On the Renyi Differential Privacy of the Shuffle Model
It addresses privacy concerns in distributed systems like federated learning by enhancing composition guarantees for shuffled models, though it is incremental as it builds on existing shuffle model frameworks.
This paper tackles the problem of providing Renyi Differential Privacy (RDP) guarantees for general discrete local mechanisms in the shuffle privacy model, achieving an improvement in privacy guarantee by a factor of 8x over state-of-the-art approximate DP with composition and at least 10x improvement when combined with Poisson subsampling.
The central question studied in this paper is Renyi Differential Privacy (RDP) guarantees for general discrete local mechanisms in the shuffle privacy model. In the shuffle model, each of the $n$ clients randomizes its response using a local differentially private (LDP) mechanism and the untrusted server only receives a random permutation (shuffle) of the client responses without association to each client. The principal result in this paper is the first non-trivial RDP guarantee for general discrete local randomization mechanisms in the shuffled privacy model, and we develop new analysis techniques for deriving our results which could be of independent interest. In applications, such an RDP guarantee is most useful when we use it for composing several private interactions. We numerically demonstrate that, for important regimes, with composition our bound yields an improvement in privacy guarantee by a factor of $8\times$ over the state-of-the-art approximate Differential Privacy (DP) guarantee (with standard composition) for shuffled models. Moreover, combining with Poisson subsampling, our result leads to at least $10\times$ improvement over subsampled approximate DP with standard composition.