# Connecting Robust Shuffle Privacy and Pan-Privacy

@inproceedings{Balcer2021ConnectingRS,
title={Connecting Robust Shuffle Privacy and Pan-Privacy},
author={Victor Balcer and Albert Cheu and Matthew Joseph and Jieming Mao},
booktitle={SODA},
year={2021}
}
In the \emph{shuffle model} of differential privacy, data-holding users send randomized messages to a secure shuffler, the shuffler permutes the messages, and the resulting collection of messages must be differentially private with regard to user data. In the \emph{pan-private} model, an algorithm processes a stream of data while maintaining an internal state that is differentially private with regard to the stream data. We give evidence connecting these two apparently different models. Our… Expand
21 Citations

#### Figures and Topics from this paper

The Sample Complexity of Distribution-Free Parity Learning in the Robust Shuffle Model
• Computer Science
• ArXiv
• 2021
A lowerbound on the sample complexity of distribution-free parity learning in the realizable case in the shuffle model of differential privacy is provided, and it is shown that the sample complex of learning d-bit parity functions is Ω(2). Expand
The Sample Complexity of Parity Learning in the Robust Shuffle Model
• Chao Yan
• 2021
Differential privacy [Dwork, McSherry, Nissim, Smith TCC 2006] is a standard of privacy in data analysis of personal information requiring that the information of any single individual should notExpand
Uniformity Testing in the Shuffle Model: Simpler, Better, Faster
• Computer Science, Mathematics
• ArXiv
• 2021
This work considerably simplify the analysis of the known uniformity testing algorithm in the shuffle model, and provides an alternative algorithm attaining the same guarantees with an elementary and streamlined argument. Expand
Differential Privacy in the Shuffle Model: A Survey of Separations
Classical work in differential privacy operates in extremes of trust assumptions: either all users give their data to a single party or they have no trust in any party. The shuffle model posits anExpand
Shuffle Private Stochastic Convex Optimization
• Computer Science, Mathematics
• ArXiv
• 2021
This work presents interactive shuffle protocols for stochastic convex optimization, which rely on a new noninteractive protocol for summing vectors of bounded l2 norm and obtains loss guarantees for a variety of convex loss functions that significantly improve on those of the local model and sometimes match Those of the central model. Expand
Differential Privacy in the Shuffle Model: A Survey of Separations
An overview of results in the shuffle model which validate that trade-off in hopes of gaining an intermediary level of accuracy. Expand
Bit-efficient Numerical Aggregation and Stronger Privacy for Trust in Federated Analytics
• Computer Science
• ArXiv
• 2021
This work proposes numerical aggregation protocols that empirically improve upon prior art, while providing comparable local differential privacy guarantees, and sharing a single private bit per value supports privacy metering that enable privacy controls and guarantees that are not covered by differential privacy. Expand
Differentially Private Aggregation in the Shuffle Model: Almost Central Accuracy in Almost a Single Message
• Computer Science
• ICML
• 2021
This work gives a protocol achieving error arbitrarily close to that of the (Discrete) Laplace mechanism in central differential privacy, while each user only sends 1 + o(1) short messages in expectation. Expand
Differentially Private Distributed Computation via Public-Private Communication Networks
• Computer Science
• ArXiv
• 2021
A multi-gossip Privacy-Preserving/SummationConsistent (PPSC) mechanism over the private network, where at each step, randomly selected node pairs update their states in such a way that they are shuffled with random noise while maintaining summation consistency, is proposed. Expand
Inference Under Information Constraints III: Local Privacy Constraints
• Computer Science, Mathematics
• IEEE Journal on Selected Areas in Information Theory
• 2021
It is shown that the availability of shared (public) randomness greatly reduces the sample complexity and under the notion of local differential privacy, simple, sample-optimal, and communication-efficient protocols are proposed for these two questions in the noninteractive setting. Expand

#### References

SHOWING 1-10 OF 33 REFERENCES
Panprivate streaming algorithms
• In Innovations in Computer Science (ICS),
• 2010
Cryptography from Anonymity
• Computer Science
• 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06)
• 2006
The first solution to the problem of private information retrieval (PIR) which can handle multiple users while being close to optimal with respect to both communication and computation is presented. Expand
Separating Local & Shuffled Differential Privacy via Histograms
• Computer Science
• ITC
• 2020
A protocol is presented in this model that estimates histograms with error independent of the domain size, which implies an arbitrarily large gap in sample complexity between the shuffled and local models. Expand
Pan-Private Uniformity Testing
• Mathematics, Computer Science
• COLT 2020
• 2019
This work shows that pure pan-privacy against multiple intrusions on the internal state is equivalent to sequentially interactive local privacy, and contextualizes pan-private against a single intrusion by analyzing the sample complexity of uniformity testing over domain $[k]$. Expand
Distributed Differential Privacy via Shuffling
• Computer Science
• IACR Cryptol. ePrint Arch.
• 2019
Evidence that the power of the shuffled model lies strictly between those of the central and local models is given: for a natural restriction of the model, it is shown that shuffled protocols for a widely studied selection problem require exponentially higher sample complexity than do central-model protocols. Expand
Exponential Separations in Local Differential Privacy
• Computer Science
• SODA
• 2020
We prove a general connection between the communication complexity of two-player games and the sample complexity of their multi-player locally private analogues. We use this connection to proveExpand
Private Summation in the Multi-Message Shuffle Model
• Computer Science
• CCS
• 2020
Two new protocols for summation in the shuffle model with improved accuracy and communication trade-offs are introduced, including a recursive construction based on the protocol from Balle et al. mentioned above and a novel analysis of the reduction from secure summation to shuffling introduced by Ishai etAl. Expand
Private summation in the multimessage shuffle model
• arXiv preprint arXiv:2002.00817,
• 2020
Pure Differentially Private Summation from Anonymous Messages
• Computer Science, Mathematics
• ITC
• 2020
It is shown that for any pure $\epsilon$-DP protocol for binary summation in the shuffled model having absolute error $n^{0.5-\Omega(1)}$, the per user communication has to be at least $\Omega_{\ep silon}(\sqrt{\log n})$ bits. Expand
Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity
• Computer Science, Mathematics
• SODA
• 2019
It is shown, via a new and general privacy amplification technique, that any permutation-invariant algorithm satisfying e-local differential privacy will satisfy [MATH HERE]-central differential privacy. Expand