Differential Privacy with Imperfect Randomness

In this work we revisit the question of basing cryptography on imperfect randomness. Bosley and Dodis TCC'07 showed that if a source of randomness $$\mathcal {R}$$ is "good enough" to generate a secret key capable of encrypting k bits, then one can deterministically extract nearly k almost uniform bits from $$\mathcal {R}$$, suggesting that traditional privacy notions namely, indistinguishability of encryption requires an "extractable" source of randomness. Other, even stronger impossibility results are known for achieving privacy under specific "non-extractable" sources of randomness, such as the $$\gamma $$-Santha-Vazirani SV source, where each next bit has fresh entropy, but is allowed to have a small bias $$\gamma < 1$$ possibly depending on prior bits. We ask whether similar negative results also hold for a more recent notion of privacy called differential privacy Dwork et al., TCC'06, concentrating, in particular, on achieving differential privacy with the Santha-Vazirani source. We show that the answer is no. Specifically, we give a differentially private mechanism for approximating arbitrary "low sensitivity" functions that works even with randomness coming from a $$\gamma $$-Santha-Vazirani source, for any $$\gamma <1$$. This provides a somewhat surprising "separation" between traditional privacy and differential privacy with respect to imperfect randomness. Interestingly, the design of our mechanism is quite different from the traditional "additive-noise" mechanisms e.g., Laplace mechanism successfully utilized to achieve differential privacy with perfect randomness. Indeed, we show that any non-trivial "SV-robust" mechanism for our problem requires a demanding property called consistent sampling, which is strictly stronger than differential privacy, and cannot be satisfied by any additive-noise mechanism.

[1]  Ueli Maurer,et al.  Privacy Amplification Secure Against Active Adversaries , 1997, CRYPTO.

[2]  Cynthia Dwork,et al.  Privacy-Preserving Datamining on Vertically Partitioned Databases , 2004, CRYPTO.

[3]  Ian H. Witten,et al.  Arithmetic coding for data compression , 1987, CACM.

[4]  Ilya Mironov,et al.  On significance of the least significant bits for differential privacy , 2012, CCS.

[5]  Joel H. Spencer,et al.  On the (non)universality of the one-time pad , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[6]  Benny Pinkas,et al.  On the Impossibility of Private Key Cryptography with Weakly Random Keys , 1990, CRYPTO.

[7]  David Zuckerman Simulating BPP using a general weak random source , 2005, Algorithmica.

[8]  José D. P. Rolim,et al.  Weak random sources, hitting sets, and BPP simulations , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[9]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[10]  Ian H. Witten,et al.  Arithmetic coding revisited , 1998, TOIS.

[11]  Vijay V. Vazirani,et al.  Random polynomial time is equal to slightly-random polynomial time , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[12]  Cynthia Dwork,et al.  Practical privacy: the SuLQ framework , 2005, PODS.

[13]  Tim Roughgarden,et al.  Universally utility-maximizing privacy mechanisms , 2008, STOC '09.

[14]  Udi Manber,et al.  Finding Similar Files in a Large File System , 1994, USENIX Winter.

[15]  Yevgeniy Dodis,et al.  Does Privacy Require True Randomness? , 2007, TCC.

[16]  Toniann Pitassi,et al.  The Limits of Two-Party Differential Privacy , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[17]  Miklos Santha,et al.  Generating Quasi-random Sequences from Semi-random Sources , 1986, J. Comput. Syst. Sci..

[18]  Geoffrey Zweig,et al.  Syntactic Clustering of the Web , 1997, Comput. Networks.

[19]  Thomas Holenstein,et al.  Parallel repetition: simplifications and the no-signaling case , 2007, STOC '07.

[20]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[21]  Amit Sahai,et al.  On the (im)possibility of cryptography with imperfect randomness , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[22]  Kunal Talwar,et al.  On the geometry of differential privacy , 2009, STOC '10.

[23]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement From Close Secrets , 2006, IEEE Transactions on Information Theory.

[24]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[25]  Thomas Holenstein Parallel Repetition: Simplification and the No-Signaling Case , 2009, Theory Comput..