Lower bounds in differential privacy

Anindya De*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

47 Scopus citations


This paper is about private data analysis, in which a trusted curator holding a confidential database responds to real vector-valued queries. A common approach to ensuring privacy for the database elements is to add appropriately generated random noise to the answers, releasing only these noisy responses. A line of study initiated in [7] examines the amount of distortion needed to prevent privacy violations of various kinds. The results in the literature vary according to several parameters, including the size of the database, the size of the universe from which data elements are drawn, the "amount" of privacy desired, and for the purposes of the current work, the arity of the query. In this paper we sharpen and unify these bounds. Our foremost result combines the techniques of Hardt and Talwar [11] and McGregor et al. [13] to obtain linear lower bounds on distortion when providing differential privacy for a (contrived) class of low-sensitivity queries. (A query has low sensitivity if the data of a single individual has small effect on the answer.) Several structural results follow as immediate corollaries: We separate so-called counting queries from arbitrary low-sensitivity queries, proving the latter requires more noise, or distortion, than does the former; We separate (ε,0)-differential privacy from its well-studied relaxation (ε,δ)-differential privacy, even when δ ∈2 -o(n) is negligible in the size n of the database, proving the latter requires less distortion than the former; We demonstrate that (ε,δ)-differential privacy is much weaker than (ε,0)-differential privacy in terms of mutual information of the transcript of the mechanism with the database, even when δ ∈2 -o(n) is negligible in the size n of the database. We also simplify the lower bounds on noise for counting queries in [11] and also make them unconditional. Further, we use a characterization of (ε,δ) differential privacy from [13] to obtain lower bounds on the distortion needed to ensure (ε,δ)-differential privacy for ε, δ > 0. We next revisit the LP decoding argument of [10] and combine it with a recent result of Rudelson [15] to improve on a result of Kasiviswanathan et al. [12] on noise lower bounds for privately releasing ℓ-way marginals.

Original languageEnglish (US)
Title of host publicationTheory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings
Number of pages18
StatePublished - 2012
Event9th Theory of Cryptography Conference, TCC 2012 - Taormina, Sicily, Italy
Duration: Mar 19 2012Mar 21 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7194 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other9th Theory of Cryptography Conference, TCC 2012
CityTaormina, Sicily


  • Differential privacy
  • LP decoding

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Lower bounds in differential privacy'. Together they form a unique fingerprint.

Cite this