We consider a private variant of the classical allocation problem: given $k$ goods and $n$ agents with private valuation functions over bundles of goods, how can we allocate goods to agents to maximize social welfare? An important special case is when agents desire at most one good, and specify their (private) value for each good: in this case, the problem is exactly the maximum-weight matching problem in a bipartite graph. Private matching and allocation problems have not been considered in the differential privacy literature for a good reason: they are plainly impossible to solve under differential privacy. Informally, the allocation must match agents to their preferred goods in order to maximize social welfare, but this preference is exactly what agents wish to hide! Therefore, we consider the problem under the relaxed constraint of joint differential privacy: for any agent $i$, no coalition of agents excluding $i$ should be able to learn about the valuation function of agent $i$. In this setting, the full allocation is no longer published---instead, each agent is told what good to receive. We first show that if there are several identical copies of each good, it is possible to efficiently and accurately solve the matching problem while guaranteeing joint differential privacy. We then consider the more general allocation problem where bidder valuations satisfy the gross substitutes condition. Finally, we prove that the allocation problem cannot be solved to nontrivial accuracy under joint differential privacy without requiring multiple copies of each type of good.


  1. differential privacy
  2. matching
  3. ascending auction
  4. gross substitutes

MSC codes

  1. 91A35

Get full access to this article

View all available purchase options and get full access to this article.


A. Blum, K. Ligett, and A. Roth, A learning theory approach to noninteractive database privacy, J. ACM, 60 (2013), 12.
T.-H. H. Chan, E. Shi, and D. Song, Private and continual release of statistics, ACM Trans. Inform. System Security, 14 (2011), 26, http://eprint.iacr.org/2010/076.pdf.
I. Dinur and K. Nissim, Revealing information while preserving privacy, in ACM SIGACT--SIGMOD--SIGART Symposium on Principles of Database Systems (PODS), San Diego, CA, ACM, New York, 2003, pp. 202--210, http://www.cse.psu.edu/~ads22/privacy598/papers/dn03.pdf
C. Dwork and A. Roth, The algorithmic foundations of differential privacy, Found. Trends Theor. Comput. Sci., 9 (2014), pp. 211--407, https://doi.org/10.1561/0400000042
C. Dwork, F. McSherry, K. Nissim, and A. Smith, Calibrating noise to sensitivity in private data analysis, in IACR Theory of Cryptography Conference (TCC), New York, Springer, Berlin, 2006.
C. Dwork, M. Naor, T. Pitassi, and G. N. Rothblum, Differential privacy under continual observation, in ACM SIGACT Symposium on Theory of Computing (STOC), Cambridge, MA, ACM, New York, 2010a, pp. 715--724.
C. Dwork, G. N. Rothblum, and S. Vadhan, Boosting and differential privacy, in IEEE Symposium on Foundations of Computer Science (FOCS), Las Vegas, NV, IEEE Computer Society, Los Alamitos, CA, 2010b, pp. 51--60.
C. Dwork, M. Naor, and S. Vadhan, The privacy of the analyst and the power of the state, in IEEE Symposium on Foundations of Computer Science (FOCS), New Brunswick, NJ, IEEE, Piscataway, NJ, 2012, pp. 400--409, https://doi.org/10.1109/FOCS.2012.87
F. Gul and E. Stacchetti, Walrasian equilibrium with gross substitutes, J. Econom. Theory, 87 (1999), pp. 95--124.
A. Gupta, K. Ligett, F. McSherry, A. Roth, and K. Talwar, Differentially private combinatorial optimization, in ACM-SIAM Symposium on Discrete Algorithms (SODA), Austin, TX, SIAM, Philadelphia, 2010, pp. 1106--1125.
M. Hardt and G. N. Rothblum, A multiplicative weights mechanism for privacy-preserving data analysis, in IEEE Symposium on Foundations of Computer Science (FOCS), Las Vegas, NV, IEEE Computer Society, Los Alamitos, CA, 2010, pp. 61--70.
J. Hsu, A. Roth, and J. Ullman, Differential privacy for the analyst via private equilibrium computation, in ACM SIGACT Symposium on Theory of Computing (STOC), Palo Alto, CA, ACM, New York, 2013, pp. 341--350.
J. Hsu, Z. Huang, A. Roth, T. Roughgarden, and Z. S. Wu, Private matchings and allocations, in ACM SIGACT Symposium on Theory of Computing (STOC), New York, ACM, New York, 2014, pp. 21--30.
M. Kearns, M. Pai, A. Roth, and J. Ullman, Mechanism design in large games: Incentives and privacy, in ACM SIGACT Innovations in Theoretical Computer Science (ITCS), Princeton, NJ, ACM, New York, 2014.
A. Kelso and V. Crawford, Job matching, coalition formation, and gross substitutes, Econometrica, 50 (1982), pp. 1483--1504.
F. McSherry and I. Mironov, Differentially private recommender systems: Building privacy into the net, in ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), Paris, France, ACM, New York, 2009, pp. 627--636.
K. Nissim, S. Raskhodnikova, and A. Smith, Smooth sensitivity and sampling in private data analysis, in ACM SIGACT Symposium on Theory of Computing (STOC), San Diego, CA, ACM, New York, 2007, pp. 75--84.
M. Pai and A. Roth, Privacy and mechanism design, ACM SIGecom Exchanges, 12 (2013), pp. 8--29.
R. M. Rogers and A. Roth, Asymptotically truthful equilibrium selection in large congestion games, in ACM SIGecom Conference on Economics and Computation (EC), Palo Alto, CA, ACM, New York, 2014, pp. 771--782.

Information & Authors


Published In

cover image SIAM Journal on Computing
SIAM Journal on Computing
Pages: 1953 - 1984
ISSN (online): 1095-7111


Submitted: 5 January 2015
Accepted: 19 August 2016
Published online: 3 November 2016


  1. differential privacy
  2. matching
  3. ascending auction
  4. gross substitutes

MSC codes

  1. 91A35



Funding Information

National Science Foundation http://doi.org/10.13039/100000001 : CNS-1065060, CCF-1101389, CNS-1253345, CCF-1016885, CCF-1215965

Metrics & Citations



If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.

Cited By







Copy the content Link

Share with email

Email a colleague

Share on social media

The SIAM Publications Library now uses SIAM Single Sign-On for individuals. If you do not have existing SIAM credentials, create your SIAM account https://my.siam.org.