Local Node Differential Privacy
YouTube · tCgM4XGvHvY
Quick Read
Summary
Takeaways
- ❖Local Node Differential Privacy (LNDP) protects the entire edge list of each node in a distributed network.
- ❖The LNDP model operates without a trusted third party or cryptographic assumptions.
- ❖A key challenge in LNDP is that one individual's data change can affect multiple randomizers, unlike standard local models.
- ❖The research provides an algorithmic framework for LNDP using a 'blurring' technique to approximate degree distributions.
- ❖This blurring technique reduces L2 sensitivity, allowing for less noise and more accurate query responses.
- ❖For edge counting in sparse graphs, LNDP shows a significant 'local-central gap', requiring N/epsilon error compared to D/epsilon in the central model.
- ❖Surprisingly, LNDP can achieve central model optimal accuracy for estimating Erdos-Renyi graph parameters and clique sizes.
- ❖Lower bounds for LNDP are established using 'splicing arguments', demonstrating inherent limitations.
- ❖LNDP exhibits a separation between pure and approximate differential privacy, a distinction not found in the standard local model.
Insights
1Local Node Differential Privacy (LNDP) Definition
LNDP is a privacy model for distributed networks where each node applies a randomized algorithm to its own edge list. It guarantees that the entire vector of outputs is indistinguishable across 'node-neighboring' graphs (graphs differing in one node's entire edge set). Crucially, changing one node's data can affect the inputs to multiple randomizers, distinguishing it from the standard local model.
We say that an algorithm satisfies epsilon-delta local node differential privacy if these entire vectors of outputs are indistinguishable when for all node neighboring input graphs. [...] Changing one individual's data can change the input to multiple randomizers.
2The Blurring Technique for Reduced Sensitivity
To improve accuracy for linear queries about degree distributions, the algorithm uses a 'blurry degree distribution'. Each node splits its degree between the two nearest multiples of a smoothing parameter (S). This 'blurry vector' representation significantly reduces the L2 sensitivity of individual node contributions from order N to order 1 + N/S^2, allowing for much less Gaussian noise to be added.
To get away with adding less noise, we're going to shift from using the graph's degree distribution to using what I call a blurry approximation of the graph's degree distribution. [...] The vector of blurry vectors has low L2 sensitivity. [...] For comparison, the L2 squared sensitivity of the vector of indicator vectors is of order N. So, for all S bigger than a constant, we're like we're we're winning in terms of in terms of L2 squared sensitivity.
3Significant Local-Central Gap for Edge Counting
For edge counting in graphs with maximum degree at most D, LNDP algorithms require an error of N/epsilon, which is substantially higher than the D/epsilon error achievable in the central model. This indicates a strong privacy-utility trade-off when strict local node privacy is enforced for sparse graphs.
In the central model, error D over epsilon is both necessary and sufficient. So what that means is that we have a really strong local central gap here. [...] In the local model, you can't do any non-trivial edge counting when you want accuracy for graphs with degree at most one over epsilon.
4LNDP Can Match Central Model Optimality in Specific Cases
Despite the general local-central gap, LNDP can surprisingly achieve central model optimal accuracy for certain problems. For instance, estimating the parameter P of an Erdos-Renyi graph or the size of a clique (in a specific graph structure where nodes are either isolated or part of a large clique) can be done with error bounds matching the central model's 1/epsilon dependence, a feat impossible for the standard local model due to privacy amplification by shuffling.
For the regime where epsilon is constant, our local model upper bounds are matching the central model lower bounds for this task. [...] The fact that we're able to match the central model is really surprising because, um, it's actually impossible to match the central model in this in this manner in the standard local model.
5Splicing Argument for Lower Bounds
The lower bound for edge counting (error N is necessary even for graphs with maximum degree 1) is proven using a 'splicing argument'. This involves demonstrating that no LNDP algorithm can distinguish an empty graph from a random perfect matching. This is achieved by showing both are indistinguishable from a 'random star' graph, leveraging the tensorization property of distance measures and the fact that only one node can differentiate between these graph types.
We're going to show that no LNDP algorithm can distinguish an empty graph from a random perfect matching. [...] We're going to go through a third family of graphs, the random star. [...] The key insight in this lower bound is what we call the splicing argument.
6Separation Between Pure and Approximate LNDP
Unlike the non-interactive standard local model where approximate LDP can be simulated by pure LDP, LNDP exhibits a clear separation. This is evidenced by the ability to accurately estimate clique sizes with approximate LNDP but not with pure LNDP, suggesting fundamental differences in how privacy guarantees compose and behave in this network-centric model.
One interesting structural result is that like there's this separation between pure and approximate LDP. [...] The reason why that's interesting is that that separation doesn't hold in the non-interactive standard local model.
Key Concepts
Act Local, Think Global
Nodes apply randomized algorithms to their local data (edge lists), but privacy is analyzed globally across the entire network's output, allowing for novel algorithmic and lower bound ideas.
Blurring for Sensitivity Reduction
Instead of directly representing a node's exact degree, a 'blurry' approximation distributes its degree across nearest multiples of a smoothing parameter (S). This reduces the L2 sensitivity of the data representation, enabling the addition of less noise and improving accuracy for aggregate queries.
Splicing Argument (Lower Bounds)
To prove lower bounds on error, the technique involves showing that an LNDP algorithm cannot distinguish between an empty graph and a random perfect matching by relating both to a 'random star' graph. This 'splicing' of indistinguishability arguments across different graph types reveals fundamental limitations.
Lessons
- When designing privacy-preserving systems for distributed networks, consider the Local Node Differential Privacy (LNDP) model, especially when a central trusted party is not feasible and individual nodes control their own data.
- For tasks involving aggregate statistics of degree distributions in LNDP, implement the 'blurring' technique to reduce data sensitivity and minimize the amount of noise required, thereby improving accuracy.
- Recognize the inherent 'local-central gap' for certain graph queries (e.g., edge counting in sparse graphs) under LNDP, and manage expectations regarding achievable accuracy compared to central DP models. Focus on specific graph properties where LNDP can achieve optimal results.
- Explore the implications of the observed separation between pure and approximate LNDP, particularly when choosing privacy parameters and composition strategies for complex network analyses.
- Investigate open questions such as the behavior of LNDP for general graphs beyond sparse cases, the potential for fully interactive algorithms to circumvent lower bounds, and the utility of intermediate trust models to balance privacy and accuracy.
Notable Moments
Discussion on malicious nodes and trust architecture in LNDP, where privacy guarantees hold for the subgraph induced by honest nodes, but malicious nodes can leak their own data.
This clarifies the practical trust assumptions of LNDP: it protects honest participants but cannot prevent malicious actors from revealing their own connections, a fundamental limitation in socially structured, overlapping data.
Clarification that the 'random star' graph in lower bound arguments refers to a distribution over stars with a randomly chosen center.
This detail is crucial for understanding the probabilistic nature of the lower bound proofs, ensuring that the indistinguishability arguments apply across a class of graphs rather than a single fixed structure.
Quotes
"Each person's phone knows who they text, but no central authority knows who people text. How can we privately release aggregate information about this network?"
"Changing one individual's data can change the input to multiple randomizers. So something fundamentally different is going on here as compared to the standard local model."
"This local model is incredibly popular in industry. It's got this very simple trust architecture. It's very lightweight."
"We're sort of going to act local and think global. We're going to add distributed noise locally and analyze privacy globally."
"This blurring approach is incredibly powerful because it allows us to essentially only worry about changes to the change node when S is sufficiently large."
Q&A
Recent Questions
Related Episodes

Differentially Private Table-Image Multimodal Data Generation
"This research introduces DP-TabImage, a novel differentially private framework for generating synthetic multimodal data (tables and images) that preserves both individual data fidelity and cross-modal correlations, significantly outperforming existing methods."

Differentially Private Multiway and k-Cut
"This talk details novel algorithms and lower bounds for achieving differential privacy in graph cut problems, specifically multiway and k-cut, crucial for protecting sensitive user data in graph-based applications."

The Limits and Possibilities of One Run Auditing
"This talk dissects the theoretical limitations of one-run privacy auditing for differential privacy while demonstrating its practical effectiveness and outlining pathways for significant improvement."

Recording Scary FIRST DATE Stories!!!
"Four terrifying first-date stories expose the dark side of modern dating, from stalkers and cheating spouses to drug-spiking and gang violence, revealing critical lessons in vigilance and self-preservation."