models, and Applications Lecture 6 Auction Theory Zhu Han, Dusit Niyato, Walid Saad, Tamer.
Auction Theory Class 3 – optimal auctions 1. Optimal auctions Usually the term optimal auctions stands for revenue maximization. What is maximal revenue?

Auction Theory Class 3 – optimal auctions 1. Optimal auctions Usually the term optimal auctions stands for revenue maximization. What is maximal revenue?
Preference Elicitation Partial-revelation VCG mechanism for Combinatorial Auctions and Eliciting Non-price Preferences in Combinatorial Auctions.

Preference Elicitation Partial-revelation VCG mechanism for Combinatorial Auctions and Eliciting Non-price Preferences in Combinatorial Auctions.
Seminar In Game Theory Algorithms, TAU, 2010. Agenda  Introduction  Computational Complexity  Incentive Compatible Mechanism  LP Relaxation & Walrasian.

Seminar In Game Theory Algorithms, TAU, Agenda  Introduction  Computational Complexity  Incentive Compatible Mechanism  LP Relaxation & Walrasian.

Similar presentations

Ads by Google