R: Differentially Private Quantile

quantileDP {DPpack}

R Documentation

Differentially Private Quantile

Description

This function computes the differentially private quantile of an input vector at a user-specified privacy level of epsilon.

Usage

quantileDP(
  x,
  quant,
  eps,
  lower.bound,
  upper.bound,
  which.sensitivity = "bounded",
  mechanism = "exponential",
  uniform.sampling = TRUE
)

Arguments

`x`	Numeric vector of which the quantile will be taken.
`quant`	Real number between 0 and 1 indicating which quantile to return.
`eps`	Positive real number defining the epsilon privacy budget.
`lower.bound`	Real number giving the global or public lower bound of x.
`upper.bound`	Real number giving the global or public upper bound of x.
`which.sensitivity`	String indicating which type of sensitivity to use. Can be one of 'bounded', 'unbounded', 'both'. If 'bounded' (default), returns result based on bounded definition for differential privacy. If 'unbounded', returns result based on unbounded definition. If 'both', returns result based on both methods (Kifer and Machanavajjhala 2011). Note that if 'both' is chosen, each result individually satisfies (eps, 0)-differential privacy, but may not do so collectively and in composition. Care must be taken not to violate differential privacy in this case.
`mechanism`	String indicating which mechanism to use for differential privacy. Currently the following mechanisms are supported: 'exponential'. See `ExponentialMechanism` for a description of the supported mechanisms.
`uniform.sampling`	Boolean indicating whether to sample uniformly between sorted dataset values when returning the private quantile. If TRUE, it is possible for this function to return any number between lower.bound and upper.bound. If FALSE, only a value present in the dataset or the lower bound can be returned.

Value

Sanitized quantile based on the bounded and/or unbounded definitions of differential privacy.

References

Dwork C, McSherry F, Nissim K, Smith A (2006). “Calibrating Noise to Sensitivity in Private Data Analysis.” In Halevi S, Rabin T (eds.), Theory of Cryptography, 265–284. ISBN 978-3-540-32732-5, https://doi.org/10.1007/11681878_14.

Kifer D, Machanavajjhala A (2011). “No Free Lunch in Data Privacy.” In Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data, SIGMOD '11, 193–204. ISBN 9781450306614, doi:10.1145/1989323.1989345.

Smith A (2011). “Privacy-Preserving Statistical Estimation with Optimal Convergence Rates.” In Proceedings of the Forty-Third Annual ACM Symposium on Theory of Computing, STOC '11, 813–822. ISBN 9781450306911, doi:10.1145/1993636.1993743.

Examples

D <- stats::rnorm(500)
lower.bound <- -3 # 3 standard deviations below mean
upper.bound <- 3 # 3 standard deviations above mean

quant <- 0.25
eps <- 1
# Get 25th quantile satisfying pure 1-differential privacy
private.quantile <- quantileDP(D, quant, eps, lower.bound, upper.bound)
private.quantile

# Get 75th quantile requiring released value to be in dataset
quant <- 0.75
private.quantile <- quantileDP(D, quant, eps, lower.bound, upper.bound,
                               uniform.sampling = FALSE)
private.quantile

[Package DPpack version 0.1.0 Index]