Locality Sensitive Hashing with Extended Differential Privacy

Extended differential privacy, which is a generalization of standard differential privacy (DP) using a general metric rather than the Hamming metric, has been widely studied to provide rigorous privacy guarantees while keeping high utility. However, existing works on extended DP focus on a specific metric such as the Euclidean metric and the Earth Mover's metric, and cannot be applied to other metrics. Consequently, existing extended DP mechanisms are limited to a small number of applications such as location-based services and document processing. In this paper, we propose two new extended DP mechanisms for privacy-preserving LSH. Our first mechanism is based on the multivariate Laplace mechanism and is designed for the Euclidean distance metric. Our second mechanism uses randomized response, and can be applied to a wide variety of metrics including the angular distance (or cosine) metric, Jaccard metric, Earth Mover's metric, and $l_p$ metric. Moreover, our mechanisms work well for personal data in a high-dimensional space. We theoretically analyze the privacy properties of our mechanisms, introducing new versions of concentrated and probabilistic extended DP to explain the guarantees provided. Finally, we apply our mechanisms to friend matching based on personal data in a high-dimensional space with an angular distance metric. We show through experiments that our mechanisms provides high utility, with our Laplace based mechanism performing well in lower dimensional spaces and the randomized response based mechanism in high dimensions. This makes possible friend matching with rigorous privacy guarantees and high utility.