The shuffle model of differential privacy has gained significant interest as an intermediate trust model between the standard local and central models [EFMRTT19; CSUZZ19]. A key result in this model is that randomly shuffling locally randomized data amplifies differential privacy guarantees. Such amplification implies substantially stronger privacy guarantees for systems in which data is contributed anonymously [BEMMRLRKTS17]. In this work, we improve the state of the art privacy amplification by shuffling results both theoretically and numerically. Our first contribution is the first asymptotically optimal analysis of the R\'enyi differential privacy parameters for the shuffled outputs of LDP randomizers. Our second contribution is a new analysis of privacy amplification by shuffling. This analysis improves on the techniques of [FMT20] and leads to tighter numerical bounds in all parameter settings.

翻译：差分隐私的混洗模型作为标准本地模型与中心模型之间的中间信任模型，已引起广泛关注[EFMRTT19; CSUZZ19]。该模型的一个关键结论是：对本地随机化数据进行随机混洗能够放大差分隐私保证。这种放大效应意味着在匿名数据贡献系统中可获得显著更强的隐私保障[BEMMRLRKTS17]。本研究从理论和数值两方面改进了现有混洗隐私放大的技术水平。我们的首个贡献是首次对LDP随机化器混洗输出的Rényi差分隐私参数进行了渐近最优分析。第二个贡献则提出了混洗隐私放大的新分析方法。该分析改进了[FMT20]的技术路径，在所有参数设置下均能得到更紧致的数值边界。