超越纯本地差分隐私的洗牌机制分析 (Analysis of Shuffling Beyond Pure Local Differential Privacy)

Shuffling is a powerful way to amplify privacy of a local randomizer in private distributed data analysis, but existing analyses mostly treat the local differential privacy (DP) parameter $\varepsilon_0$ as the only knob and give generic upper bounds that can be loose and do not even characterize how shuffling amplifies privacy for basic mechanisms such as the Gaussian mechanism. We revisit the privacy blanket bound of Balle et al. (the blanket divergence) and develop an asymptotic analysis that applies to a broad class of local randomizers under mild regularity assumptions, without requiring pure local DP. Our key finding is that the leading term of the blanket divergence depends on the local mechanism only through a single scalar parameter $χ$, which we call the shuffle index. By applying this asymptotic analysis to both upper and lower bounds, we obtain a tight band for $δ_n$ in the shuffled mechanism's $(\varepsilon_n,δ_n)$-DP guarantee. Moreover, we derive a simple structural necessary and sufficient condition on the local randomizer under which the blanket-divergence-based upper and lower bounds coincide asymptotically. $k$-RR families with $k\ge3$ satisfy this condition, while for generalized Gaussian mechanisms the condition may not hold but the resulting band remains tight. Finally, we complement the asymptotic theory with an FFT-based algorithm for computing the blanket divergence at finite $n$, which offers rigorously controlled relative error and near-linear running time in $n$, providing a practical numerical analysis for shuffle DP.

翻译：洗牌机制是增强私有分布式数据分析中本地随机化器隐私保护能力的一种有效方法，但现有分析大多仅将本地差分隐私（DP）参数 $\varepsilon_0$ 作为唯一调节变量，给出的通用上界往往较为宽松，甚至未能刻画洗牌机制对高斯机制等基础机制的隐私增强效果。我们重新审视了 Balle 等人提出的隐私覆盖界（覆盖散度），并在温和的正则性假设下，针对一大类本地随机化器建立了渐近分析框架，该框架不要求满足纯本地差分隐私。我们的核心发现是：覆盖散度的主导项仅通过一个标量参数 $χ$（我们称之为洗牌指数）依赖于本地机制。通过将这一渐近分析同时应用于上界与下界，我们得到了洗牌机制 $(\varepsilon_n,δ_n)$-DP 保证中 $δ_n$ 的紧致区间。此外，我们推导出一个简单的结构性充要条件：当本地随机化器满足该条件时，基于覆盖散度的上界与下界在渐近意义下重合。$k\ge3$ 的 $k$-RR 族满足该条件，而对于广义高斯机制，虽然该条件可能不成立，但所得区间仍保持紧致性。最后，我们通过基于快速傅里叶变换的算法对渐近理论进行了补充，该算法可在有限 $n$ 下计算覆盖散度，具有严格可控的相对误差和接近线性的 $n$ 相关运行时间，为洗牌差分隐私提供了实用的数值分析工具。