Private Multi-Group Aggregation

TL;DR

This paper introduces a novel interactive scheme called Query and Aggregate (Q&A) for differentially private multi-group data aggregation, improving accuracy and privacy trade-offs over non-interactive methods.

Contribution

The paper proposes the first interactive scheme, Q&A, for PMGA, demonstrating improved privacy-utility trade-offs compared to existing non-interactive schemes like RG.

Findings

Q&A outperforms RG in high privacy regimes.

Q&A achieves better accuracy (lower MSE) under privacy constraints.

The scheme effectively preserves user group privacy while enabling accurate group sums.

Abstract

We study the differentially private multi group aggregation (PMGA) problem. This setting involves a single server and $n$ users. Each user belongs to one of $k$ distinct groups and holds a discrete value. The goal is to design schemes that allow the server to find the aggregate (sum) of the values in each group (with high accuracy) under communication and local differential privacy constraints. The privacy constraint guarantees that the user's group remains private. This is motivated by applications where a user's group can reveal sensitive information, such as his religious and political beliefs, health condition, or race. We propose a novel scheme, dubbed Query and Aggregate (Q\&A) for PMGA. The novelty of Q\&A is that it is an interactive aggregation scheme. In Q\&A, each user is assigned a random query matrix, to which he sends the server an answer based on his group and value. We characterize the Q\&A scheme's performance in terms of accuracy (MSE), privacy, and communication. We compare Q\&A to the Randomized Group (RG) scheme, which is non-interactive and adapts existing randomized response schemes to the PMGA setting. We observe that typically Q\&A outperforms RG, in terms of privacy vs. utility, in the high privacy regime.