Differential privateness (DP) is a mathematically rigorous and extensively studied privateness framework that ensures the output of a randomized algorithm stays statistically indistinguishable even when the info of a single person adjustments. This framework has been extensively studied in each concept and follow, with many functions in analytics and machine studying (e.g., 1, 2, 3, 4, 5, 6, 7).
The 2 major fashions of DP are the central mannequin and the native mannequin. Within the central mannequin, a trusted curator has entry to uncooked information and is answerable for producing an output that’s differentially personal. The native mannequin requires that every one messages despatched from a person’s gadget are themselves differentially personal, eradicating the necessity for a trusted curator. Whereas the native mannequin is interesting because of its minimal belief necessities, it typically comes with considerably greater utility degradation in comparison with the central mannequin.
In real-world data-sharing situations, customers typically place various ranges of belief in others, relying on their relationships. For example, somebody may really feel snug sharing their location information with household or shut pals however would hesitate to permit strangers to entry the identical data. This asymmetry aligns with philosophical views of privateness as management over private data, the place people specify with whom they’re prepared to share their information. Such nuanced privateness preferences spotlight the necessity for frameworks that transcend the binary belief assumptions of current differentially personal fashions, accommodating extra lifelike belief dynamics in privacy-preserving techniques.
In “Differential Privateness on Belief Graphs”, printed on the Improvements in Theoretical Laptop Science Convention (ITCS 2025), we use a belief graph to mannequin relationships, the place the vertices signify customers, and linked vertices belief one another (see beneath). We discover methods to apply DP to those belief graphs, making certain that the privateness assure applies to messages shared between a person (or their trusted neighbors) and everybody else they don’t belief. Particularly, the distribution of messages exchanged by every person u or considered one of their neighbors with some other person not trusted by u ought to be statistically indistinguishable if the enter held by u adjustments, which we name belief graph DP (TGDP).