262 research outputs found
Heavy Hitters and the Structure of Local Privacy
We present a new locally differentially private algorithm for the heavy
hitters problem which achieves optimal worst-case error as a function of all
standardly considered parameters. Prior work obtained error rates which depend
optimally on the number of users, the size of the domain, and the privacy
parameter, but depend sub-optimally on the failure probability.
We strengthen existing lower bounds on the error to incorporate the failure
probability, and show that our new upper bound is tight with respect to this
parameter as well. Our lower bound is based on a new understanding of the
structure of locally private protocols. We further develop these ideas to
obtain the following general results beyond heavy hitters.
Advanced Grouposition: In the local model, group privacy for
users degrades proportionally to , instead of linearly in
as in the central model. Stronger group privacy yields improved max-information
guarantees, as well as stronger lower bounds (via "packing arguments"), over
the central model.
Building on a transformation of Bassily and Smith (STOC 2015), we
give a generic transformation from any non-interactive approximate-private
local protocol into a pure-private local protocol. Again in contrast with the
central model, this shows that we cannot obtain more accurate algorithms by
moving from pure to approximate local privacy
Frequency Estimation Under Multiparty Differential Privacy: One-shot and Streaming
We study the fundamental problem of frequency estimation under both privacy
and communication constraints, where the data is distributed among parties.
We consider two application scenarios: (1) one-shot, where the data is static
and the aggregator conducts a one-time computation; and (2) streaming, where
each party receives a stream of items over time and the aggregator continuously
monitors the frequencies. We adopt the model of multiparty differential privacy
(MDP), which is more general than local differential privacy (LDP) and
(centralized) differential privacy. Our protocols achieve optimality (up to
logarithmic factors) permissible by the more stringent of the two constraints.
In particular, when specialized to the -LDP model, our protocol
achieves an error of using bits of communication and
bits of public randomness, where is the size of the domain
- …