Improving Utility and Security of the Shuffler-based Differential Privacy

TL;DR

This paper explores a multi-party local differential privacy setting with an intermediate server, proposing new algorithms and protocols that enhance privacy and utility while resisting attacks, supported by experimental validation.

Contribution

It introduces a new algorithm and protocol for multi-party LDP with an intermediate server, improving privacy-utility tradeoff and attack resistance.

Findings

Enhanced privacy-utility tradeoff with the new algorithm

Improved attack resistance through the novel protocol

Experimental results demonstrate superior performance of the proposed methods

Abstract

When collecting information, local differential privacy (LDP) alleviates privacy concerns of users because their private information is randomized before being sent it to the central aggregator. LDP imposes large amount of noise as each user executes the randomization independently. To address this issue, recent work introduced an intermediate server with the assumption that this intermediate server does not collude with the aggregator. Under this assumption, less noise can be added to achieve the same privacy guarantee as LDP, thus improving utility for the data collection task. This paper investigates this multiple-party setting of LDP. We analyze the system model and identify potential adversaries. We then make two improvements: a new algorithm that achieves a better privacy-utility tradeoff; and a novel protocol that provides better protection against various attacks. Finally, we perform experiments to compare different methods and demonstrate the benefits of using our proposed method.