Detecting the source of a gossip is a critical issue, related to identifying patient zero in an epidemic, or the origin of a rumor in a social network. Although it is widely acknowledged that random and local gossip communications make source identification difficult, there exists no general quantification of the level of anonymity provided to the source. This paper presents a principled method based on $\varepsilon$-differential privacy to analyze the inherent source anonymity of gossiping for a large class of graphs. First, we quantify the fundamental limit of source anonymity any gossip protocol can guarantee in an arbitrary communication graph. In particular, our result indicates that when the graph has poor connectivity, no gossip protocol can guarantee any meaningful level of differential privacy. This prompted us to further analyze graphs with controlled connectivity. We prove on these graphs that a large class of gossip protocols, namely cobra walks, offers tangible differential privacy guarantees to the source. In doing so, we introduce an original proof technique based on the reduction of a gossip protocol to what we call a random walk with probabilistic die out. This proof technique is of independent interest to the gossip community and readily extends to other protocols inherited from the security community, such as the Dandelion protocol. Interestingly, our tight analysis precisely captures the trade-off between dissemination time of a gossip protocol and its source anonymity.
翻译:检测流言源头是一个关键问题,涉及流行病学中零号病人的溯源或社交网络中谣言来源的识别。尽管随机化与本地化的流言传播通信会使源头识别变得困难,但目前尚未建立对源头所获匿名性程度的通用量化方法。本文提出一种基于$\varepsilon$-差分隐私的原理性方法,用于分析广泛图类中流言传播的固有源头匿名性。首先,我们量化了任意通信图中所有流言协议可保证的源头匿名性基本极限。特别地,我们的结果表明当图连通性较差时,任何流言协议都无法保证有意义的差分隐私级别。这促使我们进一步分析具有受控连通性的图结构。我们证明在此类图上,一大类流言协议(即眼镜蛇游走协议)能为源头提供切实的差分隐私保障。在此过程中,我们引入了一种基于流言协议归约的原创证明技术,将其转化为我们称为具有概率衰减的随机游走模型。该证明技术对流言研究领域具有独立价值,并可直接扩展至继承自安全领域的其他协议(如Dandelion协议)。值得注意的是,我们的严密分析精准捕捉了流言协议的传播时间与其源头匿名性之间的权衡关系。