Go to ICML 2025 Conference homepageLocal Pan-privacy for Federated Analytics
TL;DR: Maintaining differential privacy under intrusion on the local state.
Abstract: Pan-privacy was proposed by Dwork et al. (2010) as an approach to designing a private analytics system that retains its privacy properties in the face of intrusions that expose the system's internal state. Motivated by Federated telemetry applications, we study {\em local pan-privacy}, where privacy should be retained under repeated unannounced intrusions {\em on the local state}. We consider the problem of monitoring the count of an event in a federated system, where event occurrences on a local device should be hidden even from an intruder on that device. We show that under reasonable constraints, the goal of providing information-theoretic differential privacy under intrusion is incompatible with collecting telemetry information. We then show that this problem can be solved in a scalable way using standard cryptographic primitives.
Lay Summary: In this work, we define and study a formal notion of privacy in the federated setting, which allows for privacy to be retained under intrusions on device.
Primary Area: Social Aspects->Privacy
Keywords: Differential Privacy, Pan privacy
Submission Number: 15432
Loading