Application Research of Differential Privacy Shuffle Model in Range Query

Abstract

Abstract: Range queries are key indicators in data analysis under various scenarios. However, when dealing with individuallevel data, personal privacy issues will be involved. To address this problem, range query protocols that meet local differential privacy (LDP) have been proposed. These protocols enable data collectors to collect aggregated information about the population without relying on trusted third parties while protecting the privacy of each user. Nevertheless, the perturbation methods used in the existing range query protocols based on LDP have limitations, which restrict their effectiveness. In addition, these protocols usually exhibit poor estimation performance for small range intervals. In light of this, a Hierarchical Range Query protocol based on the differential privacy shuffling model (SHRQ) is proposed. Firstly, this paper extensively analyzes the variance of the perturbation methods in previous protocols. The SHRQ protocol selects the optimal perturbation method according to the number of nodes in each layer. Then, the SHRQ makes the most of the advantages of the shuffling model by leveraging prior knowledge from the previous round for multiple iterations, significantly improving the estimation accuracy of small range query intervals. Through extensive comparative experiments on both simulated and realworld datasets, it is demonstrated that after a few iterations, SHRQ reduces the estimation error for small ranges by an order of magnitude and for large ranges by half an order of magnitude compared to previous protocols.

Key words: differential privacy, range query, privacy protection, shuffle model, data security

摘要： 范围查询是各种场景下数据分析的关键指标.然而，在处理个体层面的数据时会涉及个人隐私问题.为了解决这个问题，满足本地化差分隐私(local differential privacy, LDP)的范围查询协议被提出.这些协议使数据收集者能够在不依赖可信第三方的情况下收集关于总体的聚合信息，同时保护每个用户的隐私.尽管如此，现有基于LDP的范围查询协议中使用的扰动方法存在局限性，限制了方法的有效性.此外，这些协议对于小范围区间通常表现出较差的估计性能.鉴于此提出了一种基于差分隐私洗牌模型的分层范围查询(shuffling hierarchical range query, SHRQ)协议.首先，广泛分析了原有协议中扰动方法的方差，SHRQ协议根据每个层次中的节点数量选择最佳扰动方法.然后，SHRQ协议通过利用前一轮的先验知识进行多次迭代，最大限度地发挥洗牌模型的优势，显著提高了小范围查询区间的估计准确性.通过在模拟数据集和真实世界数据集上与原有协议进行大量对比实验，证明了在较少的迭代次数后，SHRQ协议将小范围的估计误差降低1个数量级，将大范围的估计误差降低半个数量级.

关键词: 差分隐私, 范围查询, 隐私保护, 洗牌模型, 数据安全

CLC Number:

TP309

王梓行, 陈兵, . 差分隐私洗牌模型在范围查询中的应用研究[J]. 信息安全研究, 2025, 11(8): 736-.

References

［1］Evstatiev B I, GabrovskaEvstatieva K G. A review on the methods for big data analysis in agriculture［C］ Proc of IOP Conf Series: Materials Science and Engineering. London: IOP, 2021: 012053［2］Seh A H, Zarour M, Alenezi M, et al. Healthcare data breaches: Insights and implications［J］. Healthcare, 2020, 8(2): 133［3］Farayola O A, Olorunfemi O L, Shoetan P O. Data privacy and security in it: A review of techniques and challenges［J］. Computer Science & IT Research Journal, 2024, 5(3): 606615［4］Wang T, Zhang X, Feng J, et al. A comprehensive survey on local differential privacy toward data statistics and analysis［J］. Sensors, 2020, 20(24): 7030［5］Cheu A, Smith A, Ullman J, et al. Distributed differential privacy via shuffling［C］ Proc of the 38th Annual Int Conf on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2019: 375403［6］Xue K, Li S, Hong J, et al. Twocloud secure database for numericrelated SQL range queries with privacy preserving［J］. IEEE Trans on Information Forensics & Security, 2017, 12(7): 15961608［7］Liang J, Qin Z, Xiao S, et al. Privacypreserving range query over multisource electronic health records in public clouds［J］. Journal of Parallel and Distributed Computing, 2020, 135(6): 127139［8］Hu P, Wang Y, Li Q, et al. Efficient location privacypreserving range query scheme for vehicle sensing systems［J］. Journal of Systems Architecture, 2020, 106(2): 101714［9］Kulkarni T. Answering range queries under local differential privacy［C］ Proc of the 2019 Int Conf on Management of Data. New York: ACM, 2019: 18321834［10］Wang T, Ding B, Zhou J, et al. Answering multidimensional analytical queries under local differential privacy［C］ Proc of the 2019 Int Conf on Management of Data. New York: ACM, 2019: 159176［11］Du L, Zhang Z, Bai S, et al. AHEAD: Adaptive hierarchical decomposition for range query under local differential privacy［C］ Proc of the 2021 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2021: 12661288［12］Kairouz P, Bonawitz K, Ramage D. Discrete distribution estimation under local privacy［C］ Proc of Int Conf on Machine Learning. New York: PMLR, 2016: 24362444［13］Wang T, Blocki J, Li N, et al. Locally differentially private protocols for frequency estimation［C］ Proc of the 26th USENIX Security Symposium. Berkeley, CA: USENIX Association, 2017: 729745［14］Bittau A, Erlingsson , Maniatis P, et al. Prochlo: Strong privacy for analytics in the crowd［C］ Proc of the 26th Symp on Operating Systems Principles. New York: ACM, 2017: 441459［15］Erlingsson , Feldman V, Mironov I, et al. Amplification by shuffling: From local to central differential privacy via anonymity［C］ Proc of the 30th Annual ACMSIAM Symp on Discrete Algorithms. New York: ACM, 2019: 24682479［16］Cheu A, Smith A, Ullman J, et al. Distributed differential privacy via shuffling［C］ Proc of Advances in CryptologyEUROCRYPT. Berlin: Springer, 2019: 375403

[1]	. Design of a Large Model Data Supervision System Based on Blockchain [J]. Journal of Information Security Reserach, 2025, 11(8): 682-.
[2]	. A Privacy Budget Allocation Method Based on Differential #br# Privacy kmeans++#br# [J]. Journal of Information Security Reserach, 2025, 11(8): 710-.
[3]	. A Privacy Protection Scheme for Blockchain Transaction Based on #br# Threshold Homomorphic Encryption#br# [J]. Journal of Information Security Reserach, 2025, 11(8): 746-.
[4]	. Personalized Differential Privacy Trajectory Publishing Scheme Fusing Semantic [J]. Journal of Information Security Reserach, 2025, 11(7): 670-.
[5]	. Industrial Internet Data Sharing Scheme with Attributebased #br# Proxy Reencryption in Cloudchain Collaboration#br# [J]. Journal of Information Security Reserach, 2025, 11(5): 427-.
[6]	. Task Independent Privacy Protection in Personalized Federated Learning for Battery Monitoring [J]. Journal of Information Security Reserach, 2025, 11(5): 481-.
[7]	. Highutility Time Series Data Generation Method Combining Sequence #br# Correlation Graph and GAN#br# [J]. Journal of Information Security Reserach, 2025, 11(4): 351-.
[8]	. Privacypreserving Federated Learning Research Based on #br# Confused Modulo Projection Homomorphic Encryption#br# [J]. Journal of Information Security Reserach, 2025, 11(3): 198-.
[9]	. A Federated Learning Method Resistant to Label Flip Attack [J]. Journal of Information Security Reserach, 2025, 11(3): 205-.
[10]	. Indoor Localization Security Scheme Based on Geographic Indistinguishability and Flexible WiFi Deployment [J]. Journal of Information Security Reserach, 2025, 11(2): 107-.
[11]	. Overview of Regulation of Crossborder Data Flow [J]. Journal of Information Security Reserach, 2025, 11(2): 164-.
[12]	. Research and Application of Trusted Data Security Management #br# Technology Based on Chameleon Hash#br# [J]. Journal of Information Security Reserach, 2025, 11(2): 189-.
[13]	. A Secure and Efficient Sharing Method for Electronic Medical Records #br# Based on Blockchain#br# [J]. Journal of Information Security Reserach, 2025, 11(1): 74-.
[14]	. A Poisoningresistant Verifiable Secure Federated Learning Scheme #br# in IoT Perception Environments#br# [J]. Journal of Information Security Reserach, 2024, 10(9): 804-.
[15]	. An Efficient Encrypted Database System Solution Based on Fully Homomorphic Encryption [J]. Journal of Information Security Reserach, 2024, 10(9): 811-.