Secure Random Sampling in Differential Privacy

TL;DR

This paper addresses a critical vulnerability in differential privacy implementations caused by floating point approximations, proposing a practical, generalizable, and secure sampling method to prevent statistical and side-channel attacks.

Contribution

It introduces a novel, practical solution to mitigate floating point vulnerabilities in differential privacy mechanisms, enhancing security without sacrificing generality or efficiency.

Findings

The proposed method prevents inverse transform sampling attacks.

It is applicable to any infinitely divisible distribution.

The solution is resistant to side-channel brute force attacks.

Abstract

Differential privacy is among the most prominent techniques for preserving privacy of sensitive data, oweing to its robust mathematical guarantees and general applicability to a vast array of computations on data, including statistical analysis and machine learning. Previous work demonstrated that concrete implementations of differential privacy mechanisms are vulnerable to statistical attacks. This vulnerability is caused by the approximation of real values to floating point numbers. This paper presents a practical solution to the finite-precision floating point vulnerability, where the inverse transform sampling of the Laplace distribution can itself be inverted, thus enabling an attack where the original value can be retrieved with non-negligible advantage. The proposed solution has the advantages of being generalisable to any infinitely divisible probability distribution, and of simple implementation in modern architectures. Finally, the solution has been designed to make side channel attack infeasible, because of inherently exponential, in the size of the domain, brute force attacks.