Differential privacy has been widely applied to provide privacy guarantees by adding random noise to the function output. However, it inevitably fails in many high-stakes voting scenarios, where voting rules are required to be deterministic. In this work, we present the first framework for answering the question: "How private are commonly-used voting rules?" Our answers are two-fold. First, we show that deterministic voting rules provide sufficient privacy in the sense of distributional differential privacy (DDP). We show that assuming the adversarial observer has uncertainty about individual votes, even publishing the histogram of votes achieves good DDP. Second, we introduce the notion of exact privacy to compare the privacy preserved in various commonly-studied voting rules, and obtain dichotomy theorems of exact DDP within a large subset of voting rules called generalized scoring rules.
翻译:不同的隐私被广泛应用,通过在功能输出中添加随机噪音来提供隐私保障。然而,在许多高空的投票情况中,它必然会失败,因为投票规则必须具有确定性。在这项工作中,我们提出了第一个框架来回答问题:“如何私下使用表决规则?” 我们的答案是双重的。首先,我们表明,从分配差异隐私(DDP)的意义上来说,决定性投票规则提供了足够的隐私。我们表明,假设敌对观察员对个别选票有不确定性,甚至公布选票的直方图就能取得良好的DDP。 其次,我们引入了准确的隐私概念,以比较在各种共同研究的投票规则中保留的隐私,并在称为通用评分规则的一大批表决规则中,获得确切的DDP的二分法理。