Abstract
Given a collection of vectors \boldsymbolx ^(1), \dots,\boldsymbolx ^(n) \in \0,1\ ^d, the selection problem asks to report the index of an "approximately largest'' entry in \boldsymbolx =\sum_j=1 ^n \boldsymbolx ^(j) . Selection abstracts a host of problems, for example: Recommendation of a popular item based on user feedback; releasing statistics on the most popular web sites; hyperparameter tuning and feature selection in machine learning. We study selection under differential privacy, where a released index guarantees privacy for individual vectors. Though selection can be solved with an excellent utility guarantee in the central model of differential privacy, the distributed setting where no single entity is trusted to aggregate the data lacks solutions. Specifically, strong privacy guarantees with high utility are offered in high trust settings, but not in low trust settings. For example, in the popular shuffle model of distributed differential privacy, there are strong lower bounds suggesting that the utility of the central model cannot be obtained. In this paper we design a protocol for differentially private selection in a trust setting similar to the shuffle model - -with the crucial difference that our protocol tolerates corrupted servers while maintaining privacy. Our protocol uses techniques from secure multi-party computation (MPC) to implement a protocol that: (i) has utility on par with the best mechanisms in the central model, (ii) scales to large, distributed collections of high-dimensional vectors, and (iii) uses k\geq 3 servers that collaborate to compute the result, where the differential privacy guarantee holds assuming an honest majority. Since general-purpose MPC techniques are not sufficiently scalable, we propose a novel application of integer secret sharing, and evaluate the utility and efficiency of our protocol both theoretically and empirically. Our protocol improves on previous work by Champion, shelat and Ullman (CCS '19) by significantly reducing the communication costs, demonstrating that large-scale differentially private selection with information-theoretical guarantees is feasible in a distributed setting.
| Originalsprog | Engelsk |
|---|---|
| Titel | WWW 2024 - Proceedings of the ACM Web Conference |
| Antal sider | 12 |
| Forlag | Association for Computing Machinery, Inc. |
| Publikationsdato | 2024 |
| Sider | 1103-1114 |
| ISBN (Elektronisk) | 9798400701719 |
| DOI | |
| Status | Udgivet - 2024 |
| Begivenhed | 33rd ACM Web Conference, WWW 2024 - Singapore, Singapore Varighed: 13 maj 2024 → 17 maj 2024 |
Konference
| Konference | 33rd ACM Web Conference, WWW 2024 |
|---|---|
| Land/Område | Singapore |
| By | Singapore |
| Periode | 13/05/2024 → 17/05/2024 |
| Sponsor | ACM SIGWEB |
| Navn | WWW 2024 - Proceedings of the ACM Web Conference |
|---|
Bibliografisk note
Funding Information:Nelson and Pagh carried out this work at Basic Algorithms Research Copenhagen (BARC), supported by the VILLUM Foundation grant 16582, and are also supported by Providentia, a Data Science Distinguished Investigator grant from Novo Nordisk Fonden. The research described in this paper has received funding from: the Carlsberg Foundation under the Semper Ardens Research Project CF18-112 (BCM); the European Research Council (ERC) under the European Unions's Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC); the Danish Independent Research Council under Grant-ID DFF-2064-00016B (YOSO) and DFF-3103-00077B (CryptoDigi).
Publisher Copyright:
© 2024 ACM.