Tight Differential Privacy Guarantees for the Shuffle Model with $k$-Randomized Response

arXiv:2205.08858v2 Announce Type: replace
Abstract: Most differentially private (DP) algorithms assume a central model in which a reliable third party inserts noise to queries made on datasets, or a local model where the users locally perturb their data. However, the central model is vulnerable via a single point of failure, and in the local model, the utility of the data deteriorates significantly. The recently proposed shuffle model is an intermediate framework between the central and the local paradigms where the …

algorithms arxiv cs.cr data datasets differential privacy local locally noise party point privacy private response shuffle single third vulnerable