Differential Privacy with Imperfect Randomness

  • Yevgeniy Dodis
  • Adriana López-Alt
  • Ilya Mironov
  • Salil Vadhan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7417)

Abstract

In this work we revisit the question of basing cryptography on imperfect randomness. Bosley and Dodis (TCC’07) showed that if a source of randomness \(\mathcal {R}\) is “good enough” to generate a secret key capable of encrypting k bits, then one can deterministically extract nearly k almost uniform bits from \(\mathcal {R}\), suggesting that traditional privacy notions (namely, indistinguishability of encryption) requires an “extractable” source of randomness. Other, even stronger impossibility results are known for achieving privacy under specific “non-extractable” sources of randomness, such as the \(\gamma \)-Santha-Vazirani (SV) source, where each next bit has fresh entropy, but is allowed to have a small bias \(\gamma < 1\) (possibly depending on prior bits).

We ask whether similar negative results also hold for a more recent notion of privacy called differential privacy (Dwork et al., TCC’06), concentrating, in particular, on achieving differential privacy with the Santha-Vazirani source. We show that the answer is no. Specifically, we give a differentially private mechanism for approximating arbitrary “low sensitivity” functions that works even with randomness coming from a \(\gamma \)-Santha-Vazirani source, for any \(\gamma <1\). This provides a somewhat surprising “separation” between traditional privacy and differential privacy with respect to imperfect randomness.

Interestingly, the design of our mechanism is quite different from the traditional “additive-noise” mechanisms (e.g., Laplace mechanism) successfully utilized to achieve differential privacy with perfect randomness. Indeed, we show that any (non-trivial) “SV-robust” mechanism for our problem requires a demanding property called consistent sampling, which is strictly stronger than differential privacy, and cannot be satisfied by any additive-noise mechanism.

References

  1. 1.
    Andreev, A.E., Clementi, A.E.F., Rolim, J.D.P., Trevisan, L.: Weak random sources, hitting sets, and BPP simulations. SIAM J. Comput. 28(6), 2103–2116 (1999)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Blum, A., Dwork, C., McSherry, F., Nissim, K.: Practical privacy: the sulq framework. In: Li, C. (ed.) PODS, pp. 128–138. ACM (2005)Google Scholar
  3. 3.
    Bosley, C., Dodis, Y.: Does Privacy Require True Randomness? In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 1–20. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Broder, A.Z., Glassman, S.C., Manasse, M.S., Zweig, G.: Syntactic clustering of the web. Computer Networks 29(8-13), 1157–1166 (1997)Google Scholar
  5. 5.
    Chor, B., Goldreich, O.: Unbiased bits from sources of weak randomness and probabilistic communication complexity. SIAM J. Comput. 17(2), 230–261 (1988)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Dinur, I., Nissim, K.: Revealing information while preserving privacy. In: Neven, F., Beeri, C., Milo, T. (eds.) PODS, pp. 202–210. ACM (2003)Google Scholar
  7. 7.
    Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 232–250. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Dodis, Y., Ong, S.J., Prabhakaran, M., Sahai, A.: On the (im)possibility of cryptography with imperfect randomness. In: FOCS, pp. 196–205. IEEE Computer Society (2004)Google Scholar
  9. 9.
    Dodis, Y., Spencer, J.: On the (non)universality of the one-time pad. In: FOCS, pp. 376–385. IEEE Computer Society (2002)Google Scholar
  10. 10.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating Noise to Sensitivity in Private Data Analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Dwork, C., Nissim, K.: Privacy-Preserving Datamining on Vertically Partitioned Databases. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 528–544. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Ghosh, A., Roughgarden, T., Sundararajan, M.: Universally utility-maximizing privacy mechanisms. In: Mitzenmacher, M. (ed.) STOC, pp. 351–360. ACM (2009)Google Scholar
  13. 13.
    Hardt, M., Talwar, K.: On the geometry of differential privacy. In: Schulman, L.J. (ed.) STOC, pp. 705–714. ACM (2010)Google Scholar
  14. 14.
    Holenstein, T.: Parallel repetition: simplifications and the no-signaling case. In: Johnson, D.S., Feige, U. (eds.) STOC, pp. 411–419. ACM (2007)Google Scholar
  15. 15.
    Manber, U.: Finding similar files in a large file system. In: Proceedings of the USENIX Winter 1994 Technical Conference, p. 2. USENIX Association, Berkeley (1994)Google Scholar
  16. 16.
    Maurer, U.M., Wolf, S.: Privacy Amplification Secure against Active Adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 307–321. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  17. 17.
    McGregor, A., Mironov, I., Pitassi, T., Reingold, O., Talwar, K., Vadhan, S.P.: The limits of two-party differential privacy. In: FOCS, pp. 81–90. IEEE Computer Society (2010)Google Scholar
  18. 18.
    McInnes, J.L., Pinkas, B.: On the Impossibility of Private Key Cryptography with Weakly Random Keys. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 421–435. Springer, Heidelberg (1991)Google Scholar
  19. 19.
    Moffat, A., Neal, R.M., Witten, I.H.: Arithmetic coding revisited. ACM Trans. Inf. Syst. 16(3), 256–294 (1998)CrossRefGoogle Scholar
  20. 20.
    Reingold, O., Vadhan, S., Widgerson, A.: No deterministic extraction from santha-vazirani sources – a simple proof (2004), http://windowsontheory.org/2012/02/21/no-deterministic-extraction-from-santha-vazirani-sources-a-simple-proof/
  21. 21.
    Santha, M., Vazirani, U.V.: Generating quasi-random sequences from semi-random sources. J. Comput. Syst. Sci. 33(1), 75–87 (1986)MathSciNetCrossRefMATHGoogle Scholar
  22. 22.
    Vazirani, U.V., Vazirani, V.V.: Random polynomial time is equal to slightly-random polynomial time. In: FOCS, pp. 417–428. IEEE Computer Society (1985)Google Scholar
  23. 23.
    Witten, I.H., Neal, R.M., Cleary, J.G.: Arithmetic coding for data compression. Commun. ACM 30(6), 520–540 (1987)CrossRefGoogle Scholar
  24. 24.
    Zuckerman, D.: Simulating BPP using a general weak random source. Algorithmica 16(4/5), 367–391 (1996)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012 2012

Authors and Affiliations

  • Yevgeniy Dodis
    • 1
  • Adriana López-Alt
    • 1
  • Ilya Mironov
    • 2
  • Salil Vadhan
    • 3
  1. 1.New York UniversityNew YorkUSA
  2. 2.Microsoft Research Silicon ValleyMountain ViewUSA
  3. 3.Harvard UniversityCambridgeUSA

Personalised recommendations