Error Bounds and Guidelines for Privacy Calibration in Differentially Private Kalman Filtering
For control systems engineers needing to apply differential privacy to state estimation, this work offers theoretical bounds and practical calibration guidelines, though it is an incremental extension of existing DP and Kalman filtering theory.
The paper provides error and entropy bounds for Kalman filtering of differentially private state trajectories, and uses these bounds to develop guidelines for calibrating privacy levels to keep filter error within specified limits. Simulation results demonstrate the approach.
Differential privacy has emerged as a formal framework for protecting sensitive information in control systems. One key feature is that it is immune to post-processing, which means that arbitrary post-hoc computations can be performed on privatized data without weakening differential privacy. It is therefore common to filter private data streams. To characterize this setup, in this paper we present error and entropy bounds for Kalman filtering differentially private state trajectories. We consider systems in which an output trajectory is privatized in order to protect the state trajectory that produced it. We provide bounds on a priori and a posteriori error and differential entropy of a Kalman filter which is processing the privatized output trajectories. Using the error bounds we develop, we then provide guidelines to calibrate privacy levels in order to keep filter error within pre-specified bounds. Simulation results are presented to demonstrate these developments.