Hiding Numerical Vectors in Local Private and Shuffled Messages

Numerical vector aggregation has numerous applications in privacy-sensitive scenarios, such as distributed gradient estimation in federated learning, and statistical analysis on key-value data. Within the framework of local differential privacy, this work gives tight minimax error bounds of O(d s/(n epsilon^2)), where d is the dimension of the numerical vector and s is the number of non-zero entries. An attainable mechanism is then designed to improve from existing approaches suffering error rate of O(d^2/(n epsilon^2)) or O(d s^2/(n epsilon^2)). To break the error barrier in the local privacy, this work further consider privacy amplification in the shuffle model with anonymous channels, and shows the mechanism satisfies centralized (14 ln(2/delta) (s e^epsilon+2s-1)/(n-1))^0.5, delta)-differential privacy, which is domain independent and thus scales to federated learning of large models. We experimentally validate and compare it with existing approaches, and demonstrate its significant error reduction.

[1]  Xiaofeng Meng,et al.  PrivKV: Key-Value Data Collection with Local Differential Privacy , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[2]  Yin Yang,et al.  Collecting and Analyzing Data from Smart Device Users with Local Differential Privacy , 2016, ArXiv.

[3]  Ming Li,et al.  PCKV: Locally Differentially Private Correlated Key-Value Data Collection with Optimized Utility , 2019, USENIX Security Symposium.

[4]  Janardhan Kulkarni,et al.  Collecting Telemetry Data Privately , 2017, NIPS.

[5]  Jun Zhao,et al.  BiSample: Bidirectional Sampling for Handling Missing Data with Local Differential Privacy , 2020, DASFAA.

[6]  Ninghui Li,et al.  Locally Differentially Private Frequency Estimation with Consistency , 2020, NDSS.

[7]  Cong Xu,et al.  TernGrad: Ternary Gradients to Reduce Communication in Distributed Deep Learning , 2017, NIPS.

[8]  Miguel Á. Carreira-Perpiñán,et al.  Projection onto the probability simplex: An efficient algorithm with a simple proof, and an application , 2013, ArXiv.

[9]  Martin J. Wainwright,et al.  Local privacy and statistical minimax rates , 2013, 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[10]  Martin J. Wainwright,et al.  Minimax Optimal Procedures for Locally Private Estimation , 2016, ArXiv.

[11]  Adrià Gascón,et al.  Private Summation in the Multi-Message Shuffle Model , 2020, CCS.

[12]  Badih Ghazi,et al.  Private Aggregation from Fewer Anonymous Messages , 2019, EUROCRYPT.

[13]  Peter Richtárik,et al.  Federated Learning: Strategies for Improving Communication Efficiency , 2016, ArXiv.

[14]  Ji Liu,et al.  Gradient Sparsification for Communication-Efficient Distributed Optimization , 2017, NeurIPS.

[15]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[16]  Ge Yu,et al.  Collecting and Analyzing Multidimensional Data with Local Differential Privacy , 2019, 2019 IEEE 35th International Conference on Data Engineering (ICDE).

[17]  Masatoshi Yoshikawa,et al.  FLAME: Differentially Private Federated Learning in the Shuffle Model , 2020, ArXiv.

[18]  Peter Kairouz,et al.  Discrete Distribution Estimation under Local Privacy , 2016, ICML.

[19]  Borja Balle,et al.  The Privacy Blanket of the Shuffle Model , 2019, CRYPTO.

[20]  Paul Voigt,et al.  The EU General Data Protection Regulation (GDPR) , 2017 .

[21]  Úlfar Erlingsson,et al.  Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity , 2018, SODA.

[22]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[23]  Adam D. Smith,et al.  Distributed Differential Privacy via Shuffling , 2018, IACR Cryptol. ePrint Arch..

[24]  Song Han,et al.  Deep Leakage from Gradients , 2019, NeurIPS.

[25]  Thomas Steinke,et al.  Towards Instance-Optimal Private Query Release , 2018, SODA.

[26]  Ninghui Li,et al.  Improving utility and security of the shuffler-based differential privacy , 2019, Proc. VLDB Endow..

[27]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[28]  Di Wang,et al.  Lower Bound of Locally Differentially Private Sparse Covariance Matrix Estimation , 2019, IJCAI.