Separating Local & Shuffled Differential Privacy via Histograms

@inproceedings{Balcer2020SeparatingL,
  title={Separating Local \& Shuffled Differential Privacy via Histograms},
  author={Victor Balcer and Albert Cheu},
  booktitle={ITC},
  year={2020}
}
Recent work in differential privacy has highlighted the shuffled model as a promising avenue to compute accurate statistics while keeping raw data in users' hands. We present a protocol in this model that estimates histograms with error independent of the domain size. This implies an arbitrarily large gap in sample complexity between the shuffled and local models. On the other hand, the models are equivalent when we impose the constraints of pure differential privacy and single-message… Expand

Figures, Tables, and Topics from this paper

Differentially Private Aggregation in the Shuffle Model: Almost Central Accuracy in Almost a Single Message
TLDR
This work gives a protocol achieving error arbitrarily close to that of the (Discrete) Laplace mechanism in central differential privacy, while each user only sends 1 + o(1) short messages in expectation. Expand
Differential Privacy in the Shuffle Model: A Survey of Separations
Classical work in differential privacy operates in extremes of trust assumptions: either all users give their data to a single party or they have no trust in any party. The shuffle model posits anExpand
Differential Privacy in the Shuffle Model: A Survey of Separations
TLDR
An overview of results in the shuffle model which validate that trade-off in hopes of gaining an intermediary level of accuracy. Expand
A Shuffling Framework for Local Differential Privacy
TLDR
A novel privacy guarantee, dσ-privacy, is proposed that captures the privacy of the order of a data sequence and formalizes the degree the resistance to inference attacks trading it off with data learnability. Expand
Shuffle Private Stochastic Convex Optimization
TLDR
This work presents interactive shuffle protocols for stochastic convex optimization, which rely on a new noninteractive protocol for summing vectors of bounded l2 norm and obtains loss guarantees for a variety of convex loss functions that significantly improve on those of the local model and sometimes match Those of the central model. Expand
On the Rényi Differential Privacy of the Shuffle Model
TLDR
The principal result in this paper is the first direct RDP bounds for general discrete local randomization in the shuffle privacy model, and new analysis techniques for deriving the results which could be of independent interest. Expand
On the Round Complexity of the Shuffle Model
TLDR
It is obtained that every randomized functionality can be computed in the shuffle model with an honest majority, in merely two rounds, including any differentially private computation. Expand
Privacy Amplification via Random Check-Ins
TLDR
This paper focuses on conducting iterative methods like DP-SGD in the setting of federated learning (FL) wherein the data is distributed among many devices (clients), and extends privacy amplification by shuffling to incorporate $(\epsilon,\delta)$-DP local randomizers, and exponentially improve its guarantees. Expand
DUMP: A Dummy-point-based Local Differential Privacy Enhancement Approach under the Shuffle Model
The shufflemodel is recently proposed to address the issue of severe utility loss in Local Differential Privacy (LDP) due to distributed data randomization. In the shuffle model, a shuffler isExpand
Private Counting from Anonymous Messages: Near-Optimal Accuracy with Vanishing Communication Overhead
TLDR
Practical communication-efficient algorithms in the shuffled DP model for two basic aggregation primitives used in machine learning achieve accuracy that is arbitrarily close to that of central DP algorithms with an expected communication per user essentially matching what is needed without any privacy constraints. Expand
...
1
2
3
4
...

References

SHOWING 1-10 OF 23 REFERENCES
Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity
TLDR
It is shown, via a new and general privacy amplification technique, that any permutation-invariant algorithm satisfying e-local differential privacy will satisfy [MATH HERE]-central differential privacy. Expand
Private Heavy Hitters and Range Queries in the Shuffled Model
TLDR
This work studies two basic statistical problems, namely, heavy hitters and d-dimensional range counting queries, in the shuffled model of privacy, and devise algorithms with polylogarithmic communication per user and polylogARithmic error. Expand
The Privacy Blanket of the Shuffle Model
TLDR
An optimal single message protocol for summation of real numbers in the shuffle model is provided and has better accuracy and communication than the protocols for this same problem proposed by Cheu et al. (EUROCRYPT 2019). Expand
Distributed Differential Privacy via Shuffling
TLDR
Evidence that the power of the shuffled model lies strictly between those of the central and local models is given: for a natural restriction of the model, it is shown that shuffled protocols for a widely studied selection problem require exponentially higher sample complexity than do central-model protocols. Expand
Local, Private, Efficient Protocols for Succinct Histograms
TLDR
Efficient protocols and matching accuracy lower bounds for frequency estimation in the local model for differential privacy are given and it is shown that each user need only send 1 bit to the server in a model with public coins. Expand
Exponential Separations in Local Differential Privacy
We prove a general connection between the communication complexity of two-player games and the sample complexity of their multi-player locally private analogues. We use this connection to proveExpand
Practical and Robust Privacy Amplification with Multi-Party Differential Privacy
TLDR
This paper investigates the multiple-party setting of LDP, analyzes the threat model and identifies potential adversaries, and proposes new techniques that achieve a better privacy-utility tradeoff than existing ones. Expand
Exponential Separations in Local Differential Privacy Through Communication Complexity
We prove a general connection between the communication complexity of two-player games and the sample complexity of their multi-player locally private analogues. We use this connection to proveExpand
Scalable and Differentially Private Distributed Aggregation in the Shuffled Model
TLDR
A simple and more efficient protocol for aggregation in the shuffled model, where communication as well as error increases only polylogarithmically in the number of users, is proposed. Expand
Pure Differentially Private Summation from Anonymous Messages
TLDR
It is shown that for any pure $\epsilon$-DP protocol for binary summation in the shuffled model having absolute error $n^{0.5-\Omega(1)}$, the per user communication has to be at least $\Omega_{\ep silon}(\sqrt{\log n})$ bits. Expand
...
1
2
3
...