The Gaussian mechanism is one differential privacy mechanism commonly used to protect numerical data. However, it may be ill-suited to some applications because it has unbounded support and thus can produce invalid numerical answers to queries, such as negative ages or human heights in the tens of meters. One can project such private values onto valid ranges of data, though such projections lead to the accumulation of private query responses at the boundaries of such ranges, thereby harming accuracy. Motivated by the need for both privacy and accuracy over bounded domains, we present a bounded Gaussian mechanism for differential privacy, which has support only on a given region. We present both univariate and multivariate versions of this mechanism and illustrate a significant reduction in variance relative to comparable existing work.
翻译:高斯机制是通常用来保护数字数据的一种差异隐私机制,但可能不适合某些应用程序,因为它没有限制支持,因此可以对查询产生无效的数字回答,例如数十米的负年龄或人高度。我们可以将这种私人数值投放到有效的数据范围,尽管这种预测导致在这种范围的边界内累积私人查询答复,从而损害准确性。出于对隐私和准确性的需要,我们提出了一个限制不同隐私的高斯机制,仅对某一区域提供支持。我们提出了这一机制的单独和多变版本,并表明与现有可比工作相比的差异显著减少。