pith. sign in

arxiv: 2509.17266 · v1 · pith:GMADP44Unew · submitted 2025-09-21 · 💻 cs.CR · cs.IT· cs.SY· eess.SY· math.IT

Privacy-Preserving State Estimation with Crowd Sensors: An Information-Theoretic Respective

Farhad Farokhi This is my paper

Pith reviewed 2026-05-21 21:54 UTC · model grok-4.3

classification 💻 cs.CR cs.ITcs.SYeess.SYmath.IT
keywords privacy-preserving state estimationcrowd sensorsinformation leakagemutual informationlinear time-invariant systemsLuenberger observeradditive noise
0
0 comments X

The pith

Tuning the variance of added noise lets crowd-sensor state estimators meet any privacy target against informed adversaries.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper examines privacy in estimating states of linear time-invariant systems when measurements arrive from randomly picked sensors in a large pool. An observer combines these measurements with the system model to produce estimates, but an additive noise term is introduced to reduce information leakage. Leakage is defined as the mutual information between the chosen sensor's identity and the estimate, given knowledge of the true state. This models a strong adversary who has both the estimates and direct high-quality state measurements. The main result shows that by increasing the noise variance sufficiently, the leakage can be driven below any positive target value, enabling a tunable privacy-utility balance.

Core claim

For linear time-invariant systems observed through randomly selected sensors from a crowd, a Luenberger-like observer generates state estimates, and the addition of noise with appropriate variance ensures that the mutual information between the sensor identity and the estimate, conditioned on the actual state, can be made smaller than any given positive number.

What carries the argument

Additive privacy-preserving noise with tunable variance that bounds the conditional mutual information between sensor selection and released estimates.

If this is right

  • Any target privacy level is attainable without changing the observer structure.
  • The privacy mechanism works for any fixed set of sensor models and noise profiles.
  • Estimation error increases with stronger privacy but remains bounded for finite noise variance.
  • The method applies directly to systems where the adversary has access to both estimates and direct state measurements.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar noise addition might protect privacy in other recursive estimation settings such as Kalman filters.
  • This approach could enable secure deployment of sensor networks in privacy-sensitive applications such as traffic or environmental monitoring.
  • It raises the possibility of using non-Gaussian noise distributions to achieve the same leakage bound with less impact on estimation accuracy.

Load-bearing premise

The dynamical system is linear and time-invariant, sensor models are known in advance, and the information leakage is measured assuming the adversary knows the true state.

What would settle it

A counterexample system where increasing the noise variance fails to reduce the conditional mutual information below a chosen positive threshold would disprove the achievability result.

Figures

Figures reproduced from arXiv: 2509.17266 by Farhad Farokhi.

Figure 1
Figure 1. Figure 1: Probability of correctly detecting identity of the s [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Upper bound for private information leakage [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Probability of correctly detecting identity of the s [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: State estimation error P{kx − xˆk 2 2 } versus magnitude of privacy￾preserving noise σξ. data at any given time. We can particularly adopt the following estimator for an adversary: ˆs[k] = ( 1, |C(x[k] − xˆ[k])| ≥ τ, 2, otherwise. (8) To select an appropriate threshold, we can select Ξ = 0 and observe the probability of successful detection as a function of the threshold τ [PITH_FULL_IMAGE:figures/full_fi… view at source ↗
read the original abstract

Privacy-preserving state estimation for linear time-invariant dynamical systems with crowd sensors is considered. At any time step, the estimator has access to measurements from a randomly selected sensor from a pool of sensors with pre-specified models and noise profiles. A Luenberger-like observer is used to fuse the measurements with the underlying model of the system to recursively generate the state estimates. An additive privacy-preserving noise is used to constrain information leakage. Information leakage is measured via mutual information between the identity of the sensors and the state estimate conditioned on the actual state of the system. This captures an omnipotent adversary that not only can access state estimates but can also gather direct high-quality state measurements. Any prescribed level of information leakage is shown to be achievable by appropriately selecting the variance of the privacy-preserving noise. Therefore, privacy-utility trade-off can be fine-tuned.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. The paper considers privacy-preserving state estimation for linear time-invariant dynamical systems with a pool of crowd sensors having pre-specified models and noise profiles. At each time step a sensor is selected uniformly at random; a Luenberger-like observer recursively fuses the measurement with the system model to produce a state estimate. Additive privacy-preserving noise is injected into the released estimate, and leakage is quantified by the mutual information between the selected sensor identity and the estimate conditioned on the true state (modeling an adversary with direct high-quality state measurements). The central result asserts that any prescribed leakage level is achievable by suitable choice of the noise variance, thereby allowing fine-tuning of the privacy-utility tradeoff.

Significance. If the achievability result holds with the required continuity and surjectivity properties, the work supplies an information-theoretic mechanism for controlling leakage in recursive state estimators that use randomly chosen sensors. The explicit conditioning on the true state in the leakage measure is a clear modeling choice that strengthens the adversary model. The manuscript does not appear to rely on machine-checked proofs or fully parameter-free derivations, so the significance rests on the correctness of the continuity argument for the conditional mutual information.

major comments (1)
  1. [Abstract / main achievability theorem] Abstract (and the achievability statement in the main theorem): the claim that any prescribed leakage level is achievable by tuning the variance of the privacy-preserving noise presupposes that the conditional mutual information I(sensor identity; estimate | state) is a continuous, strictly monotone function of σ² with limits I_max at σ²=0 and 0 as σ²→∞. Because the Luenberger observer is recursive, the estimate at time t incorporates the entire history of past sensor selections and measurements; conditioning only on the current state does not eliminate this history dependence in p(estimate | state, current sensor). Consequently the mapping from current-step variance to conditional MI may fail to be surjective onto [0, I_max] or even continuous, undermining the central achievability result.
minor comments (2)
  1. [Section 2 / Preliminaries] The precise assumptions on the system matrices (A, C_i) and noise covariances that guarantee observability of the randomly switched system should be stated explicitly before the main theorem.
  2. [Abstract] Notation for the conditional mutual information should be introduced once and used consistently; the current abstract phrasing is slightly ambiguous about whether the conditioning is on the full state trajectory or only the instantaneous state.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We are grateful to the referee for the thorough review and insightful comments on our manuscript. We address the major comment regarding the achievability result below.

read point-by-point responses

  1. Referee: [Abstract / main achievability theorem] Abstract (and the achievability statement in the main theorem): the claim that any prescribed leakage level is achievable by tuning the variance of the privacy-preserving noise presupposes that the conditional mutual information I(sensor identity; estimate | state) is a continuous, strictly monotone function of σ² with limits I_max at σ²=0 and 0 as σ²→∞. Because the Luenberger observer is recursive, the estimate at time t incorporates the entire history of past sensor selections and measurements; conditioning only on the current state does not eliminate this history dependence in p(estimate | state, current sensor). Consequently the mapping from current-step variance to conditional MI may fail to be surjective onto [0, I_max] or even continuous, undermining the central achievability result.

    Authors: We appreciate the referee's careful analysis of the recursive nature of the observer. While the estimate indeed depends on the history of sensor selections, the i.i.d. selection of sensors at each time step ensures that, conditional on the current state x_t, the distribution of the historical estimate is independent of the current sensor identity s_t. The current measurement y_t depends on s_t, and the privacy-preserving noise is added independently. Thus, p(estimate_t | x_t, s_t) is obtained by averaging the observer update over the history distribution p(history | x_t) and then adding the Gaussian noise with variance σ². This family of conditional distributions varies continuously with σ² in the sense of weak convergence under the Gaussian assumptions. Since the conditional mutual information is continuous with respect to the joint distribution under the second-moment bounds guaranteed by the stable LTI system, I(s_t; estimate_t | x_t) is continuous in σ². It is also strictly decreasing because increasing σ² strictly reduces the distinguishability between different s_t. The limits are I_max at σ²=0 and 0 as σ²→∞. Therefore, by the intermediate value theorem, every value in [0, I_max] is achieved for some σ², preserving the achievability result. We will add a clarifying paragraph in the revised manuscript to explicitly address this history dependence and the continuity argument. revision: partial

Circularity Check

0 steps flagged

No circularity: achievability result is independent of inputs

full rationale

The paper derives an information-theoretic privacy guarantee for LTI systems using a Luenberger observer and additive noise, with leakage defined as conditional mutual information I(sensor_id; estimate | state). The claim that any leakage level is achievable by tuning noise variance follows from continuity and range properties of the mutual information under the stated linear dynamics and sensor models. No self-definitional reduction, fitted parameter renamed as prediction, or load-bearing self-citation appears; the result is a standard existence argument over a continuous parameter and remains self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The result rests on standard assumptions of linear time-invariant dynamics and additive Gaussian noise, plus the information-theoretic definition of leakage; no new entities are postulated and no parameters are fitted to data.

axioms (2)
  • domain assumption The underlying system is linear time-invariant with known dynamics and the sensors have pre-specified linear models plus additive noise.
    Invoked when describing the estimator and the random sensor selection process.
  • domain assumption Mutual information between sensor identity and state estimate conditioned on the true state is the appropriate leakage measure for an omnipotent adversary.
    Used to define the privacy constraint in the abstract.

pith-pipeline@v0.9.0 · 5678 in / 1446 out tokens · 29682 ms · 2026-05-21T21:54:47.223724+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

28 extracted references · 28 canonical work pages

  1. [1]

    Mobile crowdsensing: Curr ent state and future challenges,

    R. K. Ganti, F. Y e, and H. Lei, “Mobile crowdsensing: Curr ent state and future challenges,” IEEE Communications Magazine , vol. 49, no. 11, pp. 32–39, 2011

    work page 2011

  2. [2]

    Towards smart city: Sensing air quality in city based on opportunist ic crowd- sensing,

    J. Dutta, C. Chowdhury, S. Roy, A. I. Middya, and F. Gazi, “ Towards smart city: Sensing air quality in city based on opportunist ic crowd- sensing,” in Proceedings of the 18th International Conference on Dis- tributed Computing and Networking , pp. 1–6, 2017

    work page 2017

  3. [3]

    Cloud -assisted mobile crowd sensing for traffic congestion control,

    H. Y an, Q. Hua, D. Zhang, J. Wan, S. Rho, and H. Song, “Cloud -assisted mobile crowd sensing for traffic congestion control,” Mobile Networks and Applications , vol. 22, no. 6, pp. 1212–1218, 2017

    work page 2017

  4. [4]

    Fitness tracking app Strava gives away locatio n of secret US army bases

    A. Hern, “Fitness tracking app Strava gives away locatio n of secret US army bases.” The Guardian, Published: 29 Jan

    work page

  5. [5]

    https://www.theguardian.com/world/2018/jan/28/ fitness-tracking- app-gives-away-location-of-secret-us-army-bases

    work page 2018

  6. [6]

    Preserving privacy of agents i n participatory- sensing schemes for traffic estimation,

    F. Farokhi and I. Shames, “Preserving privacy of agents i n participatory- sensing schemes for traffic estimation,” in 2016 IEEE 55th Conference on Decision and Control (CDC) , pp. 6739–6744, IEEE, 2016

    work page 2016

  7. [7]

    Privacy preservation for participatory sensing data,

    I. Boutsis and V . Kalogeraki, “Privacy preservation for participatory sensing data,” in 2013 IEEE International Conference on Pervasive Computing and Communications (PerCom) , pp. 103–113, 2013

    work page 2013

  8. [8]

    User privacy and data trus tworthiness in mobile crowd sensing,

    D. He, S. Chan, and M. Guizani, “User privacy and data trus tworthiness in mobile crowd sensing,” IEEE Wireless Communications , vol. 22, no. 1, pp. 28–34, 2015

    work page 2015

  9. [9]

    A privacy-preservi ng reputation system for participatory sensing,

    K. L. Huang, S. S. Kanhere, and W. Hu, “A privacy-preservi ng reputation system for participatory sensing,” in 37th Annual IEEE Conference on Local Computer Networks (LCN) , pp. 10–18, IEEE, 2012

    work page 2012

  10. [10]

    TrPF: A trajecto ry privacy- preserving framework for participatory sensing,

    S. Gao, J. Ma, W. Shi, G. Zhan, and C. Sun, “TrPF: A trajecto ry privacy- preserving framework for participatory sensing,” IEEE Transactions on Information F orensics and Security, vol. 8, no. 6, pp. 874–887, 2013

    work page 2013

  11. [11]

    Ena bling privacy-preserving incentives for mobile crowd sensing sy stems,

    H. Jin, L. Su, B. Ding, K. Nahrstedt, and N. Borisov, “Ena bling privacy-preserving incentives for mobile crowd sensing sy stems,” in 2016 IEEE 36th International Conference on Distributed Com puting Systems (ICDCS) , pp. 344–353, IEEE, 2016

    work page 2016

  12. [12]

    Calibra ting noise to sensitivity in private data analysis,

    C. Dwork, F. McSherry, K. Nissim, and A. Smith, “Calibra ting noise to sensitivity in private data analysis,” in Theory of Cryptography Conference, pp. 265–284, Springer, 2006

    work page 2006

  13. [13]

    The algorithmic foundations of differential privacy,

    C. Dwork, A. Roth, et al. , “The algorithmic foundations of differential privacy,” F oundations and Trends in Theoretical Computer Science , vol. 9, no. 3–4, pp. 211–407, 2014

    work page 2014

  14. [14]

    On the relation between i dentifiability, differential privacy, and mutual-information privacy,

    W. Wang, L. Ying, and J. Zhang, “On the relation between i dentifiability, differential privacy, and mutual-information privacy,” IEEE Transactions on Information Theory , vol. 62, no. 9, pp. 5018–5029, 2016

    work page 2016

  15. [15]

    On the robu stness of information-theoretic privacy measures and mechanisms,

    M. Diaz, H. Wang, F. P . Calmon, and L. Sankar, “On the robu stness of information-theoretic privacy measures and mechanisms,” IEEE Trans- actions on Information Theory , vol. 66, no. 4, pp. 1949–1978, 2019

    work page 1949

  16. [16]

    An operational app roach to information leakage,

    I. Issa, A. B. Wagner, and S. Kamath, “An operational app roach to information leakage,” IEEE Transactions on Information Theory, vol. 66, no. 3, pp. 1625–1657, 2019

    work page 2019

  17. [17]

    t-closeness: Privacy beyond k- anonymity and l-diversity,

    N. Li, T. Li, and S. V enkatasubramanian, “t-closeness: Privacy beyond k- anonymity and l-diversity,” in 2007 IEEE 23rd International Conference on Data Engineering , pp. 106–115, IEEE, 2006

    work page 2007

  18. [18]

    k-anonymity: A model for protecting priva cy,

    L. Sweeney, “k-anonymity: A model for protecting priva cy,” Interna- tional Journal of Uncertainty, Fuzziness and Knowledge-ba sed Systems , vol. 10, no. 05, pp. 557–570, 2002

    work page 2002

  19. [19]

    (nearly) optimal algori thms for private online learning in full-information and bandit settings,

    A. Guha Thakurta and A. Smith, “(nearly) optimal algori thms for private online learning in full-information and bandit settings,” in Advances in Neural Information Processing Systems (C. Burges, L. Bottou, M. Welling, Z. Ghahramani, and K. Q. Weinberger, eds.), vol. 26, 2013

    work page 2013

  20. [20]

    Temporally discounted differential priv acy for evolving datasets on an infinite horizon,

    F. Farokhi, “Temporally discounted differential priv acy for evolving datasets on an infinite horizon,” in 2020 ACM/IEEE 11th International Conference on Cyber-Physical Systems (ICCPS) , pp. 1–8, IEEE, 2020

    work page 2020

  21. [21]

    Differentially pr ivate password frequency lists,

    J. Blocki, A. Datta, and J. Bonneau, “Differentially pr ivate password frequency lists,” in 23nd Annual Network and Distributed System Security Symposium, NDSS 2016 , 2016

    work page 2016

  22. [22]

    Differential privac y for dynamical sensitive data,

    F. Koufogiannis and G. J. Pappas, “Differential privac y for dynamical sensitive data,” in 2017 IEEE 56th Annual Conference on Decision and Control (CDC), pp. 1118–1125, IEEE, 2017

    work page 2017

  23. [23]

    T. M. Cover and J. A. Thomas, Elements of information theory . Hoboken, New Jersey: John Wiley & Sons, 2 ed., 2006

    work page 2006

  24. [24]

    From the information bottleneck to the privacy funnel,

    A. Makhdoumi, S. Salamatian, N. Fawaz, and M. M´ edard, “ From the information bottleneck to the privacy funnel,” in 2014 IEEE Information Theory W orkshop (ITW 2014) , pp. 501–505, IEEE, 2014

    work page 2014

  25. [25]

    Privacy-constrained communic ation,

    F. Farokhi and G. Nair, “Privacy-constrained communic ation,” IF AC- PapersOnLine, vol. 49, no. 22, pp. 43–48, 2016

    work page 2016

  26. [26]

    On privacy of dynamical systems: An optimal probabilistic mapping app roach,

    C. Murguia, I. Shames, F. Farokhi, D. Neˇ si´ c, and H. V . Poor, “On privacy of dynamical systems: An optimal probabilistic mapping app roach,” IEEE Transactions on Information F orensics and Security , vol. 16, pp. 2608–2620, 2021

    work page 2021

  27. [27]

    BMI: Bounded mutual information for efficient privacy-preservi ng feature selection,

    D. Eklund, A. Iacovazzi, H. Wang, A. Pyrgelis, and S. Raz a, “BMI: Bounded mutual information for efficient privacy-preservi ng feature selection,” in Computer Security – ESORICS 2024 (J. Garcia-Alfaro, R. Kozik, M. Chora´ s, and S. Katsikas, eds.), pp. 353–373, Sp ringer Nature Switzerland, 2024

    work page 2024

  28. [28]

    Pata, Fixed Point Theorems and Applications

    V . Pata, Fixed Point Theorems and Applications . Springer International Publishing, 2019

    work page 2019