Concurrent Shuffle Differential Privacy Under Continual Observation
This work addresses privacy-preserving data analysis in scenarios with overlapping user batches, offering significant error reductions for applications like online learning, though it is incremental in extending the shuffle model.
The paper tackles the problem of private continual summation under differential privacy by introducing a concurrent shuffle model with multiple shufflers, achieving an error bound of $ ilde{O}(n^{1/(2k+1)})$ for $k$ shufflers, which improves to polylogarithmic error with $k=\log n$ compared to $ ilde{\Theta}(n^{1/3})$ with a single shuffler.
We introduce the concurrent shuffle model of differential privacy. In this model we have multiple concurrent shufflers permuting messages from different, possibly overlapping, batches of users. Similarly to the standard (single) shuffle model, the privacy requirement is that the concatenation of all shuffled messages should be differentially private. We study the private continual summation problem (a.k.a. the counter problem) and show that the concurrent shuffle model allows for significantly improved error compared to a standard (single) shuffle model. Specifically, we give a summation algorithm with error $\tilde{O}(n^{1/(2k+1)})$ with $k$ concurrent shufflers on a sequence of length $n$. Furthermore, we prove that this bound is tight for any $k$, even if the algorithm can choose the sizes of the batches adaptively. For $k=\log n$ shufflers, the resulting error is polylogarithmic, much better than $\tildeΘ(n^{1/3})$ which we show is the smallest possible with a single shuffler. We use our online summation algorithm to get algorithms with improved regret bounds for the contextual linear bandit problem. In particular we get optimal $\tilde{O}(\sqrt{n})$ regret with $k= \tildeΩ(\log n)$ concurrent shufflers.