Interactive Proofs For Differentially Private Counting
Authors: 
Ari Biswas and 
Graham CormodeAuthors Info & Claims
Ari Biswas and Graham CormodeAuthors Info & ClaimsNovember 2023
Pages 1919 - 1933
Abstract
Differential Privacy (DP) is often presented as a strong privacy-enhancing technology with broad applicability and advocated as a de facto standard for releasing aggregate statistics on sensitive data. However, in many embodiments, DP introduces a new attack surface: a malicious entity entrusted with releasing statistics could manipulate the results and use the randomness of DP as a convenient smokescreen to mask its nefariousness. Since revealing the random noise would obviate the purpose of introducing it, the miscreant may have a perfect alibi. To close this loophole, we introduce the idea of Interactive Proofs For Differential Privacy, which requires the publishing entity to output a zero knowledge proof that convinces an efficient verifier that the output is both DP and reliable. Such a definition might seem unachievable, as a verifier must validate that DP randomness was generated faithfully without learning anything about the randomness itself. We resolve this paradox by carefully mixing private and public randomness to compute verifiable DP counting queries with theoretical guarantees and show that it is also practical for real-world deployment. We also demonstrate that computational assumptions are necessary by showing a separation between information-theoretic DP and computational DP under our definition of verifiability.
References
[1]
Surya Addanki, Kevin Garbe, Eli Jaffe, Rafail Ostrovsky, and Antigoni Polychroniadou. 2022. Prio: Privacy preserving aggregate statistics via boolean shares. In Security and Cryptography for Networks. 516--539.
[2]
Ben Adida. 2008. Helios: Web-based Open-Audit Voting. In USENIX security symposium, Vol. 17. 335--348.
[3]
Andris Ambainis, Markus Jakobsson, and Helger Lipmaa. 2004. Cryptographic randomized response techniques. In International Workshop on Public Key Cryptography. 425--438.
[4]
Victor Balcer and Albert Cheu. 2020. Separating Local & Shuffled Differential Privacy via Histograms. arXiv:1911.06879 [cs] (2020). arXiv: 1911.06879.
[5]
Borja Balle, James Bell, Adrià Gascón, and Kobbi Nissim. 2019. The privacy blanket of the shuffle model. In International Cryptology Conference. 638--667.
[6]
Carsten Baum, Ivan Damgård, and Claudio Orlandi. 2014. Publicly auditable secure multi-party computation. In Security and Cryptography for Networks. 175--196.
[7]
Carsten Baum, Alex J Malozemoff, Marc B Rosen, and Peter Scholl. 2021. Mac'n'Cheese: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions. In International Cryptology Conference. 92--122.
[8]
James Bell, Kallista A Bonawitz, Adrià Gascón, Tancrède Lepoint, and Mariana Raykova. 2020. Secure single-server aggregation with (poly) logarithmic overhead. In ACM CCS. 1253--1269.
[9]
James Bell, Adria Gascon, Badih Ghazi, Ravi Kumar, Pasin Manurangsi, Mariana Raykova, and Phillipp Schoppmann. 2022. Distributed, Private, Sparse Histograms in the Two-Server Model. Cryptology ePrint Archive (2022).
[10]
Robert M Bell and Yehuda Koren. 2007. Lessons from the netflix prize challenge. Acm Sigkdd Explorations Newsletter, Vol. 9, 2 (2007), 75--79.
[11]
Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. 2019. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali. 351--371.
[12]
Manuel Blum. 1983. Coin flipping by telephone a protocol for solving impossible problems. ACM SIGACT News, Vol. 15, 1 (1983), 23--27.
[13]
Jonas Böhler and Florian Kerschbaum. 2021. Secure Multi-party Computation of Differentially Private Heavy Hitters. In ACM CCS. 2361--2377.
[14]
Dan Boneh, Joseph Bonneau, Benedikt Bünz, and Ben Fisch. 2018. Verifiable delay functions. In CRYPTO. 757--788.
[15]
Dan Boneh, Elette Boyle, Henry Corrigan-Gibbs, Niv Gilboa, and Yuval Ishai. 2021. Lightweight Techniques for Private Heavy Hitters. arXiv:2012.14884 [cs] (2021).
[16]
danah boyd and Jayshree Sarathy. 2022. Differential Perspectives: Epistemic Disconnects Surrounding the US Census Bureau's Use of Differential Privacy. Harvard Data Science Review (Forthcoming) (2022).
[17]
Elette Boyle, Niv Gilboa, and Yuval Ishai. 2016. Function Secret Sharing: Improvements and Extensions. In ACM CCS. 1292--1303.
[18]
Elette Boyle, Niv Gilboa, and Yuval Ishai. 2019. Secure computation with preprocessing via function secret sharing. In Theory of Cryptography Conference. 341--371.
[19]
Mark Bun, Yi-Hsiu Chen, and Salil Vadhan. 2016. Separating computational and statistical differential privacy in the client-server model. In Theory of Cryptography Conference. 607--634.
[20]
Benedikt Bünz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell. 2018. Bulletproofs: Short proofs for confidential transactions and more. In IEEE S&P. 315--334.
[21]
Jeffrey Champion, Abhi Shelat, and Jonathan Ullman. 2019. Securely sampling biased coins with applications to differential privacy. In ACM CCS. 603--614.
[22]
Albert Cheu. 2021. Differential privacy in the shuffle model: A survey of separations. arXiv preprint arXiv:2107.11839 (2021).
[23]
Albert Cheu, Adam Smith, and Jonathan Ullman. 2021. Manipulation attacks in local differential privacy. In IEEE S&P. 883--900.
[24]
Richard Cleve. 1986. Limits on the security of coin flips when half the processors are faulty. In ACM STOC. 364--369.
[25]
Henry Corrigan-Gibbs and Dan Boneh. 2017. Prio: Private, Robust, and Scalable Computation of Aggregate Statistics. arXiv:1703.06255 [cs] (2017).
[26]
Ronald Cramer, Ivan Damgård, and Berry Schoenmakers. 1994. Proofs of partial knowledge and simplified design of witness hiding protocols. In CRYPTO. 174--187.
[27]
Ivan Damgård. 2000. Efficient concurrent zero-knowledge in the auxiliary string model. In the Theory and Applications of Cryptographic Techniques. 418--430.
[28]
Alex Davidson, Peter Snyder, EB Quirk, Joseph Genereux, and Benjamin Livshits. 2021. STAR: Distributed Secret Sharing for Private Threshold Aggregation Reporting. arXiv preprint arXiv:2109.10074 (2021).
[29]
Zeyu Ding, Daniel Kifer, Thomas Steinke, Yuxin Wang, Yingtai Xiao, Danfeng Zhang, et al. 2021. The permute-and-flip mechanism is identical to report-noisy-max with exponential noise. arXiv preprint arXiv:2105.07260 (2021).
[30]
Samuel Dittmer, Yuval Ishai, and Rafail Ostrovsky. 2020. Line-point zero knowledge and its applications. Cryptology ePrint Archive (2020).
[31]
Cynthia Dwork, Krishnaram Kenthapadi, Frank McSherry, Ilya Mironov, and Moni Naor. 2006 a. Our data, ourselves: Privacy via distributed noise generation. In the theory and applications of cryptographic techniques. 486--503.
[32]
Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. 2006 b. Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference. 265--284.
[33]
Cynthia Dwork and Moni Naor. 2000. Zaps and their applications. In Proceedings 41st Symposium on Foundations of Computer Science. 283--293.
[34]
Úlfar Erlingsson, Vitaly Feldman, Ilya Mironov, Ananth Raghunathan, Kunal Talwar, and Abhradeep Thakurta. 2020. Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity. arXiv:1811.12469 [cs, stat] (2020).
[35]
Simson Garfinkel, John M Abowd, and Christian Martindale. 2019. Understanding database reconstruction attacks on public data. CACM, Vol. 62, 3 (2019), 46--53.
[36]
Badih Ghazi, Noah Golowich, Ravi Kumar, Rasmus Pagh, and Ameya Velingker. 2020. On the Power of Multiple Anonymous Messages. arXiv:1908.11358 [cs, stat] (2020).
[37]
Oded Goldreich. 2007. Foundations of cryptography. Vol. 1: Basic tools digitally print. 1. paperback version ed.). Vol. 1. Cambridge Univ. Press, Cambridge.
[38]
Adam Groce, Jonathan Katz, and Arkady Yerukhimovich. 2011. Limits of computational differential privacy in the client/server setting. In Theory of Cryptography Conference. 417--431.
[39]
Iftach Haitner and Eran Omri. 2014. Coin flipping with constant bias implies one-way functions. SICOMP, Vol. 43, 2 (2014), 389--409.
[40]
Luke Harrison, Samiran Bag, Hang Luo, and Feng Hao. 2022. VERICONDOR: End-to-End Verifiable Condorcet Voting without Tallying Authorities. In ACM ASIACCS. 1113--1125.
[41]
Stanisław Jarecki and Xiaomin Liu. 2009. Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection. In Theory of Cryptography Conference. 577--594.
[42]
Brennan Center For Justice. 2021. Alabama v. U.S. Dept of Commerce. https://www.brennancenter.org/our-work/court-cases/alabama-v-us-dept-commerce
[43]
Shiva Prasad Kasiviswanathan, Homin K Lee, Kobbi Nissim, Sofya Raskhodnikova, and Adam Smith. 2011. What can we learn privately? SICOMP, Vol. 40, 3 (2011), 793--826.
[44]
Shiva Prasad Kasiviswanathan, Mark Rudelson, and Adam Smith. 2013. The power of linear reconstruction attacks. In ACM-SIAM SODA. 1415--1433.
[45]
Fumiyuki Kato, Yang Cao, and Masatoshi Yoshikawa. 2021. Preventing Manipulation Attack in Local Differential Privacy Using Verifiable Randomization Mechanism. In IFIP Conf. on Data and Applications Security and Privacy. 43--60.
[46]
Yehuda Lindell. 2017. How to simulate it--a tutorial on the simulation proof technique. Tutorials on the Foundations of Cryptography (2017), 277--346.
[47]
Ueli Maurer. 2009. Unifying zero-knowledge proofs of knowledge. In Cryptology in Africa. 272--286.
[48]
Andrew McGregor, Ilya Mironov, Toniann Pitassi, Omer Reingold, Kunal Talwar, and Salil Vadhan. 2010. The limits of two-party differential privacy. In IEEE FOCS. 81--90.
[49]
Frank McSherry and Kunal Talwar. 2007. Mechanism design via differential privacy. In 48th IEEE Symposium on Foundations of Computer Science (FOCS'07). 94--103.
[50]
Ilya Mironov, Omkant Pandey, Omer Reingold, and Salil Vadhan. 2009. Computational differential privacy. In International Cryptology Conference. 126--142.
[51]
Torben Pryds Pedersen. 1991. Non-interactive and information-theoretic secure verifiable secret sharing. In CRYPTO. 129--140.
[52]
Varun Raturi, Jinhyun Hong, David Philip McArthur, and Mark Livingston. 2021. The impact of privacy protection measures on the utility of crowdsourced cycling data. Journal of Transport Geography, Vol. 92 (2021), 103020.
[53]
Amrita Roy Chowdhury, Chenghong Wang, Xi He, Ashwin Machanavajjhala, and Somesh Jha. 2020. Cryptε: Crypto-assisted differential privacy on untrusted servers. In ACM SIGMOD. 603--619.
[54]
Adi Shamir. 1979. How to share a secret. CACM, Vol. 22, 11 (1979), 612--613.
[55]
Justin Thaler. 2020. Proofs, arguments, and zero-knowledge.
[56]
Salil Vadhan. 2017. The complexity of differential privacy. In Tutorials on the Foundations of Cryptography. Springer, 347--450.
[57]
Stanley L Warner. 1965. Randomized response: A survey technique for eliminating evasive answer bias. J. Amer. Statist. Assoc., Vol. 60, 309 (1965), 63--69.
[58]
Chenkai Weng, Kang Yang, Jonathan Katz, and Xiao Wang. 2021. Wolverine: fast, scalable, and communication-efficient zero-knowledge proofs for boolean and arithmetic circuits. In IEEE S&P. 1074--1091. io
Index Terms
- Interactive Proofs For Differentially Private Counting
Recommendations
Secure Two-Party Differentially Private Data Release for Vertically Partitioned Data
Privacy-preserving data publishing addresses the problem of disclosing sensitive data when mining for useful information. Among the existing privacy models, $(\epsilon)$-differential privacy provides one of the strongest privacy guarantees. In this paper,...
Bit Decomposition Protocols in Secure Multiparty Computation
WAHC '18: Proceedings of the 6th Workshop on Encrypted Computing & Applied Homomorphic CryptographyWe present improved protocols for the conversion of secret-shared bit-vectors into secret-shared integers and vice versa, for the use as subroutines in secure multiparty computation (SMC) protocols and for protocols verifying the adherence of parties to ...
Unconditionally secure disjointness tests for private datasets
We present two unconditional secure protocols for private set disjointness tests. In order to provide intuition of our protocols, we give a naive example that applies Sylvester matrices. Unfortunately, this simple construction is insecure as it reveals ...
Comments
Information & Contributors
Information
Published In
November 2023
3722 pages
ISBN:9798400700507
DOI:10.1145/3576915
- General Chairs:
- Weizhi Meng,
- Christian D. Jensen,
- Program Chairs:
- Cas Cremers,
- Engin Kirda
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 November 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS '23
Sponsor:
CCS '23: ACM SIGSAC Conference on Computer and Communications Security
November 26 - 30, 2023
Copenhagen, Denmark
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '24
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 253Total Downloads
- Downloads (Last 12 months)253
- Downloads (Last 6 weeks)19
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in