The Discrete Gaussian for Differential Privacy
This addresses privacy and interpretability issues for systems handling discrete data, such as population counts, offering a more practical solution for differential privacy applications.
The paper tackles the practical challenges of using continuous Gaussian noise for differential privacy by introducing the discrete Gaussian, showing it provides essentially the same privacy and accuracy guarantees as continuous noise, with experimental validation.
A key tool for building differentially private systems is adding Gaussian noise to the output of a function evaluated on a sensitive dataset. Unfortunately, using a continuous distribution presents several practical challenges. First and foremost, finite computers cannot exactly represent samples from continuous distributions, and previous work has demonstrated that seemingly innocuous numerical errors can entirely destroy privacy. Moreover, when the underlying data is itself discrete (e.g., population counts), adding continuous noise makes the result less interpretable. With these shortcomings in mind, we introduce and analyze the discrete Gaussian in the context of differential privacy. Specifically, we theoretically and experimentally show that adding discrete Gaussian noise provides essentially the same privacy and accuracy guarantees as the addition of continuous Gaussian noise. We also present an simple and efficient algorithm for exact sampling from this distribution. This demonstrates its applicability for privately answering counting queries, or more generally, low-sensitivity integer-valued queries.