Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity

  title={Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity},
  author={{\'U}lfar Erlingsson and Vitaly Feldman and Ilya Mironov and Ananth Raghunathan and Kunal Talwar and Abhradeep Thakurta},
Sensitive statistics are often collected across sets of users, with repeated collection of reports done over time. [] Key Result As a practical corollary, our results imply that several LDP-based industrial deployments may have much lower privacy cost than their advertised e would indicate---at least if reports are anonymized.

Distributed Differential Privacy via Shuffling

Evidence that the power of the shuffled model lies strictly between those of the central and local models is given: for a natural restriction of the model, it is shown that shuffled protocols for a widely studied selection problem require exponentially higher sample complexity than do central-model protocols.

Manipulation Attacks in Local Differential Privacy

It is shown that any noninteractive locally differentially private protocol can be manipulated to a much greater extent—when the privacy level is high, or the domain size is large, a small fraction of users in the protocol can completely obscure the distribution of the honest users’ input.

Privacy Profiles and Amplification by Subsampling

The privacy profiles machinery are applied to study the so-called ``privacy amplification by subsampling'' principle, which ensures that a differentially private mechanism run on a random subsample of a population provides higher privacy guarantees than when run on the entire population.

Walking to Hide: Privacy Amplification via Random Message Exchanges in Network

This work proves that the output of n clients’ data, each perturbed by a ε 0 local randomizer, and shuffled by random walks with a logarithmic number of steps, is -differentially private, and shows that if each client is sampled independently with probability p, the privacy guarantee of the network shuf fle model can be further improved.

Stronger Privacy Amplification by Shuffling for Rényi and Approximate Differential Privacy

The shuffle model of differential privacy has gained significant interest as an intermediate trust model between the standard local and central models and leads to tighter numerical bounds in all parameter settings.


  • Kan Chen
  • Computer Science, Mathematics
  • 2021
It is proved that compared with the original shuffled model from Cheu et al. (2019), f -DP provides a tighter upper bound in terms of the privacy analysis of sum queries, which can be applied to broader classes of models to achieve more accurate privacy analysis.

Network Shuffling: Privacy Amplification via Random Walks

This work introduces network shuffling, a decentralized mechanism where users exchange data in a random-walk fashion on a network/graph, as an alternative of achieving privacy amplification via anonymity, and is the first that is not relying on any centralized entity to achieve privacy amplification.

Tight Differential Privacy Guarantees for the Shuffle Model with k-Randomized Response

This paper theoretically derive the strictest known bound for differential privacy guarantee for the shuffle models with k -Randomized Response ( k -RR) local randomizers, under histogram queries, which, to the best of the authors' knowledge, has not been proven before in the existing literature.

Tight Accounting in the Shuffle Model of Differential Privacy

This paper shows how to obtain accurate bounds for adaptive compositions of general ε-LDP shufflers using the analysis by Feldman et al. (2021), and demonstrates looseness of the existing bounds and methods found in the literature, improving previous composition results significantly.

Frequency Estimation of Evolving Data Under Local Differential Privacy

A new LDP data collection protocol for longitudinal frequency monitoring named LOngitudinal LOcal HAshing (LOLOHA) with formal privacy guarantees is introduced, which achieves a utility competitive to current state-of-the-art protocols, while substantially minimizing the longitudinal privacy budget consumption.



Differential privacy under continual observation

This work identifies the problem of maintaining a counter in a privacy preserving manner and shows its wide applicability to many different problems.

Distributed Differential Privacy via Mixnets

A mixnet model for distributed differentially private algorithms, which lies between the local and central models, is proposed and it is shown that mixnet protocols for a widely studied selection problem require exponentially higher sample complexity than do central-model protocols.

Local Differential Privacy for Evolving Data

This paper introduces a new technique for local differential privacy that makes it possible to maintain up-to-date statistics over time, with privacy guarantees that degrade only in the number of changes in the underlying distribution rather than thenumber of collection periods.

The Algorithmic Foundations of Differential Privacy

The preponderance of this monograph is devoted to fundamental techniques for achieving differential privacy, and application of these techniques in creative combinations, using the query-release problem as an ongoing example.

Our Data, Ourselves: Privacy Via Distributed Noise Generation

This work provides efficient distributed protocols for generating shares of random noise, secure against malicious participants, and introduces a technique for distributing shares of many unbiased coins with fewer executions of verifiable secret sharing than would be needed using previous approaches.

Privacy Loss in Apple's Implementation of Differential Privacy on MacOS 10.12

It is found that although Apple's deployment ensures that the (differential) privacy loss per each datum submitted to its servers is $1 or $2, the overall privacy loss permitted by the system is significantly higher, as high as $16$ per day for the four initially announced applications of Emojis, New words, Deeplinks and Lookup Hints.

Local, Private, Efficient Protocols for Succinct Histograms

Efficient protocols and matching accuracy lower bounds for frequency estimation in the local model for differential privacy are given and it is shown that each user need only send 1 bit to the server in a model with public coins.

Locally Differentially Private Protocols for Frequency Estimation

This paper introduces a framework that generalizes several LDP protocols proposed in the literature and yields a simple and fast aggregation algorithm, whose accuracy can be precisely analyzed, resulting in two new protocols that provide better utility than protocols previously proposed.

Privacy Amplification by Subsampling: Tight Analyses via Couplings and Divergences

This paper presents a general method that recovers and improves prior analyses, yields lower bounds and derives new instances of privacy amplification by subsampling, which leverages a characterization of differential privacy as a divergence which emerged in the program verification community.

Calibrating Noise to Sensitivity in Private Data Analysis

The study is extended to general functions f, proving that privacy can be preserved by calibrating the standard deviation of the noise according to the sensitivity of the function f, which is the amount that any single argument to f can change its output.