The shuffle model of differential privacy (DP) has recently emerged as a powerful one for decentralized computation without fully trustable parties. Since it anonymizes and permutes messages from clients through a shuffler, the privacy can be amplified and utility can be improved. However, the shuffling procedure in turn restricts its applications only to statistical tasks that are permutation-invariant. This work explores the feasibility of shuffle privacy amplification for prevalent non-statistical computations: spatial crowdsourcing, combinatorial optimization, location-based social systems, and federated learning with incentives, which suffer either computationally intractability or intolerable utility loss in existing approaches (e.g., secure MPC and local DP). We proposes a new paradigm of shuffle model that can provide critical security functionalities like message authorization and result access control, meanwhile maintaining the most of privacy amplification effects. It incurs almost the same computation/communication costs as the non-private setting, and permits the server to run arbitrary algorithms on (noisy) client information in plaintext. Our novel technique is introducing statistically random identity into DP and force identical random distribution on all clients, so as to support secure functionalities even after message shuffling and to maintain privacy amplification simultaneously. Given that existing DP randomizers fails in the new shuffle model, we also propose a new mechanism and prove its optimality therein. Experimental results on spatial crowdsourcing, location-based social system, and federated learning with incentives, show that our paradigm and mechanism is fast as non-private settings, while reducing up to 90% error and increasing utility performance indicates by 100%-300% relatively, and can be practical under reasonable privacy budget.

翻译：差分隐私（DP）的洗牌模型最近已成为一种强大的去中心化计算范式，适用于不存在完全可信方的情形。由于该模型通过洗牌器对来自客户端的消息进行匿名化与重排，隐私保护效果得以增强，数据效用亦得到提升。然而，洗牌过程反过来将其应用范围限制在具有排列不变性的统计任务中。本研究探讨了洗牌隐私放大机制在主流非统计计算任务中的可行性：空间众包、组合优化、基于位置的社交系统以及带激励的联邦学习。这些任务在现有方法（如安全多方计算和本地差分隐私）中均面临计算不可行性或难以承受的效用损失。我们提出了一种新型洗牌模型范式，能够在保持大部分隐私放大效果的同时，提供消息授权与结果访问控制等关键安全功能。该范式产生的计算/通信开销与非隐私设置几乎相同，并允许服务器对（添加噪声后的）客户端明文信息运行任意算法。我们的核心技术在于将统计随机身份引入差分隐私框架，并强制所有客户端遵循相同的随机分布，从而在消息洗牌后仍能支持安全功能，同时维持隐私放大效果。鉴于现有差分隐私随机化器在新洗牌模型中失效，我们还提出了一种新机制并证明了其在该模型中的最优性。在空间众包、基于位置的社交系统及带激励的联邦学习上的实验结果表明：我们的范式与机制在运行速度上与非隐私设置相当，同时将误差降低最高达90%，相对效用指标提升100%-300%，且能在合理的隐私预算下保持实用性。