Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity (1811.12469v2)

Abstract: Sensitive statistics are often collected across sets of users, with repeated collection of reports done over time. For example, trends in users' private preferences or software usage may be monitored via such reports. We study the collection of such statistics in the local differential privacy (LDP) model, and describe an algorithm whose privacy cost is polylogarithmic in the number of changes to a user's value. More fundamentally---by building on anonymity of the users' reports---we also demonstrate how the privacy cost of our LDP algorithm can actually be much lower when viewed in the central model of differential privacy. We show, via a new and general privacy amplification technique, that any permutation-invariant algorithm satisfying $\varepsilon$-local differential privacy will satisfy $(O(\varepsilon \sqrt{\log(1/\delta)/n}), \delta)$-central differential privacy. By this, we explain how the high noise and $\sqrt{n}$ overhead of LDP protocols is a consequence of them being significantly more private in the central model. As a practical corollary, our results imply that several LDP-based industrial deployments may have much lower privacy cost than their advertised $\varepsilon$ would indicate---at least if reports are anonymized.

• The paper shows how shuffling transforms ε-local differential privacy into central differential privacy with reduced noise and enhanced accuracy.
• It employs permutation methods to obscure the origin of user reports, thereby amplifying privacy guarantees exponentially with more users.
• The approach offers practical benefits for large-scale data systems, promising stronger privacy in trusted aggregation environments.

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity

The paper "Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity" explores a novel perspective on enhancing privacy guarantees in data analysis through the strategic use of anonymity and shuffling techniques. The key focus of the paper is to address the inherent limitations in the local differential privacy (LDP) model by demonstrating how anonymity can be leveraged to provide stronger privacy in the central differential privacy model.

Overview of Differential Privacy Models

Differential privacy (DP) is a robust privacy standard that is widely adopted across various data analysis scenarios. It is characterized by its two main paradigms: the local model (LDP) and the central model (CDP). In LDP, data is randomized locally at the user level before being sent to the aggregator, ensuring that individual data points remain private even if the aggregator is compromised. This requires algorithms with strong privacy guarantees due to the absence of a trusted server. Despite its robustness, the LDP often incurs high utility costs due to noise addition and is less efficient compared to CDP, where a trusted server can make more informed decisions to balance privacy and accuracy.

Privacy Amplification by Shuffling

The authors introduce a new technique called "Privacy Amplification by Shuffling," which bridges the gap between LDP and CDP. They demonstrate that any permutation-invariant algorithm satisfying $\varepsilon$-local differential privacy can achieve $(O(\varepsilon \sqrt{\log(1/\delta)/n}), \delta)$-central differential privacy when user reports are anonymized and shuffled. This result effectively reduces the noise typically associated with LDP, thereby improving data utility while maintaining strong privacy guarantees.

The theoretical framework underpinning this approach is based on the permutation of user reports and the inherent uncertainty it introduces regarding their origins. Through shuffling, the linkage between individual reports and their sources is obfuscated, allowing for a reduction in noise. This fundamentally enhances privacy in the central model because once privacy is guaranteed locally, shuffling obfuscates the connections in a way that amplifies the privacy budget exponentially based on the number of users.

Practical Implications and Future Work

This advancement implies significant improvements for practical deployments of privacy-preserving monitoring systems, which is particularly relevant for companies like Google, Apple, and Microsoft that have implemented LDP-based systems. By anonymizing and randomly permuting collected data, these systems may effectively guarantee stronger privacy than previously considered possible. Furthermore, this method not only increases privacy but can also lead to higher utility in data analysis by allowing for more accurate statistics with less added noise.

Looking forward, the authors acknowledge the need to address potential limitations such as the non-static nature of user populations and the privacy implications of using timing or traffic channels, which remain areas for further research. Additionally, they suggest the exploration of intersecting approaches like data fragmentation and the combination of LDP with more sophisticated shuffling techniques to push the boundaries of what privacy enhancements can achieve.

Conclusion

The paper contributes notably to the discourse on differential privacy by providing a powerful method to amplify privacy guarantees through shuffling, moving from a local to a central privacy model more effectively. This work not only offers theoretical insights but also practical applications that carry immense potential for enhancing privacy in large-scale data collection and analysis systems. Its implications bridge academic research with industrial applicability, paving the way for more secure and efficient data privacy practices.