Beyond Statistical Estimation: Differentially Private Individual Computation via Shuffling

TL;DR

This work introduces Private Individual Computation (PIC), extending the shuffle model of differential privacy to support personalized outputs for permutation-equivariant, non-statistical tasks. A concrete PIC protocol is proposed that uses one-time public keys and an encryption-based shuffling flow, enabling individualized results while preserving anonymity and DP through privacy amplification. To maximize utility, the authors design Minkowski Response, an asymptotically optimal local randomizer whose output distribution concentrates around the true value, achieving a near-tight bound on single-report error under the amplified budget $oldsymbol{ ext{epsilon}}_c$. They prove formal security and DP properties, and demonstrate via real-world datasets (spatial crowdsourcing, location-based systems, and federated learning with incentives) that PIC and Minkowski Randomizers outperform existing LDP-based solutions in both locality and task-specific utilities. Overall, PIC offers scalable private personalized computation with principled privacy guarantees and practical performance improvements over prior shuffle-model approaches.

Abstract

In data-driven applications, preserving user privacy while enabling valuable computations remains a critical challenge. Technologies like differential privacy have been pivotal in addressing these concerns. The shuffle model of DP requires no trusted curators and can achieve high utility by leveraging the privacy amplification effect yielded from shuffling. These benefits have led to significant interest in the shuffle model. However, the computation tasks in the shuffle model are limited to statistical estimation, making it inapplicable to real-world scenarios in which each user requires a personalized output. This paper introduces a novel paradigm termed Private Individual Computation (PIC), expanding the shuffle model to support a broader range of permutation-equivariant computations. PIC enables personalized outputs while preserving privacy, and enjoys privacy amplification through shuffling. We propose a concrete protocol that realizes PIC. By using one-time public keys, our protocol enables users to receive their outputs without compromising anonymity, which is essential for privacy amplification. Additionally, we present an optimal randomizer, the Minkowski Response, designed for the PIC model to enhance utility. We formally prove the security and privacy properties of the PIC protocol. Theoretical analysis and empirical evaluations demonstrate PIC's capability in handling non-statistical computation tasks, and the efficacy of PIC and the Minkowski randomizer in achieving superior utility compared to existing solutions.

Figures (14)

• Figure 1: An illustration of taxi-hailing in the PIC model. Besides (sanitized) location information, each user also encapsulates a one-time random public key into the message to the shuffler.
• Figure 2: The functionality $\mathcal{F}_{ \textsf{PIC}}$
• Figure 3: The functionality $\mathcal{F}_{ \textsf{Shuffle}}$
• Figure 4: The probability design of Minkowski response mechanism with a radius $r$. Illustrated are three inputs $x_1, x_2$ and $x_3$, along with their respective cap areas.
• Figure 5: Expected $\ell_2$ distances of reported locations to true locations on GMission and EverySender dataset.

Theorems & Definitions (15)

• Definition 3.1: Hockey-stick divergence sason2016f
• Definition 3.2: $(\epsilon,\delta)$-DP dwork2008differential
• Definition 3.3: local $\epsilon$-DP kasiviswanathan2011can
• Theorem 5.1: Security
• Theorem 5.2: Differential Privacy
• Theorem 6.1: Local Privacy Guarantee
• proof
• Theorem 6.2: Error Lower Bounds
• Theorem 6.3: Error Upper Bounds
• Definition H.1: Data processing inequality