Private Aggregation from Fewer Anonymous Messages
share
Consider the setup where n parties are each given a number x_i ∈F_q and the goal is to compute the sum ∑_i x_i in a secure fashion and with as little communication as possible. We study this problem in the anonymized model of Ishai et al. (FOCS 2006) where each party may broadcast anonymous messages on an insecure channel. We present a new analysis of the one-round “split and mix” protocol of Ishai et al. In order to achieve the same security parameter, our analysis reduces the required number of messages by a Θ(log n) multiplicative factor. We complement our positive result with lower bounds showing that the dependence of the number of messages on the domain size, the number of parties, and the security parameter is essentially tight. Using a reduction of Balle et al. (2019), our improved analysis of the protocol of Ishai et al. yields, in the same model, an (ε, δ)-differentially private protocol for aggregation that, for any constant ε > 0 and any δ = 1/poly(n), incurs only a constant error and requires only a constant number of messages per party. Previously, such a protocol was known only for Ω(log n) messages per party.
READ FULL TEXT
