Table of Contents
Fetching ...

VDDP: Verifiable Distributed Differential Privacy under the Client-Server-Verifier Setup

Haochen Sun, Xi He

TL;DR

The paper addresses the challenge of ensuring true differential privacy in distributed data analyses when multiple clients and servers may act maliciously. It introduces Verifiable Distributed Differential Privacy (VDDP), a framework that integrates randomness disentanglement and interactive distributed proofs to achieve end-to-end DP guarantees in a client-server-verifier setting. Three instantiations—VDDLM, VDDGM, and VRR—demonstrate substantial efficiency gains: VDDLM offers up to $4\cdot10^5\times$ faster proof generation with only $0.1$–$0.2\times$ utility loss relative to prior work, while VRR achieves up to $5\,000\times$ reductions in communication and verifier overhead; VDDGM shows favorable overhead under realistic conditions. Together, these contributions enable scalable, provable privacy in distributed analytics, with practical implications for privacy-preserving data analysis across institutions, MPC-based DP, and verifiable auditing of results.

Abstract

Although differential privacy (DP) is widely regarded as the de facto standard for data privacy, its implementation remains vulnerable to unfaithful execution by servers, particularly in distributed settings. In such cases, servers may sample noise from incorrect distributions or generate correlated noise while appearing to follow established protocols. This work addresses these malicious behaviours in a distributed client-server-verifier setup, under Verifiable Distributed Differential Privacy (VDDP), a novel framework for the verifiable execution of distributed DP mechanisms. We systematically capture end-to-end security and privacy guarantees against potentially colluding adversarial behaviours of clients, servers, and verifiers by characterizing the connections and distinctions between VDDP and zero-knowledge proofs (ZKPs). We develop three novel and efficient instantiations of VDDP: (1) the Verifiable Distributed Discrete Laplace Mechanism (VDDLM), which achieves up to a 400,000x improvement in proof generation efficiency with only 0.1--0.2x error compared with the previous state-of-the-art verifiable differentially private mechanism and includes a tight privacy analysis that accounts for all additional privacy losses due to numerical imprecisions, applicable to other secure computation protocols for DP mechanisms based on cryptography; (2) the Verifiable Distributed Discrete Gaussian Mechanism (VDDGM), an extension of VDDLM that incurs limited overhead in real-world applications; and (3) an improved solution to Verifiable Randomized Response (VRR) under local DP, as a special case of VDDP, achieving up to a 5,000x reduction in communication costs and verifier overhead.

VDDP: Verifiable Distributed Differential Privacy under the Client-Server-Verifier Setup

TL;DR

The paper addresses the challenge of ensuring true differential privacy in distributed data analyses when multiple clients and servers may act maliciously. It introduces Verifiable Distributed Differential Privacy (VDDP), a framework that integrates randomness disentanglement and interactive distributed proofs to achieve end-to-end DP guarantees in a client-server-verifier setting. Three instantiations—VDDLM, VDDGM, and VRR—demonstrate substantial efficiency gains: VDDLM offers up to faster proof generation with only utility loss relative to prior work, while VRR achieves up to reductions in communication and verifier overhead; VDDGM shows favorable overhead under realistic conditions. Together, these contributions enable scalable, provable privacy in distributed analytics, with practical implications for privacy-preserving data analysis across institutions, MPC-based DP, and verifiable auditing of results.

Abstract

Although differential privacy (DP) is widely regarded as the de facto standard for data privacy, its implementation remains vulnerable to unfaithful execution by servers, particularly in distributed settings. In such cases, servers may sample noise from incorrect distributions or generate correlated noise while appearing to follow established protocols. This work addresses these malicious behaviours in a distributed client-server-verifier setup, under Verifiable Distributed Differential Privacy (VDDP), a novel framework for the verifiable execution of distributed DP mechanisms. We systematically capture end-to-end security and privacy guarantees against potentially colluding adversarial behaviours of clients, servers, and verifiers by characterizing the connections and distinctions between VDDP and zero-knowledge proofs (ZKPs). We develop three novel and efficient instantiations of VDDP: (1) the Verifiable Distributed Discrete Laplace Mechanism (VDDLM), which achieves up to a 400,000x improvement in proof generation efficiency with only 0.1--0.2x error compared with the previous state-of-the-art verifiable differentially private mechanism and includes a tight privacy analysis that accounts for all additional privacy losses due to numerical imprecisions, applicable to other secure computation protocols for DP mechanisms based on cryptography; (2) the Verifiable Distributed Discrete Gaussian Mechanism (VDDGM), an extension of VDDLM that incurs limited overhead in real-world applications; and (3) an improved solution to Verifiable Randomized Response (VRR) under local DP, as a special case of VDDP, achieving up to a 5,000x reduction in communication costs and verifier overhead.
Paper Structure (44 sections, 17 theorems, 71 equations, 13 figures, 4 tables, 2 algorithms)

This paper contains 44 sections, 17 theorems, 71 equations, 13 figures, 4 tables, 2 algorithms.

Key Result

Theorem 2.4

Given the histogram that the data analyst receives, $\mathbf{n}' = {\left(n_0', n_1', \dots, n_{k-1}'\right)}^\top$, an unbiased estimation of the unperturbed histogram $\Hat{\mathbf{n}}$ can be formulated as

Figures (13)

  • Figure 1: Problem setup of DDP and VDDP ($n_\sf{Cli} = 5, n_\sf{Ser} = 6$), targeting $\sf{Cli}_0$'s data. All parties except $\sf{Cli}_0$ and $H_0$ form a collusion $\mathfrak{C}$, although some parties in $\mathfrak{C}$ are semi-honest and adhere to the protocol. All transmissions within and leaving the green region (black solid lines) are honestly computed but may cause information leakage and enable $\mathfrak{C}$ to compute additional information about $D_0$. The additional leakages under VDDP (commitments and proofs) are highlighted in blue. The transmissions from malicious clients (red dotted arrows) and servers may be adversarially reverse-engineered.
  • Figure 2: Interactive distributed proof of differential privacy with potentially malicious clients and servers.
  • Figure 3: Adversaries' view in an I2DP $\Pi$.
  • Figure 4: $\Pi^{K, \xi}_\sf{Bin}$, protocol for proving the knowledge of $x \in \bin$ and $r\in \mathbb{F}$ such that $\sf{com}_x = g^x h^r$. $\xi = 1$ corresponds to the original zero-knowledge version DBLP:conf/crypto/CramerDS94DBLP:conf/eurocrypt/Damgard00DBLP:journals/ftsec/Thaler22.
  • Figure 5: The instantiation of I2DP in VDDLM.
  • ...and 8 more figures

Theorems & Definitions (50)

  • Definition 2.1: Differential Privacy DR14
  • Definition 2.2: Local Differential Privacy
  • Definition 2.3: IND-CDP CDP
  • Theorem 2.4
  • proof : Proof of Theorem \ref{['thm:rr-est-hist']}
  • Definition 2.5
  • Definition 2.6: Pairing DBLP:conf/ima/KoblitzM05DBLP:journals/dam/GalbraithPS08
  • Example 3.1
  • Definition 3.2
  • Example 3.3
  • ...and 40 more