Towards Verifiable Differentially-Private Polling

TL;DR

This paper introduces a zero-knowledge proof-based method to verify the correctness of differentially private data queries, enhancing transparency and trustworthiness in privacy-preserving data analysis.

Contribution

It presents the first efficient implementation of verifiable differential privacy using succinct non-interactive arguments of knowledge, with precise error bounds and privacy guarantees.

Findings

Practical performance demonstrated for verifiable private queries.

Ensures differential privacy guarantees despite ZKP limitations.

Provides a framework for verifiable age querying from digital IDs.

Abstract

Analyses that fulfill differential privacy provide plausible deniability to individuals while allowing analysts to extract insights from data. However, beyond an often acceptable accuracy tradeoff, these statistical disclosure techniques generally inhibit the verifiability of the provided information, as one cannot check the correctness of the participants' truthful information, the differentially private mechanism, or the unbiased random number generation. While related work has already discussed this opportunity, an efficient implementation with a precise bound on errors and corresponding proofs of the differential privacy property is so far missing. In this paper, we follow an approach based on zero-knowledge proofs~(ZKPs), in specific succinct non-interactive arguments of knowledge, as a verifiable computation technique to prove the correctness of a differentially private query output. In particular, we ensure the guarantees of differential privacy hold despite the limitations of ZKPs that operate on finite fields and have limited branching capabilities. We demonstrate that our approach has practical performance and discuss how practitioners could employ our primitives to verifiably query individuals' age from their digitally signed ID card in a differentially private manner.