The development of Internet technology enables an analysis on the whole population rather than a certain number of samples, and leads to increasing requirement for privacy protection. Local differential privacy (LDP) is an effective standard of privacy measurement; however, its large variance of mean estimation causes challenges in application. To address this problem, this paper presents a new LDP approach, an improved Christofides mechanism. It compared four statistical survey methods for conducting surveys on sensitive topics -- modified Warner, Simmons, Christofides, and the improved Christofides mechanism. Specifically, Warner, Simmons and Christofides mechanisms have been modified to draw a sample from the population without replacement, to decrease variance. Furthermore, by drawing cards without replacement based on modified Christofides mechanism, we introduce a new mechanism called the improved Christofides mechanism, which is found to have the smallest variance under certain assumption when using LDP as a measurement of privacy leakage. The assumption is do satisfied usually in the real world. Actually, we decrease the variance to 28.7% of modified Christofides mechanism's variance in our experiment based on the HCOVANY dataset -- a real world dataset of IPUMS USA. This means our method gets a more accurate estimate by using LDP as a measurement of privacy leakage. This is the first time the improved Christofides mechanism is proposed for LDP framework based on comparative analysis of four mechanisms using LDP as the same measurement of privacy leakage.

翻译：互联网技术的发展使得对全体人口而非特定样本量的分析成为可能，也引发了对隐私保护的更高要求。本地差分隐私作为一种有效的隐私度量标准，但其均值估计的大方差特性给实际应用带来了挑战。针对这一问题，本文提出了一种新的本地差分隐私方法——改进型Christofides机制。我们比较了四种用于敏感话题调查的统计调查方法：改进的Warner机制、Simmons机制、Christofides机制及改进型Christofides机制。具体而言，我们对Warner、Simmons和Christofides机制进行了修改，采用无放回抽样以降低方差。此外，基于改进的Christofides机制的无放回抽牌方式，我们引入了一种新机制——改进型Christofides机制，发现在以本地差分隐私作为隐私泄露度量时，该机制在特定假设下方差最小。该假设在现实世界中通常成立。实际上，基于IPUMS USA的真实数据集HCOVANY开展的实验中，我们将方差降至改进的Christofides机制方差的28.7%，这意味着以本地差分隐私作为隐私泄露度量时，我们的方法能获得更精确的估计。这是首次基于四种机制以相同隐私泄露度量标准（本地差分隐私）进行对比分析，提出适用于本地差分隐私框架的改进型Christofides机制。