Local Information Privacy and Its Application to Privacy-Preserving Data Aggregation

In this article, we propose local information privacy (LIP), and design LIP based mechanisms for statistical aggregation while protecting users' privacy without relying on a trusted third party. The concept of context-awareness is incorporated in LIP, which can be viewed as exploiting of data prior (both in privatizing and post-processing) to enhance data utility. We present an optimization framework to minimize the mean square error of data aggregation while protecting the privacy of each user's input data or a correlated latent variable by satisfying LIP constraints. Then, we study optimal mechanisms under different scenarios considering the prior uncertainty and correlation with a latent variable. Three types of mechanisms are studied in this article, including randomized response (RR), unary encoding (UE), and local hashing (LH), and we derive closed-form solutions for the optimal perturbation parameters that are prior-dependent. We compare LIP-based mechanisms with those based on LDP, and theoretically show that the former achieve enhanced utility. We then study two applications: (weighted) summation and histogram estimation, and show how proposed mechanisms can be applied to each application. Finally, we validate our analysis by simulations using both synthetic and real-world data. Results show the impact on data utility by different prior distributions, correlations, and input domain sizes. Results also show that our LIP-based mechanisms provide better utility-privacy tradeoffs than LDP-based ones.