Differential privacy as a protocol constraint

Abstract

Differential privacy, introduced in 2006, has become a standard definition of privacy for statistical computations. Most of the research on differential privacy has explored questions arising in the client-server setting, where privacy guarantees are one-sided and cover data held by just one of the protocol participants. We observe that differential privacy complements the classic definition of secure multi-party computations by allowing one to quantify information leaked through the output of the computation. This view leads to a number of interesting questions, where differential privacy is treated as a constraint on the protocol. We survey the state-of-the-art of differential privacy in a multi-party setting and formulate several open problems.