Applying the Shuffle Model of Differential Privacy to Vector Aggregation

TL;DR

This paper introduces a new protocol for vector aggregation within the Shuffle Model of Differential Privacy, balancing accuracy and privacy, and extends the approach to complex data structures like matrices and tensors.

Contribution

It presents a single message protocol for real vector summation in the Shuffle Model, enabling private aggregation of complex data structures.

Findings

Provides a mechanism for private vector summation using advanced composition

Enables privacy-preserving aggregation of matrices and tensors

Balances privacy and accuracy better than previous models

Abstract

In this work we introduce a new protocol for vector aggregation in the context of the Shuffle Model, a recent model within Differential Privacy (DP). It sits between the Centralized Model, which prioritizes the level of accuracy over the secrecy of the data, and the Local Model, for which an improvement in trust is counteracted by a much higher noise requirement. The Shuffle Model was developed to provide a good balance between these two models through the addition of a shuffling step, which unbinds the users from their data whilst maintaining a moderate noise requirement. We provide a single message protocol for the summation of real vectors in the Shuffle Model, using advanced composition results. Our contribution provides a mechanism to enable private aggregation and analysis across more sophisticated structures such as matrices and higher-dimensional tensors, both of which are reliant on the functionality of the vector case.