Answering Query Workloads with Optimal Error under Blowfish Privacy

Recent work has proposed a privacy framework, called Blowfish, that generalizes differential privacy in order to generate principled relaxations. Blowfish privacy definitions take as input an additional parameter called a policy graph, which specifies which properties about individuals should be hidden from an adversary. An open question is to characterize when Blowfish privacy definitions permit mechanisms that incur significantly lower error for query answering compared to differentially private mechanisms. In this paper, we answer this question and explore error bounds for answering sets of linear counting queries under different instantiations of Blowfish privacy. We first develop theoretical tools relating query answering under Blowfish to query answering under differential privacy. In particular, we prove a surprising equivalence between the minimum error required to answer a workload $W$ under a Blowfish policy $G$ and the minimum error required to answer a workload $W_G$ (constructed using $W$ and $G$) under differential privacy. We provide applications of these tools by finding strategies for answering multidimensional range queries under different Blowfish policy graphs. We believe the tools we develop will be useful for finding strategies to answer many other classes of queries with low error under Blowfish. Next, we generalize the matrix mechanism lower bound of Li and Miklau (called the SVD bound) for differential privacy to find an analogous lower bound for Blowfish, and illustrate our bounds using multidimensional range queries.