Partial Disclosure of Private Dependencies in Privacy Preserving Planning
PPartial Disclosure of Private Dependencies in Privacy Preserving Planning
Rotem Lev Lehman , Guy Shani and Roni Stern , Software and Information Systems Engineering, Ben Gurion University of the Negev, Be’er Sheva,Israel Palo Alto Research Center, Palo Alto, CA, [email protected], [email protected], [email protected]
Abstract
In collaborative privacy preserving planning(
CPPP ), a group of agents jointly creates a plan toachieve a set of goals while preserving each others’privacy. During planning, agents often revealthe private dependencies between their publicactions to other agents, that is, which public actionfacilitates the preconditions of another publicaction. Previous work in
CPPP does not limit thedisclosure of such dependencies. In this paper, weexplicitly limit the amount of disclosed dependen-cies, allowing agents to publish only a part of theirprivate dependencies. We investigate differentstrategies for deciding which dependencies topublish, and how they affect the ability to findsolutions. We evaluate the ability of two solvers —distribute forward search and centralized planningbased on a single-agent projection – to produceplans under this constraint. Experiments overstandard
CPPP domains show that the proposeddependency-sharing strategies enable generatingplans while sharing only a small fraction of allprivate dependencies.
Designing autonomous agents that act collaboratively toachieve a common set of goals has been a major goal for Ar-tificial Intelligence research for many years.
CollaborativePrivacy-Preserving Planning ( CPPP ) is a multi-agent plan-ning task in which agents need to achieve a common set ofgoals without revealing certain private information [Brafmanand Domshlak, 2008]. In particular, in
CPPP an individualagent may have a set of private facts and actions that it doesnot share with the other agents.
CPPP has important moti-vating examples, such as planning for organizations that out-source some of their tasks, and has recently received con-siderable attention from the academic community [Nissimand Brafman, 2014; Brafman, 2015; Torre˜no et al. , 2017;Tozicka et al. , 2017; Maliah et al. , 2018; Caspari et al. , 2020].There are two common approaches to
CPPP : single search and two-level search . Single search solvers run a jointforward search [Nissim and Brafman, 2014; ˇStolba andKomenda, 2017] where agents that apply public actions send the resulting state to other agents that continue the forwardsearch. Two-level search solvers create a public plan skele-ton that is shared by all agents, and then each agent extends itlocally with private actions [Maliah et al. , 2015].In either case, the agents either indirectly or explicitly pub-lish dependencies between the public actions. For example,in a multiagent Mars Rover scenario, the need to take a cam-era from a base station before sending an image, incurs a pri-vate dependency between these public actions. In both singlesearch and a two-level approach some private dependenciesare revealed during planning. Maliah et al. [2016b] computeand publish all such private dependencies in the form of artifi-cial facts. This allows the agents to jointly create and publisha projection of the problem that contains all the public facts,public actions, and published artificial facts that capture pri-vate dependencies. Such a projection can be used to constructheuristics for single search CPPP algorithms such as
MAFS . Intwo-level search solvers, this projection can be used to gen-erate the public plan, defining the public plan to be a solutionto the problem defined by the projection.In many cases, however, the agents can construct a plan re-quiring only a small portion of the private dependencies. Itmay be preferable to reveal only a part of the dependencies,intuitively reducing the amount of disclosed private informa-tion. This raises the challenge of how to choose which pri-vate dependencies to share and which not to. We suggest 4different heuristic methods for deciding which dependenciesshould be published first. We provide experiments on stan-dard benchmarks from the
CPPP literature. Our results showthat in many domains using our heuristics allows computinga plan while publishing only a small portion of the private de-pendencies. We also analyze the makespan cost of the plans,showing that for some domains publishing fewer dependen-cies does not increase the plan cost significantly. An MA - STRIPS problem [Brafman and Domshlak, 2013] is atuple (cid:104) P, { A i } ki =1 , I, G (cid:105) where:• k is the number of agents.• P is a finite set of primitive propositions (facts).• A i is the set of actions agent i can perform.• I is the start state. a r X i v : . [ c s . M A ] F e b igure 1: The rovers domain, with 2 base stations b and b , and 2rovers, r and r , collaborating to take measurements of a rock. • G is the goal condition.Each action a = (cid:104) pre ( a ) , eff ( a ) (cid:105) is defined by its pre-conditions ( pre ( a ) ), and effects ( eff ( a ) ). Preconditions andeffects are conjunctions of primitive propositions and literals,respectively. A state is a truth assignment over P . G is a con-junction of facts. a ( s ) denotes the result of applying action a to state s . A plan π = ( a , . . . , a k ) is a solution to a planningtask iff G ⊆ a k ( . . . ( a ( I ) . . . ) .Privacy-preserving MA - STRIPS extends MA - STRIPS bydefining sets of variables and actions as private, known onlyto a single agent. private i ( P ) and private i ( A i ) denote thevariables and actions, respectively, that are private to agent i . public ( P ) is the set of public facts in P . public i ( A i ) , thecomplement of private i ( A i ) w.r.t. A i , is the set of public ac-tions of agent i . Some preconditions and effects of publicactions may be private, and the action obtained by removingthese private elements is called its public projection , and it isknown to other agents. When a public action is executed, allagents are aware of the execution, and view the public effectsof the action. The goals can be public, but can also be privateto a single agent. An agent is aware only of its local view ofthe problem, that is, its private actions and facts, its public ac-tions, the public facts, and the public projection of the actionsof all other agents. That is, for public actions of other agents,the agent’s local view contains only the public preconditionsand effects of these actions.In a Rovers example (Figure 1), 2 Mars Rovers collaborateto explore Mars rocks. The Rovers need to perform sensormeasurements on rocks, and, due to limited carriage capac-ity, can only carry 2 sensors at a time. Unused sensors arestored in base stations, and can be taken and returned to thebase stations as needed. The public facts in this problem arethe sensors located in bases, and the current condition of thetarget rock. The public actions are taking and returning sen-sors to the base stations, putting collected rock samples at thebase stations, and performing various examination actions onrocks, such as taking an image, mining a mineral, or collect-ing a sample. The sensors held by a rover and its position areprivate, and the private actions are movement actions. An algorithm is privacy-preserving, if it provably does not“reveal private information”. Much of the research onprivacy-preserving planning considered revealing private in-formation only if the information is explicitly communicatedto another agent. For example, if an agent publishes duringplanning that it intends to drive rover r from the base base to the rock rock , then clearly the agent has revealed the exis- tence of r , as well as an ability to achieve the private fact (at r rock ) , breaking the privacy constraint. However, if theagent only publishes that it can achieve a private fact with theobfuscated name p , then it is unclear what private informa-tion has been revealed. Thus, some privacy-preserving MA-STRIPS planners are built on obfuscating the private informa-tion they publish by applying some cryptographic tool [Luisand Borrajo, 2014; Borrajo and Fernandez, 2015].Brafman [2015] shows that the above form of privacy isweak, in the sense that there is no well-formed constraint onwhat other agents can infer from the information availableto them. For example, if the public plan consists of agent i taking a camera and the take action requires a rover to bepresent at the base that contains the camera, then all agentsnow know that i controls at least one rover. Brafman con-sidered a stronger form of privacy, where a fact or a specificvalue of a fact is strongly private if other agents cannot de-duce its existence from the available information.By “deducing the existence” of a private fact, we mean thatregardless of the reasoning power of the agents, they cannotinfer the existence of a strongly private fact from the avail-able information. The information available to an agent is (1)its local view of the problem, (2) the messages between theagents during planning, and (3) the sequence of public actions(of all agents) in the resulting plan. A multi-agent planningalgorithm is said to be strongly privacy preserving if the onlyinformation that agents can deduce, following the executionof the algorithm, is information that is implied by the publicprojection, their local view, and the public part of the solu-tion [Brafman, 2015].While appealing, achieving such a strong form of privacymay be difficult. In fact, only two algorithms proven so farhave this strict form of privacy: Secure MAFS [Brafman,2015] and two special variants of PSM [Tozicka et al. , 2017].Even these algorithms preserve this form of privacy only un-der restrictive conditions. For example, secure
MAFS wasshown to preserves strong privacy in a short list of specificdomains (logistics, satellites, rovers), having unit action costand when the heuristic function ignores the private state.Thus, using more informed heuristics, such as the depen-dencies preserving projection heuristic [Maliah et al. , 2016c]that we discuss later in the article, may violate the strongprivacy of Secure MAFS. The current planners that preservestrong privacy are either inefficient or incomplete [Tozicka etal. , 2017; Stolba et al. , 2016]. Inefficiency in this context isthat for any MA - STRIPS problem, all public solutions to alllocal views must be computed before a solution is returned.Tozicka et al. [2017] suggested considering cases where analgorithm maintains strong privacy for a class of problems.Researchers have offered other definitions of privacy asidefrom the two extreme cases of weak and strong privacy.Maliah et al. [2016a] suggest that an agent should only beaware of neighboring agents that modify a subset-private factthat the agent uses as precondition or effect. An algorithmpreserves agent privacy if no agent can infer the existenceof another agent with which it does not share subset-privatefacts.Alternatively, Maliah et al. [2016c] suggest that agentsmay be aware of the types of objects that other agents manip-late, but not of their cardinality. In the rovers example, eventhough all agents may be aware that rovers carry tools be-tween the base and the rocks, they should not be aware of thenumber of rovers, or the amount of tools in the rovers’ stor-age. An algorithm preserves cardinality privacy if no agentcan infer the number of private objects controlled by anotheragent. In our running example, no agent should know whether agent controls 1 or 2 rovers.Finally, instead of designing binary privacy criteria, onecan consider more refined privacy metrics, that quantify theamount of leaked information [ ˇStolba et al. , 2018]. For ex-ample, in distributed search [Maheswaran et al. , 2006] oneoften quantifies information loss using the entropy over thepossible state space. In that case, it may be possible for anapplication designer to sacrifice some privacy in favor of effi-ciency, such as the ability to scale up to larger problems. Thetrade-off between privacy loss and efficiency is also studiedin our paper, where privacy loss is quantified by the amountof revealed private dependencies and efficiency is measuredby coverage and plan cost. We provide here a brief background on the two main ap-proaches for
CPPP : single search and two-level search . Singlesearch algorithms for CPPP work by running a distributed for-ward search algorithm in which each agent searches for a planusing its own action space, and agents informs other agents ofadvancements in the search process by sending and receivingthe states they have reached.
MAFS [Nissim and Brafman,2014] is a well-known example of a single-search algorithmfor
CPPP . In
MAFS each agent runs a best-first forward searchto reach the goal and maintains its own open list of states. Inevery iteration, each agent chooses a state in its open list toexpand, generates all its children, and adds them to its openlist (avoiding duplicates). Whenever an agent expands a statethat was generated by applying a public action, it also broad-casts this state to all other agents. When an agent receives abroadcasted state, it adds that state to its open list. For exam-ple, in Figure 1, when agent puts down the camera at base b , it broadcasts this state to all other agents. Agent cannow use this state to pick up the camera and take a photo of arock. To preserve privacy, the private part of a state is obfus-cated when broadcasting it by replacing the private facts withan index. Only the broadcasting agent knows how to mapthis index to the corresponding private facts. Once the goal isreached, the agent achieving the goal informs all others.Two-level search algorithms for CPPP work by comput-ing a public plan, known as a coordination scheme [Nis-sim and Brafman, 2014; Brafman and Domshlak, 2013;Torreno et al. , 2014], and then have each agent independentlyextend the public plan into a complete plan by adding privateactions. In this extension each agent attempts to achieve thepreconditions of its own public actions in the public plan. TheDependency Projection Planner (DPP) [Maliah et al. , 2018]is an example of a two-level search algorithm. In DPP, theagents compute together a single agent projection of the
CPPP problem that captures the dependencies between public ac-tions. This projection, referred to as the
DP projection , cap-tures for each agent which public actions facilitate the exe- cution of other public actions of that agent. In our runningexample, such a dependency exists, e.g., for agent betweenpicking up a camera at base b and taking a photo of the rock.These dependencies are computed using limited regressionfrom the precondition of a public action to the effects of otherpublic actions. One can compute a public plan over the pro-jection using a standard classical planner. The projection isincomplete, and hence the generated public plan may not beextended to a complete plan. We now present the main contribution of this paper — re-ducing the amount of disclosed private dependencies andhence, the amount of disclosed information. In this paper,we discuss this in the context of two state-of-the-art methods:
MAFS [Nissim and Brafman, 2014] and DPP [Maliah et al. ,2018]. We first describe our methods in the context of DPP,and then discuss their application to
MAFS .DPP works by generating a DP projection that is sharedbetween all agents. For ease of exposition, we describe a briefand slightly modified version of the DP projection. We saythat a public action a facilitates the achievement of a privatefact f , if (1) f is an effect of a , or (2) there exists a sequenceof private actions a , ..., a k such that: f is an effect of a k ,each a i takes as precondition an effect of some a j s.t. j < i ,and a takes as precondition an effect of a . Definition 1 (Private Dependency) . An action a is said tohave a private dependency if it has a private fact f as a pre-condition such that one of the following hold: (1) there isanother public action a (cid:48) that facilitates achieving f , (2) f iseither true in the start state or can be achieved from it by onlyapplying private actions. In the rovers example take-image ( rover , rock ) has aprivate dependency because it has a private precondition holding ( rover , camera ) that the public action take ( rover , camera , base ) facilitates to achieve.The agents jointly create a projection of the public prob-lem, containing all the public facts, and a projected versionof the public actions. For each public action a i that requires aprivate precondition f j , we create an artificial public fact f ij .The projected public version of a requires f ij as precondition.For each action a (cid:48) of the agent that facilitates the achievementof the private f j , the agent publishes f ij as an effect of a (cid:48) ,thus publishing the private dependency of a on a (cid:48) , althoughthe way that f j is achieved remains obscured.For a public action a of an agent i we add to the projectiona public artificial fact f a , signifying that a was executed. If a facilitates the achievement of a private precondition of anaction a of i , then the projected a will have f a as precon-dition. These artificial facts f a capture private dependenciesbetween public actions.In DPP [Maliah et al. , 2016b], the agents compute andpublish all their private dependencies. In this work, we limitthe number of private dependencies of each agent is allowedto publish to k , where k is a parameter. Technically, eachagent publishes all the artificial preconditions of all publicactions, as well as k artificial effects of public actions. Allublic preconditions are published to avoid an over optimisticprojection, where agents believe that they can execute publicactions with no previous requirements.In MAFS [Nissim and Brafman, 2014], each agent decideswhich dependencies it is willing to disclose, but it does notpublish them. Instead, these dependencies are considered in
MAFS when it generates states and when it computes heuris-tic values for a state. A state is only expanded if it does notreveal a dependency that is not disclosed, and it only con-siders published dependencies when computing heuristics forstates. Further details on how
MAFS considers the disclosedset of dependencies is given in section 3.3.
Figure 2: Local perspective of agent 1 private dependencies in theRovers domain. Each node n is marked with a unique identifiercolored red. r = rover , c = camera , b i = base i , md = mineral detector We now discuss how to choose which k private dependenciesto share. We suggest 4 different methods for selecting whichdependencies to publish first. We take an iterative approach— all agents publish one artificial effect of one public ac-tion at each iteration. Our methods assign a heuristic score toeach dependency. The artificial effect with the highest scoreis published at each iteration. If the public projection cannotbe solved, all agents recompute the heuristic scores, and pub-lish a second artificial effect of a public action, and so forth.Hence, at each iteration an agent recomputes the scores, giventhe effects it has published thus far.To better illustrate our methods, Figure 2 shows the lo-cal perspective of the private dependencies of agent 1 in theRovers domain. Black nodes in the first and third columnsrepresent public actions, purple nodes in the fourth columnrepresent public facts, and blue nodes in the second columndenote artificial facts that capture private dependencies be-tween public actions. The public actions on the first columngenerate the artificial facts while the public actions on thethird column require them as preconditions, and generate thepublic facts. Our methods always publish one of the blackedges in the graph, between a public action and an artificialfact that it can generate. The blue and purple edges (artificialpreconditions and public effects) are always known.Our first method, which we denote m , publishes artificialeffects that are used as preconditions in as many public ac-tions as possible. Initially the score of an artificial effect isset to the out-degree of the artificial fact. In the example in Figure 2, we can publish either the effect of n , or the effectof n , representing taking the camera from either base, as itsupplies a precondition for 3 public actions ( n , n , n ).Let us assume that the effect of n was published first.We want to avoid choosing to publish the effect of n atthe next iteration, encouraging facilitating additional precon-ditions. We hence decrease from the score of an edge (cid:104) n i , n j (cid:105) by the number of incoming edges to the artificial fact n j thatwere already published. In our example, at the next step, allunpublished effects have the same ranking.The second method, which we denote m , publishes aneffect that enables the achievement of as many public factsas possible, denoted by outgoing purple edges in Figure 2.An effect enables the achievement of a public fact f if it isa precondition to an action that achieves f . In m we setthe score of a black edge to the number of paths that leadfrom the edge to a public fact (purple node). Again, at eachiteration we decrease the score by number of incoming edgesthat were published to avoid repeatedly choosing the sameeffect. In our example all edges have the same score (3) at thefirst iteration. If we again select at the first iteration the effectof n , at the second iteration we will select either n or n .The third method, denoted m , maximizes the amount ofpublic actions that can be executed. That is, instead of pub-lishing the artificial fact that provides a precondition for sev-eral actions, we publish the artificial fact that enables as manypublic actions as possible. Here, in the first iteration, publish-ing the effect of taking the camera from either base ( n ), orthe effect of clearing the storage of the rover ( n ), both enableimmediately one public action ( n , and n , respectively). Ifwe first select, again, n , at the next iteration, taking the min-eral detector from either base station (producing n ) or clear-ing the storage (producing n ), both enable one additionalaction ( n and n respectively), and are hence tied.In this method we also need to balance between enablingnew public actions that have not been available given the al-ready published effects, and enabling new ways to apply al-ready possible actions, that may result in better plans. Assuch, for each action a that is enabled by the published effect,we discount its score by c a +1 where c a is the number of timesthat a was enabled by previously published facts. Hence, atthe first time that an action is enabled, it provides a score of1, at the second time, a score of , and so forth.The last method, denoted m , is similar to m , but focusesnot on the public actions, but on the public effects. That is, wepublish an effect that enables achieving as many public facts(purple nodes) as possible. Again, we discount the score ofa public fact by c f +1 where c f is the number of times thatpublic fact f was enabled by previously published facts. Inthis method, again any incoming edge to n and n are tiedin the first iteration. In the second iteration, however, if weagain select n first, taking the mineral detector (producing n ) has a better score, because it enables the mineral drillingaction ( n ), that has 2 public effects n , and n that wasalready obtained, and hence a score of . A DP projection Π is a single-agent problem. Let plans (Π) , opt (Π) , and states (Π) be the set of plans for Π , the cost ofn optimal plan for Π , and the number of reachable states in Π , respectively. For two DP projections Π and Π (cid:48) of the sameproblem, we say that Π (cid:48) subsumes Π , denote by Π ⊆ Π (cid:48) , iffthe set of private dependencies shared by Π is a subset of theset of private dependencies shared by Π (cid:48) . Corollary 1.
For any two DP projections Π and Π (cid:48) suchthat Π ⊆ Π (cid:48) it holds that: (1) plans (Π) ⊆ plans (Π (cid:48) ) , (2) opt (Π (cid:48) ) ≤ opt (Π) , and (3) states (Π) ≤ states (Π (cid:48) ) . This observation highlights the tradeoff we face when re-vealing more private dependencies. On the one hand, reveal-ing more dependencies has the potential to solve more prob-lems since more plans are reachable and find lower-cost solu-tions. On the other hand, DP projections created by revealingmore dependencies are, in general, harder to solve, since itscorresponding state space is larger. Corollary 1 is directlyapplicable to all the heuristic methods described above forchoosing which dependencies to share. For all methods ( m , m , m , and m ), increasing the number of dependencies thatcan be published ( k ) results in a DP projection that subsumesthe DP projection created by publishing fewer dependencies.Indeed, we observe the aforementioned trade-off in our ex-perimental results. MAFS
In this section, we provide more details on how we imple-mented partial disclosure of private dependencies in
MAFS [Nissim and Brafman, 2014].An agent running
MAFS (Algorithm 1) searches its own lo-cal space. Whenever agent i executes a public action it broad-casts a message m = (cid:104) a p , s p , idx , ..., idx n (cid:105) containing theexecuted public action a p , the resulting public state s p to allother agents, with a private state index idx k for every agent k . Agent i can now continue searching from that state. If, inthe same search path, agent i executes another public action itwill send a new message m (cid:48) = (cid:104) a (cid:48) p , s (cid:48) p , idx , ..., idx n (cid:105) . Theprivate state indexes in m (cid:48) for all agents, except i are identicalto the indexes in m .An agent j that receives both messages m and m (cid:48) can com-pare them and identify that only the public state, and the stateindex for i , have changed. Thus, agent j can know that mes-sage m (cid:48) contains a state that was generated in the same searchpath after m . This may reveal to agent j a private dependencyof agent i between a p and a (cid:48) p .To limit the private dependencies that are revealed in MAFS , each agent must initially decide on which dependen-cies it does not reveal (Line 2 in Algorithm 1). Then, when-ever the situation above occurs, if there is a dependency foragent i between a p and a (cid:48) p that it does not wish to disclose,it will not broadcast m (cid:48) (Line 21 in Algorithm 1). Agent i will not continue searching from the state that m (cid:48) represents,because even if we find a plan that uses that state, the finalplan will leak the dependency we did not wish to disclose.This modification — limiting the broadcasted states — al-lows MAFS to perform a joint search disclosing only somedependencies.One can also envision an iterative method, where initially,all agents attempt solving without revealing any dependen-cies. If the agents are unable to produce a solution, each agent reveals one dependency, and so forth. To avoid re-peated expansions, each agent can save the unbroadcastedstates mapped by the undisclosed dependency which was thereason that the state was not broadcasted. When revealinga new dependency, the agent can publish all the states thatwere not previously published due to the newly unrevealeddependency. We leave further exploration of this idea to fu-ture research.
We now evaluate our methods using standard benchmarks[ ˇStolba et al. , 2015]. For each problem in each domain, weran the projection-based solver [Maliah et al. , 2016b] and therevised
MAFS , both with a growing number of revealed de-pendencies. We denote the first as “joint projection” and thelatter as “
MAFS ”. The methods were implemented in C
Algorithm 1:
MAFS for agent r i MAFS( r i ) Initialize a set of dependencies D that are notallowed to be revealed Insert I into open list while solution not found do foreach message m call process-message( m ) s ← extract-min (open list) expand( s ) process-message( m = (cid:104) s, g j ( s ) , h j ( s ) (cid:105) ) if s is not in open or closed list ∨ g i ( s ) > g j ( s ) then add s to open list and calculate h i ( s ) g i ( s ) ← g j ( s ) h i ( s ) ← max ( h i ( s ) , h j ( s )) expand( s ) move s to closed list if s is a goal state then broadcast s, g i ( s ) , h i ( s ) to all agents return s as the solution a ← the action that generated s if a is a public action then a (cid:48) ← the public action preceding a if (cid:104) a (cid:48) , a (cid:105) / ∈ D then send s to all relevant agents else return // stop expansion of s apply r i ’s successor operators to s foreach successors s (cid:48) do compute h i ( s (cid:48) ) if s (cid:48) is not in closed list or h i ( s (cid:48) ) has improved then add s (cid:48) to open list omain m m m m m m m m C M D % C M D % C M D % C M D % C M D % C M D % C M D % C M D % BlocksWorld 1225 19
19 62% 19 62% 14 Depot 6753 20
20 45% 20 40% 20 40% 20
20 75% 20 75%Driverlog 5060 19
18 13% 19 38% 18 32% 18
18 50% 18 50%Elevators 6245 20 20% 20 20% 20
20 60% 20 51% 20 51% 20
20 60%Logistics 150 21
21 15% 21
21 15% 20
20 15% 20
20 15%Rovers 42155 20
19 11% 17 17% 20
19 11% 17 17%ZenoTravel 1320 17 25% 16 4% 18 55% 18
18 85% 17 4% 17 4% 18 Table 1: Coverage and disclosed dependencies for the projection method and
MAFS . C is the coverage for each heuristic m , ..., m . M D % is the percentage of the minimal amount of discloseddependencies that allows solving the most problems. The heuristic with the minimal M D % for each domain is in bold.(a) Elevators, max dep = 6245 (b) Blocksworld, max dep = 1225 (c) Depot, max dep = 6753(d) Rovers, max dep = 42155 (e) Logistics, max dep = 150 (f) Driverlog, max dep = 5060(g) ZenoTravel, max dep = 1320 (h) Legend.Figure 3: the same statistics. Then, we compute the average solutioncost and the number of solved problems under a timeout of 5minutes. This value is referred to as coverage . Coverage Results
Table 1 shows the coverage results forthe different solvers using the different heuristics m , m , m , and m . As can be seen, m , maximizing the numberof public actions that can be executed, performs the best forElevators, for both joint projection and MAFS solvers by anorder of magnitude. In BlocksWorld with the joint projectionsolver, m and m perform worse than m and m , but it isonly because of a single problem that was solved faster by m and m . The rest of the problems required less dependenciesby m and m , as can be seen in figure 3b. In Driverlog, m performs worse than m . In this domain, 16 problems were solved with exactly the same amount of dependencies for allheuristics. The last 3 problems required more dependenciesin m than in m . In Logistics and ZenoTravel, all meth-ods performed the same (except of one difficult problem). InRovers, m performs the worst, and all other methods per-form almost the same (again, except of one problem). In gen-eral, MAFS is slightly worse than the projection, and requiresmore dependencies in order to solve the problems.Figure 3 shows the number of problems that were solved oneach domain given the number of revealed dependencies byeach agent in the projection-based solver. For each problem,we also computed a “Hindsight value”, which is the numberof private dependencies used by the plan that was generatedwhen all dependencies are known. The hindsight is a base- a) Elevators, max dep = 6245 (b) Blocksworld, max dep = 1225 (c) Depot, max dep = 6753(d) Rovers, max dep = 42155 (e) Logistics, max dep = 150 (f) Driverlog, max dep = 5060(g) ZenoTravel, max dep = 1320 (h) Legend.Figure 4:
MAFS method. line for comparison, indicating how many private dependen-cies are enough to find a solution. The hindsight may notbe optimal, and it may be possible to provide a solution withfewer dependencies. We also report a method that randomlydecides which dependency to disclose, averaged over 10 runs. m , which prioritizes enabling additional public actions,performs the best in all domains. The rest of the methodsvary in their performance. On Blocksworld, e.g., m , that pri-oritizes achieving additional public facts, is the best togetherwith m , but on Elevators and Rovers m performs the worst.On Elevators, arguably the domain with the highest amount ofrequired collaboration, differences between methods are mostpronounced. On Depot, random dependencies have identicalperformance as the heuristics, except for 2 problems, wherethe random selection did not identify needed dependencies.Figure 5 shows agent’s dependency graphs (Section 3.1).In BlocksWorld and Elevators, m performs the best due toan artificial effect that is precondition to many actions, man-ifesting as a larger blue node in Figure 5. m and m revealthis artificial effect numerous times, instead of other usefuleffects, while m reveals this effect once, and publishes othereffects to achieve more actions. m performs very well on BlocksWorld but poorly on El-evators and Rovers. This is because BlocksWorld has somepublic facts that are easier to achieve, as they are achieved bymany actions (denoted by larger purple nodes). m avoids publishing additional ways to achieve these facts, and canhence allow achieving other useful public facts. In the otherdomains, most public facts have almost the same number ofactions that can achieve them. m cannot distinguish betweenthese dependencies. Hence, an analysis of the agent’s depen-dency graph can reveal whether m or m can be more use-ful. m performs better under diverse in-degree for the purplenodes, while m performs better given a uniform in-degree.On Depot all methods perform much worse than the hind-sight, and very similar to the random solver, leaving muchroom for improvement. Looking at the dependency graph(Figure 5c), for each public fact (purple node) there is a verysmall number of paths to it. Hence, practically every depen-dency seems equally important to all heuristics, yet many ofthem are not useful for achieving the goal.An interesting phenomenon occur in, e.g., BlocksWorldand Rovers, where some problems are solved when not alldependencies are available, but cannot be solved when moredependencies are published. This is because the projectionmethod may produce a public plan that cannot be extendedinto a complete plan, and we did not backtrack. Our methodswere often able to publish dependencies that resulted in plansthat could be extended. Later, additional dependencies con-fused the planner to choose plans that could not be extended.Figure 4 shows the number of problems that were solvedon each domain given the number of revealed dependencies a) Elevators (b) BlocksWorld (c) Depot(d) Rovers (e) Logistics (f) Driverlog(g) ZenoTravelFigure 5: Single agent dependency graphs for all domains. All of the dependencies graphs are drawn for the easiest problem of the domain.Each dependencies graph has the same layers as described previously. The size of the nodes in the first and second layers, is their out-degree ,and the size of the nodes in the third and fourth layers is their in-degree . There is also a special action that is a dummy-init-action in eachdomain, that action is at the bottom of the first actions layer. The dummy-init-action does not appear in Logistics and ZenoTravel, because itdoes not have any dependency with another public action in these domains. by each agent using MAFS . As in the projection-based solver, m seems to be the best here in all the domains. In MAFS ,for Elevators the difference between the heuristic methods ismost pronounced.
MAFS performed worse than the projectionmethod in our experiments, but in BlocksWorld the results arevery poor, as
MAFS timed out on many problems. This hap-pened because the projection method was better at identifyingplans with very little agent collaboration, while
MAFS tendedto identify plans here with significantly more collaboration.
Plan Cost Results
Finally, we consider the makespan costof the generated public plan. Dependencies affect not justsolvability but also cost. Even when a plan could be obtainedwithout revealing any dependency, better plans may be ob-tained by collaboration, revealing some dependencies. Thus,agents may trade off some privacy for increased efficiency.Table 2 shows the results of the following averaged fac- tors: (1) Min. cost, (2) Max. cost, (3) Min. dep. cost —the solution cost for a plan found with the least amount ofrevealed dependencies, and (4) Max. dep. cost – the solutioncost for a plan that was found with the maximal amount ofdependencies revealed. The “Improvement” column showsthe percentage of the minimal cost out of the Min. dep. cost ( Min. dep. cost − Min. costMin. dep. cost ∗ . That is, how much cost canbe reduced by revealing more dependencies. On average, theimprovement is only about 20% for the different methods inthe joint projection planner, and only 10% in MAFS . Thismeans that the solution obtained with the least amount of re-vealed dependencies was almost as good as the best solutionthat was found when we revealed additional dependencies.However, the impact of sharing private dependencies onsolution cost varies significantly per domain. For example, inthe joint projection solver, in BlocksWorld, the improvement omain M Joint projection MAFSMin Max Min. dep Max. dep Imp. Min Max Min. dep Max. dep Imp.
BlocksWorld m1 48.95 111.75 92.10 55.15 45.39% 29.33 30.93 30.07 30.20 m2 51.15 95.65 79.50 55.15 m3 47.35 99.65 83.20 50.10 43.05% 28.57 31.64 29.57 30.64 2.98%m4 47.65 97.95 81.60 50.10 42.61% 28.57 31.64 29.57 30.64 2.98%Depot m1 21.35 29.50 28.75 21.55 21.61% 21.15 21.70 21.25 21.55 1.13%m2 21.35 29.45 28.40 21.55 19.73% 21.15 21.65 21.20 21.55 m3 21.45 28.90 28.45 21.55 m4 21.45 29.05 28.60 21.55 20.26% 21.25 21.65 21.30 21.55
Driverlog m1 28.89 63.63 61.42 29.32 32.82% 21.11 23.56 22.39 22.67 6.48%m2 22.22 43.61 41.28 22.67 30.10% 21.61 23.50 22.61 22.67 5.91%m3 39.21 58.63 57.00 39.47
Elevators m1 33.50 53.10 37.45 46.90 m4 34.75 51.75 38.35 46.90 10.20% 37.55 60.50 40.90 55.70 9.19%Logistics m1 25.05 31.29 27.24 29.24 6.40% 25.15 31.95 27.85 29.35 8.04%m2 25.05 31.29 26.81 29.24 m3 25.00 31.24 27.24 29.24 6.62% 25.15 31.95 27.85 29.35 8.07%m4 25.00 31.24 26.81 29.24 5.55% 25.15 31.95 27.35 29.35 6.79%Rovers m1 49.50 53.00 52.40 50.25 6.07% 57.50 62.30 61.45 58.35 8.12%m2 50.25 51.50 51.50 50.25 m3 51.74 68.42 67.58 52.84 22.68% 60.26 83.05 82.00 62.37 26.83%m4 51.53 64.35 63.35 52.53 18.26% 58.00 77.41 77.41 58.41 24.41%ZenoTravel m1 45.12 56.12 47.59 54.41 9.32% 52.44 63.11 55.00 61.28 8.96%m2 37.31 50.63 39.81 48.81 9.81% 44.06 56.53 46.65 54.59 9.39%m3 51.83 62.83 54.61 60.72
Average m1 36.05 56.91 49.56 40.97 18.90% 34.85 42.19 36.84 39.87 5.93%m2 34.41 50.94 43.78 39.22 m3 38.51 57.27 50.92 42.98 19.66% 33.61 43.90 38.13 39.55 8.56%m4 36.38 54.79 48.28 40.53 19.13% 34.86 44.28 39.10 39.94 8.33%Table 2: Averaged plan makespan cost over all of solved problems for each domain. Min denotes the average minimal cost over all solvedproblems. Max denotes the average maximal cost. Min. dep denotes the cost when solved with the minimal amount of disclosed dependencies.Max. dep denotes the cost when solved with the maximal amount of disclosed dependencies. Imp. denotes improvement between the firsttime that the problem was solved to the best achieved solution. The lowest improvement, and hence best initial plan, is in bold. is about 40%. This is because every problem can be solvedby a single agent doing all the work. However, if the agentswork jointly, they distribute the actions to provide a bettermakespan. Also, in most cases, there was almost no differ-ence between the different heuristics ( m − ) with respect tothe solution cost. This shows that our heuristics are bettergeared towards solvability, not makespan. We leave heuris-tics oriented towards reducing costs to future research.The improvement made by MAFS is less than the improve-ment made by the joint projection solver. This is because
MAFS prefers plans with more collaboration.
In this work we suggest methods for publishing only a part ofthe private dependencies between public actions of agents.We provide experimental results on both the joint projec-tion method that uses all private dependencies to compute apublic plan, and
MAFS , modified to broadcast states only ifthey do not reveal a forbidden dependency. We show that inmany cases a public plan can be computed with only a smallportion of the dependencies, and that our heuristic methods rapidly find a good subset to share for both the joint projectionmethod and
MAFS . We provide experiments over standardbenchmark domains, comparing the coverage of our methods,as well as the cost of the found plans.Future work should analyze the privacy leakage, with re-spect to the revealed transition systems [Stolba et al. , 2019]in the context of using the shared dependencies in currentsolvers. It is also worthwhile to assign importance values todifferent dependencies, where each dependency has an intrin-sic value that needs to be considered.
Acknowledgements
This work is partially funded by ISF grant
References [Borrajo and Fernandez, 2015] Daniel Borrajo and SusanaFernandez. MAPR and CMAP. In
CoDMAP-15 , 2015.[Brafman and Domshlak, 2008] Ronen I Brafman andCarmel Domshlak. From one to many: Planning foroosely coupled multi-agent systems. In
ICAPS , pages28–35, 2008.[Brafman and Domshlak, 2013] Ronen I. Brafman andCarmel Domshlak. On the complexity of planning foragent teams and its implications for single agent planning.
Artificial Intelligence , 198:52–71, 2013.[Brafman, 2015] Ronen I. Brafman. A privacy preservingalgorithm for multi-agent planning and search. In
IJCAI ,pages 1530–1536, 2015.[Caspari et al. , 2020] Patrick Caspari, Robert Mattmuller,and Tim Schulte. A framework to prove strong privacyin multi-agent planning. In
Distributed and Multi-AgentPlanning (DMAP) workshop at ICAPS , 2020.[Luis and Borrajo, 2014] Nerea Luis and Daniel Borrajo.Plan merging by reuse for multi-agent planning. In
DMAP–ICAPS , 2014.[Maheswaran et al. , 2006] Rajiv T Maheswaran, Jonathan PPearce, Emma Bowring, Pradeep Varakantham, andMilind Tambe. Privacy loss in distributed constraint rea-soning: A quantitative framework for analysis and its ap-plications.
JAAMAS , 13(1):27–60, 2006.[Maliah et al. , 2015] Shlomi Maliah, Guy Shani, and RoniStern. Privacy preserving pattern databases. In
DMAP–ICAPS , volume 15, pages 9–17, 2015.[Maliah et al. , 2016a] Shlomi Maliah, Ronen I Brafman, andGuy Shani. Increased privacy with reduced communica-tion and computation in multi-agent planning. In
DMAP–ICAPS , volume 16, pages 106–112, 2016.[Maliah et al. , 2016b] Shlomi Maliah, Guy Shani, and RoniStern. Stronger privacy preserving projections for multi-agent planning. In the International Conference on Auto-mated Planning and Scheduling (ICAPS) , pages 221–229,2016.[Maliah et al. , 2016c] Shlomi Maliah, Guy Shani, and RoniStern. Stronger privacy preserving projections for multi-agent planning. In
ICAPS , pages 221–229, 2016.[Maliah et al. , 2018] Shlomi Maliah, Guy Shani, and RoniStern. Action dependencies in privacy-preserving multi-agent planning.
Autonomous Agents and Multi-Agent Sys-tems , 32(6):779–821, 2018.[Nissim and Brafman, 2014] Raz Nissim and Ronen I. Braf-man. Distributed heuristic forward search for multi-agentplanning.
JAIR , 51:293–332, 2014.[ ˇStolba and Komenda, 2017] Michal ˇStolba and Anton´ınKomenda. The madla planner: Multi-agent planning bycombination of distributed and local heuristic search.
Ar-tificial Intelligence , 252:175–210, 2017.[ ˇStolba et al. , 2015] Michal ˇStolba, Antonın Komenda, andDaniel L Kovacs. Competition of distributed and multia-gent planners (codmap).
The International Planning Com-petition (WIPC-15) , page 24, 2015.[Stolba et al. , 2016] Michal Stolba, Jan Tozicka, and An-ton´ın Komenda. Secure multi-agent planning algorithms.In
ECAI , pages 1714–1715, 2016. [ ˇStolba et al. , 2018] Michal ˇStolba, Jan Toˇziˇcka, and An-ton´ın Komenda. Quantifying privacy leakage in multi-agent planning.
TOIT , 18(3):28, 2018.[Stolba et al. , 2019] Michal Stolba, Daniel Fiser, and An-ton´ın Komenda. Privacy leakage of search-based multi-agent planning algorithms. In J. Benton, Nir Lipovet-zky, Eva Onaindia, David E. Smith, and Siddharth Sri-vastava, editors,
Proceedings of the Twenty-Ninth Interna-tional Conference on Automated Planning and Scheduling,ICAPS 2018, Berkeley, CA, USA, July 11-15, 2019 , pages482–490. AAAI Press, 2019.[Torreno et al. , 2014] Alejandro Torreno, Eva Onaindia, andOscar Sapena. FMAP: Distributed cooperative multi-agentplanning.
Applied Intelligence , 41(2):606–626, 2014.[Torre˜no et al. , 2017] Alejandro Torre˜no, Eva Onaindia, An-ton´ın Komenda, and Michal ˇStolba. Cooperative multi-agent planning: A survey.
ACM Computing Surveys ,50(6):1–32, 2017.[Tozicka et al. , 2017] Jan Tozicka, Michal ˇStolba, and An-ton´ın Komenda. The limits of strong privacy preservingmulti-agent planning. In