Data Anonymization that Leads to the Most Accurate Estimates of Statistical Characteristics: Fuzzy-Motivated Approach

Abstract

To preserve privacy, the original data points (with exact values) are replaced by boxes containing each (inaccessible) data point. This privacy-motivated uncertainty leads to uncertainty in the statistical characteristics computed based on this data. In a previous paper, we described how to minimize this uncertainty under the assumption that we use the same standard statistical estimates for the desired characteristics. In this paper, we show that we can further decrease the resulting uncertainty if we allow fuzzy-motivated weighted estimates, and we explain how to optimally select the corresponding weights.

I. Formulation of the Problem

Need to preserve privacy

In many practical applications, e.g., in medicine and in education, to better serve customers, it is important to know as much as possible about the potential customers. Customers are often reluctant to share information, since this information can be potentially used against them. For example, age can be used by companies to (unlawfully) discriminate against older job applicants. It is thus important to preserve privacy when storing customer data; see, e.g., [6].

How to preserve privacy: k-anonymity and ℓ-diversity

To maintain privacy, we divide the space of all possible combinations of values x = (x₁, …, x_n) into boxes

$$B=[{\mathrm{x̃}}_1-{\mathrm{\Delta }}_1(x),{\mathrm{x̃}}_1+{\mathrm{\Delta }}_1(x)]\times \dots \times [{\mathrm{x̃}}_n-{\mathrm{\Delta }}_n(x),{\mathrm{x̃}}_n+{\mathrm{\Delta }}_n(x)].$$ (1)

For each record, instead of storing the actual values x_i, we only store the label of the box B containing x.

To avoid further loss of privacy, it is important to make sure that location in a box does not identify a person. This is usually achieved by requiring that for some fixed integer k, each box contains at least k records.

It is also not good if all records within a box have the same value of an i-th quantity x_i. It is thus required that for some integer ℓ, each box should contain at least ℓ different values of each x_i; see, e.g., [1].

Statistical data processing

Based on the available data points $x^{(p)}=(x_1^{(p)},\dots ,x_n^{(p)})$ (1 ≤ p ≤ N), we need to estimate averages E_i, variances $V_i={\sigma }_i^2$, covariances C_ij, correlations ρ_ij, and other statistical characteristics. The means are usually estimated as follows:

$$E_i=\frac{1}{N}·\sum _{p=1}^N{x}_i^{(p)},E_j=\frac{1}{N}·\sum _{p=1}^N{x}_j^{(p)}.$$ (2)

The covariance is usually estimated as:

$$C_{ij}=\frac{1}{N}·\sum _{p=1}^N(x_i^{(p)}-E_i)·(x_j^{(p)}-E_j).$$ (3)

The variance is usually estimated by a formula

$$V_i=\frac{1}{N-1}·\sum _{p=1}^N{(x_i^{(p)}-E_i)}^2$$ (4)

or, sometimes,

$$V_i=\frac{1}{N}·\sum _{p=1}^N{(x_i^{(p)}-E_i)}^2,$$ (5)

and the correlation is estimated as

$${\rho }_{ij}=\frac{C_{ij}}{{\sigma }_i·{\sigma }_j}.$$ (6)

Comment. We are interested in large databases, in which the number N of records is large. For large N, the difference between the usual un-biased estimate for V_i (with N − 1 in the denominator) and the estimate with N is negligible. To simplify computations, in this paper, by V_i and σ_i, we will mean the versions corresponding to N; our results can be easily be reformulated for the un-biased estimates, which in our terms take the form $V_i·\frac{N-1}{N}$ and ${\sigma }_i·\frac{\sqrt{N-1}}{\sqrt{N}}$.

In statistical data processing, privacy leads to uncertainty

To maintain privacy, we replace each numerical value $x_i^{(p)}$ with the corresponding interval. Different values from these intervals lead, in general, to different values of the resulting statistical characteristics. Hence, for each characteristic, we get a whole interval of possible values.

If this interval is too wide, the resulting range is useless (e.g., for correlation, the interval [−1, 1] is useless). It is therefore desirable to select, among all possible subdivisions into boxes which preserve k-anonymity (and ℓ-diversity), the one which leads to the narrowest intervals for the desired statistical characteristic.

What we do in this paper

In Section 2, following [7], we describe how this problem is solved now. Please note that because our objective is to generalize these formulas to the weighted case, the notations that we use in Section 2 are slightly different from the notations from [7].

Then, in Section 3, we explain how fuzzy-motivated ideas can improve the corresponding estimates.

II. How This Problem Is Solved Now

Estimating accuracy caused by privacy-based subdivision into boxes: case of k-anonymity

To minimize uncertainty, we select the smallest boxes. Hence, each box B should have exactly k records.

For each combination of values $x_i^{(p)}$ from the corresponding intervals $[{\mathrm{x̃}}_i^{(p)}-{\mathrm{\Delta }}_i^{(p)},{\mathrm{x̃}}_i^{(p)}+{\mathrm{\Delta }}_i^{(p)}]$, we get:

$$C(x_1^{(1)},x_2^{(1)},\dots ,x_n^{(N)})=C({\mathrm{x̃}}_1^{(1)}+\mathrm{\Delta }{x}_1^{(1)},{\mathrm{x̃}}_2^{(1)}+\mathrm{\Delta }{x}_2^{(1)},\dots ,{\mathrm{x̃}}_n^{(N)}+\mathrm{\Delta }{x}_n^{(N)}),$$ (7)

where each difference $\mathrm{\Delta }{x}_k^{(p)}\stackrel{\text{def}}{=}{x}_k^{(p)}-{\mathrm{x̃}}_k^{(p)}$ satisfies the inequality $\left|\mathrm{\Delta }{x}_i^{(p)}\right|\le {\mathrm{\Delta }}_i^{(p)}$. When we have many records, boxes are small, so we can use a linear approximation:

$$C=\mathrm{C̃}+\sum _{p=1}^N\sum _{i=1}^n\frac{\partial C}{\partial x_i}·\mathrm{\Delta }{x}_i^{(p)},$$ (8)

where $\mathrm{C̃}\stackrel{\text{def}}{=}C({\mathrm{x̃}}_1^{(1)},{\mathrm{x̃}}_2^{(1)},\dots ,{\mathrm{x̃}}_n^{(N)})$. The range of this linear expression is [C̃ − Δ, C̃ + Δ], where

$$\mathrm{\Delta }\stackrel{\text{def}}{=}\sum _{p=1}^N\sum _{i=1}^n\left|\frac{\partial C}{\partial x_i}\right|·{\mathrm{\Delta }}_i^{(p)}=k·\sum _B\sum _{x\in B}\sum _{i=1}^n\left|\frac{\partial C}{\partial x_i}\right|·{\mathrm{\Delta }}_i(x).$$ (9)

Expressions for the corresponding partial derivatives

The estimate for the accuracy Δ is described in terms of partial derivatives $\frac{\partial C}{\partial x_i}$ of the statistical characteristic C. For the mean E_i, the derivative is equal to

$$\frac{\partial E_i}{\partial x_i}=\frac{1}{N}.$$ (10)

For the variance V_i, we have

$$\frac{\partial V_i}{\partial x_i}=\frac{2·(x_i-E_i)}{N}.$$ (11)

Therefore, for ${\sigma }_i=\sqrt{V_i}$, we get

$$\frac{\partial {\sigma }_i}{\partial x_i}=\frac{x_i-E_x}{N·{\sigma }_i}.$$ (12)

For the covariance C_ij, we have

$$\frac{\partial C_{ij}}{\partial x_i}=\frac{x_j-E_j}{N}.$$ (13)

For the correlation ρ_ij, we have:

$$\frac{\partial {\rho }_{ij}}{\partial x_i}=\frac{1}{N}·\frac{(x_j-E_j)-\frac{C_{ij}}{{\sigma }_i^2}·(x_i-E_i)}{{\sigma }_i·{\sigma }_j}.$$ (14)

For all these characteristics C, the derivative takes the form

$$\frac{\partial C}{\partial x_i}=\frac{1}{N}·b_i(x)$$ (15)

for some expression b_i(x).

Towards optimal subdivision into boxes

The overall expression for Δ is a sum of terms corresponding to different points. So, to minimize Δ, we must, for each point, minimize the corresponding term

$$\sum _{i=1}^n\left|\frac{\partial C}{\partial x_i}\right|·{\mathrm{\Delta }}_i(x).$$ (16)

Because of the relation between the partial derivatives and b_i(x), this minimization is equivalent to minimizing the term $\sum _{i=1}^n{a}_i(x)·{\mathrm{\Delta }}_i(x)$, where we denoted $a_i(x)\stackrel{\text{def}}{=}|b_i(x)|$.

The only constraint on the values Δ_i(x) is that the corresponding box should contain exactly k different points. The number of points can be obtained by multiplying the data density ρ(x) by the box volume $\prod _{i=1}^n(2{\mathrm{\Delta }}_i(x))$. The data density can be estimated based on the data. So, we minimize the expression

$$\sum _{i=1}^n{a}_i(x)·{\mathrm{\Delta }}_i(x)$$ (17)

under the constraint

$$\rho (x)·2^n·\prod _{i=1}^n{\mathrm{\Delta }}_i(x)=k.$$ (18)

(Asymptotically) optimal subdivision into boxes (case of k-anonymity)

The Lagrange multiplier technique leads to

$${\mathrm{\Delta }}_i(x)=\frac{c(x)}{a_i(x)},$$ (19)

for some c(x). From the constraint (18), we get

$$c(x)=\frac{1}{2}·\sqrt[n]{\frac{k}{\rho (x)}·\prod _{j=1}^n{a}_j(x)}.$$ (20)

This means that around each point x, we need to select the box with half-widths

$${\mathrm{\Delta }}_i(x)=\frac{1}{2}·\sqrt[n]{\frac{k}{\rho (x)}}·\frac{\sqrt[n]{\prod _{j=1}^n{a}_j(x)}}{a_i(x)}.$$ (21)

The resulting accuracy is equal to

$$\mathrm{\Delta }=\frac{n}{N}·\sum _{x}c(x),$$ (22)

where the sum is taken over all N data points x.

We need to dismiss rare points

In many practical situations, we have rare points, for which the smallest box containing k of them is huge. Such a big-size box will contribute a large amount of uncertainty to Δ; so we should dismiss such rare points.

If we select a subset S ⊂ {1, 2, …, N} of the set of N original points, then the privacy-related uncertainty reduces to

$$\frac{n}{\#S}·\sum _{x\in S}c(x),$$ (23)

where #(S) denote the number of points in the set S. The statistical accuracy reduces to

$$\frac{A}{\sqrt{\#(S)}}$$ (24)

(see, e.g., [5]). Minimizing the sum

$$\frac{n}{\#(S)}·\sum _{x\in S}c(x)+\frac{A}{\sqrt{\#(S)}}$$ (25)

leads to selecting all x with c(x) ≤ c₀, where c₀ minimizes the sum

$$\frac{n}{\#\{x:c(x)\le c_0\}}·\sum _{x:c(x)\le c_0}c(x)+\frac{A}{\sqrt{\#\{x:c(x)\le c_0\}}}.$$ (26)

Examples

For estimating the mean E_i, we have a_i(x) = const and thus,

$$c(x)=\mathrm{c}\mathrm{o}\mathrm{n}\mathrm{s}\mathrm{t}·\frac{1}{\sqrt[n]{\rho (x)}}.$$ (27)

In this case, c(x) is a decreasing function of density. So, dismissing points with c(x) > c₀ is equivalent to dismissing all the points with ρ(x) < ρ₀ (for some ρ₀).

For computing covariance C_ij, the derivative is proportional to x_i − E_i. Thus, the values a_i(x) are proportional to |x_i − E_i|. So, the upper threshold c₀ on c(x) is equivalent to the lower threshold on the ratio

$$\frac{\rho (x)}{|x_i-E_i|·|x_j-E_j|}.$$ (28)

Hence, we can also use points x with small ρ(x), provided that if x_i or x_j is close to the corresponding mean. Using extra points x improves accuracy.

How to also take into account ℓ-diversity

Up to now, we only took into account the k-anonymity requirement. We also need to take into account that within each box, for each variable x_i, there are ≥ ℓ different values of x_i. To formalize this requirement, we first need to describe what “different” means.

Usually, for each variable i, different means that

$$|x_i-x_i^{\prime }|\ge {\epsilon }_i$$ (29)

for some threshold ε_i. Thus, ℓ different values means that 2Δ_i(x) ≥ ℓ · ε_i. So, the problem is to find Δ_i(x) such that

$$\sum _{i=1}^n{a}_i(x)·{\mathrm{\Delta }}_i(x)\to \text{min}$$ (30)

under the constraints

$$\prod _{i=1}^n{\mathrm{\Delta }}_i(x)\ge \frac{k}{2^n·\rho (x)}$$ (31)

and

$$2{\mathrm{\Delta }}_i(x)\ge \ell ·{\epsilon }_i$$ (32)

for all i.

According to [7], the solution to this optimization problem is as follows: around each point x, we first compute the values

$${\mathrm{\Delta }}_i(x)=\frac{1}{2}·\sqrt[n]{\frac{k}{\rho (x)}}·\frac{\sqrt[n]{\prod _{j=1}^n{a}_j(x)}}{a_i(x)}.$$ (33)

If 2Δ_i(x) ≥ ℓ · ε_i for all i, we select Δ_i(x). Otherwise, we sort the quantities by a_i(x) · ε_i:

$$a_1(x)·{\epsilon }_1\ge a_2(x)·{\epsilon }_2\ge \dots \ge a_n(x)·{\epsilon }_n.$$ (34)

Then, for each t from 1 to n, we compute

$$c_t=\frac{1}{2}·{\left(\frac{k·\prod _{i=t+1}^n{a}_i(x)}{\rho (x)·{\ell }^t·\prod _{i=1}^t{\epsilon }_i}\right)}^{1/(n-t)}.$$ (35)

For each t, if $\frac{2c_t}{\ell }\ge a_{t+1}(x)·{\epsilon }_{t+1}$, we compute

$$\mathrm{\Delta }(t)\stackrel{\text{def}}{=}\frac{1}{2}·\ell ·\sum _{i=1}^t{a}_i(x)·{\epsilon }_i+(n-t)·c_t.$$ (36)

We select t for which Δ(t) is the smallest, and take:

• ${\mathrm{\Delta }}_i(x)=\frac{1}{2}·\ell ·{\epsilon }_i$ for i ≤ t, and

• ${\mathrm{\Delta }}_i(x)=\frac{c_t}{a_i(x)}$ for i > t.

Comment. The computation time of this algorithm is quadratic in n. This is OK, since the number n of different characteristics is usually reasonably small. What is important is that the algorithm is still linear-time in terms of the number of records N.

III. Fuzzy-Motivated Idea

Main idea

In [7], to improve the accuracy of the resulting estimate, we propose to ignore some data points while keeping other data points. In other words, we propose a crisp separation between data points that we keep and data points that we ignore. Fuzzy logic has taught us that in many cases, it is beneficial to replace such a crisp separation with a “fuzzy” one in which, instead of ignoring or keeping a data point, we take a data point with a certain degree; see, e.g., [2], [4], [8].

Implementing the idea

Specifically, instead of using the above formula for computing the statistical characteristics, in which all data points are treated equally, we assign a weight w(x) ≥ 0 to each data point so that ∑w(x) = 1, and use the weighted estimates for all the statistical characteristics:

$$E_i=\sum _{x}w(x)·x_i,{\sigma }_i^2=\sum _{x}w(x)·{(x_i-E_i)}^2,$$ (37)

$$C_{ij}=\sum _{x}w(x)·(x_i-E_i)·(x_j-E_j),{\rho }_{ij}=\frac{C_{ij}}{{\sigma }_i·{\sigma }_j}.$$ (38)

Optimization problem

Our objective is to find the weights w(x) for which the resulting uncertainty is the smallest possible. Similarly to the crisp case, this uncertainty consists of two parts: the part coming from the privacy-motivated uncertainty and the part coming from the fact that the size is finite.

One can check that for privacy-motivated uncertainty, the corresponding derivatives $\frac{\partial C}{\partial x_i}$ are proportional to the weight w(x). For each box, we thus face the exact same optimization problem for finding the best sizes Δ_i(x) of the corresponding privacy-related box. As a result, for the overall privacy-motivated uncertainty, we get the expression $n·\sum _{x}w(x)·c(x)$.

For the statistical part: if we simply estimate the variance of the estimate for the mean E_i = ∑w(x) · x_i, then, due to the fact that the variance of the sum of independent variables is equal to the sum of the variances, we conclude that the variance of this estimate is proportional to ∑ w²(x); see, e.g., [5]. Thus, the standard deviation of this estimate is proportional to

$$\sqrt{\sum _x{w}^2(x).}$$ (39)

For the traditional equal-weight estimate, when

$$w(x)=\frac{1}{\#(S)}$$ (40)

for all x, the proportionality coefficient becomes equal to the expression

$$\frac{1}{\sqrt{\#(S)}}$$ (41)

that we used in Section 2.

One can check that, similarly, estimates for the accuracy of other statistical characteristics can be obtained from the estimates provided in Section 2 by replacing $\frac{1}{\#(S)}$ with $\sqrt{\sum _x{w}^2(x)}$, i.e., this part is equal to

$$A·\sqrt{\sum _x{w}^2(x)}.$$ (42)

Thus, to minimize the overall inaccuracy, we need to minimize the following sum:

$$n·\sum _{x}w(x)·c(x)+A·\sqrt{\sum _x{w}^2(x)}$$ (43)

under the constraints $\sum _{x}w(x)=1$ and w(x) ≥ 0.

Solving the resulting optimization problem: general idea

By applying the Lagrange multiplier method to the above constraint optimization problem, we can reduce this problem to the following unconstrained optimization problem:

$$n·\sum _{x}w(x)·c(x)+A·\sqrt{\sum _x{w}^2(x)}-\lambda ·(\sum _{x}w(x)-1)\to \text{min},$$ (44)

for an appropriate Lagrange multiplier λ. Differentiating this objective function with respect to w(x) and equating the derivative to 0, we conclude that

$$n·c(x)+\frac{A·w(x)}{\sqrt{\sum _y{w}^2(y)}}-\lambda =0,$$ (45)

i.e., that

$$w(x)=\frac{1}{A}·(\lambda -n·c(x))·\sqrt{\sum _y{w}^2(y)}.$$ (46)

To be more precise, since we require that w(x) ≥ 0, this formula only holds when n · c(x) ≤ λ; when n · c(x) > λ, we should get w(x) = 0.

Towards computing the auxiliary parameter λ

How can we find λ? By squaring both sides of this formula, we get

$$w^2(x)=\frac{1}{A^2}·{(\lambda -n·c(x))}^2·\sum _y{w}^2(y).$$ (47)

By adding left- and right-hand sides corresponding to different x, we get

$$\sum _x{w}^2(x)=\frac{1}{A^2}·\left(\sum _x{(\lambda -n·c(x))}^2\right)·\sum _y{w}^2(y).$$ (48)

Dividing both sides of this equality by $\sum _x{w}^2(x)=\sum _y{w}^2(y)$, we conclude that

$$1=\frac{1}{A^2}·\sum _x{(\lambda -n·c(x))}^2,$$ (49)

i.e., that

$$\sum _x{(\lambda -n·c(x))}^2-A^2=0.$$ (50)

This is a quadratic equation in terms of λ, namely:

$$Ñ·{\lambda }^2-2\lambda ·n·\sum _{x}c(x)+n^2·\sum _x{c}^2(x)-A^2=0,$$ (51)

where e Ñ is the total number of points that we did not dismiss, i.e., for which n · c(x) < λ, and the sums are taken over all such points.

From this quadratic equation, we can find λ. Thus, we naturally arrive at the following iterative algorithm for computing λ.

Iterative algorithm for computing the auxiliary parameter λ

The goal of this algorithm is to find the threshold value λ, so that points x for which n · c(x) ≥ λ will be dismissed from our estimates (i.e., we would have w(x) = 0 for such points).

In the beginning, we do not have any reason to dismiss any values, so we start with the first approximation λ₀.

On each iteration k, we start with the value λ_k−1 obtained on the previous iteration, and compute the next approximation λ_k as follows.

• First, we compute the total numbers e Ñ of points x for which n · c(x) < λ_k−1.

• Then, we compute the sums $\sum _{x}c(x)$ and $\sum _x{c}^2(x)$ over all such points.

• Based on these values, we solve the quadratic equation (51) and find the next approximation λ_k.

We stop iterations when the process converges, i.e., when

$${\lambda }_k={\lambda }_{k-1}.$$ (52)

Towards computing w(x)

We know, from the formula (46), that for those points for which n · c(x) < λ, we have

$$w(x)=K·(\lambda -c(x)),$$ (53)

for some constant K. To find K, we can use the fact that $\sum _{x}w(x)=1$. Substituting the expression (53) into this constraint, we conclude that

$$1=K·(Ñ·\lambda -\sum _{x}c(x)).$$ (54)

Since we have already computed the values e Ñ, λ, and $\sum _{x}c(x)$ when we computed λ, we can thus compute K.

So, we arrive at the following formula for computing the desired weights.

Formula for computing the optimal weights w(x)

By running the above iterative algorithm, we have computed the auxiliary value λ. In the process of computing λ, we have computed the values e Ñ and $\sum _{x}c(x)$, where the sum is taken over all the points x for which n · c(x) < λ.

Now, we compute

$$K=\frac{1}{Ñ·\lambda -\sum _{x}c(x)}.$$ (55)

The optimal weights can now be computed as follows:

• when n · c(x) ≥ λ, the optimal weight is w(x) = 0;

• when n · c(x) < λ, the optimal weight is equal to

  $$w(x)=K·(\lambda -c(x)).$$ (56)

Comment. As expected, the larger the uncertainty contribution c(x) from a point, the smaller the weight with which we take this point. When this contribution is large enough (i.e., larger than the threshold determined by the auxiliary parameter λ), we completely ignore such points.

IV. Boxes Appropriate for Several Different Characteristics

What we provided before

In the previous sections, we described how, for each statistical characteristic C, we can find the boxes (i.e., data anonymization) that leads to the most accurate estimate of this selected characteristic.

Remaining problem

In practice, we may need to compute the values of different statistical characteristics. The problem is that optimal boxes corresponding to different characteristics C are, in general, different.

For example, boxes that lead to most accurate estimates e Ẽ of mean E may lead to very inaccurate estimates e C̃_ij of correlation C_ij, and vice versa.

Towards a possible solution to this problem

Based on the previous experience, we know how many times users were looking for values of different statistical characteristics; in other words, we know the probabilities $p_C\ge 0(\sum _C{p}_C=1)$ of looking for different characteristics C.

We also know what accuracy ${\mathrm{\Delta }}_0^C$ is desirable for estimating each characteristic C. For example, we may fix the same relative error for all estimates, and take, e.g., ${\mathrm{\Delta }}_0^C=0.1·\mathrm{C̃}$ if this relative error is 10%. Then, for each characteristic C, the accuracy of estimating this characteristic is better gauged not by the absolute accuracy Δ^C but rather by the ratio

$$q_C\stackrel{\text{def}}{=}\frac{{\mathrm{\Delta }}^C}{{\mathrm{\Delta }}_0^C}$$ (57)

describing how close we are to the desired accuracy.

In this situation, a reasonable idea is to minimize average quality

$$q\stackrel{\text{def}}{=}\sum _C{p}_C·q_C.$$ (58)

Towards an algorithm

How can we solve the corresponding optimization problem? The objective function q has the form

$$q=\sum _C\frac{p_C}{{\mathrm{\Delta }}_0^C}·{\mathrm{\Delta }}^C,$$ (59)

i.e., the for

$$q=\sum _C\frac{p_C}{{\mathrm{\Delta }}_0^C}·\sum _{p=1}^N\sum _{i=1}^n\left|\frac{\partial C}{\partial x_i}\right|·{\mathrm{\Delta }}_i^{(p)}.$$ (60)

By changing the order of summation, we get an equivalent formula

$$q=\sum _{p=1}^N\sum _{i=1}^n(\sum _C\frac{p_C}{{\mathrm{\Delta }}_0^C}·|\frac{\partial C}{\partial x_i}\left|\right)·{\mathrm{\Delta }}_i^{(p)}.$$ (61)

This optimization problem is similar to the optimization problem corresponding to the case of a single statistical characteristic C, with the only difference that instead of the original partial derivatives $\frac{\partial C}{\partial x_i}$, we use a weighted combination

$$\sum _C\frac{p_C}{{\mathrm{\Delta }}_0^C}·\left|\frac{\partial C}{\partial x_i}\right|$$ (62)

of these derivatives.

In terms of the coefficients a_i(x) introduced in Section 2, this means that instead of using the values $a_i^C(x)$ corresponding to an individual characteristic C, we must use a linear combination of these values:

$$a_i(x)=\sum _C\frac{p_C}{{\mathrm{\Delta }}_0^C}·a_i^C(x).$$ (63)

Resulting algorithm

Use the same algorithm(s) as in Sections 2 and 3, except that instead of the values $a_i^C$ corresponding to an individual statistical characteristic C, we should use the values (63).