Timezone: »

A Shuffling Framework For Local Differential Privacy
Casey M Meehan · Amrita Roy Chowdhury · Kamalika Chaudhuri · Somesh Jha

\ldp deployments are vulnerable to inference attacks as an adversary can link the noisy responses to their identity and subsequently, auxiliary information using the \textit{order} of the data. An alternative model, shuffle \textsf{DP}, prevents this by shuffling the noisy responses uniformly at random. However, this limits the data learnability -- only symmetric functions (input order agnostic) can be learned. In this paper, we strike a balance and propose a generalized shuffling framework that interpolates between the two deployment models. We show that systematic shuffling of the noisy responses can thwart specific inference attacks while retaining some meaningful data learnability. To this end, we propose a novel privacy guarantee, \name-privacy, that captures the privacy of the order of a data sequence. \name-privacy allows tuning the granularity at which the ordinal information is maintained, which formalizes the degree the resistance to inference attacks trading it off with data learnability. Additionally, we propose a novel shuffling mechanism that can achieve \name-privacy and demonstrate the practicality of our mechanism via evaluation on real-world datasets.

Author Information

Casey M Meehan (UCSD)
Amrita Roy Chowdhury (University of Wisconsin-Madison)
Kamalika Chaudhuri (University of California at San Diego)
Somesh Jha (University of Wisconsin, Madison)

More from the Same Authors