Differential privacy with imperfect randomness

Yevgeniy Dodis, Adriana López-Alt, Ilya Mironov, Salil Vadhan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this work we revisit the question of basing cryptography on imperfect randomness. Bosley and Dodis (TCC'07) showed that if a source of randomness R is "good enough" to generate a secret key capable of encrypting k bits, then one can deterministically extract nearly k almost uniform bits from R, suggesting that traditional privacy notions (namely, indistinguishability of encryption) requires an "extractable" source of randomness. Other, even stronger impossibility results are known for achieving privacy under specific "non-extractable" sources of randomness, such as the γ-Santha-Vazirani (SV) source, where each next bit has fresh entropy, but is allowed to have a small bias γ<1 (possibly depending on prior bits). We ask whether similar negative results also hold for a more recent notion of privacy called differential privacy (Dwork et al., TCC'06), concentrating, in particular, on achieving differential privacy with the Santha-Vazirani source. We show that the answer is no. Specifically, we give a differentially private mechanism for approximating arbitrary "low sensitivity" functions that works even with randomness coming from a γ-Santha-Vazirani source, for any γ < 1. This provides a somewhat surprising "separation" between traditional privacy and differential privacy with respect to imperfect randomness. Interestingly, the design of our mechanism is quite different from the traditional "additive-noise" mechanisms (e.g., Laplace mechanism) successfully utilized to achieve differential privacy with perfect randomness. Indeed, we show that any (non-trivial) "SV-robust" mechanism for our problem requires a demanding property called consistent sampling, which is strictly stronger than differential privacy, and cannot be satisfied by any additive-noise mechanism.

Original languageEnglish (US)
Title of host publicationAdvances in Cryptology, CRYPTO 2012 - 32nd Annual Cryptology Conference, Proceedings
Pages497-516
Number of pages20
Volume7417 LNCS
DOIs
StatePublished - 2012
Event32nd Annual International Cryptology Conference, CRYPTO 2012 - Santa Barbara, CA, United States
Duration: Aug 19 2012Aug 23 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7417 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other32nd Annual International Cryptology Conference, CRYPTO 2012
CountryUnited States
CitySanta Barbara, CA
Period8/19/128/23/12

Fingerprint

Imperfect
Randomness
Privacy
Additive noise
Cryptography
Additive Noise
Entropy
Sampling
Laplace
Encryption
Strictly
Arbitrary

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Dodis, Y., López-Alt, A., Mironov, I., & Vadhan, S. (2012). Differential privacy with imperfect randomness. In Advances in Cryptology, CRYPTO 2012 - 32nd Annual Cryptology Conference, Proceedings (Vol. 7417 LNCS, pp. 497-516). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7417 LNCS). https://doi.org/10.1007/978-3-642-32009-5_29

Differential privacy with imperfect randomness. / Dodis, Yevgeniy; López-Alt, Adriana; Mironov, Ilya; Vadhan, Salil.

Advances in Cryptology, CRYPTO 2012 - 32nd Annual Cryptology Conference, Proceedings. Vol. 7417 LNCS 2012. p. 497-516 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7417 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y, López-Alt, A, Mironov, I & Vadhan, S 2012, Differential privacy with imperfect randomness. in Advances in Cryptology, CRYPTO 2012 - 32nd Annual Cryptology Conference, Proceedings. vol. 7417 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7417 LNCS, pp. 497-516, 32nd Annual International Cryptology Conference, CRYPTO 2012, Santa Barbara, CA, United States, 8/19/12. https://doi.org/10.1007/978-3-642-32009-5_29
Dodis Y, López-Alt A, Mironov I, Vadhan S. Differential privacy with imperfect randomness. In Advances in Cryptology, CRYPTO 2012 - 32nd Annual Cryptology Conference, Proceedings. Vol. 7417 LNCS. 2012. p. 497-516. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-32009-5_29
Dodis, Yevgeniy ; López-Alt, Adriana ; Mironov, Ilya ; Vadhan, Salil. / Differential privacy with imperfect randomness. Advances in Cryptology, CRYPTO 2012 - 32nd Annual Cryptology Conference, Proceedings. Vol. 7417 LNCS 2012. pp. 497-516 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{378db14cbba54ec687d5661803b00e16,
title = "Differential privacy with imperfect randomness",
abstract = "In this work we revisit the question of basing cryptography on imperfect randomness. Bosley and Dodis (TCC'07) showed that if a source of randomness R is {"}good enough{"} to generate a secret key capable of encrypting k bits, then one can deterministically extract nearly k almost uniform bits from R, suggesting that traditional privacy notions (namely, indistinguishability of encryption) requires an {"}extractable{"} source of randomness. Other, even stronger impossibility results are known for achieving privacy under specific {"}non-extractable{"} sources of randomness, such as the γ-Santha-Vazirani (SV) source, where each next bit has fresh entropy, but is allowed to have a small bias γ<1 (possibly depending on prior bits). We ask whether similar negative results also hold for a more recent notion of privacy called differential privacy (Dwork et al., TCC'06), concentrating, in particular, on achieving differential privacy with the Santha-Vazirani source. We show that the answer is no. Specifically, we give a differentially private mechanism for approximating arbitrary {"}low sensitivity{"} functions that works even with randomness coming from a γ-Santha-Vazirani source, for any γ < 1. This provides a somewhat surprising {"}separation{"} between traditional privacy and differential privacy with respect to imperfect randomness. Interestingly, the design of our mechanism is quite different from the traditional {"}additive-noise{"} mechanisms (e.g., Laplace mechanism) successfully utilized to achieve differential privacy with perfect randomness. Indeed, we show that any (non-trivial) {"}SV-robust{"} mechanism for our problem requires a demanding property called consistent sampling, which is strictly stronger than differential privacy, and cannot be satisfied by any additive-noise mechanism.",
author = "Yevgeniy Dodis and Adriana L{\'o}pez-Alt and Ilya Mironov and Salil Vadhan",
year = "2012",
doi = "10.1007/978-3-642-32009-5_29",
language = "English (US)",
isbn = "9783642320088",
volume = "7417 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "497--516",
booktitle = "Advances in Cryptology, CRYPTO 2012 - 32nd Annual Cryptology Conference, Proceedings",

}

TY - GEN

T1 - Differential privacy with imperfect randomness

AU - Dodis, Yevgeniy

AU - López-Alt, Adriana

AU - Mironov, Ilya

AU - Vadhan, Salil

PY - 2012

Y1 - 2012

N2 - In this work we revisit the question of basing cryptography on imperfect randomness. Bosley and Dodis (TCC'07) showed that if a source of randomness R is "good enough" to generate a secret key capable of encrypting k bits, then one can deterministically extract nearly k almost uniform bits from R, suggesting that traditional privacy notions (namely, indistinguishability of encryption) requires an "extractable" source of randomness. Other, even stronger impossibility results are known for achieving privacy under specific "non-extractable" sources of randomness, such as the γ-Santha-Vazirani (SV) source, where each next bit has fresh entropy, but is allowed to have a small bias γ<1 (possibly depending on prior bits). We ask whether similar negative results also hold for a more recent notion of privacy called differential privacy (Dwork et al., TCC'06), concentrating, in particular, on achieving differential privacy with the Santha-Vazirani source. We show that the answer is no. Specifically, we give a differentially private mechanism for approximating arbitrary "low sensitivity" functions that works even with randomness coming from a γ-Santha-Vazirani source, for any γ < 1. This provides a somewhat surprising "separation" between traditional privacy and differential privacy with respect to imperfect randomness. Interestingly, the design of our mechanism is quite different from the traditional "additive-noise" mechanisms (e.g., Laplace mechanism) successfully utilized to achieve differential privacy with perfect randomness. Indeed, we show that any (non-trivial) "SV-robust" mechanism for our problem requires a demanding property called consistent sampling, which is strictly stronger than differential privacy, and cannot be satisfied by any additive-noise mechanism.

AB - In this work we revisit the question of basing cryptography on imperfect randomness. Bosley and Dodis (TCC'07) showed that if a source of randomness R is "good enough" to generate a secret key capable of encrypting k bits, then one can deterministically extract nearly k almost uniform bits from R, suggesting that traditional privacy notions (namely, indistinguishability of encryption) requires an "extractable" source of randomness. Other, even stronger impossibility results are known for achieving privacy under specific "non-extractable" sources of randomness, such as the γ-Santha-Vazirani (SV) source, where each next bit has fresh entropy, but is allowed to have a small bias γ<1 (possibly depending on prior bits). We ask whether similar negative results also hold for a more recent notion of privacy called differential privacy (Dwork et al., TCC'06), concentrating, in particular, on achieving differential privacy with the Santha-Vazirani source. We show that the answer is no. Specifically, we give a differentially private mechanism for approximating arbitrary "low sensitivity" functions that works even with randomness coming from a γ-Santha-Vazirani source, for any γ < 1. This provides a somewhat surprising "separation" between traditional privacy and differential privacy with respect to imperfect randomness. Interestingly, the design of our mechanism is quite different from the traditional "additive-noise" mechanisms (e.g., Laplace mechanism) successfully utilized to achieve differential privacy with perfect randomness. Indeed, we show that any (non-trivial) "SV-robust" mechanism for our problem requires a demanding property called consistent sampling, which is strictly stronger than differential privacy, and cannot be satisfied by any additive-noise mechanism.

UR - http://www.scopus.com/inward/record.url?scp=84865524308&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84865524308&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-32009-5_29

DO - 10.1007/978-3-642-32009-5_29

M3 - Conference contribution

SN - 9783642320088

VL - 7417 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 497

EP - 516

BT - Advances in Cryptology, CRYPTO 2012 - 32nd Annual Cryptology Conference, Proceedings

ER -