Elephants Do Not Forget: Differential Privacy with State Continuity for Privacy Budget

TL;DR

ElephantDP is a system that maintains privacy budget integrity in differential privacy implementations using state continuity and TEEs, preventing attacks that could compromise data privacy.

Contribution

We introduce ElephantDP, a novel system that ensures privacy budget security in untrusted environments by combining state continuity modules with trusted execution environments.

Findings

ElephantDP maintains privacy guarantees comparable to trusted curators.

The system effectively prevents replay, rollback, and fork attacks.

Overhead is 1.1-3.2 times compared to insecure baselines.

Abstract

Current implementations of differentially-private (DP) systems either lack support to track the global privacy budget consumed on a dataset, or fail to faithfully maintain the state continuity of this budget. We show that failure to maintain a privacy budget enables an adversary to mount replay, rollback and fork attacks - obtaining answers to many more queries than what a secure system would allow. As a result the attacker can reconstruct secret data that DP aims to protect - even if DP code runs in a Trusted Execution Environment (TEE). We propose ElephantDP, a system that aims to provide the same guarantees as a trusted curator in the global DP model would, albeit set in an untrusted environment. Our system relies on a state continuity module to provide protection for the privacy budget and a TEE to faithfully execute DP code and update the budget. To provide security, our protocol makes several design choices including the content of the persistent state and the order between budget updates and query answers. We prove that ElephantDP provides liveness (i.e., the protocol can restart from a correct state and respond to queries as long as the budget is not exceeded) and DP confidentiality (i.e., an attacker learns about a dataset as much as it would from interacting with a trusted curator). Our implementation and evaluation of the protocol use Intel SGX as a TEE to run the DP code and a network of TEEs to maintain state continuity. Compared to an insecure baseline, we observe 1.1-3.2$\times$ overheads and lower relative overheads for complex DP queries.