Privacy-preserving vector mean estimation is a crucial primitive in federated analytics. Existing practices usually resort to Local Differentiated Privacy (LDP) mechanisms that inject random noise into users' vectors when communicating with users and the central server. Due to the privacy-utility trade-off, the privacy budget has been widely recognized as the bottleneck resource that requires well-provisioning. In this paper, we explore the possibility of privacy budget recycling and propose a novel Chained-DP framework enabling users to carry out data aggregation sequentially to recycle the privacy budget. We establish a sequential game to model the user interactions in our framework. We theoretically show the mathematical nature of the sequential game, solve its Nash Equilibrium, and design an incentive mechanism with provable economic properties. We further derive a differentially privacy-guaranteed protocol to alleviate potential privacy collusion attacks to avoid holistic exposure. Our numerical simulation validates the effectiveness of Chained-DP, showing that it can significantly save privacy budget and lower estimation error compared to the traditional LDP mechanism.

翻译：隐私保护下的向量均值估计是联邦分析中的关键基础操作。现有实践通常采用局部差分隐私（LDP）机制，在与用户及中央服务器通信时向用户向量中注入随机噪声。由于隐私-效用权衡，隐私预算被广泛认为是需要精心配置的瓶颈资源。本文探索了隐私预算回收的可能性，提出了一种新颖的链式差分隐私（Chained-DP）框架，使用户能够顺序执行数据聚合以回收隐私预算。我们建立了一个序贯博弈来建模该框架中的用户交互，从理论上揭示了序贯博弈的数学本质，求解其纳什均衡，并设计了具有可证明经济属性的激励机制。进一步地，我们推导了一种具备差分隐私保证的协议，以缓解潜在的隐私共谋攻击，避免全局信息泄露。数值模拟验证了Chained-DP的有效性，表明相比传统LDP机制，该方法能显著节省隐私预算并降低估计误差。