Spreading the Privacy Blanket: Differentially Oblivious Shuffling for Differential Privacy

In the shuffle model for differential privacy, users locally randomize their data and then submit the results to a trusted “shuffler” who mixes the responses before sending them to a server for analysis. This is a promising model for real-world applications of differential privacy, as a series of recent results have shown that, in some cases, the shuffle model offers a strictly better privacy/utility tradeoff than what is possible in a purely local model. The recent “privacy blanket” notion provides a simple method for analyzing differentially private protocols in the shuffle model. A downside of the shuffle model is its reliance on a trusted shuffling mechanism, and it is natural to try to replace this with a distributed shuffling protocol run by the users themselves. Unfortunately, with only one exception, existing fully secure shuffling protocols require Ω(n) communication. In this work, we put forth a notion of differential obliviousness for shuffling protocols, and prove that this notion provides the necessary guarantees for the privacy blanket, without requiring a trusted shuffler. We also show a differentially oblivious shuffling protocol based on onion routing that can tolerate any constant fraction of corrupted users and requires only O(n logn) communication.

[1]  Úlfar Erlingsson,et al.  Prochlo: Strong Privacy for Analytics in the Crowd , 2017, SOSP.

[2]  Jared Saia,et al.  Brief announcement: breaking the O(nm) bit barrier, secure multiparty computation with a static adversary , 2012, PODC '12.

[3]  Tancrède Lepoint,et al.  Secure Single-Server Aggregation with (Poly)Logarithmic Overhead , 2020, IACR Cryptol. ePrint Arch..

[4]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[5]  Úlfar Erlingsson,et al.  Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity , 2018, SODA.

[6]  Shafi Goldwasser,et al.  Communication Locality in Secure Multi-party Computation - How to Run Sublinear Algorithms in a Distributed Setting , 2013, TCC.

[7]  Nickolai Zeldovich,et al.  Karaoke: Distributed Private Messaging Immune to Passive Traffic Analysis , 2018, OSDI.

[8]  Elaine Shi,et al.  Foundations of Differentially Oblivious Algorithms , 2017, IACR Cryptol. ePrint Arch..

[9]  Joan Feigenbaum,et al.  Probabilistic analysis of onion routing in a black-box model , 2012, TSEC.

[10]  Ian Goldberg,et al.  Provably Secure and Practical Onion Routing , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[11]  Erik P. de Vink,et al.  A Formalization of Anonymity and Onion Routing , 2004, ESORICS.

[12]  Sahar Mazloom,et al.  Secure Computation with Differentially Private Access Patterns , 2018, CCS.

[13]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[14]  Jonathan Katz,et al.  Private Set Intersection: Are Garbled Circuits Better than Custom Protocols? , 2012, NDSS.

[15]  Jared Saia,et al.  Secure Multi-party Shuffling , 2015, SIROCCO.

[16]  Elaine Shi,et al.  Optimal Lower Bound for Differentially Private Multi-party Aggregation , 2012, ESA.

[17]  Adam D. Smith,et al.  Distributed Differential Privacy via Shuffling , 2018, IACR Cryptol. ePrint Arch..

[18]  Sahar Mazloom,et al.  Secure parallel computation on national scale volumes of data , 2020, USENIX Security Symposium.

[19]  Nigel P. Smart,et al.  Distributing Any Elliptic Curve Based Protocol , 2019, IMACC.

[20]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[21]  Eli Upfal,et al.  Practical and Provably Secure Onion Routing , 2017, ICALP.

[22]  Peter Rindal,et al.  Cheaper Private Set Intersection via Differentially Private Leakage , 2019, IACR Cryptol. ePrint Arch..

[23]  Borja Balle,et al.  The Privacy Blanket of the Shuffle Model , 2019, CRYPTO.

[24]  Eran Omri,et al.  Distributed Private Data Analysis: On Simultaneously Solving How and What , 2008, CRYPTO.

[25]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[26]  Rachid Guerraoui,et al.  Who started this rumor? Quantifying the natural differential privacy guarantees of gossip protocols , 2019, 1902.07138.

[27]  Divesh Srivastava,et al.  Composing Differential Privacy and Secure Computation: A Case Study on Scaling Private Record Linkage , 2017, CCS.

[28]  Nickolai Zeldovich,et al.  Stadium: A Distributed Metadata-Private Messaging System , 2017, IACR Cryptol. ePrint Arch..

[29]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[30]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.