R: Differentially Private Median

medianDP {DPpack}

R Documentation

Differentially Private Median

Description

This function computes the differentially private median of an input vector at a user-specified privacy level of epsilon.

Usage

medianDP(
  x,
  eps,
  lower.bound,
  upper.bound,
  which.sensitivity = "bounded",
  mechanism = "exponential",
  uniform.sampling = TRUE
)

Arguments

`x`	Numeric vector of which the median will be taken.
`eps`	Positive real number defining the epsilon privacy budget.
`lower.bound`	Real number giving the global or public lower bound of x.
`upper.bound`	Real number giving the global or public upper bound of x.
`which.sensitivity`	String indicating which type of sensitivity to use. Can be one of 'bounded', 'unbounded', 'both'. If 'bounded' (default), returns result based on bounded definition for differential privacy. If 'unbounded', returns result based on unbounded definition. If 'both', returns result based on both methods (Kifer and Machanavajjhala 2011). Note that if 'both' is chosen, each result individually satisfies (eps, 0)-differential privacy, but may not do so collectively and in composition. Care must be taken not to violate differential privacy in this case.
`mechanism`	String indicating which mechanism to use for differential privacy. Currently the following mechanisms are supported: 'exponential'. See `ExponentialMechanism` for a description of the supported mechanisms.
`uniform.sampling`	Boolean indicating whether to sample uniformly between sorted dataset values when returning the private quantile. If TRUE, it is possible for this function to return any number between lower.bound and upper.bound. If FALSE, only a value present in the dataset or the lower bound can be returned.

Value

Sanitized median based on the bounded and/or unbounded definitions of differential privacy.

References

Dwork C, McSherry F, Nissim K, Smith A (2006). “Calibrating Noise to Sensitivity in Private Data Analysis.” In Halevi S, Rabin T (eds.), Theory of Cryptography, 265–284. ISBN 978-3-540-32732-5, https://doi.org/10.1007/11681878_14.

Kifer D, Machanavajjhala A (2011). “No Free Lunch in Data Privacy.” In Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data, SIGMOD '11, 193–204. ISBN 9781450306614, doi:10.1145/1989323.1989345.

Smith A (2011). “Privacy-Preserving Statistical Estimation with Optimal Convergence Rates.” In Proceedings of the Forty-Third Annual ACM Symposium on Theory of Computing, STOC '11, 813–822. ISBN 9781450306911, doi:10.1145/1993636.1993743.

Examples

D <- stats::rnorm(500)
lower.bound <- -3 # 3 standard deviations below mean
upper.bound <- 3 # 3 standard deviations above mean

eps <- 1
# Get median satisfying pure 1-differential privacy
private.median <- medianDP(D, eps, lower.bound, upper.bound)
private.median

# Require released value to be in dataset
private.median <- medianDP(c(1,0,3,3,2), eps, 0, 4, uniform.sampling = FALSE)
private.median

[Package DPpack version 0.1.0 Index]