Necessary Conditions in Multi-Server Differential Privacy

Authors Albert Cheu , Chao Yan

Thumbnail PDF


  • Filesize: 1.11 MB
  • 21 pages

Document Identifiers

Author Details

Albert Cheu
  • Department of Computer Science, Georgetown University, Washington D. C., USA
Chao Yan
  • Department of Computer Science, Georgetown University, Washington D. C., USA


We would like to thank Matthew Joseph for correspondence that refined our understanding of Bayesian re-sampling. We also thank Kobbi Nissim for suggestions for our sample complexity analysis.

Cite AsGet BibTex

Albert Cheu and Chao Yan. Necessary Conditions in Multi-Server Differential Privacy. In 14th Innovations in Theoretical Computer Science Conference (ITCS 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 251, pp. 36:1-36:21, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


We consider protocols where users communicate with multiple servers to perform a computation on the users' data. An adversary exerts semi-honest control over many of the parties but its view is differentially private with respect to honest users. Prior work described protocols that required multiple rounds of interaction or offered privacy against a computationally bounded adversary. Our work presents limitations of non-interactive protocols that offer privacy against unbounded adversaries. We prove that these protocols require exponentially more samples than centrally private counterparts to solve some learning, testing, and estimation tasks. This means sample-efficiency demands interactivity or computational differential privacy, or both.

Subject Classification

ACM Subject Classification
  • Security and privacy → Information-theoretic techniques
  • Mathematics of computing → Probabilistic algorithms
  • Theory of computation → Distributed algorithms
  • Theory of computation → Online algorithms
  • Theory of computation → Sample complexity and generalization bounds
  • Security and privacy
  • Security and privacy → Privacy protections
  • Differential Privacy
  • Parity Learning
  • Multi-server


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Kareem Amin, Matthew Joseph, and Jieming Mao. Pan-private uniformity testing. CoRR, abs/1911.01452, 2019. URL:
  2. Apple and Google. Exposure notification with privacy-preserving analytics (enpa) white paper. URL:
  3. Victor Balcer, Albert Cheu, Matthew Joseph, and Jieming Mao. Connecting robust shuffle privacy and pan-privacy. CoRR, abs/2004.09481, 2020. URL:
  4. Amos Beimel, Kobbi Nissim, and Eran Omri. Distributed private data analysis: Simultaneously solving how and what. In David A. Wagner, editor, Advances in Cryptology - CRYPTO 2008, 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008. Proceedings, volume 5157 of Lecture Notes in Computer Science, pages 451-468. Springer, 2008. URL:
  5. James Bell, Adria Gascon, Badih Ghazi, Ravi Kumar, Pasin Manurangsi, Mariana Raykova, and Phillipp Schoppmann. Distributed, private, sparse histograms in the two-server model. IACR Cryptology ePrint Archive, 2022. URL:
  6. Andrea Bittau, Úlfar Erlingsson, Petros Maniatis, Ilya Mironov, Ananth Raghunathan, David Lie, Mitch Rudominer, Ushasree Kode, Julien Tinnés, and Bernhard Seefeld. Prochlo: Strong privacy for analytics in the crowd. In Proceedings of the 26th Symposium on Operating Systems Principles, Shanghai, China, October 28-31, 2017, pages 441-459. ACM, 2017. URL:
  7. David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84-88, 1981. URL:
  8. Albert Cheu. Differential privacy in the shuffle model. URL:
  9. Albert Cheu, Adam D. Smith, Jonathan Ullman, David Zeber, and Maxim Zhilyaev. Distributed differential privacy via shuffling. In Yuval Ishai and Vincent Rijmen, editors, Advances in Cryptology - EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19-23, 2019, Proceedings, Part I, volume 11476 of Lecture Notes in Computer Science, pages 375-403. Springer, 2019. URL:
  10. Albert Cheu and Jonathan R. Ullman. The limits of pan privacy and shuffle privacy for learning and estimation. CoRR, abs/2009.08000, 2020. URL:
  11. Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam D. Smith. Calibrating noise to sensitivity in private data analysis. In Shai Halevi and Tal Rabin, editors, Theory of Cryptography, Third Theory of Cryptography Conference, TCC 2006, New York, NY, USA, March 4-7, 2006, Proceedings, volume 3876 of Lecture Notes in Computer Science, pages 265-284. Springer, 2006. URL:
  12. Cynthia Dwork, Moni Naor, Toniann Pitassi, Guy N Rothblum, and Sergey Yekhanin. Pan-private streaming algorithms. In Innovations in Computer Science (ICS), 2010. Google Scholar
  13. Saba Eskandarian and Dan Boneh. Clarion: Anonymous communication from multiparty shuffling protocols. IACR Cryptol. ePrint Arch., page 1514, 2021. URL:
  14. Iftach Haitner, Noam Mazor, Jad Silbak, and Eliad Tsfadia. On the complexity of two-party differential privacy. In Stefano Leonardi and Anupam Gupta, editors, STOC '22: 54th Annual ACM SIGACT Symposium on Theory of Computing, Rome, Italy, June 20 - 24, 2022, pages 1392-1405. ACM, 2022. URL:
  15. Palak Jain, Sofya Raskhodnikova, Satchit Sivakumar, and Adam D. Smith. The price of differential privacy under continual observation. CoRR, abs/2112.00828, 2021. URL:
  16. Matthew Joseph, Jieming Mao, Seth Neel, and Aaron Roth. The role of interactivity in local differential privacy. In David Zuckerman, editor, 60th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2019, Baltimore, Maryland, USA, November 9-12, 2019, pages 94-105. IEEE Computer Society, 2019. URL:
  17. Matthew Joseph, Jieming Mao, and Aaron Roth. Exponential separations in local differential privacy. In Shuchi Chawla, editor, Proceedings of the 2020 ACM-SIAM Symposium on Discrete Algorithms, SODA 2020, Salt Lake City, UT, USA, January 5-8, 2020, pages 515-527. SIAM, 2020. URL:
  18. Shiva Prasad Kasiviswanathan, Homin K. Lee, Kobbi Nissim, Sofya Raskhodnikova, and Adam D. Smith. What can we learn privately? In 49th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2008, October 25-28, 2008, Philadelphia, PA, USA, pages 531-540. IEEE Computer Society, 2008. URL:
  19. Andrew McGregor, Ilya Mironov, Toniann Pitassi, Omer Reingold, Kunal Talwar, and Salil P. Vadhan. The limits of two-party differential privacy. In 51th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2010, October 23-26, 2010, Las Vegas, Nevada, USA, pages 81-90. IEEE Computer Society, 2010. URL:
  20. Thomas Steinke. Multi-central differential privacy. CoRR, abs/2009.05401, 2020. URL:
  21. Kunal Talwar. Differential secrecy for distributed data and applications to robust differentially secure vector summation. CoRR, abs/2202.10618, 2022. URL:
  22. Stanley L Warner. Randomized response: A survey technique for eliminating evasive answer bias. Journal of the American Statistical Association, 60(309):63-69, 1965. Google Scholar