TY - GEN
T1 - Strong hardness of privacy from weak traitor tracing
AU - Kowalczyk, Lucas
AU - Malkin, Tal
AU - Ullman, Jonathan
AU - Zhandry, Mark
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2016.
PY - 2016
Y1 - 2016
N2 - A central problem in differential privacy is to accurately answer a large family Q of statistical queries over a data universe X. A statistical query on a dataset D ∈ Xn asks “what fraction of the elements of D satisfy a given predicate p on X?” Ignoring computational constraints, it is possible to accurately answer exponentially many queries on an exponential size universe while satisfying differential privacy (Blum et al., STOC’08). Dwork et al. (STOC’09) and Boneh and Zhandry (CRYPTO’14) showed that if both Q and X are of polynomial size, then there is an efficient differentially private algorithm that accurately answers all the queries. They also proved that if Q and X are both exponentially large, then under a plausible assumption, no efficient algorithm exists. We show that, under the same assumption, if either the number of queries or the data universe is of exponential size, then there is no differentially private algorithm that answers all the queries. Specifically, we prove that if one-way functions and indistinguishability obfuscation exist, then: 1. For every n, there is a family Q of Õ(n7) queries on a data universe X of size 2d such that no poly(n, d) time differentially private algorithm takes a dataset D ∈ Xn and outputs accurate answers to every query in Q. 2. For every n, there is a family Q of 2d queries on a data universe X of size Õ(n7) such that no poly(n, d) time differentially private algorithm takes a dataset D ∈ Xn and outputs accurate answers to every query in Q. In both cases, the result is nearly quantitatively tight, since there is an efficient differentially private algorithm that answers Ω (n2) queries on an exponential size data universe, and one that answers exponentially many queries on a data universe of size Ω(n2). Our proofs build on the connection between hardness of differential privacy and traitor-tracing schemes (Dwork et al., STOC’09; Ullman, STOC’13). We prove our hardness result for a polynomial size query set (resp., data universe) by showing that they follow from the existence of a special type of traitor-tracing scheme with very short ciphertexts (resp., secret keys), but very weak security guarantees, and then constructing such a scheme.
AB - A central problem in differential privacy is to accurately answer a large family Q of statistical queries over a data universe X. A statistical query on a dataset D ∈ Xn asks “what fraction of the elements of D satisfy a given predicate p on X?” Ignoring computational constraints, it is possible to accurately answer exponentially many queries on an exponential size universe while satisfying differential privacy (Blum et al., STOC’08). Dwork et al. (STOC’09) and Boneh and Zhandry (CRYPTO’14) showed that if both Q and X are of polynomial size, then there is an efficient differentially private algorithm that accurately answers all the queries. They also proved that if Q and X are both exponentially large, then under a plausible assumption, no efficient algorithm exists. We show that, under the same assumption, if either the number of queries or the data universe is of exponential size, then there is no differentially private algorithm that answers all the queries. Specifically, we prove that if one-way functions and indistinguishability obfuscation exist, then: 1. For every n, there is a family Q of Õ(n7) queries on a data universe X of size 2d such that no poly(n, d) time differentially private algorithm takes a dataset D ∈ Xn and outputs accurate answers to every query in Q. 2. For every n, there is a family Q of 2d queries on a data universe X of size Õ(n7) such that no poly(n, d) time differentially private algorithm takes a dataset D ∈ Xn and outputs accurate answers to every query in Q. In both cases, the result is nearly quantitatively tight, since there is an efficient differentially private algorithm that answers Ω (n2) queries on an exponential size data universe, and one that answers exponentially many queries on a data universe of size Ω(n2). Our proofs build on the connection between hardness of differential privacy and traitor-tracing schemes (Dwork et al., STOC’09; Ullman, STOC’13). We prove our hardness result for a polynomial size query set (resp., data universe) by showing that they follow from the existence of a special type of traitor-tracing scheme with very short ciphertexts (resp., secret keys), but very weak security guarantees, and then constructing such a scheme.
UR - http://www.scopus.com/inward/record.url?scp=84994411709&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84994411709&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-53641-4_25
DO - 10.1007/978-3-662-53641-4_25
M3 - Conference contribution
AN - SCOPUS:84994411709
SN - 9783662536407
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 659
EP - 689
BT - Theory of Cryptography - 14th International Conference, TCC 2016-B, Proceedings
A2 - Smith, Adam
A2 - Hirt, Martin
PB - Springer Verlag
T2 - 14th International Conference on Theory of Cryptography, TCC 2016-B
Y2 - 31 October 2016 through 3 November 2016
ER -