Patent attributes
A system for determining a calculation utilizing differential privacy including an interface and a processor. The interface is configured to receive a request to determine result data of a calculation using multitenanted data. The multitenanted data comprises tenant data associated with a plurality of tenants. The processor is configured to: determine the result data by performing the calculation on the multitenanted data; determine whether a deterministic modification is needed to ensure privacy based at least in part on whether a number of participants in the result data is less than a threshold; and in response to determining that the deterministic modification is needed to ensure privacy: determine the deterministic modification; numerically modify the result data using the deterministic modification to determine modified result data; and provide the modified result data.