SystemOverflow
LearnPrivacy & Fairness in MLDifferential Privacy2 of 6
Privacy & Fairness in MLDifferential PrivacyMedium⏱️ ~2 min

Central vs Local Differential Privacy Trade-offs

Central vs Local DP: Two fundamentally different trust models. Central DP adds noise at the aggregator after collecting raw data. Local DP adds noise on each device before data leaves. The choice determines who must be trusted and how much utility you sacrifice for privacy.

Central Differential Privacy

A trusted curator collects raw data from users, computes aggregates, then adds calibrated noise before releasing results. Users must trust that the curator: securely stores raw data, applies DP correctly, and will not be compromised. Advantages: high utility because noise is added only once at aggregation time. A count of 1 million users with Laplace noise (epsilon=1) has error of about 1—negligible at scale. Disadvantage: single point of failure. If the curator is breached, all raw data is exposed. Privacy guarantee depends entirely on curator trustworthiness.

Local Differential Privacy

Each user adds noise to their own data before sending it. Even if the aggregator is malicious or compromised, they receive only noisy data. Example: to report whether you visited a website, flip a biased coin. If heads, report truthfully; if tails, report randomly. The aggregator sees a mixture of truth and random noise, and cannot determine any individual response. Advantage: no trust required in the aggregator—privacy is cryptographically guaranteed. Disadvantage: noise compounds. Each user adds noise independently, so aggregate accuracy is much worse. To achieve epsilon=1 privacy with 1 million users, aggregate error is around 1000, not 1.

Utility Gap

For the same privacy guarantee (same epsilon), local DP requires roughly sqrt(n) times more data than central DP to achieve the same accuracy, where n is the number of users. With 1 million users, local DP needs 1000x more participants to match central DP accuracy. This massive utility gap makes local DP practical only for very high-volume applications (billions of data points) or when trust in any central party is unacceptable.

Decision Guide: Can you trust a central aggregator? Use central DP for 1000x better accuracy. Cannot trust anyone? Use local DP but expect to need massive scale for usable results.

💡 Key Takeaways
Central DP: trusted curator adds noise after collection, high utility
Local DP: each user adds noise before sending, no trust required
Utility gap: local DP needs sqrt(n) more data for same accuracy
📌 Interview Tips
1Central DP error on 1M users with epsilon=1: about 1. Local DP: about 1000.
2Local DP practical only at billions of data points scale
← Back to Differential Privacy Overview
Central vs Local Differential Privacy Trade-offs | Differential Privacy - System Overflow