Private Aggregation from Fewer Anonymous Messages

TL;DR

This paper improves the analysis of a private aggregation protocol in the anonymous message model, reducing communication complexity and establishing tight lower bounds, while also deriving differentially private protocols with minimal messaging.

Contribution

It provides a tighter analysis of the split and mix protocol, reducing message count, and introduces differentially private aggregation with constant messages per party.

Findings

Reduced message complexity by a factor of Θ(log n)

Established tight lower bounds on message requirements

Achieved constant-message differentially private aggregation protocols

Abstract

Consider the setup where $n$ parties are each given a number $x_i \in \mathbb{F}_q$ and the goal is to compute the sum $\sum_i x_i$ in a secure fashion and with as little communication as possible. We study this problem in the anonymized model of Ishai et al. (FOCS 2006) where each party may broadcast anonymous messages on an insecure channel. We present a new analysis of the one-round "split and mix" protocol of Ishai et al. In order to achieve the same security parameter, our analysis reduces the required number of messages by a $\Theta(\log n)$ multiplicative factor. We complement our positive result with lower bounds showing that the dependence of the number of messages on the domain size, the number of parties, and the security parameter is essentially tight. Using a reduction of Balle et al. (2019), our improved analysis of the protocol of Ishai et al. yields, in the same model, an $\left(\varepsilon, \delta\right)$-differentially private protocol for aggregation that, for any constant $\varepsilon > 0$ and any $\delta = \frac{1}{\mathrm{poly}(n)}$, incurs only a constant error and requires only a constant number of messages per party. Previously, such a protocol was known only for $\Omega(\log n)$ messages per party.