Enhanced Privacy Bound for Shuffle Model with Personalized Privacy

TL;DR

This paper develops a more precise and tighter privacy bound for the shuffle model of differential privacy with personalized local privacy, improving the understanding of privacy amplification in practical settings.

Contribution

It introduces a novel analysis capturing clone probabilities and indistinguishability, resulting in a general, tighter privacy bound for arbitrary DP mechanisms in the shuffle model.

Findings

The new bound outperforms existing results in theoretical and numerical evaluations.

The analysis leverages hypothesis testing and $f$-DP to improve privacy guarantees.

The approach applies to personalized local privacy settings, enhancing practical privacy protections.

Abstract

The shuffle model of Differential Privacy (DP) is an enhanced privacy protocol which introduces an intermediate trusted server between local users and a central data curator. It significantly amplifies the central DP guarantee by anonymizing and shuffling the local randomized data. Yet, deriving a tight privacy bound is challenging due to its complicated randomization protocol. While most existing work are focused on unified local privacy settings, this work focuses on deriving the central privacy bound for a more practical setting where personalized local privacy is required by each user. To bound the privacy after shuffling, we first need to capture the probability of each user generating clones of the neighboring data points. Second, we need to quantify the indistinguishability between two distributions of the number of clones on neighboring datasets. Existing works either inaccurately capture the probability, or underestimate the indistinguishability between neighboring datasets. Motivated by this, we develop a more precise analysis, which yields a general and tighter bound for arbitrary DP mechanisms. Firstly, we derive the clone-generating probability by hypothesis testing %from a randomizer-specific perspective, which leads to a more accurate characterization of the probability. Secondly, we analyze the indistinguishability in the context of $f$-DP, where the convexity of the distributions is leveraged to achieve a tighter privacy bound. Theoretical and numerical results demonstrate that our bound remarkably outperforms the existing results in the literature.