The power of synergy in differential privacy: Combining a small curator with local randomizers
Abstract
Motivated by the desire to bridge the utility gap between local and trusted curator models
of differential privacy for practical applications, we initiate the theoretical study of a hybrid
model introduced by "Blender" [Avent et al. USENIX Security ’17], in which differentially private
protocols of n agents that work in the local-model are assisted by a differentially private
curator that has access to the data of m additional users. We focus on the regime where m is much smaller than n and study the new capabilities of the interaction in this (m,n)-hybrid model. We show that,
despite the fact that the hybrid model adds no new capabilities for the basic task of simple
hypothesis-testing, there are many other tasks (under a wide range of parameters) which can
be solved in the hybrid model yet cannot be solved either by the curator or by the local-users
separately. Moreover, we exhibit additional tasks where at least one round of interaction between
the curator and the local-users is necessary - namely, no hybrid model without such
interaction can solve these tasks.
of differential privacy for practical applications, we initiate the theoretical study of a hybrid
model introduced by "Blender" [Avent et al. USENIX Security ’17], in which differentially private
protocols of n agents that work in the local-model are assisted by a differentially private
curator that has access to the data of m additional users. We focus on the regime where m is much smaller than n and study the new capabilities of the interaction in this (m,n)-hybrid model. We show that,
despite the fact that the hybrid model adds no new capabilities for the basic task of simple
hypothesis-testing, there are many other tasks (under a wide range of parameters) which can
be solved in the hybrid model yet cannot be solved either by the curator or by the local-users
separately. Moreover, we exhibit additional tasks where at least one round of interaction between
the curator and the local-users is necessary - namely, no hybrid model without such
interaction can solve these tasks.
Research Areas
