Elliptical Perturbations for Differential Privacy
This work addresses theoretical limitations in privacy-preserving mechanisms for statisticians and data scientists, revealing critical constraints in applying elliptical perturbations for DP.
The paper investigates the conditions under which elliptical distributions can satisfy differential privacy (DP), finding that multivariate Laplace noise fails to achieve ε-DP in dimensions greater than one and that infinite-dimensional spaces only allow for (ε,δ)-DP.
We study elliptical distributions in locally convex vector spaces, and determine conditions when they can or cannot be used to satisfy differential privacy (DP). A requisite condition for a sanitized statistical summary to satisfy DP is that the corresponding privacy mechanism must induce equivalent measures for all possible input databases. We show that elliptical distributions with the same dispersion operator, $C$, are equivalent if the difference of their means lies in the Cameron-Martin space of $C$. In the case of releasing finite-dimensional projections using elliptical perturbations, we show that the privacy parameter $\ep$ can be computed in terms of a one-dimensional maximization problem. We apply this result to consider multivariate Laplace, $t$, Gaussian, and $K$-norm noise. Surprisingly, we show that the multivariate Laplace noise does not achieve $\ep$-DP in any dimension greater than one. Finally, we show that when the dimension of the space is infinite, no elliptical distribution can be used to give $\ep$-DP; only $(ε,δ)$-DP is possible.