Abstract: Aspects of the disclosure are directed to performing hierarchical queries based on summary reporting from an application programming interface (API) for digital content estimation. Performing the hierarchical queries can include denoising API outputs while ensuring consistency across different levels of a hierarchy. Performing the hierarchical queries can further include optimizing a privacy budget across different levels of the hierarchy.

Abstract: An example method is provided for conducting differentially private communication of training data for training a machine-learned model. Initial label data can be obtained that corresponds to feature data. A plurality of label bins can be determined to respectively provide representative values for initial label values assigned to the plurality of label bins. Noised label data can be generated, based on a probability distribution over the plurality of label bins, to correspond to the initial label data, the probability distribution characterized by, for a respective noised label corresponding to a respective initial label of the initial label data, a first probability for returning a representative value of a label bin to which the respective initial label is assigned, and a second probability for returning another value. The noised label data can be communicated for training the machine-learned model.

Abstract: A computer-implemented method for encoding data for communications with improved privacy includes obtaining, by a computing system comprising one or more computing devices, input data including one or more input data points. The method can include constructing, by the computing system, a net tree including potential representatives of the one or more input data points, the potential representatives arranged in a plurality of levels, the net tree including a hierarchical data structure including a plurality of hierarchically organized nodes. The method can include determining, by the computing system, a representative of each of the one or more input data points from the potential representatives of the net tree, the representative including one of the plurality of hierarchically organized nodes. The method can include encoding, by the computing system, the representative of each of the one or more input data points for communication.

Abstract: In one aspect, there is provided a method performed by one or more computers that includes: obtaining access data for a digital resource, access data including data identifying a set of users that accessed the digital resource at a time point, processing the access data to generate data defining a tree model, where each node in the tree model is associated with: (i) a key that specifies time intervals in the time span, and (ii) a value that is based on a respective number of users that satisfy a node-specific selection, receiving a request to determine a number of users that accessed the digital resource at least a predefined number of times within a time window, and in processing the tree model to generate an estimate for the number of users that accessed the digital resource at least the predefined number of times within the time window.

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for adaptive privacy-preserving information retrieval. An information server can accept from a user a request for privacy sensitive information accessible to the information server. The information server can determine a remaining privacy allocation for the user of the information server and can determine a noise parameter for a response to the request, where application of the noise parameter to the response can decrease a privacy loss associated with the response. The information server can determine a privacy modifier for the response.

Abstract: Example techniques are provided for the task of differentially private clustering. For several basic clustering problems, including Euclidean DensestBall, 1-Cluster, k-means, and k-median, the present disclosure provides efficient differentially private algorithms that achieve essentially the same approximation ratios as those that can be obtained by any non-private algorithm, while incurring only small additive errors. This improves upon existing efficient algorithms that only achieve some large constant approximation factors.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for training neural networks with label differential privacy. One of the methods includes, for each training example: processing the network input in the training example using the neural network in accordance with the values of the network parameters as of the beginning of the training iteration to generate a network output, generating a private network output for the training example from the target output in the training example and the network output for the training example, and generating a modified training example that includes the network input in the training example and the private network output for the training example; and training the neural network on at least the modified training examples to update the values of the network parameters.

Abstract: Improved methods are provided for generating heatmaps or other summary map data from multiple users' data (e.g., probability distributions) in a manner that preserves the privacy of the users' data while also generating heatmaps that are visually similar to the ‘true’ heatmap. These methods include decomposing the average of the users' data (the ‘true’ heatmap) into multiple different spatial scales, injecting random noise into the data at the multiple different spatial scales, and then reconstructing the privacy-preserving heatmap based on the noisy multi-scale representations. The magnitude of the noise injected at each spatial scale is selected to ensure preservation of privacy while also resulting in heatmaps that are visually similar to the ‘true’ heatmap.

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for adaptive privacy-preserving information retrieval. An information server can accept from a user a request for privacy sensitive information accessible to the information server. The information server can determine a remaining privacy allocation for the user of the information server and can determine a noise parameter for a response to the request, where application of the noise parameter to the response can decrease a privacy loss associated with the response. The information server can determine a privacy modifier for the response.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for generating an estimate for a number of users that accessed a digital resource within a time window. In one aspect, a method comprises: obtaining access data for a digital resource; generating a tree model based on the access data; selecting, for each node in the tree model, a respective private access value for the node that: (i) is an approximation of an access value for the node, and (ii) is selected from a finite set of possible private access values; and generating an estimate for the number of users that accessed the digital resource at least the predefined number of times within the time window based on private access values associated with one or more nodes in the tree model.

Abstract: Aspects of the disclosure are directed to estimating a frequency histogram for users across multiple platforms while maintaining accuracy, security, privacy, and/or computational efficiency thresholds. The frequency histogram can be estimated unbiasedly with a configurable variance. The computations for generating the frequency histogram can be differentially private, satisfy provable security, and be efficient.

Abstract: Aspects of the disclosure are directed to implementing a projection-based stochastic gradient descent technique that maintains label differential privacy when training one or more machine learning models. The technique includes denoising gradients by exploiting projections when training the machine learning models to improve performance of the trained machine learning models while maintaining label differential privacy. For instance, the projection-based stochastic gradient descent technique can improve performance of machine learning models in higher-privacy regimes, such as digital content management.

Abstract: An encoding process performed by a computing device (e.g., a user's private device) can include obtaining private data that includes a private value. According to an aspect of the present disclosure, the computing device can produce a plurality of messages that respectively comprise a plurality of message values, where a total sum of the plurality of message values approximates the private value, and where at least one of the plurality of message values is randomly selected. The device can provide the plurality of messages for aggregation with a plurality of additional messages respectively generated for a plurality of additional private values. For example, the messages can be transmitted to a shuffler model configured to shuffle the plurality of messages with the plurality of additional messages.

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for adaptive privacy-preserving information retrieval. An information server can accept from a user a request for privacy sensitive information accessible to the information server. The information server can determine a remaining privacy allocation for the user of the information server and can determine a noise parameter for a response to the request, where application of the noise parameter to the response can decrease a privacy loss associated with the response. The information server can determine a privacy modifier for the response.

Abstract: In one aspect, there is provided a method performed by one or more computers that includes: obtaining access data for a digital resource, access data including data identifying a set of users that accessed the digital resource at a time point, processing the access data to generate data defining a tree model, where each node in the tree model is associated with: (i) a key that specifies time intervals in the time span, and (ii) a value that is based on a respective number of users that satisfy a node-specific selection, receiving a request to determine a number of users that accessed the digital resource at least a predefined number of times within a time window, and in processing the tree model to generate an estimate for the number of users that accessed the digital resource at least the predefined number of times within the time window.

Abstract: An encoding process performed by a computing device (e.g., a user's private device) can include obtaining private data that includes a private value. According to an aspect of the present disclosure, the computing device can produce a plurality of messages that respectively comprise a plurality of message values, where a total sum of the plurality of message values approximates the private value, and where at least one of the plurality of message values is randomly selected. The device can provide the plurality of messages for aggregation with a plurality of additional messages respectively generated for a plurality of additional private values. For example, the messages can be transmitted to a shuffler model configured to shuffle the plurality of messages with the plurality of additional messages.

Abstract: An encoding method for enabling privacy-preserving aggregation of private data can include obtaining private data including a private value, determining a probabilistic status defining one of a first condition and a second condition, producing a multiset including a plurality of multiset values, and providing the multiset for aggregation with a plurality of additional multisets respectively generated for a plurality of additional private values. In response to the probabilistic status having the first condition, the plurality of multiset values is based at least in part on the private value, and in response to the probabilistic status having the second condition, the plurality of multiset values is a noise message. The noise message is produced based at least in part on a noise distribution that comprises a discretization of a continuous unimodal distribution supported on a range from zero to a number of multiset values included in the plurality of multiset values.

Abstract: Example techniques are provided for the task of differentially private clustering. For several basic clustering problems, including Euclidean DensestBall, 1-Cluster, k-means, and k-median, the present disclosure provides efficient differentially private algorithms that achieve essentially the same approximation ratios as those that can be obtained by any non-private algorithm, while incurring only small additive errors. This improves upon existing efficient algorithms that only achieve some large constant approximation factors.

Abstract: The present disclosure provides practical communication-efficient and low-error algorithms for aggregation of private data. For example, the proposed algorithms can be implemented in the shuffled DP model. Specific example operations that can be performed using the proposed algorithms include summation (e.g., binary summation, integer summation) and histograms over a moderate number of buckets. The proposed algorithms achieve accuracy that is arbitrarily close to that of central DP algorithms with an expected communication per user essentially matching what is needed without any privacy constraints.

Abstract: An example method is provided for conducting differentially private communication of training data for training a machine-learned model. Initial label data can be obtained that corresponds to feature data. A plurality of label bins can be determined to respectively provide representative values for initial label values assigned to the plurality of label bins. Noised label data can be generated, based on a probability distribution over the plurality of label bins, to correspond to the initial label data, the probability distribution characterized by, for a respective noised label corresponding to a respective initial label of the initial label data, a first probability for returning a representative value of a label bin to which the respective initial label is assigned, and a second probability for returning another value. The noised label data can be communicated for training the machine-learned model.