When sharing sensitive databases with other parties, a database owner aims to (i) have privacy guarantees for its shared database, (ii) have liability guarantees in case of unauthorized sharing of its database by the recipients, and (iii) provide a high quality (utility) database to the recipients. We observe that sharing a database under differential privacy and database fingerprinting are orthogonal objectives. The former aims to inject noise into a database to prevent inference of the original data values, whereas, the latter aims to hide unique marks inside a database to trace malicious parties who leak the data without the authorization. In this paper, we achieve these two objectives simultaneously by proposing a novel differentially-private fingerprinting mechanism for databases. Specifically, we first devise a bit-level random response scheme to achieve differential privacy for sharing entire databases, and then, based on this, we develop an {\epsilon}-differentially private fingerprinting mechanism. Next, we theoretically analyze the relationships among differential privacy guarantee, fingerprint robustness, and database utility by deriving closed form expressions to characterize the privacy-utility coupling and privacy-fingerprint robustness coupling. Furthermore, we propose a sparse vector technique (SVT)-based solution to control the cumulative privacy loss when fingerprinted copies of a database are shared with multiple recipients. We experimentally show that our mechanism achieves stronger fingerprint robustness than the state-of-the-art fingerprinting mechanisms, and higher database utility than the simple composition of database perturbation under differential privacy followed by fingerprinting (e.g., statistical utility of the shared database by the proposed scheme is more than 10x higher than perturbation followed by fingerprinting).
翻译:当与其他当事方分享敏感数据库时,数据库的指纹所有人的目的是:(一) 与其他当事方分享敏感数据库时,数据库管理员的目的是:(一) 其共享数据库有隐私保障;(二) 在接受者未经授权分享数据库时,有责任保障;(三) 向接受者提供高质量的(通用)数据库;我们观察到,在不同的隐私和数据库指纹鉴定下共享数据库是任意的。前者的目的是将噪音注入数据库,以防止原始数据值的推断,而后者的目的是在数据库中隐藏独特的标记,以追踪未经授权泄露数据的恶意各方。在本文中,我们同时通过提出一个新的差异性私人指纹识别机制来实现这两个目标。具体地说,我们首先设计了一个位级随机响应机制,以实现共享整个数据库的隐私差异化,然后在此基础上,我们开发了一个差异性私人指纹鉴定机制。我们从理论上分析差异隐私权保障、指纹稳健和数据库之间的关系,方法是以封闭式形式表达隐私-效用的组合和隐私定位的稳健性遵循的数据库。此外,我们首先设计了一个比共同性数据库的版本,我们提议,在共享性数据库中,一个共享的存储系统,然后是共享性数据库,我们提出一个共享的版本。