Decomposition-Based Optimal Bounds for Privacy Amplification via Shuffling
Abstract
Shuffling has been shown to amplify differential privacy guarantees, offering a stronger privacy-utility trade-off. To characterize and compute this amplification, two fundamental analytical frameworks have been proposed: the privacy blanket by Balle et al. (CRYPTO 2019) and the clone paradigm (including both the standard clone and stronger clone) by Feldman et al. (FOCS 2021, SODA 2023). All these methods rely on decomposing local randomizers. In this work, we introduce a unified analysis framework--the general clone paradigm--which encompasses all possible decompositions. We identify the optimal decomposition within the general clone paradigm. Moreover, we develop a simple and efficient algorithm to compute the exact value of the optimal privacy amplification bounds via Fast Fourier Transform. Experimental results demonstrate that the computed upper bounds for privacy amplification closely approximate the lower bounds, highlighting the tightness of our approach. Finally, using our algorithm, we conduct the first systematic analysis of the joint composition of LDP protocols in the shuffle model.