First of all, what is privacy? If a certain attribute of a single user can be considered privacy, and a certain attribute of a group of users can not be regarded as privacy. For example, Zhang San likes to smoke, so he got lung cancer. The information "Zhang San has lung cancer" is privacy. In the hospital, smokers are prone to get lung cancer, which is not a privacy.
Therefore, differential privacy is a cryptographic technique to protect privacy. By adding noise to the query results, the attacker cannot determine whether a sample is in the data set.
Differential Privacy, or DP for short, aims toRandom noise is added to the transmitted gradient information, and the actual result of its query operation is hidden or fuzzed until it is indistinguishable, thereby realizing the protection of private data.
DP is a strictly provable privacy protection technology proposed by Dwork in 2006. The core idea is that the difference between two datasets with only one record is DD .D andD'D'D ' , the probability of querying them to get the same value is very close. These two datasets are called neighbor (adjacent) datasets.
Definition : Let MMM is a random algorithm,DDD andD'D'D' is the adjacent dataset, ifMMM inDDD andD'D'DThe result SSof any output on 'S all satisfy the following formula, then it is calledMMM implements( ϵ , δ ) (\epsilon, \delta)( ϵ ,δ ) Differential Privacy.
P r ( M ( D ) ∈ S ) = e ϵ × P r ( M ( D ′ ) ∈ S ) + δ Pr(M(D)\in S) = e^{\epsilon}\times Pr(M( D')\in S) + \deltaP r ( M ( D )∈S)=eϵ×P r ( M ( D )′)∈S)+δwhere
the parameterϵ \epsilonϵ is calledprivacy budget, which represents the degree of privacy protection achieved by differential privacy technology,ϵ \epsilonThe smaller the ϵ value, the higher the degree of privacy protection. P r ( M ( D ) ∈ S ) Pr(M(D)\in S)P r ( M ( D )∈S ) represents the random algorithmMMThe output of M belongs to the setSSThe probability of S. ϵ \epsilonϵ representsthe probability of violating strict differential privacy, ifδ = 0 \delta = 0d=0 , then the random algorithmMMM stands for strictϵ − \epsilon-ϵ − differential privacy, otherwiserelaxed differential privacy.
Commonly used mechanisms to achieve privacy protection include Laplacian noise mechanism [1] and exponential noise mechanism [2]. I have not continued to read in depth here, and may continue to expand in the future.
[1] Dwork C, Roth A. The algorithmic foundations of differential privacy[J]. Foundations and Trends in Theoretical Computer Science, 2014, 9(3-4): 211-407.
[2] McSherry F, Talwar K. Mechanism design via differential privacy[C]. 48th Annual IEEE Symposium on Foundations of Computer Science, 2007.