Multi-Central Differential Privacy

TL;DR

This paper introduces the multi-central differential privacy model with multiple non-colluding aggregators, balancing trust and utility, and provides initial algorithms and motivation for this intermediate approach.

Contribution

It proposes a new multi-central trust model for differential privacy, relaxing trust assumptions while maintaining efficiency, and offers initial algorithms and motivation for future research.

Findings

Proposes the multi-central privacy model with multiple aggregators.

Provides simple and efficient algorithms for the multi-central model.

Argues the model is a promising research direction.

Abstract

Differential privacy is typically studied in the central model where a trusted "aggregator" holds the sensitive data of all the individuals and is responsible for protecting their privacy. A popular alternative is the local model in which the aggregator is untrusted and instead each individual is responsible for their own privacy. The decentralized privacy guarantee of the local model comes at a high price in statistical utility or computational complexity. Thus intermediate models such as the shuffled model and pan privacy have been studied in an attempt to attain the best of both worlds. In this note, we propose an intermediate trust model for differential privacy, which we call the multi-central model. Here there are multiple aggregators and we only assume that they do not collude nefariously. This model relaxes the trust requirements of the central model while avoiding the price of the local model. We motivate this model and provide some simple and efficient algorithms for it. We argue that this model is a promising direction for further research.