Private Multi-Group Aggregation

We study the differentially private multi-group aggregation (PMGA) problem. This setting involves a single server and n users. Each user belongs to one of k distinct groups and holds a discrete value representing his data. The goal is to design schemes that allow the server to find the aggregate (sum) of the values in each group (with high accuracy), under communication and local differential privacy constraints. The privacy constraint guarantees that the user's group remains private. This is motivated by applications where a user's group can reveal sensitive information, such as his religious and political beliefs, health condition, or race.We propose a novel scheme, dubbed Query and Aggregate (Q&A) for PMGA. The novelty of Q&A is that it is an interactive aggregation scheme. In Q&A, each user is assigned a random query matrix, to which he sends the server an answer based on his group and value. We characterize the Q&A scheme's performance in terms of accuracy (MSE), privacy, and communication. Private aggregation schemes for related settings in the literature are predominantly non-interactive and based on randomized response. We compare Q&A to the Randomized Group (RG) scheme, which adapts existing schemes to the PMGA setting. We observe that typically Q&A outperforms RG, in terms of utility vs. privacy, in the high privacy regime. Moreover, an attractive property of Q&A is that its communication cost per user does not depend on the number of groups.