Strong Hardness of Privacy from Weak Traitor Tracing

  • Lucas KowalczykEmail author
  • Tal Malkin
  • Jonathan Ullman
  • Mark Zhandry
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9985)


A central problem in differential privacy is to accurately answer a large family Q of statistical queries over a data universe X. A statistical query on a dataset \(D \in X^n\) asks “what fraction of the elements of D satisfy a given predicate p on X?” Ignoring computational constraints, it is possible to accurately answer exponentially many queries on an exponential size universe while satisfying differential privacy (Blum et al., STOC’08). Dwork et al. (STOC’09) and Boneh and Zhandry (CRYPTO’14) showed that if both Q and X are of polynomial size, then there is an efficient differentially private algorithm that accurately answers all the queries. They also proved that if Q and X are both exponentially large, then under a plausible assumption, no efficient algorithm exists.

We show that, under the same assumption, if either the number of queries or the data universe is of exponential size, then there is no differentially private algorithm that answers all the queries. Specifically, we prove that if one-way functions and indistinguishability obfuscation exist, then:
  1. 1.

    For every n, there is a family Q of \({\tilde{O}}(n^7)\) queries on a data universe X of size \(2^d\) such that no \(\mathrm {poly}(n,d)\) time differentially private algorithm takes a dataset \(D \in X^n\) and outputs accurate answers to every query in Q.

  2. 2.

    For every n, there is a family Q of \(2^d\) queries on a data universe X of size \({\tilde{O}}(n^7)\) such that no \(\mathrm {poly}(n,d)\) time differentially private algorithm takes a dataset \(D \in X^n\) and outputs accurate answers to every query in Q.


In both cases, the result is nearly quantitatively tight, since there is an efficient differentially private algorithm that answers \({\tilde{{\varOmega }}}(n^2)\) queries on an exponential size data universe, and one that answers exponentially many queries on a data universe of size \({\tilde{{\varOmega }}}(n^2)\).

Our proofs build on the connection between hardness of differential privacy and traitor-tracing schemes (Dwork et al., STOC’09; Ullman, STOC’13). We prove our hardness result for a polynomial size query set (resp., data universe) by showing that they follow from the existence of a special type of traitor-tracing scheme with very short ciphertexts (resp., secret keys), but very weak security guarantees, and then constructing such a scheme.


Security Parameter Statistical Query Differential Privacy Hash Family Pseudorandom Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We thank Dan Boneh for helpful discussions in the early stages of this work. The first author is supported by an NSF Graduate Research Fellowship #DGE-11-44155. The first and second authors are supported in part by the Defense Advanced Research Project Agency (DARPA) and Army Research Office (ARO) under Contract #W911NF-15-C-0236, and NSF grants #CNS-1445424 and #CCF-1423306. Part of this work was done while the third author was a postdoctoral fellow in the Columbia University Department of Computer Science, supported by a junior fellowship from the Simons Society of Fellows. Any opinions, findings and conclusions or recommendations expressed are those of the authors and do not necessarily reflect the views of the the Defense Advanced Research Projects Agency, Army Research Office, the National Science Foundation, or the U.S. Government.


  1. 1.
    Badrinarayanan, S., Miles, E., Sahai, A., Zhandry, M.: Post-zeroizing obfuscation: new mathematical tools, and the case of evasive circuits. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 764–791. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49896-5_27 CrossRefGoogle Scholar
  2. 2.
    Beimel, A., Nissim, K., Stemmer, U.: Private learning and sanitization: pure vs. approximate differential privacy. In: Raghavendra, P., Raskhodnikova, S., Jansen, K., Rolim, J.D.P. (eds.) APPROX/RANDOM -2013. LNCS, vol. 8096, pp. 363–378. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40328-6_26 CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Stepanovs, I., Tessaro, S.: Contention in cryptoland: obfuscation, leakage and UCE. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 542–564. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49099-0_20 CrossRefGoogle Scholar
  4. 4.
    Bitansky, N., Paneth, O., Wichs, D.: Perfect structure on the edge of chaos. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 474–502. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49096-9_20 CrossRefGoogle Scholar
  5. 5.
    Blum, A., Dwork, C., McSherry, F., Nissim, K.: Practical privacy: the SuLQ framework. In: PODS (2005)Google Scholar
  6. 6.
    Blum, A., Ligett, K., Roth, A.: A learning theory approach to noninteractive database privacy. J. ACM 60(2), 12 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Boneh, D., Sahai, A., Waters, B.: Fully collusion resistant traitor tracing with short ciphertexts and private keys. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 573–592. Springer, Heidelberg (2006). doi: 10.1007/11761679_34 CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 480–499. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_27 CrossRefGoogle Scholar
  9. 9.
    Brzuska, C., Farshim, P., Mittelbach, A.: Indistinguishability obfuscation and UCEs: the case of computationally unpredictable sources. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 188–205. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_11 CrossRefGoogle Scholar
  10. 10.
    Bun, M., Ullman, J., Vadhan, S.P.: Fingerprinting codes and the price of approximate differential privacy. In: STOC (2014)Google Scholar
  11. 11.
    Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994). doi: 10.1007/3-540-48658-5_25 Google Scholar
  12. 12.
    Coron, J.-S., Gentry, C., Halevi, S., Lepoint, T., Maji, H.K., Miles, E., Raykova, M., Sahai, A., Tibouchi, M.: Zeroizing without low-level zeroes: new MMAP attacks and their limitations. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 247–266. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-47989-6_12 CrossRefGoogle Scholar
  13. 13.
    Dinur, I., Nissim, K.: Revealing information while preserving privacy. In: PODS (2003)Google Scholar
  14. 14.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). doi: 10.1007/11681878_14 CrossRefGoogle Scholar
  15. 15.
    Dwork, C., Naor, M., Reingold, O., Rothblum, G.N., Vadhan, S.P.: On the complexity of differentially private data release: efficient algorithms and hardness results. In: STOC (2009)Google Scholar
  16. 16.
    Dwork, C., Nissim, K.: Privacy-preserving datamining on vertically partitioned databases. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 528–544. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_32 CrossRefGoogle Scholar
  17. 17.
    Dwork, C., Rothblum, G.N., Vadhan, S.P.: Boosting and differential privacy. In: FOCS. IEEE (2010)Google Scholar
  18. 18.
    Dwork, C., Smith, A.D., Steinke, T., Ullman, J., Vadhan, S.P.: Robust traceability from trace amounts. In: FOCS (2015)Google Scholar
  19. 19.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS, pp. 40–49 (2013)Google Scholar
  20. 20.
    Garg, S., Mukherjee, P., Srinivasan, A.: Obfuscation without the vulnerabilities of multilinear maps. Cryptology ePrint Archive, Report 2016/390 (2016).
  21. 21.
    Gentry, C., Lewko, A.B., Sahai, A., Waters, B.: Indistinguishability obfuscation from the multilinear subgroup elimination assumption. In: FOCS (2015)Google Scholar
  22. 22.
    Gupta, A., Roth, A., Ullman, J.: Iterative constructions and private data release. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 339–356. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28914-9_19 CrossRefGoogle Scholar
  23. 23.
    Hardt, M., Rothblum, G.N.: A multiplicative weights mechanism for privacy-preserving data analysis. In: FOCS (2010)Google Scholar
  24. 24.
    Hohenberger, S., Sahai, A., Waters, B.: Replacing a random oracle: full domain hash from indistinguishability obfuscation. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 201–220. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_12 CrossRefGoogle Scholar
  25. 25.
    Kearns, M.J.: Efficient noise-tolerant learning from statistical queries. J. ACM 45(6), 983–1006 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Kowalczyk, L., Malkin, T., Ullman, J., Zhandry, M.: Strong hardness of privacy from weak traitor tracing. IACR Cryptology ePrint Archive 2016/721 (2016)Google Scholar
  27. 27.
    Miles, E., Sahai, A., Zhandry, M.: Annihilation attacks for multilinear maps: cryptanalysis of indistinguishability obfuscation over GGH13. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 629–658. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53008-5_22 CrossRefGoogle Scholar
  28. 28.
    Mironov, Ilya, Pandey, Omkant, Reingold, Omer, Vadhan, Salil: Computational Differential Privacy. In: Halevi, Shai (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 126–142. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_8 CrossRefGoogle Scholar
  29. 29.
    Nikolov, A., Talwar, K., Zhang, L.: The geometry of differential privacy: the sparse and approximate cases. In: STOC (2013)Google Scholar
  30. 30.
    Roth, A., Roughgarden, T.: Interactive privacy via the median mechanism. In: STOC, pp. 765–774. ACM, 5–8 June 2010Google Scholar
  31. 31.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: STOC (2014)Google Scholar
  32. 32.
    Steinke, T., Ullman, J.: Between pure and approximate differential privacy. CoRR abs/1501.06095 (2015).
  33. 33.
    Thaler, J., Ullman, J., Vadhan, S.: Faster algorithms for privately releasing marginals. In: Czumaj, A., Mehlhorn, K., Pitts, A., Wattenhofer, R. (eds.) ICALP 2012. LNCS, vol. 7391, pp. 810–821. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31594-7_68 CrossRefGoogle Scholar
  34. 34.
    Ullman, J.: Answering \(n^{2+o(1)}\) counting queries with differential privacy is hard. In: STOC (2013)Google Scholar
  35. 35.
    Ullman, J.: Private multiplicative weights beyond linear queries. In: PODS (2015)Google Scholar
  36. 36.
    Ullman, J., Vadhan, S.: PCPs and the hardness of generating private synthetic data. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 400–416. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19571-6_24 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Lucas Kowalczyk
    • 1
    Email author
  • Tal Malkin
    • 1
  • Jonathan Ullman
    • 2
  • Mark Zhandry
    • 3
    • 4
  1. 1.Columbia UniversityNew YorkUSA
  2. 2.Northeastern UniversityBostonUSA
  3. 3.MITCambridgeUSA
  4. 4.Princeton UniversityPrincetonUSA

Personalised recommendations