Distributed Differentially Private Data Analytics via Secure Sketching

TL;DR

This paper proposes a linear-transformation model for distributed differentially private data analysis, balancing privacy, utility, and computational efficiency by enabling secure distributed linear sketches.

Contribution

It introduces the linear-transformation model as an intermediate approach that improves privacy and utility in distributed differential privacy compared to existing models.

Findings

Linear transformations enable effective private data sketches.

The approach preserves utility for low-rank approximation and ridge regression.

Minimal error is achieved, independent of the number of clients.

Abstract

We introduce the linear-transformation model, a distributed model of differentially private data analysis. Clients have access to a trusted platform capable of applying a public matrix to their inputs. Such computations can be securely distributed across multiple servers using simple and efficient secure multiparty computation techniques. The linear-transformation model serves as an intermediate model between the highly expressive central model and the minimal local model. In the central model, clients have access to a trusted platform capable of applying any function to their inputs. However, this expressiveness comes at a cost, as it is often prohibitively expensive to distribute such computations, leading to the central model typically being implemented by a single trusted server. In contrast, the local model assumes no trusted platform, which forces clients to add significant noise to their data. The linear-transformation model avoids the single point of failure for privacy present in the central model, while also mitigating the high noise required in the local model. We demonstrate that linear transformations are very useful for differential privacy, allowing for the computation of linear sketches of input data. These sketches largely preserve utility for tasks such as private low-rank approximation and private ridge regression, while introducing only minimal error, critically independent of the number of clients.