Differential Privacy in the Shuffle Model: A Survey of Separations
Albert Cheu
TL;DR
This survey analyzes differential privacy in the shuffle model, positioning it as a practical middle ground that achieves high accuracy with modest trust by anonymizing user messages. It surveys concrete protocol families, lower bounds, and robustness considerations, highlighting how shuffle amplification can surpass local-model limits while not always matching central-model performance. It then explores interactivity as a promising direction, including sequential and fully interactive shuffle variants that can approach central-model capabilities under certain conditions. The open questions identify gaps in amplification vs removal results, optimal uniformity testing sample complexity, and the ultimate potential and limits of interactive shuffle protocols. Overall, the paper maps the state of shuffle-DP, clarifying when it yields substantial gains and where fundamental limits remain.
Abstract
Differential privacy is often studied in one of two models. In the central model, a single analyzer has the responsibility of performing a privacy-preserving computation on data. But in the local model, each data owner ensures their own privacy. Although it removes the need to trust the analyzer, local privacy comes at a price: a locally private protocol is less accurate than a centrally private counterpart when solving many learning and estimation problems. Protocols in the shuffle model are designed to attain the best of both worlds: recent work has shown high accuracy is possible with only a mild trust assumption. This survey paper gives an overview of novel shuffle protocols, along with lower bounds that establish the limits of the new model. We also summarize work that show the promise of interactivity in the shuffle model.