Manipulation Attacks in Local Differential Privacy

Albert Cheu; Adam Smith; Jonathan Ullman

doi:10.29012/jpc.754

PDF

Published: Feb 3, 2021

DOI: https://doi.org/10.29012/jpc.754

Keywords:

Differential Privacy

Albert Cheu

Khoury College of Computer Sciences, Northeastern University

Adam Smith

Department of Computer Science, Boston University

Jonathan Ullman

Khoury College of Computer Sciences, Northeastern University

Abstract

Local differential privacy is a widely studied restriction on distributed algorithms that collect aggregates about sensitive user data, and is now deployed in several large systems. We initiate a systematic study of a fundamental limitation of locally differentially private protocols: they are highly vulnerable to adversarial manipulation. While any algorithm can be manipulated by adversaries who lie about their inputs, we show that any noninteractive locally differentially private protocol can be manipulated to a much greater extent---when the privacy level is high, or the domain size is large, a small fraction of users in the protocol can completely obscure the distribution of the honest users' input. We also construct protocols that are optimally robust to manipulation for a variety of common tasks in local differential privacy. Finally, we give simple experiments validating our theoretical results, and demonstrating that protocols that are optimal without manipulation can have dramatically different levels of robustness to manipulation. Our results suggest caution when deploying local differential privacy and reinforce the importance of efficient cryptographic techniques for the distributed emulation of centrally differentially private mechanisms.

How to Cite

Cheu, Albert, Adam Smith, and Jonathan Ullman. 2021. “Manipulation Attacks in Local Differential Privacy”. Journal of Privacy and Confidentiality 11 (1). https://doi.org/10.29012/jpc.754.

Issue

Vol. 11 No. 1 (2021)

Section

TPDP 2019

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Copyright is retained by the authors. By submitting to this journal, the author(s) license the article under the Creative Commons License – Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), unless choosing a more lenient license (for instance, public domain). For situations not allowed under CC BY-NC-ND, short sections of text, not to exceed two paragraphs, may be quoted without explicit permission provided that full credit, including © notice, is given to the source.

Authors of articles published by the journal grant the journal the right to store the articles in its databases for an unlimited period of time and to distribute and reproduce the articles electronically.

Funding data

National Science Foundation
Grant numbers CCF-1718088;CCF-1750640;CNS-1816028;CCF-1763786
Alfred P. Sloan Foundation
Google

about2

The Journal of Privacy and Confidentiality is an open-access multi-disciplinary journal whose purpose is to facilitate the coalescence of research methodologies and activities in the areas of privacy, confidentiality, and disclosure limitation. The JPC seeks to publish a wide range of research and review papers, not only from academia, but also from government (especially official statistical agencies) and industry, and to serve as a forum for exchange of views, discussion, and news. For more information, see the About the Journal page.