Shortest Paths and Distances with Differential Privacy

We introduce a model for differentially private analysis of weighted graphs in which the graph topology $(V,E)$ is assumed to be public and the private information consists only of the edge weights $w:E\to\mathbb{R}^+$. This can express hiding congestion patterns in a known system of roads. Differential privacy requires that the output of an algorithm provides little advantage, measured by privacy parameters $\epsilon$ and $\delta$, for distinguishing between neighboring inputs, which are thought of as inputs that differ on the contribution of one individual. In our model, two weight functions $w,w'$ are considered to be neighboring if they have $\ell_1$ distance at most one. We study the problems of privately releasing a short path between a pair of vertices and of privately releasing approximate distances between all pairs of vertices. We are concerned with the approximation error, the difference between the distance or length of the released path and the actual distance or length of the shortest path. For privately releasing a short path between a pair of vertices, we prove a lower bound of $\Omega(|V|)$ on the additive approximation error for fixed $\epsilon,\delta$. We provide a differentially private algorithm that nearly matches this error bound and releases paths between all pairs of vertices. The approximation error of our algorithm can be bounded by the number of edges on the shortest path, so we achieve better accuracy than the worst-case bound for pairs of vertices that are connected by a low-weight path with $o(|V|)$ vertices. For releasing all-pairs distances, we show that for bounded-weight graphs with edge weights in $[0,M]$ we can release all distances with approximation error $\tilde{O}(\sqrt{|V|M})$ for fixed $\epsilon,\delta > 0$. For trees we show that we can release all-pairs distances with approximation error $O(\log^{2.5}|V|)$.