The communication cost of security and privacy in federated frequency estimation

11/18/2022
by   Wei-Ning Chen, et al.
0

We consider the federated frequency estimation problem, where each user holds a private item X_i from a size-d domain and a server aims to estimate the empirical frequency (i.e., histogram) of n items with n ≪ d. Without any security and privacy considerations, each user can communicate its item to the server by using log d bits. A naive application of secure aggregation protocols would, however, require dlog n bits per user. Can we reduce the communication needed for secure aggregation, and does security come with a fundamental cost in communication? In this paper, we develop an information-theoretic model for secure aggregation that allows us to characterize the fundamental cost of security and privacy in terms of communication. We show that with security (and without privacy) Ω( n log d ) bits per user are necessary and sufficient to allow the server to compute the frequency distribution. This is significantly smaller than the dlog n bits per user needed by the naive scheme, but significantly higher than the log d bits per user needed without security. To achieve differential privacy, we construct a linear scheme based on a noisy sketch which locally perturbs the data and does not require a trusted server (a.k.a. distributed differential privacy). We analyze this scheme under ℓ_2 and ℓ_∞ loss. By using our information-theoretic framework, we show that the scheme achieves the optimal accuracy-privacy trade-off with optimal communication cost, while matching the performance in the centralized case where data is stored in the central server.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset