Distributed Differential Privacy via Mixnets

by   Albert Cheu, et al.

We consider the problem of designing scalable, robust protocols for computing statistics about sensitive data. Specifically, we look at how best to design differentially private protocols in a distributed setting, where each user holds a private datum. The literature has mostly considered two models: the "central" model, in which a trusted server collects users' data in the clear, which allows greater accuracy; and the "local" model, in which users individually randomize their data, and need not trust the server, but accuracy is limited. Attempts to achieve the accuracy of the central model without a trusted server have so far focused on variants of cryptographic secure function evaluation, which limits scalability. In this paper, we propose a mixnet model for distributed differentially private algorithms, which lies between the local and central models. This simple-to-implement model augments the local model with an anonymous channel that randomly permutes a set of user-supplied messages. For summation queries, we show that this model provides the power of the central model while avoiding the need to trust a central server and the complexity of cryptographic secure function evaluation. More generally, we give evidence that the power of the mixnet model lies strictly between those of the central and local models: for a natural restriction of the model, we show that mixnet protocols for a widely studied selection problem require exponentially higher sample complexity than do central-model protocols.


page 1

page 2

page 3

page 4


Outis: Crypto-Assisted Differential Privacy on Untrusted Servers

Differential privacy has steadily become the de-facto standard for achie...

Towards Differentially Private Text Representations

Most deep learning frameworks require users to pool their local data or ...

Connecting Robust Shuffle Privacy and Pan-Privacy

In the shuffle model of differential privacy, data-holding users send ra...

Differentially Private Selection from Secure Distributed Computing

Given a collection of vectors x^(1),…,x^(n)∈{0,1}^d, the selection probl...

Differentially Private Aggregation in the Shuffle Model: Almost Central Accuracy in Almost a Single Message

The shuffle model of differential privacy has attracted attention in the...

Shuffle Private Linear Contextual Bandits

Differential privacy (DP) has been recently introduced to linear context...

Selective MPC: Distributed Computation of Differentially Private Key Value Statistics

An increasingly popular method for computing aggregate statistics while ...

Please sign up or login with your details

Forgot password? Click here to reset