Network Shuffling: Privacy Amplification via Random Walks

by   Seng Pei Liew, et al.

Recently, it is shown that shuffling can amplify the central differential privacy guarantees of data randomized with local differential privacy. Within this setup, a centralized, trusted shuffler is responsible for shuffling by keeping the identities of data anonymous, which subsequently leads to stronger privacy guarantees for systems. However, introducing a centralized entity to the originally local privacy model loses some appeals of not having any centralized entity as in local differential privacy. Moreover, implementing a shuffler in a reliable way is not trivial due to known security issues and/or requirements of advanced hardware or secure computation technology. Motivated by these practical considerations, we rethink the shuffle model to relax the assumption of requiring a centralized, trusted shuffler. We introduce network shuffling, a decentralized mechanism where users exchange data in a random-walk fashion on a network/graph, as an alternative of achieving privacy amplification via anonymity. We analyze the threat model under such a setting, and propose distributed protocols of network shuffling that is straightforward to implement in practice. Furthermore, we show that the privacy amplification rate is similar to other privacy amplification techniques such as uniform shuffling. To our best knowledge, among the recently studied intermediate trust models that leverage privacy amplification techniques, our work is the first that is not relying on any centralized entity to achieve privacy amplification.


page 1

page 2

page 3

page 4


Multi-Central Differential Privacy

Differential privacy is typically studied in the central model where a t...

An Algorithmic Framework For Differentially Private Data Analysis on Trusted Processors

Differential privacy has emerged as the main definition for private data...

Analog Multi-Party Computing: Locally Differential Private Protocols for Collaborative Computations

We consider a fully decentralized scenario in which no central trusted e...

Incentivized Third Party Collateralization for Stablecoins

Stablecoins, which are primarily intended to function as a global reserv...

Walking to Hide: Privacy Amplification via Random Message Exchanges in Network

The *shuffle model* is a powerful tool to amplify the privacy guarantees...

Mitigating Leakage from Data Dependent Communications in Decentralized Computing using Differential Privacy

Imagine a group of citizens willing to collectively contribute their per...

On the Inherent Anonymity of Gossiping

Detecting the source of a gossip is a critical issue, related to identif...

Please sign up or login with your details

Forgot password? Click here to reset