Reconstruction Attacks on Aggressive Relaxations of Differential Privacy

Prottay Protivash; John Durrell; Daniel Kifer; Zeyu Ding; Danfeng Zhang

doi:10.29012/jpc.871

View of New Brunswick, NJ, where the workshop was held.

PDF Github

Published: Aug 27, 2024

DOI: https://doi.org/10.29012/jpc.871

Keywords:

relaxations of differential privacy, reconstruction attacks

Prottay Protivash

The Pennsylvania State University

https://orcid.org/0009-0004-7686-7599

John Durrell

The Pennsylvania State University

https://orcid.org/0009-0009-1810-1831

Daniel Kifer

The Pennsylvania State University

https://orcid.org/0000-0002-4611-7066

Zeyu Ding

Binghamton University

https://orcid.org/0000-0003-1132-7079

Danfeng Zhang

The Pennsylvania State University

https://orcid.org/0000-0003-1942-6872

Abstract

Differential privacy is a widely accepted formal privacy definition that allows aggregate information about a dataset to be released while controlling privacy leakage for individuals whose records appear in the data. Due to the unavoidable tension between privacy and utility, there have been many works trying to relax the requirements of differential privacy to achieve greater utility.
One class of relaxation, which is gaining support outside the privacy community is embodied by the definitions of individual differential privacy (IDP) and bootstrap differential privacy (BDP). Classical differential privacy defines a set of neighboring database pairs and achieves its privacy guarantees by requiring that each pair of neighbors should be nearly indistinguishable to an attacker. The privacy definitions we study, however, aggressively reduce the set of neighboring pairs that are protected.
To a non-expert, IDP and BDP can seem very appealing as they echo the same types of privacy explanations that are associated with differential privacy, and also experimentally achieve dramatically better utility. However, we show that they allow a significant portion of the dataset to be reconstructed using algorithms that have arbitrarily low privacy loss under their privacy accounting rules.
With the non-expert in mind, we demonstrate these attacks using the preferred mechanisms of these privacy definitions. In particular, we design a set of queries that, when protected by these mechanisms with high noise settings (i.e., with claims of very low privacy loss), yield more precise information about the dataset than if they were not protected at all. The specific attacks here can be defeated and we give examples of countermeasures. However, the defenses are either equivalent to using differential privacy or to ad-hoc methods tailored specifically to the attack (with no guarantee that they protect against other attacks). Thus, the defenses emphasize the deficiencies of these privacy definitions.

How to Cite

Protivash, Prottay, John Durrell, Daniel Kifer, Zeyu Ding, and Danfeng Zhang. 2024. “Reconstruction Attacks on Aggressive Relaxations of Differential Privacy”. Journal of Privacy and Confidentiality 14 (3). https://doi.org/10.29012/jpc.871.

Issue

Vol. 14 No. 3 (2024): Regular issue, including articles from the Noisy Measurements Workshop 2022

Section

Articles

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Copyright is retained by the authors. By submitting to this journal, the author(s) license the article under the Creative Commons License – Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), unless choosing a more lenient license (for instance, public domain). For situations not allowed under CC BY-NC-ND, short sections of text, not to exceed two paragraphs, may be quoted without explicit permission provided that full credit, including © notice, is given to the source.

Authors of articles published by the journal grant the journal the right to store the articles in its databases for an unlimited period of time and to distribute and reproduce the articles electronically.

Funding data

National Science Foundation
Grant numbers CNS-1702760
National Science Foundation
Grant numbers 49100421C0022

Most read articles by the same author(s)

Yue Wang, Daniel Kifer, Jaewoo Lee, Vishesh Karwa, Statistical Approximating Distributions Under Differential Privacy , Journal of Privacy and Confidentiality: Vol. 8 No. 1 (2018): Commemorating Stephen Fienberg
Yue Wang, Daniel Kifer, Jaewoo Lee, Differentially Private Confidence Intervals for Empirical Risk Minimization , Journal of Privacy and Confidentiality: Vol. 9 No. 1 (2019): Special Issue: Theory and Practice of Differential Privacy (TPDP2016)
Daniel Kifer, Bing-Rong Lin, An Axiomatic View of Statistical Privacy and Utility , Journal of Privacy and Confidentiality: Vol. 4 No. 1 (2012)
Arjun Wilkins, Daniel Kifer, Danfeng Zhang, Brian Karrer, Exact Privacy Analysis of the Gaussian Sparse Histogram Mechanism , Journal of Privacy and Confidentiality: Vol. 14 No. 1 (2024): Regular issue, including articles based on presentations at TPDP 2022
Ryan Cumings-Menon, Robert Ashmead, Daniel Kifer, Philip Leclerc, Jeffrey Ocker, Michael Ratcliffe, Pavel Zhuravlev, John M. Abowd, Geographic Spines in the 2020 Census Disclosure Avoidance System , Journal of Privacy and Confidentiality: Vol. 14 No. 3 (2024): Regular issue, including articles from the Noisy Measurements Workshop 2022

Make a Submission

about2

The Journal of Privacy and Confidentiality is an open-access multi-disciplinary journal whose purpose is to facilitate the coalescence of research methodologies and activities in the areas of privacy, confidentiality, and disclosure limitation. The JPC seeks to publish a wide range of research and review papers, not only from academia, but also from government (especially official statistical agencies) and industry, and to serve as a forum for exchange of views, discussion, and news. For more information, see the About the Journal page.