On the Geometry of Two-Party Differentially-Private Protocols

Differential privacy (DP) is a well-studied notion of privacy, that is generally achieved by randomizing outputs to preserve the privacy of the input records. A central problem in differential privacy is how much accuracy must be lost in order to preserve input privacy? We study this question in the context of distributed two-party differentially private protocols, where the input is split between two parties. The recent work of McGregor et al. provided several examples of functionalities for which there is an accuracy gap between the client-server setting and the distributed setting. However, many questions remain: does such a gap exist for any non-trivial functionality? How large must this gap be? Answering these questions for a large and natural class of functionalities in the two-party setting is the main focus of this work. Our work obtains general lower bounds on accuracy for differentially private protocols computing any Boolean function. Our bounds are independent of the number of rounds and the communication complexity of the protocol, and hold with respect to computationally unbounded parties. At the heart of our results is a new general geometric technique for obtaining non-trivial accuracy bounds for any Boolean functionality. We obtain the following results: • We show that for any Boolean function, there is a constant accuracy gap between the accuracy that is possible in the client-server setting and the accuracy that is possible in the two-party setting. • In particular, we show tight results on the accuracy that is achievable for the AND and XOR functions in the two-party setting, completely characterizing which accuracies are achievable for any given level of differential privacy. • Finally, we consider the situation if we relax the privacy requirement to computational differential privacy. We show that to achieve any noticeably better accuracy than what is possible for differentially private two-party protocols, it is essential that one-way functions exist. Microsoft Research India, Bangalore. Email: [email protected]. Microsoft Research Silicon Valley, Mountain View, CA. Email: [email protected]. UT Austin. Email: [email protected]. Department of Computer Science, UCLA, Los Angeles, CA. Email: [email protected].