Distributed Differential Privacy via Shuffling

  • Albert CheuEmail author
  • Adam Smith
  • Jonathan Ullman
  • David Zeber
  • Maxim Zhilyaev
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11476)


We consider the problem of designing scalable, robust protocols for computing statistics about sensitive data. Specifically, we look at how best to design differentially private protocols in a distributed setting, where each user holds a private datum. The literature has mostly considered two models: the “central” model, in which a trusted server collects users’ data in the clear, which allows greater accuracy; and the “local” model, in which users individually randomize their data, and need not trust the server, but accuracy is limited. Attempts to achieve the accuracy of the central model without a trusted server have so far focused on variants of cryptographic multiparty computation (MPC), which limits scalability.

In this paper, we initiate the analytic study of a shuffled model for distributed differentially private algorithms, which lies between the local and central models. This simple-to-implement model, a special case of the ESA framework of [5], augments the local model with an anonymous channel that randomly permutes a set of user-supplied messages. For sum queries, we show that this model provides the power of the central model while avoiding the need to trust a central server and the complexity of cryptographic secure function evaluation. More generally, we give evidence that the power of the shuffled model lies strictly between those of the central and local models: for a natural restriction of the model, we show that shuffled protocols for a widely studied selection problem require exponentially higher sample complexity than do central-model protocols.



AC was supported by NSF award CCF-1718088. AS was supported by NSF awards IIS-1447700 and AF-1763786 and a Sloan Foundation Research Award. JU was supported by NSF awards CCF-1718088, CCF-1750640, CNS-1816028 and a Google Faculty Research Award.


  1. 1.
    Abowd, J.M.: The U.S. census bureau adopts differential privacy. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining KDD 2018, pp. 2867–2867. ACM, New York (2018)Google Scholar
  2. 2.
    Bafna, M., Ullman, J.: The price of selection in differential privacy. In: Conference on Learning Theory, pp. 151–168 (2017)Google Scholar
  3. 3.
    Bassily, R., Smith, A.: Local, private, efficient protocols for succinct histograms. In: Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, pp. 127–135. ACM (2015)Google Scholar
  4. 4.
    Beimel, A., Nissim, K., Omri, E.: Distributed private data analysis: simultaneously solving how and what. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 451–468. Springer, Heidelberg (2008). Scholar
  5. 5.
    Bittau, A., et al.: PROCHLO: strong privacy for analytics in the crowd. In: Proceedings of the Symposium on Operating Systems Principles (SOSP) (2017)Google Scholar
  6. 6.
    Bonawitz, K., et al.: Practical secure aggregation for privacy preserving machine learning. IACR Cryptology ePrint Archive (2017)Google Scholar
  7. 7.
    Bun, M., Nelson, J., Stemmer, U.: Heavy hitters and the structure of local privacy. In: ACM SIGMOD/PODS Conference International Conference on Management of Data (PODS 2018) (2018)Google Scholar
  8. 8.
    Chan, T.-H.H., Shi, E., Song, D.: Optimal lower bound for differentially private multi-party aggregation. In: Epstein, L., Ferragina, P. (eds.) ESA 2012. LNCS, vol. 7501, pp. 277–288. Springer, Heidelberg (2012). Scholar
  9. 9.
    Chan, T.-H.H., Shi, E., Song, D.: Privacy-preserving stream aggregation with fault tolerance. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 200–214. Springer, Heidelberg (2012). Scholar
  10. 10.
    Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  11. 11.
    Corrigan-Gibbs, H., Boneh, D.: Prio: private, robust, and scalable computation of aggregate statistics. In: Proceedings of the 14th USENIX Conference on Networked Systems Design and Implementation NSDI 2017, pp. 259–282. USENIX Association, Berkeley, CA, USA (2017)Google Scholar
  12. 12.
    Duchi, J.C., Jordan, M.I., Wainwright, M.J.: Local privacy and statistical minimax rates. In: 2013 IEEE 54th Annual Symposium on Foundations of Computer Science (FOCS), pp. 429–438. IEEE (2013)Google Scholar
  13. 13.
    Dwork, C., Kenthapadi, K., McSherry, F., Mironov, I., Naor, M.: Our data, ourselves: privacy via distributed noise generation. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 486–503. Springer, Heidelberg (2006). Scholar
  14. 14.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). Scholar
  15. 15.
    Dwork, C., Rothblum, G.N., Vadhan, S.P.: Boosting and differential privacy. In: FOCS, pp. 51–60. IEEE (2010)Google Scholar
  16. 16.
    Erlingsson, U., Feldman, V., Mironov, I., Raghunathan, A., Talwar, K., Thakurta, A.: Amplification by shuffling: From local to central differential privacy by anonymity. In: Proceedings of the 30th Annual ACM-SIAM Symposium on Discrete Algorithms. SODA 2019 (2019)CrossRefGoogle Scholar
  17. 17.
    Erlingsson, Ú., Pihur, V., Korolova, A.: RAPPOR: randomized aggregatable privacy-preserving ordinal response. In: ACM Conference on Computer and Communications Security (CCS) (2014)Google Scholar
  18. 18.
    Evfimievski, A., Gehrke, J., Srikant, R.: Limiting privacy breaches in privacy preserving data mining. In: PODS, pp. 211–222. ACM (2003)Google Scholar
  19. 19.
    van den Hooff, J., Lazar, D., Zaharia, M., Zeldovich, N.: Vuvuzela: scalable private messaging resistant to traffic analysis. In: Proceedings of the 25th Symposium on Operating Systems Principles SOSP 2015, pp. 137–152. ACM, New York (2015)Google Scholar
  20. 20.
    Kasiviswanathan, S.P., Lee, H.K., Nissim, K., Raskhodnikova, S., Smith, A.: What can we learn privately? In: Foundations of Computer Science (FOCS). IEEE (2008)Google Scholar
  21. 21.
    Kasiviswanathan, S.P., Smith, A.: On the ‘semantics’ of differential privacy: A bayesian formulation. CoRR arXiv:0803.39461 [cs.CR] (2008)
  22. 22.
    Kearns, M.J.: Efficient noise-tolerant learning from statistical queries. In: STOC, pp. 392–401. ACM, 16–18 May 1993Google Scholar
  23. 23.
    Kwon, A., Lazar, D., Devadas, S., Ford, B.: Riffle: an efficient communication system with strong anonymity. PoPETs 2016(2), 115–134 (2016)Google Scholar
  24. 24.
    McMillan, R.: Apple tries to peek at user habits without violating privacy. Wall Street J. (2016)Google Scholar
  25. 25.
    McSherry, F., Talwar, K.: Mechanism design via differential privacy. In: IEEE Foundations of Computer Science (FOCS) (2007)Google Scholar
  26. 26.
    Shi, E., Chan, T.H., Rieffel, E.G., Chow, R., Song, D.: Privacy-preserving aggregation of time-series data. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2011) (2011)Google Scholar
  27. 27.
    Smith, A.: Differential privacy and the secrecy of the sample (2009)Google Scholar
  28. 28.
    Steinke, T., Ullman, J.: Tight lower bounds for differentially private selection. In: 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS), pp. 552–563. IEEE (2017)Google Scholar
  29. 29.
    Thakurta, A.G., et al.: Learning new words. US Patent 9,645,998, 9 May 2017Google Scholar
  30. 30.
    Tyagi, N., Gilad, Y., Leung, D., Zaharia, M., Zeldovich, N.: Stadium: a distributed metadata-private messaging system. In: Proceedings of the 26th Symposium on Operating Systems Principles SOSP 2017, pp. 423–440. ACM, New York (2017)Google Scholar
  31. 31.
    Ullman, J.: Tight lower bounds for locally differentially private selection. CoRR abs/1802.02638 (2018)Google Scholar
  32. 32.
    Vadhan, S.: The complexity of differential privacy (2016).
  33. 33.
    Warner, S.L.: Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60(309), 63–69 (1965)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Albert Cheu
    • 1
    Email author
  • Adam Smith
    • 2
  • Jonathan Ullman
    • 1
  • David Zeber
    • 3
  • Maxim Zhilyaev
    • 4
  1. 1.Khoury College of Computer SciencesNortheastern UniversityBostonUSA
  2. 2.Computer Science DepartmentBoston UniversityBostonUSA
  3. 3.Mozilla FoundationMountain ViewUSA
  4. 4.Mountain ViewUSA

Personalised recommendations