Improving Utility and Security of the Shuffler-based Differential Privacy
This work addresses privacy and utility trade-offs in data collection for users and aggregators, but it is incremental as it builds on existing shuffler-based approaches.
The paper tackles the problem of improving both utility and security in the shuffler-based differential privacy setting, where an intermediate server reduces noise compared to local differential privacy. It introduces a new algorithm for better privacy-utility tradeoff and a protocol for enhanced attack protection, with experiments showing benefits over existing methods.
When collecting information, local differential privacy (LDP) alleviates privacy concerns of users because their private information is randomized before being sent it to the central aggregator. LDP imposes large amount of noise as each user executes the randomization independently. To address this issue, recent work introduced an intermediate server with the assumption that this intermediate server does not collude with the aggregator. Under this assumption, less noise can be added to achieve the same privacy guarantee as LDP, thus improving utility for the data collection task. This paper investigates this multiple-party setting of LDP. We analyze the system model and identify potential adversaries. We then make two improvements: a new algorithm that achieves a better privacy-utility tradeoff; and a novel protocol that provides better protection against various attacks. Finally, we perform experiments to compare different methods and demonstrate the benefits of using our proposed method.