TL;DR
This paper investigates the limitations of non-interactive multi-server differential privacy protocols against unbounded adversaries, showing they require exponentially more data than centralized methods for certain tasks.
Contribution
It establishes fundamental lower bounds on non-interactive protocols in multi-server differential privacy, highlighting the necessity of interaction or computational assumptions for optimal performance.
Findings
Non-interactive protocols need exponentially more samples for some tasks.
Interactivity or computational assumptions are necessary for optimal privacy-utility trade-offs.
Limitations apply to protocols with unbounded adversaries.
Abstract
We consider protocols where users communicate with multiple servers to perform a computation on the users' data. An adversary exerts semi-honest control over many of the parties but its view is differentially private with respect to honest users. Prior work described protocols that required multiple rounds of interaction or offered privacy against a computationally bounded adversary. Our work presents limitations of non-interactive protocols that offer privacy against unbounded adversaries. We show these protocols demand exponentially more samples for some learning and estimation tasks than centrally private counterparts. This means performing as well as the central model requires interactivity or computational differential privacy, or both.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
Necessary Conditions in Multi-Server Differential Privacy· youtube
