Shuffle Private Linear Contextual Bandits

# 106


Differential privacy (DP) has been recently introduced to linear contextual bandits to formally address the privacy concerns in its associated personalized services to participating users (e.g., recommendations). Prior work largely focus on two trust models of DP -- the central model, where a central server is responsible for protecting users’ sensitive data, and the (stronger) local model, where information needs to be protected directly on users' side. However, there remains a fundamental gap in the utility achieved by learning algorithms under these two privacy models, e.g., given a learning horizon T, O(T^{1/2}) regret in the central model as compared to O(T^{3/4}) regret in the local model. In this talk, we aim to achieve a stronger model of trust than the central model, while suffering a smaller regret than the local model by considering recently popular shuffle model of privacy. We propose a general algorithmic framework for linear contextual bandits under the shuffle trust model, where there exists a trusted shuffler -- in between users and the central server-- that randomly permutes a batch of users data before sending those to the server. We then instantiate this framework with two specific shuffle protocols -- one relying on privacy amplification of local mechanisms, and another incorporating a protocol for summing vectors and matrices of bounded norms. We prove that both these instantiations lead to regret guarantees that significantly improve on that of the local model, and can potentially be of the order O(T^{3/5}). (Based on joint work with Xingyu Zhou.)

Sayak Ray Chowdhury, Boston University

Sayak Ray Chowdhury received B.E. degree from Jadavpur University, Kolkata, India, in 2012, and M.E. and PhD. degrees from the Indian Institute of Science, Bengaluru, India, in 2015 and 2021, respectively. He is currently working as a Postdoctoral researcher in Boston University, USA. His research interests include online learning, reinforcement learning and differential privacy.