| CPC G06F 21/6218 (2013.01) [G06F 16/24575 (2019.01); G06F 21/6227 (2013.01)] | 24 Claims |
|
1. A method comprising:
receiving, by at least one hardware processor of a dedicated hardware device, a request from a client device to perform a query on a set of data stored by a database, the request received via a graphical user interface configured at the dedicated hardware device, the request identifying a target accuracy and a maximum privacy spend, the target accuracy comprising a maximum relative error, and the maximum privacy spend comprising a value of a zero-concentrated privacy parameter ρ associated with a degree of information released about the set of data due to the query;
transforming by a query handling engine configured at the dedicated hardware device, the query into one or more function calls compatible with the database;
accessing via communication circuitry of the dedicated hardware device, a computing node that is external to the dedicated hardware device, the computing node housing the database with the set of data;
invoking the one or more function calls to perform a differentially private count operation on the set of data to produce a differentially private result, the differentially private count operation comprising:
performing a count operation on the set of data to produce a result;
perturbing the result to produce a differentially private result using a noise value sampled from a Gaussian distribution and based on a fractional privacy spend comprising a fraction of the maximum privacy spend associated with the zero-concentrated privacy parameter ρ; and
iteratively calibrating the noise value of the differentially private result using an inverse variance weighted averaging and additional samples from the Gaussian distribution and a new fractional privacy spend until at least one of:
an iteration uses the maximum privacy spend; and
a relative error of the differentially private result is determined to satisfy the target accuracy; and
encoding by the communication circuitry of the dedicated hardware device, the differentially private result for transmission to the client device.
|