Transcript scws3 6734

Private Approximation of
Search Problems
Amos Beimel
Paz Carmi
Kobbi Nissim
Enav Weinreb (Technion)
Let’s compute f(x, y)!
x
y
No! You will learn too much
information on my input!
x
y
Haven’t you heard of secure
function evaluation?
x
y
Sure I’v heard of it...But
for f it will be inefficient
x
y
That’s not a problem! We
can approximate f by f*
and do SFE on f*!
x
y
Hmmmm....
I don’t know...
x
y
What can go wrong?
Example:
f*(x, y) reveals Bob’s input.
f(134, 285) = 64
f*(134, 285) = 64.285
f(847, 121) = 26
f*(847, 121) = 26.121
Hmmm..
.
y
Talk Overview




Background and Previous Work
Definitions for Search Problems
Impossibility Result for Vertex Cover
Algorithms that Leak (Little) Information



Positive Result for MAX-3SAT
Problems in P
Conclusions and Open Problems
Private Approximation [FIMNSW]
f* is a private approximation for f:
 f* is an approximation of f.
 f*(x) gives no more information
about x then f(x).
Privacy definitions:
 f*(x) can be simulated given f(x).
 If f(x)=f(x’) then f*(x) and f*(x’)
should be indistinguishable.
Positive results [FIMNSW]

Hamming distance:



Private approximation in
communication O(√n).
Improved to polylog(n) by [IW]
Permanent:

Private approximation in polynomial
time.
PA of NP-Hard Functions [HKKN]
Vertex Cover
Input: undirected graph G=<E,V>.
A set C  V is a vertex cover of G if
for every  u , v  E , u  C or v  C.
Functional:
Return minimum vertex cover size.
* We’ll discuss search version later.
Client-Server Model
G
“Hmmm…”
“I would,
but it is
hard to
compute.”
SERVER
“So, “Would
tell me you
an
tell me the
approximation!”
vertex
cover size
of your
graph?”
CLIENT
Maximal Matching Approximation



Find maximal
matching.
Its vertices form a
cover.
2-approximation:
solution size is at
most 2 times the
optimal solution.
1
2
3
4
5
6
1
2
1
3
3
4
2
5
4
5
6
6
VC
2
2
Matching
4
2
G
“Hmmm…”
“So, tell me an
approximation!”
Impossibility results [HKKN]


If NP  BPP there is no polynomial
private n1-ε-approximation algorithm
for vertex cover size.
Impossibility results for other NPcomplete functions:


MAX-SAT
Vertex cover in planer graphs.
Talk Overview




Background and Previous Work
Definitions for Search Problems
Impossibility Result for Vertex Cover
Algorithms that Leak (Little) Information



Positive Result for MAX-3SAT
Problems in P
Conclusions and Open Problems
Search problems
Function - one output for every input.
 Search - many solutions for one input.
Example: vertex cover
Return a vertex cover of the graph (a set of
vertices).



What is the right definition of privacy?
What pairs of inputs should not be
distinguished by the output?
Step 1: Privacy w.r.t. a Relation
R – Equivalence relation over the inputs
A – Probabilistic algorithm
A is private with respect to R if:
c
A( )
A( ) ≈
x
y
Step 2: Defining the Relation
Let P be a search problem.
Let S(x) be the set of solutions to the
input x.
We say that x ≈P y if x and y have the
same set of solutions, that is,
S(x)=S(y).
Example – Vertex Cover (Search)
G1 ≈VC G2 if they have the same
set of minimum vertex covers.
1
2
2 approximation
1
A is a private
3 if:
algorithm
for vertex cover
3
≈VC
 A is an approximation
algorithm for

vertex cover.
c4
G1 ≈VC G25 A(G1)≈
A(G2)
4
6
 Can this be done efficiently?
6
vertex cover sets:
{2,3} and {3,5}
5
Search versus Functional

In non-private computation:


A lower bound for functional implies a
lower bound for search.
Private computation:
1
1
2
2
4
3
4


3
Functional – equivalent (VC size = 2).
Search – not equivalent ({2,4} is a VC
only of the right graph).
Search versus Functional
Can we use the lower bounds
techniques of [HKKN] for
functional vertex cover?
No.
 [HKKN] relies on having few
equivalence classes.
 In search - Huge number of
equivalence classes.
Talk Overview




Background and Previous Work
Definitions for Search Problems
Impossibility Result for Vertex Cover
Algorithms that Leak (Little) Information



Positive Result for MAX-3SAT
Problems in P
Conclusions and Open Problems
Vertex Cover - Impossibility Result
Theorem 1
If P ≠NP there is no deterministic
polynomial time n1-ε-approximation
algorithm for vertex cover.
Proof idea:
Given a private-approximation
algorithm A, we construct a greedy
algorithm that solves vertex cover
exactly.
A Taste of the Proof
Claim:
Let G be a graph and W  A(G ).
If v1 , v2 W then both v1 and v2 are
non critical for G .
A vertex v V is critical for G if
every minimum vertex cover of G
contains v.
The approximation’s answer teaches us
about the optimal solution!
Proof of the Claim
Let G be a graph and W  A(G ).
If v1 , v2 W then both v1 and v2 are
non critical for G .
G*
v2
G
W *  A(G*)
v1
v2
v1
Privacy
W  A(G )
W  W *  VC (G )  VC (G*)
 v1 is non critical for G .
Vertex Cover - Impossibility Result
Theorem 1
RP  NP
randomized
If P ≠NP there is no deterministic
polynomial time n1-ε-approximation
algorithm for vertex cover.
MAX-3SAT




Given a 3CNF formula  find an
assignment  that satisfies a
maximum fraction of its clauses.
Best approximation ratio: 7/8.
1  SAT 2 if 1 and  2 have the
same set of maximum satisfying
assignments.
Again, no private approximation!
Talk Overview




Background and Previous Work
Definitions for Search Problems
Impossibility Result for Vertex Cover
Algorithms that Leak (Little)
Information



Positive Result for MAX-3SAT
Problems in P
Conclusions and Open Problems
Almost-Private Algorithms [HKKN]


Let f be a function.
f* is a private approximation for f
that leaks k bits:

f*(x) can be simulated from f(x) and
another k bits of advice.
Example:
There is an efficient 4-approximation
of vertex cover size that leaks 1 bit.
Almost-Private Algorithms - Search
c
A( )
A( ) ≈
x
y
z w
A( ) ? A( )
Almost-Private Algorithms
A is k-private with respect to R if
there exists R ' such that:
1. R'  R .
2. Every equivalence class of R is a
k
union of at most 2 equivalence
classes of R ' .
3. A is private with respect to R ' .
Search versus Functional
Can we use the ideas of [HKKN] for
functions to get efficient almost
private algorithms for search
problems?
No.
[HKKN] use rounding of the result of
a non-private approximation. Not
clear how to generalize to search
problems.
Almost Private Approximation for
MAX-E3SAT
same
ofis
 SAT
1 andequivalence
 2 have the
Every
class
of set
maximum
divided
intosatisfying
subclasses.
O (log n)assignments.
 SAT
1
1  2
2
3
…
…
 O (logn )
Lemma 1
There is a set of O (log n) assignments
1 ,...,  O (logn ) such that for every
3SAT formula  on n variables
there exists an  i that satisfies
7 / 8   of the clauses in  .
Proof:
Construct almost 3-wise [NN, AGHP]
independent variables x1 ,..., xn .
log n
Number of assignments: O (  ) .
Proof of Lemma 1(cont.)
For every 3 random variables x1 , x2 , x3
and every 3 Boolean values b1 , b2 , b3 :
1 / 8    Pr[ x1  b1  x2  b2  x3  b3 ]  1 / 8  
Conclusion 1: For each clause C :
Pr[C is satisfied by  ]  7 / 8  
over the choice of  .
Conclusion 2: For every formula 
there is an assignment that satisfies
7 / 8   of its clauses.
Almost Private Approximation for
MAX-3SAT
Theorem 2
There exists a O(log log n) -private
(7 / 8   )-approximation algorithm
for MAX-3SAT.
Proof:
We use 1 ,...,  O (logn ) from Lemma 1.
Given a formula  return the first
 i that satisfies at least (7 / 8   ) of
the clauses in  .
Solution-List Paradigm



A short list of solutions.
Every input has a good
approximation in the list.
2k solutions  k-private algorithm
Talk Overview




Background and Previous Work
Definitions for Search Problems
Impossibility Result for Vertex Cover
Algorithms that Leak (Little) Information



Positive Result for MAX-3SAT
Problems in P
Conclusions and Open Problems
Problems in P - Private Computation
Let S be a search problem in P.
(Example: shortest-path)
Recall that x ≈S y if x and y have the
same set of solutions.
For a private algorithm we require:
A(x) ≈c A(y)
Is there a private algorithm for every
problem in P? No!
Impossibility result for a Problem in P
Input: G=<V, E>, C, k
Output: If C is a clique of size k in G
then output a clique of size k in G.
The problem is in P because C is a
legal output.
A private algorithm implies a nonuniform algorithm for Clique.
Positive Results for Problems in P
Any problem S for which we can find:
 The lexicographically first solution


x ≈S y implies x and y have the same
lex first solution.
A random solution

x ≈S y implies that a random solution
distributes identically for x and y.
Examples: perfect matching, shortest
path, linear algebra, and more...
Discussion – Strength of Definition
We said the definition is minimal –
good for impossibility results.
Is it strong enough for positive
results?
Can returning the lex first solution be
considered private?
What is the right sufficient
definition? (work in progress...)
Talk Overview




Background and Previous Work
Definitions for Search Problems
Impossibility Result for Vertex Cover
Algorithms that Leak (Little) Information



Positive Result for MAX-3SAT
Problems in P
Conclusions and Open Problems
Further Results
Impossibility result for (any)
1
n
(log n)-private -approximation
algorithm for vertex cover.
1
n
 Solution-list
-approximation
algorithm for vertex cover that

2
n
leaks
bits.
[BHN07] improved the lower bound to
show that the solution-list algorithm
is optimal.

Conclusions





Defined private approximation of
search problems
Impossibility result for private
approximation of vertex cover
Defined k-private approximation
algorithms for search problems
Positive result for MAX-3SAT
Private computation of problems in P
Open Problems

More private approximation
algorithms.


Design algorithms that defeat solution
list algorithms.
Private computation of problems in
P.


What is the right (sufficient) definition?
What search problems admit efficient
private computation?
Vertex Cover - Impossibility Result
Theorem 1
If P ≠NP there is no deterministic
polynomial time n1-ε-approximation
algorithm that is private with
respect to ≈VC.
Proof Idea:
Given a private n1-ε-approximation
algorithm A, we exactly solve vertex
cover.
Definitions for the Proof
Let G  V , E  be a graph.
 A vertex v V is critical for G if
every minimum vertex cover of G
contains v.
 A vertex v V is relevant for G if
there exists a minimum vertex
cover of G that contains v.
 Every vertex is non-critical or
relevant (or both).
Claim 1
Let G be a graph and W  A(G ).
If v1 , v2 W then both v1 and v2 are
non critical for G .
Note: The claim is useless if W  V .
Proof of Claim 1
Let G be a graph and W  A(G ).
If v1 , v2 W then both v1 and v2 are
non critical for G .
G*
v2
G
W *  A(G*)
v1
v2
v1
Privacy
W  A(G )
W  W *  VC (G )  VC (G*)
 v1 is non critical for G .
Relevant / Non-Critical Algorithm

Input



Output - one of the following:



Graph G
Vertex v.
v is Relevant for G.
v is Non-Critical for G.
Enables a greedy algorithm for
Vertex Cover.
Relevant / Non-Critical Algorithm
I is aLet
bigWset
of
*  A(G*).
isolated vertices.
I
G'
v'W '
W '  A(G ' )
G
G
v
Is v'W * ?
v
I
v'W '
G*
W *  A(G*)
G
G
v
v
v'W *
Case 1
Privacy
W *  W '  VC (G*)  VC (G ' )
 v is non critical for G .
(If v was critical for G, both copies
of v would be critical for G ' .)
I
G'
v'W '
W '  A(G ' )
G
G*
G
G
v
I v'W '
W *  A(G*)
v
G
v
v
Case 2
By Claim 1
v'W *
v ' is not critical for G * .
Thus, there exists a minimum cover C *
of G * that does not contain v ' .
Let c be the size of the minimum
vertex cover of G .
I
G'
v'W '
W '  A(G ' )
G
G*
G
G
v
I v'W '
W *  A(G*)
v
G
v
v
Case 2 v'W * (cont.)
Assume v is not relevant for G .
C * must contain both copies of v
as it does not contain v ' .
Thus, C * contains two non-optimal
vertex covers of G  | C* | 2c  2
I
G'
v'W '
W '  A(G ' )
G
G
v
v
I
v'W '
G*
W *  A(G*)
G
G
v
v
v'W * (cont. ii)
Case 2
However, taking two minimal covers
of G and adding v ' results in a cover
for G * of size 2c  1.
Contradiction to the minimality of C *.
Hence, v is relevant for
I
G'
v'W '
W '  A(G ' )
G
G
v
v
I
G.
v'W '
G*
W *  A(G*)
G
G
v
v
Relevant / Non-Critical (Summary)

On input ( G, v ):






I
G'
Define the graph G ' .
G
Compute W '  A(G ' ) .
Choose v'W ' .
Define the graph G * .
If v' A(G*) , output:
“ v is Non-Critical for G .”
G*
If v' A(G*) , output:
“ v is Relevant for G .”
G
v'W '
W '  A(G ' )
G
v
v
I
v'W '
W *  A(G*)
G
v
v
Greedy Vertex Cover





Choose an arbitrary vertex v .
Execute the Relevant/Non-Critical
algorithm on G, v .
If v is Relevant, take v and delete
all edges adjacent to v.
If v is Non-Critical, take N (v) and
delete all edges adjacent to N (v) .
Continue recursively.
Vertex Cover - Impossibility Result
Theorem 1
RP  NP
randomized
If P ≠NP there is no deterministic
polynomial time n1-ε-approximation
algorithm for vertex cover.