Securing Unbounded Differential Privacy Against Timing Attacks

TL;DR

This paper advances the theoretical understanding of unbounded differential privacy against timing attacks by establishing the necessary and sufficient error bounds in different computational models, improving upon prior limitations.

Contribution

It introduces new methods to convert bounded JOT-DP programs into unbounded ones with controlled error, addressing previous inefficiencies and limitations in the unbounded setting.

Findings

Polynomially small error is necessary and sufficient in the RAM model with known dataset size.

Constant error probability is necessary and sufficient when dataset size is unknown or only a random-bit generator is available.

Efficient procedures are provided for converting bounded JOT-DP programs to unbounded ones with minimal distributional difference.

Abstract

Recent works have started to theoretically investigate how we can protect differentially private programs against timing attacks, by making the joint distribution the output and the runtime differentially private (JOT-DP). However, the existing approaches to JOT-DP have some limitations, particularly in the setting of unbounded DP (which protects the size of the dataset and applies to arbitrarily large datasets). First, the known conversion of pure DP programs to pure JOT-DP programs in the unbounded setting (a) incurs a constant additive increase in error probability (and thus does not provide vanishing error as $n\to\infty$) (b) produces JOT-DP programs that fail to preserve the computational efficiency of the original pure DP program and (c) is analyzed in a toy computational model in which the runtime is defined to be the number of coin flips. In this work, we overcome these limitations. Specifically, we show that the error required for pure JOT-DP in the unbounded setting depends on the model of computation. In a randomized RAM model where the dataset size $n$ is given (or can be computed in constant time) and we can generate random numbers (not just random bits) in constant time, polynomially small error probability is necessary and sufficient. If $n$ is not given or we only have a random-bit generator, an (arbitrarily small) constant error probability is necessary and sufficient. The aforementioned positive results are proven by efficient procedures to convert any pure JOT-DP program $P$ in the upper-bounded setting to a pure JOT-DP program $P'$ in the unbounded setting, such that the output distribution of $P'$ is $\gamma$-close in total variation distance to that of $P$, where $\gamma$ is either an arbitrarily small constant or polynomially small, depending on the model of computation.