Network Shuffling: Privacy Amplification via Random Walks

TL;DR

This paper introduces a decentralized network shuffling method using random walks to enhance privacy in data sharing, eliminating the need for a trusted centralized shuffler and maintaining comparable privacy amplification.

Contribution

It proposes the first decentralized network shuffling protocol that achieves privacy amplification without relying on a centralized trusted entity.

Findings

Network shuffling achieves privacy amplification similar to centralized shuffling.

The proposed protocols are practical and easy to implement in real-world systems.

Decentralized shuffling maintains strong privacy guarantees without trusted third parties.

Abstract

Recently, it is shown that shuffling can amplify the central differential privacy guarantees of data randomized with local differential privacy. Within this setup, a centralized, trusted shuffler is responsible for shuffling by keeping the identities of data anonymous, which subsequently leads to stronger privacy guarantees for systems. However, introducing a centralized entity to the originally local privacy model loses some appeals of not having any centralized entity as in local differential privacy. Moreover, implementing a shuffler in a reliable way is not trivial due to known security issues and/or requirements of advanced hardware or secure computation technology. Motivated by these practical considerations, we rethink the shuffle model to relax the assumption of requiring a centralized, trusted shuffler. We introduce network shuffling, a decentralized mechanism where users exchange data in a random-walk fashion on a network/graph, as an alternative of achieving privacy amplification via anonymity. We analyze the threat model under such a setting, and propose distributed protocols of network shuffling that is straightforward to implement in practice. Furthermore, we show that the privacy amplification rate is similar to other privacy amplification techniques such as uniform shuffling. To our best knowledge, among the recently studied intermediate trust models that leverage privacy amplification techniques, our work is the first that is not relying on any centralized entity to achieve privacy amplification.