Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for adaptive privacy-preserving information retrieval. An information server can accept from a user a request for privacy sensitive information accessible to the information server. The information server can determine a remaining privacy allocation for the user of the information server and can determine a noise parameter for a response to the request, where application of the noise parameter to the response can decrease a privacy loss associated with the response. The information server can determine a privacy modifier for the response.

Abstract: In one aspect, there is provided a method performed by one or more computers that includes: obtaining access data for a digital resource, access data including data identifying a set of users that accessed the digital resource at a time point, processing the access data to generate data defining a tree model, where each node in the tree model is associated with: (i) a key that specifies time intervals in the time span, and (ii) a value that is based on a respective number of users that satisfy a node-specific selection, receiving a request to determine a number of users that accessed the digital resource at least a predefined number of times within a time window, and in processing the tree model to generate an estimate for the number of users that accessed the digital resource at least the predefined number of times within the time window.

Abstract: An encoding process performed by a computing device (e.g., a user's private device) can include obtaining private data that includes a private value. According to an aspect of the present disclosure, the computing device can produce a plurality of messages that respectively comprise a plurality of message values, where a total sum of the plurality of message values approximates the private value, and where at least one of the plurality of message values is randomly selected. The device can provide the plurality of messages for aggregation with a plurality of additional messages respectively generated for a plurality of additional private values. For example, the messages can be transmitted to a shuffler model configured to shuffle the plurality of messages with the plurality of additional messages.

Abstract: An encoding method for enabling privacy-preserving aggregation of private data can include obtaining private data including a private value, determining a probabilistic status defining one of a first condition and a second condition, producing a multiset including a plurality of multiset values, and providing the multiset for aggregation with a plurality of additional multisets respectively generated for a plurality of additional private values. In response to the probabilistic status having the first condition, the plurality of multiset values is based at least in part on the private value, and in response to the probabilistic status having the second condition, the plurality of multiset values is a noise message. The noise message is produced based at least in part on a noise distribution that comprises a discretization of a continuous unimodal distribution supported on a range from zero to a number of multiset values included in the plurality of multiset values.

Abstract: Example techniques are provided for the task of differentially private clustering. For several basic clustering problems, including Euclidean DensestBall, 1-Cluster, k-means, and k-median, the present disclosure provides efficient differentially private algorithms that achieve essentially the same approximation ratios as those that can be obtained by any non-private algorithm, while incurring only small additive errors. This improves upon existing efficient algorithms that only achieve some large constant approximation factors.

Abstract: The present disclosure provides practical communication-efficient and low-error algorithms for aggregation of private data. For example, the proposed algorithms can be implemented in the shuffled DP model. Specific example operations that can be performed using the proposed algorithms include summation (e.g., binary summation, integer summation) and histograms over a moderate number of buckets. The proposed algorithms achieve accuracy that is arbitrarily close to that of central DP algorithms with an expected communication per user essentially matching what is needed without any privacy constraints.

Abstract: An example method is provided for conducting differentially private communication of training data for training a machine-learned model. Initial label data can be obtained that corresponds to feature data. A plurality of label bins can be determined to respectively provide representative values for initial label values assigned to the plurality of label bins. Noised label data can be generated, based on a probability distribution over the plurality of label bins, to correspond to the initial label data, the probability distribution characterized by, for a respective noised label corresponding to a respective initial label of the initial label data, a first probability for returning a representative value of a label bin to which the respective initial label is assigned, and a second probability for returning another value. The noised label data can be communicated for training the machine-learned model.

Abstract: An encoding method for enabling privacy-preserving aggregation of private data can include obtaining private data including a private value, determining a probabilistic status defining one of a first condition and a second condition, producing a multiset including a plurality of multiset values, and providing the multiset for aggregation with a plurality of additional multisets respectively generated for a plurality of additional private values. In response to the probabilistic status having the first condition, the plurality of multiset values is based at least in part on the private value, and in response to the probabilistic status having the second condition, the plurality of multiset values is a noise message. The noise message is produced based at least in part on a noise distribution that comprises a discretization of a continuous unimodal distribution supported on a range from zero to a number of multiset values included in the plurality of multiset values.

Abstract: Example techniques are provided for the task of differentially private clustering. For several basic clustering problems, including Euclidean DensestBall, 1-Cluster, k-means, and k-median, the present disclosure provides efficient differentially private algorithms that achieve essentially the same approximation ratios as those that can be obtained by any non-private algorithm, while incurring only small additive errors. This improves upon existing efficient algorithms that only achieve some large constant approximation factors.

Abstract: An encoding method for enabling privacy-preserving aggregation of private data can include obtaining private data including a private value, determining a probabilistic status defining one of a first condition and a second condition, producing a multiset including a plurality of multiset values, and providing the multiset for aggregation with a plurality of additional multisets respectively generated for a plurality of additional private values. In response to the probabilistic status having the first condition, the plurality of multiset values is based at least in part on the private value, and in response to the probabilistic status having the second condition, the plurality of multiset values is a noise message. The noise message is produced based at least in part on a noise distribution that comprises a discretization of a continuous unimodal distribution supported on a range from zero to a number of multiset values included in the plurality of multiset values.

Abstract: Provided are systems and methods for the computation of sparse, (?, ?)-differentially private (DP) histograms in the two-server model of secure multi-party computation (MPC). Example protocols enable two semi-honest non-colluding servers to compute histograms over the data held by multiple users, while only learning a private view of the data.

Abstract: A computer-implemented method for encoding data for communications with improved privacy includes obtaining, by a computing system comprising one or more computing devices, input data including one or more input data points. The method can include constructing, by the computing system, a net tree including potential representatives of the one or more input data points, the potential representatives arranged in a plurality of levels, the net tree including a hierarchical data structure including a plurality of hierarchically organized nodes. The method can include determining, by the computing system, a representative of each of the one or more input data points from the potential representatives of the net tree, the representative including one of the plurality of hierarchically organized nodes. The method can include encoding, by the computing system, the representative of each of the one or more input data points for communication.

Abstract: Improved methods are provided for generating heatmaps or other summary map data from multiple users' data (e.g., probability distributions) in a manner that preserves the privacy of the users' data while also generating heatmaps that are visually similar to the ‘true’ heatmap. These methods include decomposing the average of the users' data (the ‘true’ heatmap) into multiple different spatial scales, injecting random noise into the data at the multiple different spatial scales, and then reconstructing the privacy-preserving heatmap based on the noisy multi-scale representations. The magnitude of the noise injected at each spatial scale is selected to ensure preservation of privacy while also resulting in heatmaps that are visually similar to the ‘true’ heatmap.

Abstract: An encoding process performed by a computing device (e.g., a user's private device) can include obtaining private data that includes a private value. According to an aspect of the present disclosure, the computing device can produce a plurality of messages that respectively comprise a plurality of message values, where a total sum of the plurality of message values approximates the private value, and where at least one of the plurality of message values is randomly selected. The device can provide the plurality of messages for aggregation with a plurality of additional messages respectively generated for a plurality of additional private values. For example, the messages can be transmitted to a shuffler model configured to shuffle the plurality of messages with the plurality of additional messages.

Abstract: Example techniques are provided for the task of differentially private clustering. For several basic clustering problems, including Euclidean DensestBall, 1-Cluster, k-means, and k-median, the present disclosure provides efficient differentially private algorithms that achieve essentially the same approximation ratios as those that can be obtained by any non-private algorithm, while incurring only small additive errors. This improves upon existing efficient algorithms that only achieve some large constant approximation factors.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for training neural networks with label differential privacy. One of the methods includes, for each training example: processing the network input in the training example using the neural network in accordance with the values of the network parameters as of the beginning of the training iteration to generate a network output, generating a private network output for the training example from the target output in the training example and the network output for the training example, and generating a modified training example that includes the network input in the training example and the private network output for the training example; and training the neural network on at least the modified training examples to update the values of the network parameters.

Abstract: An encoding method for enabling privacy-preserving aggregation of private data can include obtaining private data including a private value, determining a probabilistic status defining one of a first condition and a second condition, producing a multiset including a plurality of multiset values, and providing the multiset for aggregation with a plurality of additional multisets respectively generated for a plurality of additional private values. In response to the probabilistic status having the first condition, the plurality of multiset values is based at least in part on the private value, and in response to the probabilistic status having the second condition, the plurality of multiset values is a noise message. The noise message is produced based at least in part on a noise distribution that comprises a discretization of a continuous unimodal distribution supported on a range from zero to a number of multiset values included in the plurality of multiset values.