Optimizing Histogram Queries under Differential Privacy

Differential privacy is a robust privacy standard that hasbeen successfully applied to a range of data analysis tasks.But despite much recent work, optimal strategies for answer-ing a collection of related queries are not known.We propose the matrix mechanism, a new algorithm foranswering a workload of predicate counting queries. Givena workload, the mechanism requests answers to a differentset of queries, called a query strategy, which are answeredusing the standard Laplace mechanism. Noisy answers tothe workload queries are then derived from the noisy answersto the strategy queries. This two stage process can result ina more complex correlated noise distribution that preservesdifferential privacy but increases accuracy.We provide a formal analysis of the error of query answersproduced by the mechanism and investigate the problem ofcomputing the optimal query strategy in support of a givenworkload. We show this problem can be formulated as arank-constrained semidefinite program. Finally, we analyzetwo seemingly distinct techniques, whose similar behavior isexplained by viewing them as instances of the matrix mech-anism.