Shuffle Gaussian Mechanism for Differential PrivacyDownload PDF

Seng Pei Liew, Tsubasa Takahashi

22 Sept 2022 (modified: 12 Mar 2024)ICLR 2023 Conference Withdrawn SubmissionReaders: Everyone
Keywords: differential privacy, shuffle model, dp-sgd, federated learning
TL;DR: We give a first non-trivial study of Gaussian mechanism in the shuffle model using R{\'e}nyi differential privacy (RDP).
Abstract: We study Gaussian mechanism in the shuffle model of differential privacy (DP). We present the \textit{first} non-trivial privacy guarantee of the mechanism by showing that its R{\'e}nyi differential privacy (RDP) is of the form: $$ \epsilon(\lambda) = % D_{\lambda}(\calM(D)||\calM(D')) = \frac{1}{\lambda-1}\log\left(\frac{e^{-\lambda/2\sigma^2}}{n^\lambda}\sum_{\substack{k_1+\dotsc+k_n=\lambda;\\k_1,\dotsc,k_n\geq 0}}\binom{\lambda}{k_1,\dotsc,k_n}e^{\sum_{i=1}^nk_i^2/2\sigma^2}\right) $$ We further prove that the RDP is strictly upper-bounded by the Gaussian RDP without shuffling. The shuffle Gaussian RDP is advantageous in composing multiple DP mechanisms, where we demonstrate its improvement over the state-of-the-art approximate DP composition theorems in privacy guarantees of the shuffle model. Our formalism also has immediate application in several problems studied in the literature, including learning with stochastic gradient descent and distributed/federated learning, of which an empirical study is presented to demonstrate the efficacy of learning privately while employing the shuffle Gaussian mechanism.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors’ identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics
Submission Guidelines: Yes
Supplementary Material: zip
Please Choose The Closest Area That Your Submission Falls Into: Social Aspects of Machine Learning (eg, AI safety, fairness, privacy, interpretability, human-AI interaction, ethics)
Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 3 code implementations](https://www.catalyzex.com/paper/arxiv:2206.09569/code)
6 Replies