
The Privacy Blanket of the Shuffle Model
This work studies differential privacy in the context of the recently pr...
read it

Differentially Private Summation with MultiMessage Shuffling
In recent work, Cheu et al. (Eurocrypt 2019) proposed a protocol for np...
read it

Private Counting from Anonymous Messages: NearOptimal Accuracy with Vanishing Communication Overhead
Differential privacy (DP) is a formal notion for quantifying the privacy...
read it

Private Protocols for UStatistics in the Local Model and Beyond
In this paper, we study the problem of computing Ustatistics of degree ...
read it

WhiteBox Atomic Multicast (Extended Version)
Atomic multicast is a communication primitive that delivers messages to ...
read it

Why Older Adults (Don't) Use Password Managers
Password managers (PMs) are considered highly effective tools for increa...
read it

A Tight Parallel Repetition Theorem for Partially Simulatable Interactive Arguments via Smooth KLDivergence
Hardness amplification is a central problem in the study of interactive ...
read it
Private Summation in the MultiMessage Shuffle Model
The shuffle model of differential privacy (Erlingsson et al. SODA 2019; Cheu et al. EUROCRYPT 2019) and its close relative encodeshuffleanalyze (Bittau et al. SOSP 2017) provide a fertile middle ground between the wellknown local and central models. Similarly to the local model, the shuffle model assumes an untrusted data collector who receives privatized messages from users, but in this case a secure shuffler is used to transmit messages from users to the collector in a way that hides which messages came from which user. An interesting feature of the shuffle model is that increasing the amount of messages sent by each user can lead to protocols with accuracies comparable to the ones achievable in the central model. In particular, for the problem of privately computing the sum of n bounded real values held by n different users, Cheu et al. showed that O(√(n)) messages per user suffice to achieve O(1) error (the optimal rate in the central model), while Balle et al. (CRYPTO 2019) recently showed that a single message per user leads to Θ(n^1/3) MSE (mean squared error), a rate strictly inbetween what is achievable in the local and central models. This paper introduces two new protocols for summation in the shuffle model with improved accuracy and communication tradeoffs. Our first contribution is a recursive construction based on the protocol from Balle et al. mentioned above, providing poly(loglog n) error with O(loglog n) messages per user. The second contribution is a protocol with O(1) error and O(1) messages per user based on a novel analysis of the reduction from secure summation to shuffling introduced by Ishai et al. (FOCS 2006) (the original reduction required O(log n) messages per user).
READ FULL TEXT
Comments
There are no comments yet.