A Unified Framework and Efficient Computation for Privacy Amplification via Shuffling
Abstract
The shuffle model offers significant privacy amplification over local differential privacy (LDP), enabling improved privacy-utility trade-offs. To analyze and quantify this amplification effect, two primary frameworks have been proposed: the \textit{privacy blanket} (Balle et al., CRYPTO 2019) and the \textit{clone paradigm}, which includes both the \textit{standard clone} and \textit{stronger clone} (Feldman et al., FOCS 2021; SODA 2023). All of these approaches are grounded in decomposing the behavior of local randomizers. In this work, we present a unified perspective--termed the \textit{general clone paradigm}--that captures all decomposition-based analyses. We identify the optimal decomposition within this framework and design a simple yet efficient algorithm based on the Fast Fourier Transform (FFT) to compute tight privacy amplification bounds. Empirical results show that our computed upper bounds nearly match the corresponding lower bounds, demonstrating the accuracy and tightness of our method. Furthermore, we apply our algorithm to derive optimal privacy amplification bounds for both joint composition and parallel composition of LDP mechanisms in the shuffle model.