Abstract 1 Introduction 2 An Adaptive Attack on the Protocol of Huang et al. [49] 3 Robust Distributed Counting Protocol 4 Analysis of the Robust Protocol 5 Per-round to per-event-index accuracy References

A Simple and Robust Protocol for Distributed Counting

Edith Cohen ORCID Google Research, Mountain View, CA, USA
Tel Aviv University, Israel
Moshe Shechner Tel Aviv University, Israel Uri Stemmer ORCID Tel Aviv University, Israel
Google Research, Tel Aviv, Israel
Abstract

We revisit the distributed counting problem, where a server must continuously approximate the total number of events occurring across k sites while minimizing communication. The communication complexity of this problem is known to be Θ(kεlogN) for deterministic protocols. Huang, Yi, and Zhang (2012) showed that randomization can reduce this to Θ(kεlogN), but their analysis is restricted to the oblivious setting, where the stream of events is independent of the protocol’s outputs.

Xiong, Zhu, and Huang (2023) presented a robust protocol for distributed counting that removes the oblivious assumption. However, their communication complexity is suboptimal by a polylog(k) factor and their protocol is substantially more complex than the oblivious protocol of Huang et al. (2012). This left open a natural question: could it be that the simple protocol of Huang et al. (2012) is already robust?

We resolve this question with two main contributions. First, we show that the protocol of Huang et al. (2012) is itself not robust by constructing an explicit adaptive attack that forces it to lose its accuracy. Second, we present a new, surprisingly simple, robust protocol for distributed counting that achieves the optimal communication complexity of O(kεlogN). Our protocol is simpler than that of Xiong et al. (2023), perhaps even simpler than that of Huang et al. (2012), and is the first to match the optimal oblivious complexity in the adaptive setting.

Keywords and phrases:
Distributed Streaming, Adversarial Streaming
Funding:
Edith Cohen: Partially supported by Israel Science Foundation (grant 1156/23).
Moshe Shechner: Partially supported by the Israel Science Foundation (grant 1419/24).
Uri Stemmer: Partially supported by the Israel Science Foundation (grant 1419/24), and the Blavatnik Research Foundation.
Copyright and License:
[Uncaptioned image] © Edith Cohen, Moshe Shechner, and Uri Stemmer; licensed under Creative Commons License CC-BY 4.0
2012 ACM Subject Classification:
Theory of computation
; Theory of computation Distributed algorithms
Related Version:
Full Version: https://arxiv.org/abs/2509.05870 [28]
Editor:
Shubhangi Saraf

1 Introduction

In the distributed counting problem, there is a server (a.k.a. the coordinator) and k sites. Throughout the execution, each site observes events occurring at different times. The goal of the server is to maintain an ongoing ε-approximation of the number of events observed by all sites together, while minimizing the communication cost.111For consistency with prior work, throughout the introduction we measure communication complexity by the total number of messages sent during the execution. See Section 4.2.2 for communication in bits.

Keralapura, Cormode, and Ramamirtham [51] presented a simple deterministic protocol for this problem with a communication cost of O(kεlogN), where N is the total number of events. In their protocol, each site tracks its local event count and notifies the server whenever this count increases by a factor of (1+ε). The number of notifications per site is bounded by O(1εlogN), and the total communication is bounded by O(kεlogN). Notably, this protocol requires only one-way communication from the sites to the server. Yi and Zhang [69] later established a lower bound of Ω(kεlogN) on the communication complexity of every deterministic protocol, even when two-way communication is allowed. This shows that the protocol of Keralapura et al. [51] is optimal among deterministic protocols.

For randomized protocols, the picture is more nuanced. Huang, Yi, and Zhang [49] showed that with only one-way communication, the complexity remains Θ(kεlogN), offering no asymptotic improvement over deterministic protocols. However, for the two-way setting, they presented a protocol achieving a lower cost of O(kεlogN), provided that ε1/k.222Throughout the introduction, when stating the communication complexity of randomized protocols we assume that the answers are pointwise accurate with constant probability. For example, for every time step t, the released answer is ε-correct with probability at least 0.99. The dependency on the failure probability will be made precise in the technical sections that follow. Furthermore, they proved a matching lower bound, showing that their two-way randomized protocol is asymptotically optimal among all randomized protocols for this problem.

Oblivious vs. robust protocols.

Huang et al. [49] analyzed their randomized protocol under the assumption that the entire input sequence is fixed in advance. That is, for any fixed input sequence, their protocol must succeed with high probability over its internal randomness. This model is known as the oblivious setting because the entity generating the inputs is “oblivious” to the protocol’s outputs. Protocols designed to succeed in this setting are called oblivious protocols. In contrast, protocols that provably maintain utility even when the input sequence is chosen adaptively, as a function of the protocol’s previous outputs, potentially in an adversarial manner, are called robust protocols (a.k.a. adaptive protocols). It can be easily seen that any deterministic protocol that guarantees correctness in the oblivious setting is automatically robust.333Let 𝒫 be a deterministic oblivious protocol and suppose towards contradiction that there is an adaptive adversary 𝒜 that causes 𝒫 to fail on inputs generated (adaptively) by 𝒜. Let x denote the input sequence generated by 𝒜 when interacting with 𝒫. Now, as 𝒫 is deterministic, it must also fail on this input sequence x even when it is fixed ahead of time, which contradicts the utility guarantees of 𝒫. However, this is not the case for randomized protocols. Intuitively, the difficulty is that when inputs are chosen adaptively, these inputs can become dependent on the internal randomness of the protocol, thereby breaking the analysis (and correctness) of many oblivious protocols. Designing (randomized) robust algorithms and data structures that outperform deterministic ones is a very active research area in several sub-fields of theoretical computer science.444See, e.g., [45, 53, 67, 54, 24, 10, 9, 11, 25, 26, 41, 42, 40, 23, 12, 13, 14, 16, 61, 15, 8, 44, 65, 1, 50, 19, 4, 7, 20, 43, 35, 5, 57, 39].

The work of Huang et al. [49] gave rise to the question of understanding the communication complexity of robust protocols for the distributed counting problem. This question was addressed by Xiong, Zhu, and Huang [68] who presented a robust variant of the protocol of Huang et al. [49]. Their protocol is based on a generic “robustification technique” from Hassidim et al. [44]. This technique uses differential privacy (DP) to protect not the input data, but rather the algorithm’s internal randomness. As Hassidim et al. [44] showed, this can be used to limit (in a precise way) the dependencies between the internal randomness of the algorithm and its inputs, thereby making it easier to argue about the adaptive setting.555Following Hassidim et al. [44], differential privacy was used as a tool to “robustify” many oblivious algorithms in several settings. See, e.g., [4, 7, 39, 6, 27, 59, 56, 22]. While this “robustification technique” is quite generic, it often comes at the cost of increased algorithmic complexity and reduced performance compared to the “base” oblivious algorithm.

At a high level, the robust protocol of Xiong et al. [68] has two components: (1) An oblivious protocol, similar to that of Huang et al. [49] but more suited to serve as the “base” protocol in the robustification-via-DP framework; and (2) a DP layer that adds appropriately calibrated noise in order to “hide” the internal randomness used by the base protocol from anyone who observes the released outputs. This approach has three shortcomings:

  1. 1.

    The resulting protocol is significantly more complex compared to the oblivious protocol of Huang et al. [49], mainly due to the DP layer.

  2. 2.

    The use of differential privacy as a robustification method inflates the communication complexity by a factor of log0.75(k), from O(kεlogN) to O(klog0.75(k)εlogN).

  3. 3.

    The resulting protocol is robust only in the black-box setting, where the inputs might depend on the outputs of the server, but not directly on the internal state of the protocol or the messages transmitted between the server and the sites.

These shortcomings raise the following question:

Question 1.

Could it be that the randomized protocol of Huang et al. [49] is itself robust, thereby avoiding these shortcomings?

This question was left open by Xiong et al. [68]. That is, even though they presented a robust variant of the protocol of Huang et al. [49], they did not present an attack or argue about the robustness of the original (randomized) protocol.

1.1 Our results

We give two answers to Question 1.

  1. 1.

    First, we show that the original (randomized) protocol of Huang et al. [49] is itself not robust. Specifically, we design an adaptive attack that generates the inputs (sequences of events) in a way that forces the protocol of Huang et al. [49] to fail.

  2. 2.

    Nevertheless, we show that small modifications to the protocol of Huang et al. [49] do make it robust (without using any external “robustification techniques”). This allows us to avoid all three shortcomings listed above. Specifically, our protocol is as simple as that of Huang et al. [49] (perhaps even simpler), our communication complexity is optimal, and our protocol is robust even in the face of a white-box attacker where the inputs might be generated both as a function of the released outputs and as a function of the internal state and messages transmitted between the server and the sites.

These results are specified in the following two theorems.

Theorem 2 (Adaptive attack, informal version of Theorem 4).

There exists an attack that generates adaptive inputs to the protocol of Huang et al. [49] that forces it to fail (have error greater than (1+ε)) with high probability.

Theorem 3 (Simple robust protocol, informal version of Theorem 17).

There is a robust protocol in the white-box setting for the distributed counting problem with k sites that guarantees ε-accuracy over N events while achieving optimal communication complexity of O(kεlogN).

Before giving a technical overview of our results, we first describe the oblivious protocol of Huang et al. [49], so that we could illustrate our adaptive attack on it. We then describe the robust protocol of Xiong et al. [68], so that we could convey the simplicity of our new protocol.

1.2 Informal overview of the oblivious protocol of Huang et al. [49]

At a high level, the protocol of Huang et al. [49] operates in rounds, where each round processes roughly twice the number of events as the previous one. Hence, the total number of rounds is Θ(logN). The breakdown into rounds is determined by a deterministic background protocol, similar to that of Keralapura et al. [51]: Each site i transmits a message to the coordinator each time its local event count ni doubles. This allows the coordinator to maintain a factor 2 approximation n[n/2,n] of the total event count n=i[k]ni. When n roughly doubles, the server ends the current round and broadcasts to all sites an updated transmission probability pkεn=Θ(kεn). This transmission probability remains fixed during the round and is roughly halved from round to round.

The finer approximation is achieved via the following randomized protocol. For each event arrival at site i, the site samples a Bernoulli random variable with parameter p. If the sample is 1, the site transmits its exact local counter n¯i=ni to the server. Throughout the execution, the server estimates each local count ni as n^i=0 if no transmission was received from site i and as n^i=n¯i1+1/p, where n¯i is the last value received from site i. The correction term (1+1/p) accounts for the expected value of nin¯iGeom[p]1, which is the number of events that occurred since the last report by the site. The server then estimates the total event count as n^=i[k]n^i.

Huang et al. [49] showed that for any fixed input sequence, the estimator for each local count, n^i, is unbiased, i.e., E[n^i]=ni, and that it has a bounded variance of Var(n^i)1p2. Thus, the variance of the final estimator satisfies Var(n^)=Var(i[k]n^i)kp2, which is at most (εn)2 as p=Θ(kεn). So the standard deviation is of the order of εn, as required.

When a round ends and p is updated to p, the server performs a random correction on its stored count n¯i for each site i. This ensures that the corrected value has the exact same distribution as if the protocol had been run all along with transmission probability p. Consequently, the variance bound (Var(n^)εn) remains valid throughout the execution.666Specifically, when p is updated to p, the server updates every n¯i to n¯i=n¯iZ for an appropriate random variable Z whose distribution depends on p,p.

The expected communication cost per round includes O(k) messages for broadcasting the transmission probability p, and pO(n) messages from the sites to the server, since each of the n events is transmitted with probability p. Overall, the communication cost is

O((k+pn)logN)=O(kεlogN),

where the last equality follows by plugging in p and by the assumption that k1/ε2.

1.3 Our adaptive attack on the protocol of Huang et al. [49]

We construct an adaptive adversary that observes the server’s output and selectively generates events that cause the protocol of Huang et al. [49], which we denote as 𝒜, to fail. The attack operates iteratively in a round-robin fashion over the sites as follows: it continues sending events to a given site until it observes a change in the output of 𝒜. Once a change is detected, the attack proceeds to the next site. The intuition is that when the output of 𝒜 changes, it means that the current site i has just transmitted a message to the server, with n¯i=ni. At that point the estimator n^i is larger than the actual local count ni by (1+1/p). Hence, by stopping sending events to that site, the attacker introduces a positive estimation bias. Furthermore, this bias persists (in expectation) even when the server changes to the next round, as the random corrections to n¯i do not change the expectation of the estimate n^i. By repeating this process across multiple sites, the adversary accumulates a global bias in the total estimate n^, thereby causing the server to lose accuracy. After sufficiently many events, the expected bias at any given time is (k1)/pkεn. This can be formalized to obtain Theorem 2. See Section 2 for more details.

1.4 Informal overview of the robust protocol of Xiong et al. [68]

We now elaborate on the robust protocol of Xiong et al. [68]. As we mentioned, this protocol has two components: (1) An oblivious “base protocol”, similar to that of Huang et al. [49]; and (2) a DP-layer for robustifying this oblivious protocol.

We first describe the oblivious “base protocol” used by Xiong et al. [68]. At a high level, like Huang et al. [49], this oblivious protocol operates in rounds. In the beginning of each round, the server notifies the sites of the new round, collects exact counts from all the sites, and broadcasts the exact total count till now, denoted as n0. Given n0, every site i divides its stream of events into blocks of size Δ=O(εn0/k). For each block j, site i samples a random threshold ri,j[Δ]. Throughout the round, site i sends a message to the server whenever its local count crosses any of its internal thresholds ri,j. On the server side, we estimate the total event count from the beginning of the round as BΔ, where B denotes the number of messages received from all sites together. This protocol has similar performance to Huang et al. [49], and similarly, its analysis assumes an oblivious input.

We now elaborate on how Xiong et al. [68] robustified this protocol using DP. To motivate this, observe that if the attacker knows all the internal thresholds ri,j, then it can easily attack this protocol, similarly to the way we attacked the protocol of Huang et al. [49]. Specifically, the attacker sends events to site i till its local count crosses a “large” threshold, say at least 3Δ/4. This accumulates a bias of Ω(εn0/k) in the estimation for the local count of site i. The attacker then continues to the next site. After Ω(k) sites, the attacker achieves a significant bias of more than εn0, thereby causing the protocol to fail. So we want to hide the internal thresholds from the attacker.

However, note that even if the attacker does not know the thresholds then it can still attack the protocol in a similar manner. Specifically, the attacker sends events to site i till it sees that the output of the protocol was modified. At that moment the attacker knows that site i has just transmitted a message, and therefore it learns its current threshold exactly (as the attacker knows how many events site i has received), and it can hence conduct the same attack as before. So we also want to hide the times at which the output of the protocol changes.

Xiong et al. [68] used two generic techniques from differential privacy in order to hide these two aspects of their oblivious protocol: the AboveThreshold algorithm of Dwork et al. [37] and the binary tree mechanism of Dwork et al. [36]. They then proved, building on the work of Hassidim et al. [44], that the resulting protocol is robust in the black-box model. On the other hand, a white-box attacker, who knows the internal thresholds or sees the communication between the server and the sites, can still conduct the attack described above. Thus, the protocol of Xiong et al. [68] is not robust in the white-box model.

1.5 Informal overview of our simple robust protocol

Our protocol also operates in rounds. Similarly to the oblivious “base protocol” of Xiong et al. [68], in the beginning of each round, the server notifies the sites of the new round, collects exact counts from all the sites, and broadcasts the exact total count so far, denoted as n0. Given n0, every site determines this round’s transmission probability pkεn0. Then, throughout the round, whenever a site receives an event, it samples a bit b from Bernoulli(p) and if b=1 then the site sends the message “1” to the server. At any moment throughout the round, the server estimates the current total number of events as n0+B/p, where B denotes the number of “1” messages the server has received from the beginning of the round. The round ends when B=k, which happens after kpεkn0 events in expectation.

We show that this absurdly simple protocol is both optimal and adversarially robust (in the white-box model). We sketch the arguments here; see Sections 3, 4, 5 for the formal details.

Communication.

Note that n0 increases (in expectation) by a factor of (1+εk) from round to round. Therefore, the total number of rounds is log1+εkN, which for ε<1/k is 1kεlogN. The communication cost of each round is O(k): In the beginning of the round the server broadcasts the start of the new round and obtains an exact local count from each of the sites, and throughout the round the server receives exactly k “1” messages from the sites. Therefore, the expected overall communication cost is O(kεlogN), matching the communication cost of the oblivious protocol of Huang et al. [49].

Robustness.

The robustness of our protocol follows from the fact that it is symmetric w.r.t. which site receives an event. Specifically, at any given moment throughout the execution, and for every conditioning on the transcript of the interaction so far, the distribution on the outcome of the server is identical whether site i receives an event or site j receives an event. Thus, the attacker might as well send all events to site i=1, as this has no effect on the outcome distribution of the server. As sending all events to site i=1 is an oblivious stream of inputs, it suffices to analyze the error of our protocol in the oblivious setting.

Accuracy.

So let us consider the oblivious stream where all events arrive at site i=1. For consistency with prior works, we analyze our protocol in terms of “per-time” accuracy (a.k.a. pointwise accuracy): For every time step n, with probability 0.99 the returned estimate at this time, n^, satisfies |n^n|εn. Here we only sketch the argument; see Sections 4 and 5 for the formal details, along with a “for-all” accuracy guarantee (uniform across all time steps). At a high level, our utility analysis has two parts:

  1. (1)

    “Per-round” accuracy. For every r we show that with probability at least 0.99, the maximum relative error of the count at all events that fall in the rth round is at most ε. To see why this holds, recall that the number of “1” messages we receive during the round is exactly k, and that the number of events witnessed during this round is distributed as the sum of k geometric random variables X1,,XkGeom(p). That is, after the th “1” message, our estimate is (n0+p), where n0 is the exact count at the beginning of the round, while the actual event count is (n0+j=1Xj). We can thus bound our estimation error using standard (partial-sum) tail bounds on the geometric distribution. Specifically, with probability at least 0.99 it holds that max1k|j=1Xjp|kpεn0εn, yielding our desired relative error throughout the round.

  2. (2)

    From per-round to per-time accuracy. Converting a per-round guarantee into a per-time guarantee is subtle, because for a fixed time step n it is not clear a priori which round r the time step n will belong to. Furthermore, conditioning on n belonging to a specific round r changes the distribution of our geometric RVs and breaks our per-round analysis. A naive solution here would be to union bound over all rounds, but this would yield a “for-all” guarantee that would not match the optimal per-time complexity. Informally, we overcome this by showing that it suffices to union bound over constantly many rounds rather than all rounds. More specifically, for a fixed time step t we let t0<t denote the largest time step such that with high probability there is at least one round that starts between time t0 and t. This allows us to ignore the execution before time t0, as the error in step t is independent of past rounds (due to the sync in the beginning of the round starting between t0 and t). Furthermore, we show that in expectation there is at most a constant number of rounds that begin between t0 and t, and that it suffices to argue only about these O(1) rounds.

These arguments can be formalized to obtain Theorem 3, showing that our simple protocol is both optimal and adversarially robust in the white-box model.

1.6 Empirical demonstration

In the full version of the paper (See [28]), we present simulation results comparing our robust protocol with the oblivious protocol of Huang et al. [49]. We test both protocols on two types of streams: our adaptive attack stream and a non-adaptive input stream. We did not include an evaluation of the robust protocol of Xiong et al. [68], as its source code was not available, its implementation relies on external DP libraries, and its associated constants appear to be large. We observe that:

  1. (1)

    As predicted by our analysis, the protocol of Huang [49] is vulnerable to the adaptive attack, whereas our protocol is robust. The difference is quite striking, even more so than guaranteed by our theoretical analysis of the attack, which suggests the constants in our analysis were not tight.

  2. (2)

    On the non-adaptive stream, both protocols exhibit similar performance. This shows that robustness does not come at the expense of practicality. (Recall that both protocols have the same asymptotic guarantees on oblivious streams.)

1.7 Related works

The distributed counting problem is a specific instance of the more general framework of distributed functional monitoring, where the goal is to continuously track a function over data streams distributed across multiple sites. This framework has been extensively studied for various functions beyond simple sums. Significant research has focused on estimating frequency moments, identifying heavy hitters, approximating quantiles, and more [33, 30, 51, 31, 2, 58, 32, 62, 29, 21, 66, 47].

The distributed functional monitoring model is related to other multi-player communication models. A notable example is the classic coordinator model, introduced by Dolev et al. [34], where k players, each holding a static input, communicate with a central referee to compute a function of their joint inputs in a single shot. A significant body of work has analyzed the communication and round complexity of core problems within this model, including [55, 63, 64, 60, 18, 48, 46, 3, 38].

2 An Adaptive Attack on the Protocol of Huang et al. [49]

In this section we show that the protocol proposed in Huang et al. [49], is not robust by presenting an adaptive attack. The attack consistently induces a relative estimation error larger by a factor of Ω(k) compared to the target accuracy ε.

Theorem 4 (Attack on the protocol of Huang et al. [49]).

There exist universal constants c1,c2,c3>0 and an adaptive attack on the protocol of [49] such that for every event count n>c3k/ε we have Pr[n^n>c1kεn] 1ec2k.

2.1 Description of the protocol of Huang et al. [49]

The protocol of Huang et al. [49] is described in Algorithms 2 and 1. We briefly review the protocol and its analysis, which assumes that the event stream is fixed in advance.

Algorithm 1 Doubling Protocol Keralapura et al. [51].

The Doubling protocol (Algorithm 1, Keralapura et al. [51]) is deterministic and runs concurrently on the same input. It maintains a constant-factor approximation of the total event count: each site notifies the server whenever its local count doubles, and the server triggers a BoundaryReached alert when its global estimate doubles. On N events, this protocol incurs a total communication cost of klogN.

The site-side of Huang et al. [49] protocol is very simple: Each site i keeps a local copy of a transmission probability p that is updated via server broadcasts and its local event count ni. On each event, it reports its local count to the server with probability p.

Algorithm 2 Huang et al. [49].

On the server side, the protocol progresses in rounds. The server stores for each site a value n¯i (the last reported count, adjusted as described below) and computes the per-site estimate n^i=n¯i+1/p1 (when n¯i>0). The global estimate is n^=in^i. A new round starts upon a BoundaryReached alert, at which point the server broadcasts an updated probability p and adjusts each n¯i so that the resulting state matches the distribution that would have arisen had the new p been in effect from the beginning.

The analysis of Huang et al. [49] holds under the assumption that the event stream is fixed in advance. First, note that with a fixed transmission probability p, the most recent report from a site with current local count ni satisfies n¯ini+1Geom[p]. Hence the per-site estimate n^i:=n¯i+1/p1 is an unbiased estimator of ni.

When the protocol decreases p at the start of a new round, the server updates each n¯i by subtracting a random variable Zi with the property777These are Zero-inflated geometrics, see Definition 7. that Geom[pold]+Zi=dGeom[p]. This ensures that the distribution of the server state after the update is identical to the distribution that would have been obtained had the protocol run with the new probability p from the start. Moreover, the expected value of n^i is unchanged, since E[Zi]=1/p1/pold.

Therefore, under a fixed input stream, the global estimate n^=in^i remains unbiased for all time. The error distribution at any event count n is stochastically dominated by the deviation of a sum of k independent Geom[p] random variables from its expectation k/p. By standard sub-exponential tail bounds (see Equation 4), for any fixed δ>0, the deviation is O(εn) with probability at least 1δ.

This completes our overview of the analysis of Huang et al. [49] in the non-adaptive setting. We demonstrate that these guarantees fail under adaptively chosen event streams.

2.2 Attack description

Our attack on the protocol of Huang et al. (Algorithm 2) is given in Algorithm 3. The attack continuously monitors the estimates n^ published by the server. It generates the input stream by injecting events exclusively at the current site i until the server updates its estimate. At that moment the attacker switches to the next site in a round-robin order.

Algorithm 3 Attack on the protocol of Huang et al. [49].

2.3 Preliminaries for the Analysis of the Attack

For brevity, we use the same symbol to denote a random variable and its distribution. We write Geom(q) for a geometric random variable with success probability q, supported on {1,2,} with Pr(G=k)=(1q)k1q. We also use the standard notation Bin(n,p) and Bernoulli(p) for the binomial and Bernoulli distributions, respectively.

Lemma 5 (Chernoff bound, multiplicative lower tail [52]).

Let x1,,xn be independent {0,1} random variables, and set X=i=1nxi with mean μ=E[X]. Then for all 0α1 we have Pr[X(1α)μ]exp(μα22).

Corollary 6 (Binomial lower tail).

Let BBinomial(n,p) with p<12. Then for all 0α1 we have Pr[B(1α)pn]exp(pnα22).

Definition 7 (Zero-inflated geometric random variables).

For 0qp1, define

Zq,p:=BG,BBernoulli(1qp),GGeom(q),

with B and G independent.

The proofs for the following two Lemmas are available at the full version of the paper (See [28]).

Lemma 8 (Zero-inflated geometric telescopes).

Fix parameters 1p1p2pr>0. If Zpi+1,pi, i=1,,r1, are independent, then

i=1r1Zpi+1,pi=dZpr,p1.
Lemma 9 (Bernstein tail for a sum of zero-inflated geometrics).

Let p(0,1], α1,,αr[0,1], and for each i let Xi=BiGi with BiBernoulli(αi) and GiGeom(p), supported on {1,2,} with Pr(Gi=k)=(1p)k1p. Assume {(Bi,Gi)}i=1r are independent. Put A:=i=1rαi and μ:=E[iXi]=A/p. Then for all t0,

Pr(i=1rXiμt)exp(t22(A(1p)p2+tp))exp(12min{p2t2A(1p),pt}).

We bound the configured transmission probability and the round length in terms of the event count n0 at the start of a round. These bounds hold for every input stream, including adaptively chosen inputs.

Observation 10 (transmission probability at round start).

Let a new round be initiated when the total event count is n0. Then the configured transmission probability p satisfies

min{1,k2εn0}pmin{1,2kεn0}.
Proof.

The server counter n in Algorithm 1 satisfies n[n/2,n]. Write x=kεn. If x1 then log2x0 and p=1. If x<1 then p=2log2x[x/2,x], so k2εn0p2kεn0. Both cases give the stated bounds.

Observation 11 (Relative round length).

Let n0<n1 be the event count at the start of two consecutive rounds of Algorithm 1. Then n1n0n0 7.

Proof.

Let ni be the respective values of the server counter n at the start of the rounds. It holds that n1[2n0,4n0]. Furthermore, at any given time, the server’s counter n satisfies n[n/2,n], where n is the actual event count. Therefore n0n0 and n12n18n08n0.

2.4 Analysis of the Attack

Throughout this section we assume ε1/k. We analyze the distribution of the protocol execution under the attack. A transcript denotes the full specification of the states of the attack, sites, and server up to some stopping point.

Lemma 12 (Many reporting sites).

Assume εk<1. Fix a transcript up to the initiation of a round at event count n04k/ε, and consider the execution from event n0+1 onward. Let R denote the number of distinct sites that send a Report message to the server during the next n0 events. Then

Pr[R>k8] 1exp(k32ε).
Proof.

Each update to the published estimate is caused by a Report message from the site currently injected by the attack. Whenever a site reports, the attack observes the change in n^ and moves to the next site.

The transmission probability values during the next n0 events are configured at a round that starts at some event count n[n0,2n0] (that is, either at the round that starts at n0 or at a later round). By Observation 10, using our assumption that n04k/ε, the transmission probability values are in the interval [k4εn0,2kεn0]. Therefore, Pr[R<k8]Pr[Bin[n0,k4εn0]<k8]. Applying the Chernoff bound (Corollary 6) with α=1εk2 gives

Pr[Bin[n0,k4εn0]<k8]exp(12k4ε(1εk2)2)exp(k32ε),

where the last inequality uses εk1.

Finally, by the round-robin structure of the attack, once k/8 sites have reported, they are necessarily distinct. Hence with probability at least 1exp(k/(32ε)), the number of distinct reporting sites in the round exceeds k/8.

Corollary 13 (Many sites report once n/14 events have occurred).

Let n56k/ε, and let n0n/14 be the first event index that is greater or equal to n/14 at which a new round starts. Let Rn be the number of distinct sites that report at least once during [n0,n]. Then

Pr[Rn>k2] 1exp(k8ε),

where the probability is over the randomness of the protocol execution from n0+1 onward, conditioned on the transcript up to n0.

Proof.

By Observation 11, some round must start between n/14 and n/2; let n0 be the first such start. Applying Lemma 12, with probability at least 1exp(k/(8ε)), more than k/2 sites report in the interval [n0,2n0][n0,n].

Definition 14 (Reporting transcript).

Consider the randomness in the execution of the protocol under attack. Observe that the attack algorithm is deterministic. The protocol, however, uses two types of randomness:

  • site-side randomness, determining when sites send reports, and

  • server-side randomness, used to adjust the counters n¯i at the beginning of each round.

We call a transcript that fixes all site-side randomness but leaves the server-side randomness unspecified a reporting transcript.

Observation 15.

A reporting transcript uniquely determines the sequence of round start indices, the configured transmission probabilities, and the states of the attack algorithm and the sites. In particular, the value of Rn is fixed by the reporting transcript. The only remaining randomness lies in the server-side adjustments of n¯i and, consequently, in the estimates n^ published by the server.

Lemma 16 (Attack efficacy conditioned on reporting transcript).

Fix an event index n500k/ε and the reporting transcript up to that point. Let m denote the number of events received by the active site at event n since its most recent report. Assume Rnk/2, where Rn is as in Corollary 13. Then there exist absolute constants c1,c2>0 such that

E[n^n] =E[i=1k(n^ini)]c1kεnm, (1)
Pr[n^nc12kεnm]  1ec2k. (2)
Proof.

Let p be the transmission probability at event n. For each site i, let pip be the transmission probability in the round in which i most recently reported. By Observation 11, any event time t[n/2,n] lies in a round that started at some n0(t)t/7n/14. Applying Observation 10 at that start time gives

pi2kεn0(t)28kεn,

for every site that reports at some t[n/2,n]. Since Rnk/8, at least k/8 sites satisfy pi28kεn.

Observe that n¯i equals the last count reported by site i, minus the cumulative randomized adjustments applied so far. By Lemma 8, the distribution of this cumulative adjustment is Zp,pi.

For ii, the last reported count is equal to the current count ni and therefore

n¯i=niZp,pi,E[n¯i]=ni1p+1pi.

For the active site i, the last reported count is nim and therefore

n¯i=nimZp,pi,E[n¯i]=nim1p+1pi.

With the definition n^i:=n¯i+1p1, we have

E[n^i]={ni+1pi1,ii,nim+1pi1,i=i.

Hence

E[i=1k(n^ini)]=i=1k1pikmk8εn28kkm=kεn224km.

Since by our choice of large enough n, taking c1=1/500 we obtain Equation 1.

For deviations, note that

i=1kn^i=i=1knim+i=1k(1pi1)i=1kZp,pi.

Therefore, the distribution of the fluctuations of in^in around its mean is exactly the distribution of the fluctuations of iZp,pi around (its mean) i(1/p1/pi). By Observation 10, pk/(2εn).

Applying Lemma 9 with deviation t=c12kεn, using pk/(2εn) and Ak, yields

Pr(|i=1kZp,pii=1k(1p1pi)|>c12kεn)ec128k.

Rewriting in terms of n^n+m and choosing the constants appropriately gives the claimed high-probability bound (2).

Proof of Theorem 4.

Fix an event index n and consider a transcript of the execution under the attack up to that point. We call a transcript bad if either Rn<k/2 or m>13c1kεn.

From Corollary 13, the first bad event has probability at most exp(Ω(k/ε)). For the second bad event, recall that mGeom(p) with pk/(εn). By standard geometric tail bound: Pr[m>t]=(1p)texp(pt). Substituting t=13c1kεn and pk/(εn) yields

Pr[m>13c1kεn]exp(13c1kεnkεn)=exp(13c1k).

Thus the probability of a bad transcript is at most eΩ(k). Conditioned on a good transcript, we apply Lemma 16. From (2) we obtain Pr[n^n23c1kεn] 1ec2k. Since good transcripts occur with probability 1eΩ(k), the same lower bound holds unconditionally (with adjusted constants c1,c2>0). This proves the theorem.

3 Robust Distributed Counting Protocol

Robust, our robust distributed counting protocol, is described in Algorithm 4. The site-side protocol of Robust is very simple and similar to that of HYZ12: The site stores a local copy of a transmission probability p that is updated by server broadcasts. The site also tracks its local event count as ni. When an event arrives, ni is incremented. With probability p, the site then sends a ReportSample() message to the server. When a CountRequest() request arrives from the server, the site sends the server its current count ni.

Server-side, the protocol operates in rounds: In the beginning of each round the server broadcasts to all sites a CountRequest(), which requests their exact counts, and each site i reports ni, which the server stores as n¯i. Therefore, in the beginning of the round the server has the exact event count n¯i[k]n¯i. The server then updates the transmission probability p, based on the updated n¯, and broadcasts it to the sites (which update their local copy). The transmission probability remains fixed throughout the round. The server also maintains a counter B of the number of ReportSample() messages received from sites during the round. The published estimate for the total number of events is n^:=n¯+B/p, and it is updated when either B or n¯ were updated. The round ends when the kth report is received and a new round is started.

Algorithm 4 Robust Distributed Counting Protocol.

Properties of the Robust Protocol

The properties of the protocol are stated with respect to an adversary (event stream) that is white-box adaptive. Let n^(n) be the server’s estimate after the n-th event and let MN denote the total number of messages sent by the time the N-th event occurs. All probabilities are over the protocol’s internal randomness.

Theorem 17 (Robust: per-event (ε,δ) accuracy).

Fix δ(0,1). There exists a constant c=c(δ)>0 such that, for any event stream and every n1,

Pr[|n^(n)n|>εn]δ.

Moreover,

𝔼[MN]=O(klogNlog(1+kεc))={O(kεlogN),εc/k,O(klogN),ε>c/k.
Theorem 18 (Robust: uniform (ε,δ) accuracy).

For any ε>0, δ(0,1), and N, set

c=O(max{A,Ak}),A:=log1δ+loglogN+max{0,log1kε}.

Then, for any event stream of length at most N, with probability at least 1δ,

maxn[N]|n^(n)n|nε,andMN=O(klogNlog(1+kεc)+klog1δ).

4 Analysis of the Robust Protocol

In this section we prove Theorem 17 and Theorem 18. In Section 4.1 we argue that our protocol is robust, in Section 4.2 we analyze the communication cost, and in Section 4.3 we analyze the accuracy.

4.1 Robustness to an adaptive adversary

Robustness of the protocol is immediate. An adaptive adversary in a white-box setting has the freedom to select which site to inject the next event to, based on the server and stations (historical and current) state and the transcript so far. Observe, however, that the actions and effective state of the server at any given time are oblivious to the particulars of how the events are assigned to sites, and only depend on the total number of events that occurred. In particular, when syncing event counts at the beginning of each round, the server only uses n¯ which is the total exact number of events. Likewise, the number and time of ReportSample() messages, counted by the server in B, do not depend on the site at which the event had occurred. The computed probability p, the termination and restart time of rounds, and the running estimate only depends on these two parameters n¯ and B.

4.2 Communication Analysis

We bound the number of rounds that the protocol performs on the first N events.

Lemma 19 (Number of rounds for N events).

Let RN be the number of rounds the protocol performs to process the first N events. Then

𝔼[RN]=Θ(logNlog(1+kεc)).

Moreover, for any δ(0,1), with probability at least 1δ,

RN=O(logNlog(1+kεc)+log1δ),

where the implicit constant in the O() notation is absolute and independent of δ,ε,k,N.

Proof.

The number of events in one round is

S=i=1kXi,Xii.i.d.Geom(p),p=min{1,ckεn¯},

where Geom(p) is the geometric distribution on {1,2,}. Hence E[S]=k/pmax{k,(εk/c)n¯}.

Call a round big if

S12𝔼[S]εk2cn¯.

For XGeom(p) we have Pr(X1/(2p))1/2; by standard properties of sums of independent geometrics (negative binomial concentration), this implies

Pr(S12𝔼[S])12.

Thus each round is big with probability at least 1/2, independently of other rounds.

Let

s=log 1+εk2cN.

After s big rounds we must have processed at least N events. Let T be the number of rounds needed to accrue s big rounds. Then T is stochastically dominated by the number of Bernoulli(1/2) trials needed to see s successes, so 𝔼[T]2s, and by a standard Chernoff lower-tail bound, for all δ(0,1),

T 2(s+2sln1δ+4ln1δ)with probability at least 1δ.

Since RNT, the high-probability bound follows. Moreover,

𝔼[RN]𝔼[T] 2s=Θ(logNlog(1+kεc)),

as replacing the base 1+εk/(2c) by 1+εk/c only changes the expression by an absolute constant factor. This completes the proof.

4.2.1 Communication on the first 𝑵 events

In each round the protocol sends O(k) messages. We combine with Lemma 19 to obtain

𝔼[MN]=O(klogNlog(1+kεc)).

To establish the message bound in Theorem 17, take c=Θ(1); then log(1+kεc)=Θ(min{1,kε}).

Similarly from Lemma 19 we obtain that for any δ(0,1), with probability at least 1δ,

MN=O(klogNlog(1+kεc)+klog1δ).

To establish the message bound in Theorem 18, we substitute c=O(max{A,A/k}) (with A as defined there).

4.2.2 Communication bounds in bits

Following prior work, we measure communication in terms of messages. We present a lightly modified version of our protocol (Algorithm 4) in which each message has size O(log(k/ε)) bits, improving over the O(logN)-bit messages required in a vanilla implementation.

Lemma 20 (Communication bound in bits).

There is a (lightly modified) version of Algorithm 4 with the same accuracy guarantees whose per-round communication is

O(k+min{k,1ε2log1δ}logkε)bits.
Proof.

The vanilla description of the protocol (Algorithm 4) uses messages that are event-triggered from sites to the server. These messages are of size O(1). Additionally, messages of potentially larger sizes are used for (i) syncing the updated transmission probability and (ii) event counts in the beginning of each round. We describe the modifications needed to condense this communication.

Transmission probability syncing.

Our analysis goes through when the server quantizes the probabilities to powers of 2 (that is, sets p2min{0,log2ckεn¯}. In each broadcast, the server then only sends the increase to the previous value of the negated exponent. Therefore, the total bits broadcasted, over all rounds, are

O(log2(εN/(ck))=O(log2N).

Since each broadcast is to k sites, this amounts to klog2N total bits communicated to facilitate the updates of p. Since E[RN]=Ω(logN), syncing p does not add asymptotically to the total communication in bits.

Total event count syncing.

At the end of each round, the server collects the event counts n¯i from the sites i[k]. Observe that the server only needs to obtain an estimate of the total count n¯ that is within a relative error of ε/2 (and then provide (ε/2) accuracy guarantees). Obtaining an estimated count is an instance of distributed approximate counting (without tracking), with the added benefit that the sites (and the server) share a high probability constant-factor proxy n¯ for n¯ (e.g., n¯=Θ(ck/(εp)+k/p)).

It therefore suffices that each site broadcasts its value to within an additive error of O(max{1,εn¯k}). When ni=O(n¯), this requires O(log(k/ε) bits per message and O(klog(k/ε)) bits per round.888This can be converted to a high probability or in-expectation bound to cover the case where the coarse estimate n¯ is off.

In the regime where ε>1/k, we can use weighted sampling, where sites only share their approximate count probabilistically. In this case, only Θ(1ε2log1δ) sites send messages to obtain (ε,δ)-accurate n¯.

4.3 Accuracy Analysis

We first bound the probability that the maximum relative error over all the event times in a single round exceeds ε:

Lemma 21 (Tail bound on the maximum relative error in a round).

Consider the random variable that is a single round of the protocol that is started at some event count n0. Let R be the number of events in the round and n^ the estimate of the event count when the event count is n. Then

Pr[maxn[t,t+R1]|nn^|n>ε]2exp(min{c28,ck4}).
Proof.

We use the following fact (see proof at the full version [28]).

Claim 22 (Bound on the maximal partial-sum deviation [17]).

Let X1,,XriidGeom(p). Define Si=j=1iXj. Then for all t>0,

Pr(max1ir|Siip|t) 2exp(min{t2p28r,tp4}).

We apply the claim with t=εn¯, r=k and p=ck/(εn¯) and thus pt=ck and obtain that the probability of a deviation that exceeds εn¯ at any of the message times (update points) in the round is at most 2exp(min{c28,ck4}).

Finally, observe that this bound on the maximum deviation at message times translates to a bound of εn¯+1/p=(1+1/(ck))εn¯ on the maximum deviation between the actual and estimated counts over all events in the round, since the estimate is updated in increments of 1/p.999technically we should apply this with the slightly smaller ε=ε/(1+1/(ck)) but we skip that to reduce clutter

4.3.1 (𝜺,𝜹)-accuracy on the first 𝑵 events

Proof of Theorem 18; accuracy.

From Lemma 21, using

c=O(max{log(Rδ),log(Rδ)k}),

with probability at least 1δ, the maximum relative error at all events in the first R rounds is at most ε. This follows from a per-round bound on the error probability of δ/R and a union bound on the R rounds. To obtain the bound for the first N events, we substitute for R the upper tail bound on RN, the number of rounds in N events, given in Lemma 19.

4.3.2 Per-event-index (𝜺,𝜹)-accuracy

From Lemma 21, using

c=O(max{log(1δ),log(1δ)k}), (3)

we obtain that the protocol provides per-round (ε,δ) accuracy, that is, for each round (independently of history), with probability at least 1δ, the maximum relative error of the count at all events that fall in the round is at most ε.

To establish per-event-index (ε,δ) accuracy, we relate it to the per-round accuracy via the following (proof in Section 5):

Lemma 23 (Per-round to Per-event success bound).

For any π>0, with δ(π)=O(π/log(1/π)), the protocol with per-round (ε,δ(π)) accuracy provides (ε,π) per-event-index accuracy.

Proof of Theorem 17; accuracy.

We apply the protocol with

c=O(max{log(1/δ(π)),log(1/δ(π))k}).

Per Equation 3 this gives per-round (ε,δ(π)) accuracy and per Lemma 23 this translates to (ε,π) per-event-index accuracy.

Now note that

max{log(1/δ(π)),log(1/δ(π))k}=O(max{log(1/π),log(1/π)k}).

Therefore we can express c as stated in terms of π (with a different hidden constant).

5 Per-round to per-event-index accuracy

In this section we prove Lemma 23. We derive a bound on the maximum per-event-index failure probability from the per-round failure probability δ. For the purpose of this analysis we introduce a simple stochastic renewal process which captures the relevant components of the protocol’s execution.

Renewal process.

Fix integers k1 and a constant C>0. For n1 let

Sn=i=1kXi,XiiidGeom(p(n)),p(n):=min{1,C/n}.

Write

μn:=E[Sn]=kp(n)=kCn,νn2:=Var(Sn)=k(1p(n))p(n)2.

Partition the outcomes of Sn into An (good) and Bn (bad) with

Pr(Bn)δandPr(An)=1Pr(Bn)1δ,

where the partition depends only on n.

Our renewal process starts with N0=1 and uses Nj+1=Nj+Lj, where LjSNjANj if the outcome falls in ANj, and LjSNjBNj otherwise. Let Tj{A,B} be the label of Lj. For a time t1, let J(t)=max{j:Njt}. We say that t is bad if TJ(t)=B.

 Remark 24 (Mapping to our protocol).

Sn samples the length of a round that starts at event-index n. The partitioning to label Bn corresponds to a round being bad (not meeting the maximum accuracy requirement) and An to the round meeting the requirement.

A time t in the process corresponds to an event-index t in the protocol. When t is good, the round is good and the accuracy requirement is met. When t is bad, the round is bad and the accuracy requirement may not have been met. We aim to bound the probability that t is bad.

Tail bounds.

We use the standard sub-exponential tail (Bernstein/Bennett form): for all x0,

Pr(Snμnx)exp(12min{x2νn2,xp(n)}). (4)

Inverting (4) yields, for every n, the quantile bound

qδ(n)μn+ 2max{νnlog1δ,log1δp(n)}, (5)

where qδ(n) denotes the (1δ)-quantile of Sn.

Claim 25 (Quantile-to-gap bound for t0).

Fix t and define t0<t to be the largest t00 such that Pr[St0>tt0]δ. If t0 is not defined we take t0=0. Then

tt0μt0 1+ 4max{log1δk,log1δk}+2t0=O(1+log1δk).
Proof.

Let s:=tt0 and note that by its definition s 1+qδ(t0). Substitute (5) and divide by μt0 to obtain the claim.

We try to provide an informal overview of our approach to bounding the probability that t is bad: Observe that the probability that time t is bad is bounded by δ times the expected number of round starts before t. The issue in using this, however, is that for a large t, this expected number of round starts in [0,t] can be large. In this case, our strategy is to look at a more restricted window [t0,t]. We choose t0(t) so that the probability that no round starts in [t0,t] is at most δ. We then pay this δ towards our bound and only consider rounds starting in this window.

Lemma 26 (Per-t bad-probability via the window [t0,t]).

With t0 as in Claim 25, let Mt:=j𝟏{Nj[t0,t]} be the number of round starts in [t0,t], where (Nj) are the renewal start positions generated by the process. Then

Pr(t lies in a bad round)δ+δE[Mt]δ(2+tt0μt0).
Proof.
Show that the probability that no round starts in [𝒕𝟎,𝒕] is at most 𝜹.

Define f(n):=Pr(Sn>tn). Since p(n)=min{1,C/n} is non increasing in n, the law of Sn is stochastically increasing in n, while tn decreases; hence f is non-decreasing. Let W:=NJ(t) be the start of the round that covers t. The event “no start in [t0,t]” is exactly {Wt0&SW>tW}, so

Pr(no start in [t0,t])=E[f(W)]f(t0)δ,

where the expectation is over the randomness of the process generating W.

Bound bad probability of 𝒕 by union over starts in [𝒕𝟎,𝒕].

On {Mt1}, exactly one start n[t0,t] has its interval covering t. Let w(n):=Pr(j:Nj=n) denote the (unconditional) probability of a start at n. By the Markov property at n and because Pr(Bn)δ,

Pr(t bad,Mt1)n=t0tw(n)Pr(Bn)δn=t0tw(n)=δE[Mt].
Bound 𝐄[𝑴𝒕] by coupling to an i.i.d. baseline and Wald.

We show that E[Mt] is bounded from above by a similar process where round lengths are all St0. Let j:=min{j:Njt0} and set H:=tNj[0,tt0]. For nt0 we have SnSt0 (stochastic dominance since p(n) is non-increasing). Couple the post-t0 interarrivals Lj+iSNj+i with i.i.d. YiSt0 via common uniforms so that Lj+iYi a.s. Let N(h):=max{m0:Y1++Ymh}. Then pathwise #{j:Nj(Nj,t]}N(H), hence

Mt 1+N(H).

Conditioning on H and using Wald’s bound for nonnegative i.i.d. steps, E[N(H)H]H/μt0, so

E[Mt] 1+E[Hμt0] 1+tt0μt0.
Combining.

The probability that t is bad is decomposed to the events of “no round started” in the interval [t0,t] and “at least one started.” From the above we obtain

Pr(t bad)δ+δE[Mt]δ+δ(1+tt0μt0)=δ(2+tt0μt0).

Proof of Lemma 23.

The claim follows by combining Claim 25 and Lemma 26: for every fixed t, we have Pr(t is bad)O(δ(1+log1δk)).

References

  • [1] Noga Alon, Omri Ben-Eliezer, Yuval Dagan, Shay Moran, Moni Naor, and Eylon Yogev. Adversarial laws of large numbers and optimal regret in online classification. In stoc21, pages 447–455, 2021. doi:10.1145/3406325.3451041.
  • [2] Chrisil Arackaparambil, Joshua Brody, and Amit Chakrabarti. Functional monitoring without monotonicity. In International Colloquium on Automata, Languages, and Programming, pages 95–106. Springer, 2009. doi:10.1007/978-3-642-02927-1_10.
  • [3] Sepehr Assadi, Gillat Kol, and Zhijun Zhang. Rounds vs communication tradeoffs for maximal independent sets. In FOCS, 2022.
  • [4] Idan Attias, Edith Cohen, Moshe Shechner, and Uri Stemmer. A framework for adversarial streaming via differential privacy and difference estimators. CoRR, abs/2107.14527, 2021. arXiv:2107.14527.
  • [5] Raef Bassily, Kobbi Nissim, Adam D. Smith, Thomas Steinke, Uri Stemmer, and Jonathan R. Ullman. Algorithmic stability for adaptive data analysis. In STOC, 2016.
  • [6] Amos Beimel, Haim Kaplan, Yishay Mansour, Kobbi Nissim, Thatchaphol Saranurak, and Uri Stemmer. Dynamic algorithms against an adaptive adversary: generic constructions and lower bounds. In STOC, 2022.
  • [7] Omri Ben-Eliezer, Talya Eden, and Krzysztof Onak. Adversarially robust streaming via dense-sparse trade-offs. In SOSA, 2022.
  • [8] Omri Ben-Eliezer, Rajesh Jayaram, David P Woodruff, and Eylon Yogev. A framework for adversarially robust streaming algorithms. In PODS, 2020.
  • [9] Aaron Bernstein. Deterministic partially dynamic single source shortest paths in weighted graphs. In ICALP, 2017.
  • [10] Aaron Bernstein and Shiri Chechik. Deterministic decremental single source shortest paths: beyond the O(mn) bound. In STOC, 2016.
  • [11] Aaron Bernstein and Shiri Chechik. Deterministic partially dynamic single source shortest paths for sparse graphs. In SODA, 2017.
  • [12] Sayan Bhattacharya, Monika Henzinger, and Giuseppe F. Italiano. Deterministic fully dynamic data structures for vertex cover and matching. In SODA, 2015.
  • [13] Sayan Bhattacharya, Monika Henzinger, and Danupon Nanongkai. New deterministic approximation algorithms for fully dynamic matching. In STOC, 2016.
  • [14] Sayan Bhattacharya, Monika Henzinger, and Danupon Nanongkai. Fully dynamic approximate maximum matching and minimum vertex cover in O(log3 n) worst case update time. In SODA, 2017.
  • [15] Sayan Bhattacharya and Peter Kiss. Deterministic rounding of dynamic fractional matchings. In ICALP, 2021.
  • [16] Sayan Bhattacharya and Janardhan Kulkarni. Deterministically maintaining a (2+ϵ)-approximate minimum vertex cover in O(1/ϵ2) amortized update time. In SODA, 2019.
  • [17] Stéphane Boucheron, Gábor Lugosi, and Pascal Massart. Concentration Inequalities: A Nonasymptotic Theory of Independence. Oxford University Press, 2013. doi:10.1093/ACPROF:OSO/9780199535255.001.0001.
  • [18] Mark Braverman and Rotem Oshman. A rounds vs. communication tradeoff for multi-party set disjointness. In FOCS, 2017.
  • [19] Vladimir Braverman, Avinatan Hassidim, Yossi Matias, Mariano Schain, Sandeep Silwal, and Samson Zhou. Adversarial robustness of streaming algorithms through importance sampling. In NeurIPS, 2021.
  • [20] Amit Chakrabarti, Prantar Ghosh, and Manuel Stoeckl. Adversarially robust coloring for graph streams. In ITCS, 2022.
  • [21] Jiecao Chen and Qin Zhang. Improved algorithms for distributed entropy monitoring. Algorithmica, 2017. doi:10.1007/S00453-016-0194-Z.
  • [22] Yeshwanth Cherapanamjeri, Sandeep Silwal, David P. Woodruff, Fred Zhang, Qiuyi Zhang, and Samson Zhou. Robust algorithms on adaptive inputs from bounded adversaries. In ICLR, 2023.
  • [23] Julia Chuzhoy. Decremental all-pairs shortest paths in deterministic near-linear time. In STOC, 2021.
  • [24] Julia Chuzhoy, Yu Gao, Jason Li, Danupon Nanongkai, Richard Peng, and Thatchaphol Saranurak. A deterministic algorithm for balanced cut with applications to dynamic connectivity, flows, and beyond. In FOCS, 2020.
  • [25] Julia Chuzhoy and Sanjeev Khanna. A new algorithm for decremental single-source shortest paths with applications to vertex-capacitated flow and cut problems. In STOC, 2019.
  • [26] Julia Chuzhoy and Thatchaphol Saranurak. Deterministic algorithms for decremental shortest paths via layered core decomposition. In SODA, 2021.
  • [27] Edith Cohen, Xin Lyu, Jelani Nelson, Tamás Sarlós, Moshe Shechner, and Uri Stemmer. On the robustness of countsketch to adaptive inputs. In ICML, 2022.
  • [28] Edith Cohen, Moshe Shechner, and Uri Stemmer. A simple and robust protocol for distributed counting. arXiv preprint arXiv:2509.05870, 2025. doi:10.48550/arXiv.2509.05870.
  • [29] Graham Cormode. The continuous distributed monitoring model. ACM SIGMOD Record, 2013.
  • [30] Graham Cormode, Minos Garofalakis, Shanmugavelayutham Muthukrishnan, and Rajeev Rastogi. Holistic aggregates in a networked world: Distributed tracking of approximate quantiles. In SIGMOD, 2005.
  • [31] Graham Cormode, S. Muthukrishnan, and Ke Yi. Algorithms for distributed functional monitoring. In SODA, 2008.
  • [32] Graham Cormode, Shanmugavelayutham Muthukrishnan, Ke Yi, and Qin Zhang. Continuous sampling from distributed streams. Journal of the ACM (JACM), 2012.
  • [33] Mark Dilman and Danny Raz. Efficient reactive monitoring. IEEE journal on selected areas in communications, 20(4):668–676, 2002. doi:10.1109/JSAC.2002.1003034.
  • [34] Danny Dolev and Tomás Feder. Multiparty communication complexity. IBM Thomas J. Watson Research Division Yorktown Heights, NY, USA, 1989.
  • [35] Cynthia Dwork, Vitaly Feldman, Moritz Hardt, Toniann Pitassi, Omer Reingold, and Aaron Leon Roth. Preserving statistical validity in adaptive data analysis. In STOC, 2015.
  • [36] Cynthia Dwork, Moni Naor, Toniann Pitassi, and Guy N. Rothblum. Differential privacy under continual observation. In STOC, 2010.
  • [37] Cynthia Dwork, Moni Naor, Omer Reingold, Guy N Rothblum, and Salil Vadhan. On the complexity of differentially private data release: efficient algorithms and hardness results. In STOC, 2009.
  • [38] Hossein Esfandiari, Praneeth Kacham, Vahab Mirrokni, David P Woodruff, and Peilin Zhong. Optimal communication bounds for classic functions in the coordinator model and beyond. In Proceedings of the 56th Annual ACM Symposium on Theory of Computing, pages 1911–1922, 2024. doi:10.1145/3618260.3649742.
  • [39] Varun Gupta, Christopher Jung, Seth Neel, Aaron Roth, Saeed Sharifi-Malvajerdi, and Chris Waites. Adaptive machine unlearning. In NeurIPS, 2021.
  • [40] Maximilian Probst Gutenberg, Virginia Vassilevska Williams, and Nicole Wein. New algorithms and hardness for incremental single-source shortest paths in directed graphs. In STOC, 2020.
  • [41] Maximilian Probst Gutenberg and Christian Wulff-Nilsen. Decremental SSSP in weighted digraphs: Faster and against an adaptive adversary. In SODA, 2020.
  • [42] Maximilian Probst Gutenberg and Christian Wulff-Nilsen. Deterministic algorithms for decremental approximate shortest paths: Faster and simpler. In SODA, 2020.
  • [43] Moritz Hardt and Jonathan R. Ullman. Preventing false discovery in interactive data analysis is hard. In FOCS, 2014.
  • [44] Avinatan Hassidim, Haim Kaplan, Yishay Mansour, Yossi Matias, and Uri Stemmer. Adversarially robust streaming algorithms via differential privacy. In NeurIPS, 2020.
  • [45] Jacob Holm, Kristian De Lichtenberg, and Mikkel Thorup. Poly-logarithmic deterministic fully-dynamic algorithms for connectivity, minimum spanning tree, 2-edge, and biconnectivity. Journal of the ACM (JACM), 2001.
  • [46] Zengfeng Huang, Xuemin Lin, Wenjie Zhang, and Ying Zhang. Communication-efficient distributed covariance sketch, with application to distributed pca. Journal of Machine Learning Research, 22(80):1–38, 2021. URL: https://jmlr.org/papers/v22/20-705.html.
  • [47] Zengfeng Huang, Zhongzheng Xiong, Xiaoyi Zhu, and Zhewei Wei. Simple and optimal algorithms for heavy hitters and frequency moments in distributed models. In STOC, 2025.
  • [48] Zengfeng Huang and Ke Yi. The communication complexity of distributed epsilon-approximations. SIAM Journal on Computing, 46(4):1370–1394, 2017. doi:10.1137/16M1093604.
  • [49] Zengfeng Huang, Ke Yi, and Qin Zhang. Randomized algorithms for tracking distributed count, frequencies, and ranks. In PODS, 2012.
  • [50] Haim Kaplan, Yishay Mansour, Kobbi Nissim, and Uri Stemmer. Separating adaptive streaming from oblivious streaming using the bounded storage model. In CRYPTO, 2021.
  • [51] Ram Keralapura, Graham Cormode, and Jeyashankher Ramamirtham. Communication-efficient distributed monitoring of thresholded counts. In SIGMOD, 2006.
  • [52] Michael Mitzenmacher and Eli Upfal. Probability and computing: Randomization and probabilistic techniques in algorithms and data analysis. Cambridge university press, 2017.
  • [53] Danupon Nanongkai and Thatchaphol Saranurak. Dynamic spanning forest with worst-case update time: adaptive, Las vegas, and O(n1/2ϵ)-time. In STOC, 2017.
  • [54] Danupon Nanongkai, Thatchaphol Saranurak, and Christian Wulff-Nilsen. Dynamic minimum spanning forest with subpolynomial worst-case update time. In FOCS, 2017.
  • [55] Jeff M Phillips, Elad Verbin, and Qin Zhang. Lower bounds for number-in-hand multiparty communication complexity, made easy. In SODA, 2012.
  • [56] Menachem Sadigurschi, Moshe Shechner, and Uri Stemmer. Relaxed models for adversarial streaming: The bounded interruptions model and the advice model. In ESA, 2023.
  • [57] Thomas Steinke and Jonathan Ullman. Tight lower bounds for differentially private selection. In FOCS, 2017.
  • [58] Srikanta Tirthapura and David P Woodruff. Optimal random sampling from distributed streams revisited. In DISC, 2011.
  • [59] Jan van den Brand, Yu Gao, Arun Jambulapati, Yin Tat Lee, Yang P. Liu, Richard Peng, and Aaron Sidford. Faster maxflow via improved dynamic spectral vertex sparsifiers. In STOC, 2022.
  • [60] Emanuele Viola. The communication complexity of addition. Combinatorica, 35(6):703–747, 2015. doi:10.1007/S00493-014-3078-3.
  • [61] David Wajc. Rounding dynamic matchings against an adaptive adversary. In STOC, 2020.
  • [62] David P Woodruff and Qin Zhang. Tight bounds for distributed functional monitoring. In STOC, 2012.
  • [63] David P Woodruff and Qin Zhang. When distributed computation does not help. CoRR, abs/1304.4636, 5, 2013.
  • [64] David P Woodruff and Qin Zhang. An optimal lower bound for distinct elements in the message passing model. In SODA, 2014.
  • [65] David P. Woodruff and Samson Zhou. Tight bounds for adversarially robust streams and sliding windows via difference estimators. In FOCS, 2021.
  • [66] Hao Wu, Junhao Gan, and Rui Zhang. Learning based distributed tracking. In KDD, 2020.
  • [67] Christian Wulff-Nilsen. Fully-dynamic minimum spanning forest with improved worst-case update time. In STOC, 2017.
  • [68] Zhongzheng Xiong, Xiaoyi Zhu, and Zengfeng Huang. Adversarially robust distributed count tracking via partial differential privacy. In NeurIPS, 2023.
  • [69] Ke Yi and Qin Zhang. Optimal tracking of distributed heavy hitters and quantiles. In PODS, 2009.