Paper ID: 463
Title: Efficient Algorithm for Privately Releasing Smooth Queries
Reviews

Submitted by Assigned_Reviewer_6

Q1: Comments to author(s). First provide a summary of the paper, and then address the following criteria: Quality, clarity, originality and significance. (For detailed reviewing guidelines, see http://nips.cc/PaperInformation/ReviewerInstructions)
Efficient Algorithm for Privately Releasing Smooth Queries
-------------------------------------------------------------------------------
The authors address the problem of answering a large set of queries in a differentially private manner. The set in question in this paper is the set of function with bounded partial derivatives up to order K. The authors' technique mimics the work of Thaler et al (ICALP 2012) only the authors decompose the queries not into regular polynomials (Chebyshev polynomials in the case of Thaler et al), but rather to trigonometric polynomial in this case. The bulk of the work is indeed to show that the abovementioned set of queries can be well-approximated by trigonometric polynomials. Having established that, adding Laplace noise to each monomial suffices to guarantee differential privacy.

The paper has all the ingredients of a great paper -- the authors tackle a classical problem using an original approach, prove something far from trivial, and Table 1 shows what one would expect to see: as K increases, the set of queries is more restricted, and so the error bounds for the queries get tighter. Furthermore, I find it to be very well written, even the more complicated mathematical parts.

After the authors' rebuttal I now see that there are situations, though admittedly-- somewhat limited, in which this mechanism out-performs the naive straw-man algorithms of MW [HR10, GRU12] and Exponential mechanism [MT07, BLR08] in terms of error and/or running time. I therefore support acceptance.

I suggest the authors do the following:

1. Mention the straight-forward techniques at the intro, and show under certain situations (i.e., smoothness bound > 2*dimension) they get error of o(n^{1/2}), in time o(n^{d/2}).

2. It will also be helpful to compare to the bounds you get using the inefficient BLR-mechanism (in essence, the authors' technique in the given paper bounds the ``effective'' number of queries in C_B^K).

3. If the authors can incorporate the results regarding S non-zeros derivatives into the paper -- all the better.
Q2: Please summarize your review in 1-2 sentences
The authors address the problem of answering a large set of queries in a differentially private manner, focusing on queries with bounded partial derivatives and using trigonometric polynomial. Their technique applies in a limited setting, but there it outperforms other existing techniques.

Submitted by Assigned_Reviewer_7

Q1: Comments to author(s). First provide a summary of the paper, and then address the following criteria: Quality, clarity, originality and significance. (For detailed reviewing guidelines, see http://nips.cc/PaperInformation/ReviewerInstructions)
NOTE: Due to the number of papers to review and the short reviewing time, to maintain consistency I did not seek to verify the correctness of the results. As a result, I generally ignored any proofs or additional details in the supplementary material. This review should be considered as a review of the main paper alone.

SUMMARY: The authors propose a new method for approximating a database in a differentially private manner when the database will be used to answer queries with certain smoothness properties. The method appears to be correct but is unclear if it is primarily theoretical interest or if it is practically relevant.

STRENGTHS:
- This is a new approach to database approximation for real data, a topic which has not received as much attention in the differential privacy literature.
- The application of polynomial approximation is novel with respect to this problem (although similar ideas for related problems have been proposed before).

WEAKNESSES:
- It is unclear if the proposed method actually "works" in any meaningful sense. The authors are not very clear on this point. Since there is no experimental verification, it should be more clear that this is a primarily theoretical investigation.
- It is not clear from the statement of the results if bounds are surprising, to be expected, or if there is a hope of matching lower bounds. This makes it hard to evaluate the "impact" of the result.


COMMENTS:
- Does it make sense that the smoothness of the function should depend on the data dimension? In particular, the fact that $K/d$ is the relevant quantity is not very intuitive.
- The authors seem to want to make a big deal out of the fact that their approach allows "infinite number of queries," but this is pretty obvious because they are not really looking at a query model but instead a differentially private approximation of the data. In the discrete setting, if one makes a differentially private histogram, one gets the same thing.
- I was hoping for more of a comparison with [18], which (as I recall) also looks at real-valued data and derives estimators based on a quantization approach. The authors cite this paper but do not provide any context.
- Indeed, the whole "name of the game" here is density estimation, which is a well-studied area in statistics and machine learning. What does this literature have to say about the approach suggested by the authors?
- Experiments, evaluation? This seems like a nice recipe for approximation but it is a little hard to see if, e.g. it will work at all for d of "practical" interest. Indeed some examples of useful smooth queries could be nice. Is this an interesting sub-class of problems that could be used as an example?

UPDATE AFTER REBUTTAL:
* After the response and discussion I remain sanguine about this paper. However, I would like many of the details from the author's rebuttal to appear in the manuscript -- this will help clarify the presentation and might actually facilitate some discussion at NIPS.
* The authors did not really address many of my comments, which is somewhat disappointing. I think an example of interesting smooth queries (e.g. in the introduction) will help ground the theory. Otherwise many of the more applied folks interested in privacy will say "oh, the authors show an algorithm for some version of smoothness for which they give no interesting examples except references to [23] and [28]." A concrete example of an interesting smooth query that is relevant to the NIPS audience will make this paper more accessible.
Q2: Please summarize your review in 1-2 sentences
The authors propose a new method for approximating a database in a differentially private manner when the database will be used to answer queries with certain smoothness properties. The method appears to be correct but is unclear if it is primarily theoretical interest or if it is practically relevant.

Submitted by Assigned_Reviewer_8

Q1: Comments to author(s). First provide a summary of the paper, and then address the following criteria: Quality, clarity, originality and significance. (For detailed reviewing guidelines, see http://nips.cc/PaperInformation/ReviewerInstructions)
This paper presents an algorithm for releasing the answers to a set of smooth queries on a database, in a manner that preserves differential privacy. Smooth queries are those whose partial derivatives up to a particular order are all bounded.

The basic idea is essentially that smooth functions can be reconstructed from a limited number of basis functions, so outputting a differentially private such basis allows one to output differentially private smooth functions. The result doesn't have depth on the privacy side---the techniques and proofs are completely standard. And the "basis" result as I'm calling it (trigonometric polynomial approximation), is not new. So the contributions of the paper seem to be in the technical details of ensuring the approximations have small enough coefficients and in the idea of applying differential privacy in this setting. It's a nice idea, but the overall contribution doesn't excite me. Perhaps a reader with a deeper interest in (approximations of) smooth functions would appreciate it more.

A few other comments:
The definition of accuracy as written is confusing; it would help to clarify that you're taking probability over the randomness of the mechanism.

The paper needs to be proofread; there are lots(!) of minor grammatical errors.
Q2: Please summarize your review in 1-2 sentences
Summary: There is a nice idea at the core of this paper, but I am not excited enough about the overall contribution.
Author Feedback

Q1:Author rebuttal: Please respond to any concerns raised in the reviews. There are no constraints on how you want to argue your case, except for the fact that your text should be limited to a maximum of 6000 characters. Note however that reviewers and area chairs are very busy and may not read long vague rebuttals. It is in your own interest to be concise and to the point.
To reviewer 1 (Assigned Reviewer 6)

[Comment] The paper has a major fault. One can discretize [-1,1]^d and use existing algorithms which then outperform the proposed approach.

[Answer] We thank the reviewer for raising technical questions. However the reviewer seems to make a miscalculation (see below for detail). Please note that:

1) We already discussed these discretization based methods and compared them to our approach in the paper. Please see the 3rd paragraph in Section 5.

2) Our algorithm significantly outperforms discretization based methods both in accuracy and running time for queries with high order smoothness.

First let us compare the performance of our algorithm with the best discretization based method (e.g., discretization + MW). Consider the case that the queries have order of smoothness K which is large compared to d.

- For the discretization based approaches, the best possible accuracy is n^{-1/2}. To achieve such an accuracy, the running time of the algorithm is at least n^{d/2}. (See line 423-428 in the paper.)

- For our algorithm, the accuracy is nearly n^{-1}; and the running time is n^c for some c << 1. (See the 3rd row in Table 1.)

Thus, for highly smooth queries, our algorithm has an error much smaller than the standard n^{-1/2}, which is inherent to all previous mechanisms for answering general linear queries. Moreover, the running time of our algorithm to achieve the best accuracy is sublinear, much better than n^{d/2} for discretizaiton based methods.

To see why the reviewer's conclusion is different to ours, we point out a mistake in reviewer's comment. The comments are that one can discretize [-1,1]^d to a constant precision (denoted by gamma); and on the discretized data, existing algorithms are faster than our algorithm. However, as the reviewer also admitted, the error of such an approach is a constant, which means that the error does not decrease even if more data is collected. To reduce the error to o(1), the reviewer then sets the discretization precision gamma polynomially small.

But here comes the problem: if gamma gets small, the running time of the discretization based algorithm grows: it scales as (1/gamma)^d. To be concrete, if the discretization precision is gamma, the total number of grids is (1/gamma)^d, and the running time of the best existing dp algorithm at least equals to the number of grids. Also note that the error of the discretization based method is gamma + n^{-1/2}, which is the sum of the dicretization error and the error induced by the dp algorithm. So the best possible accuracy is n^{-1/2} (by setting gamma = n^{-1/2}), and the corresponding running time is n^{d/2}, both are outperformed by our algorithm for highly smooth queries.

It is also worth pointing out that both the accuracy and running time of the discretization based methods are independent of the order of smoothness K as long as K >= 1; because the algorithms only use the first order smoothness. In contrast, our algorithm fully exploits the smoothness and has better performance when K is large.

In sum, for highly smooth queries, the discretization based algorithms run in time n^{d/2} to achieve an error of n^{-1/2}; while our algorithm runs in sublinear time and achieves an error nearly n^{-1}.



[Comment] Suppose the derivatives are sparse. Only S of the d^K partial derivatives are non-zero. Can this allow a non-constant d?

[Answer] We appreciate your suggestion very much. This is an interesting problem. We conducted some preliminary analysis. Here are a few results.

1) The simplest case is that the sparsity parameter S is a constant. Then d can be as large as n^{Omega(1)}. The performance of the algorithm only has a minor decrease. For very smooth queries, the accuracy is still significantly better than n^{-1/2}, and the running time is sublinear.

2) More interesting is the case that S is larger than any constant. We found that a more refined sparsity parameter S_K is crucial. Here S_K is the number of non-zero Kth order partial derivatives. We are able to show that if S_K is a constant, then S can be as large as (log n)^{1/2}, and d can be as large as 2^{(log n)^{1/2}}. The performance of (a slightly variant of) our algorithm does not change too much.

For more general cases, we currently do not know the answer. We think that this sparsity problem deserves a deep study.


[Comment] The setting considered is very limited: the dimension d is a constant.

[Answer] When studying differential privacy on Euclidean space R^d, it is common in literature to assume a constant dimension d. Please see for example the references [2, 5, 18, 29] and Dwork and Lei (STOC 2009). We follow this convention.



To Reviewer 2 (Assigned Reviewer 7)

Thank you for the comments. This paper is mainly a theoretical study. Experimental evaluation is surely our future work.

Our results state that for highly smooth queries our algorithm can achieve an accuracy of nearly n^{-1}, while previous approaches have n^{-1/2} at best. To answer a query, the running time of our algorithm is sublinear in n, much better than n^{d/2} for existing methods.




To Reviewer 3 (Assigned Reviewer 8)

[Comment] The result does not have depth on the privacy side.

[Answer] Privacy cannot be separated from accuracy and efficiency. There are many differentially private algorithms for which, like ours, proving privacy is easy but proving bounds on the error and running time is difficult. Please see also (Blocki, Blum, Datta, and Sheffet, FOCS 2012) for a discussion about this common phenomenon. We do not think this means a lack of depth on the privacy side.


[Comment] The definition of accuracy as written is confusing. It appears to evaluate the probability that there exists such a query, but that is not what you want.

[Answer] This is the standard definition of worst case accuracy. Please see, e.g., refs [2, 10, 16] in the paper.