US 12,242,627 B2
Retention-replacement probability generation device, retention-replacement perturbation device, retention-replacement probability generation method, retention-replacement perturbation method, and program
Takayuki Miura, Musashino (JP); and Satoshi Hasegawa, Musashino (JP)
Assigned to NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
Appl. No. 17/765,441
Filed by NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Tokyo (JP)
PCT Filed Oct. 11, 2019, PCT No. PCT/JP2019/040235
§ 371(c)(1), (2) Date Mar. 31, 2022,
PCT Pub. No. WO2021/070361, PCT Pub. Date Apr. 15, 2021.
Prior Publication US 2022/0382896 A1, Dec. 1, 2022
Int. Cl. G06F 21/62 (2013.01)
CPC G06F 21/6218 (2013.01) 6 Claims
OG exemplary drawing
 
1. A retention-replacement probability generation device, comprising:
a storage or memory configured to store instructions; and
a processor configured to execute the instructions stored in the storage or memory such that the processor is configured to:
accept input of a histogram vector expression v of attribute values;
accept input of a privacy protection index ε;
determine whether or not a global optimal solution exists that is a replacement probability of the attribute values in which a transition matrix P and the histogram vector expression v of the attribute values yield ∥Pv−v∥=0, in the transition matrix P for each of d attribute values of the attribute values where dis an integer of no less than 2, a retention probability of a predetermined attribute value and a replacement probability group in a case of replacing the predetermined attribute value with another attribute value at a uniform probability are a column or a row corresponding to the predetermined attribute value, and columns or rows corresponding to the d attribute values are arrayed in a row or column direction;
in a case where the global optimal solution exists, output the global optimal solution; and
in a case where the global optimal solution does not exist:
generate a region that is to be satisfied by coordinates (x, y)=(qi, qj) of replacement probabilities corresponding to i'th and j'th attribute values that satisfy 1≤i≤d, 1≤j≤d and i≠j, and that is defined by an inequality equivalent to conditions for both replacement probabilities corresponding to the i'th and the j'th attribute values satisfying ε-differential privacy, and an inequality equivalent to conditions for the replacement probability of one and the retention probability of the other corresponding to the i'th and the j'th attribute values satisfying ε-differential privacy;
generate an in-region optimal solution that minimizes ∥Pv−v∥ within the region; and
output the in-region optimal solution, wherein
the region is defined by six inequalities including two inequalities equivalent to conditions for both replacement probabilities corresponding to the i'th and the j'th attribute values satisfying ε-differential privacy, two inequalities equivalent to conditions for the retention probability corresponding to the i'th attribute value and the replacement probability corresponding to the j'th attribute value satisfying ε-differential privacy, and two inequalities equivalent to conditions for the replacement probability corresponding to the i'th attribute value and the retention probability corresponding to the j'th attribute value satisfying ε-differential privacy,
the in-region optimal solution protects privacy of individual input data while enabling analysis with high precision, and
the optimal solutions are provided by an application service provider.