quantileDP {DPpack} | R Documentation |
Differentially Private Quantile
Description
This function computes the differentially private quantile of an input vector at a user-specified privacy level of epsilon.
Usage
quantileDP(
x,
quant,
eps,
lower.bound,
upper.bound,
which.sensitivity = "bounded",
mechanism = "exponential",
uniform.sampling = TRUE
)
Arguments
x |
Numeric vector of which the quantile will be taken. |
quant |
Real number between 0 and 1 indicating which quantile to return. |
eps |
Positive real number defining the epsilon privacy budget. |
lower.bound |
Real number giving the global or public lower bound of x. |
upper.bound |
Real number giving the global or public upper bound of x. |
which.sensitivity |
String indicating which type of sensitivity to use. Can be one of 'bounded', 'unbounded', 'both'. If 'bounded' (default), returns result based on bounded definition for differential privacy. If 'unbounded', returns result based on unbounded definition. If 'both', returns result based on both methods (Kifer and Machanavajjhala 2011). Note that if 'both' is chosen, each result individually satisfies (eps, 0)-differential privacy, but may not do so collectively and in composition. Care must be taken not to violate differential privacy in this case. |
mechanism |
String indicating which mechanism to use for differential
privacy. Currently the following mechanisms are supported: 'exponential'.
See |
uniform.sampling |
Boolean indicating whether to sample uniformly between sorted dataset values when returning the private quantile. If TRUE, it is possible for this function to return any number between lower.bound and upper.bound. If FALSE, only a value present in the dataset or the lower bound can be returned. |
Value
Sanitized quantile based on the bounded and/or unbounded definitions of differential privacy.
References
Dwork C, McSherry F, Nissim K, Smith A (2006). “Calibrating Noise to Sensitivity in Private Data Analysis.” In Halevi S, Rabin T (eds.), Theory of Cryptography, 265–284. ISBN 978-3-540-32732-5, https://doi.org/10.1007/11681878_14.
Kifer D, Machanavajjhala A (2011). “No Free Lunch in Data Privacy.” In Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data, SIGMOD '11, 193–204. ISBN 9781450306614, doi:10.1145/1989323.1989345.
Smith A (2011). “Privacy-Preserving Statistical Estimation with Optimal Convergence Rates.” In Proceedings of the Forty-Third Annual ACM Symposium on Theory of Computing, STOC '11, 813–822. ISBN 9781450306911, doi:10.1145/1993636.1993743.
Examples
D <- stats::rnorm(500)
lower.bound <- -3 # 3 standard deviations below mean
upper.bound <- 3 # 3 standard deviations above mean
quant <- 0.25
eps <- 1
# Get 25th quantile satisfying pure 1-differential privacy
private.quantile <- quantileDP(D, quant, eps, lower.bound, upper.bound)
private.quantile
# Get 75th quantile requiring released value to be in dataset
quant <- 0.75
private.quantile <- quantileDP(D, quant, eps, lower.bound, upper.bound,
uniform.sampling = FALSE)
private.quantile