Connecting Robust Shuffle Privacy and Pan-Privacy

by   Victor Balcer, et al.

In the shuffle model of differential privacy, data-holding users send randomized messages to a secure shuffler, the shuffler permutes the messages, and the resulting collection of messages must be differentially private with regard to user data. In the pan-private model, an algorithm processes a stream of data while maintaining an internal state that is differentially private with regard to the stream data. We give evidence connecting these two apparently different models. Our results focus on robustly shuffle private protocols whose privacy guarantees are not greatly affected by malicious users. First, we give robustly shuffle private protocols and upper bounds for counting distinct elements and uniformity testing. Second, we use pan-private lower bounds to prove robustly shuffle private lower bounds for both problems. Focusing on the dependence on the domain size k, we find that both robust shuffle privacy and pan-privacy have additive accuracy Θ(√(k)) for counting distinct elements and sample complexity Θ̃(k^2/3) for uniformity testing. Both results polynomially separate central privacy and robust shuffle privacy. Finally, we show that this connection is useful in both directions: we give a pan-private adaptation of recent work on shuffle private histograms and use it to recover further separations between pan-privacy and interactive local privacy.


page 1

page 2

page 3

page 4


Pan-Private Uniformity Testing

A centrally differentially private algorithm maps raw data to differenti...

Exponential Separations in Local Differential Privacy Through Communication Complexity

We prove a general connection between the communication complexity of tw...

Robust and Private Learning of Halfspaces

In this work, we study the trade-off between differential privacy and ad...

On Distributed Differential Privacy and Counting Distinct Elements

We study the setup where each of n users holds an element from a discret...

Improved Pan-Private Stream Density Estimation

Differential privacy is a rigorous definition for privacy that guarantee...

Distributed Differential Privacy via Mixnets

We consider the problem of designing scalable, robust protocols for comp...

Heavy Hitters and the Structure of Local Privacy

We present a new locally differentially private algorithm for the heavy ...