# Separating Local & Shuffled Differential Privacy via Histograms

@inproceedings{Balcer2020SeparatingL, title={Separating Local \& Shuffled Differential Privacy via Histograms}, author={Victor Balcer and Albert Cheu}, booktitle={ITC}, year={2020} }

Recent work in differential privacy has highlighted the shuffled model as a promising avenue to compute accurate statistics while keeping raw data in users' hands. We present a protocol in this model that estimates histograms with error independent of the domain size. This implies an arbitrarily large gap in sample complexity between the shuffled and local models. On the other hand, the models are equivalent when we impose the constraints of pure differential privacy and single-message…

## 34 Citations

Differentially Private Aggregation in the Shuffle Model: Almost Central Accuracy in Almost a Single Message

- Computer ScienceICML
- 2021

This work gives a protocol achieving error arbitrarily close to that of the (Discrete) Laplace mechanism in central differential privacy, while each user only sends 1 + o(1) short messages in expectation.

Differential Privacy in the Shuffle Model: A Survey of Separations

- 2020

Classical work in differential privacy operates in extremes of trust assumptions: either all users give their data to a single party or they have no trust in any party. The shuffle model posits an…

Differential Privacy in the Shuffle Model: A Survey of Separations

- Computer ScienceArXiv
- 2021

An overview of results in the shuffle model which validate that trade-off in hopes of gaining an intermediary level of accuracy.

A Shuffling Framework for Local Differential Privacy

- Computer ScienceArXiv
- 2021

A novel privacy guarantee, dσ-privacy, is proposed that captures the privacy of the order of a data sequence and formalizes the degree the resistance to inference attacks trading it off with data learnability.

Shuffle Private Stochastic Convex Optimization

- Computer Science, MathematicsArXiv
- 2021

This work presents interactive shuffle protocols for stochastic convex optimization, which rely on a new noninteractive protocol for summing vectors of bounded l2 norm and obtains loss guarantees for a variety of convex loss functions that significantly improve on those of the local model and sometimes match Those of the central model.

On the Rényi Differential Privacy of the Shuffle Model

- Computer ScienceCCS
- 2021

The principal result in this paper is the first direct RDP bounds for general discrete local randomization in the shuffle privacy model, and new analysis techniques for deriving the results which could be of independent interest.

On the Round Complexity of the Shuffle Model

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2020

It is obtained that every randomized functionality can be computed in the shuffle model with an honest majority, in merely two rounds, including any differentially private computation.

Privacy Amplification via Random Check-Ins

- Computer Science, MathematicsNeurIPS
- 2020

This paper focuses on conducting iterative methods like DP-SGD in the setting of federated learning (FL) wherein the data is distributed among many devices (clients), and extends privacy amplification by shuffling to incorporate $(\epsilon,\delta)$-DP local randomizers, and exponentially improve its guarantees.

DUMP: A Dummy-point-based Local Differential Privacy Enhancement Approach under the Shuffle Model

- 2021

The shufflemodel is recently proposed to address the issue of severe utility loss in Local Differential Privacy (LDP) due to distributed data randomization. In the shuffle model, a shuffler is…

Private Counting from Anonymous Messages: Near-Optimal Accuracy with Vanishing Communication Overhead

- Computer ScienceICML
- 2020

Practical communication-efficient algorithms in the shuffled DP model for two basic aggregation primitives used in machine learning achieve accuracy that is arbitrarily close to that of central DP algorithms with an expected communication per user essentially matching what is needed without any privacy constraints.

## References

SHOWING 1-10 OF 23 REFERENCES

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity

- Computer Science, MathematicsSODA
- 2019

It is shown, via a new and general privacy amplification technique, that any permutation-invariant algorithm satisfying e-local differential privacy will satisfy [MATH HERE]-central differential privacy.

Private Heavy Hitters and Range Queries in the Shuffled Model

- Computer Science, MathematicsArXiv
- 2019

This work studies two basic statistical problems, namely, heavy hitters and d-dimensional range counting queries, in the shuffled model of privacy, and devise algorithms with polylogarithmic communication per user and polylogARithmic error.

The Privacy Blanket of the Shuffle Model

- Computer Science, MathematicsCRYPTO
- 2019

An optimal single message protocol for summation of real numbers in the shuffle model is provided and has better accuracy and communication than the protocols for this same problem proposed by Cheu et al. (EUROCRYPT 2019).

Distributed Differential Privacy via Shuffling

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

Evidence that the power of the shuffled model lies strictly between those of the central and local models is given: for a natural restriction of the model, it is shown that shuffled protocols for a widely studied selection problem require exponentially higher sample complexity than do central-model protocols.

Local, Private, Efficient Protocols for Succinct Histograms

- Mathematics, Computer ScienceSTOC
- 2015

Efficient protocols and matching accuracy lower bounds for frequency estimation in the local model for differential privacy are given and it is shown that each user need only send 1 bit to the server in a model with public coins.

Exponential Separations in Local Differential Privacy

- Computer ScienceSODA
- 2020

We prove a general connection between the communication complexity of two-player games and the sample complexity of their multi-player locally private analogues. We use this connection to prove…

Practical and Robust Privacy Amplification with Multi-Party Differential Privacy

- Computer ScienceArXiv
- 2019

This paper investigates the multiple-party setting of LDP, analyzes the threat model and identifies potential adversaries, and proposes new techniques that achieve a better privacy-utility tradeoff than existing ones.

Exponential Separations in Local Differential Privacy Through Communication Complexity

- Mathematics, Computer ScienceSODA 2020
- 2019

We prove a general connection between the communication complexity of two-player games and the sample complexity of their multi-player locally private analogues. We use this connection to prove…

Scalable and Differentially Private Distributed Aggregation in the Shuffled Model

- Computer Science, MathematicsArXiv
- 2019

A simple and more efficient protocol for aggregation in the shuffled model, where communication as well as error increases only polylogarithmically in the number of users, is proposed.

Pure Differentially Private Summation from Anonymous Messages

- Computer Science, MathematicsITC
- 2020

It is shown that for any pure $\epsilon$-DP protocol for binary summation in the shuffled model having absolute error $n^{0.5-\Omega(1)}$, the per user communication has to be at least $\Omega_{\ep silon}(\sqrt{\log n})$ bits.