Privacy in Theory, Bugs in Practice: Grey-Box Auditing of Differential Privacy Libraries

TL;DR

This paper presents Re:cord-play, a gray-box auditing method for differential privacy libraries that effectively detects privacy violations by inspecting internal states, improving upon existing verification approaches.

Contribution

It introduces a novel gray-box testing framework for DP algorithms, capable of pinpointing bugs and verifying privacy guarantees in complex, real-world libraries.

Findings

Audited 12 open-source DP libraries and found 13 privacy violations.

Re:cord-play effectively detects data-dependent control flow bugs.

Open-source Python package released for practical privacy testing.

Abstract

Differential privacy (DP) implementations are notoriously prone to errors, with subtle bugs frequently invalidating theoretical guarantees. Existing verification methods are often impractical: formal tools are too restrictive, while black-box statistical auditing is intractable for complex pipelines and fails to pinpoint the source of the bug. This paper introduces Re:cord-play, a gray-box auditing paradigm that inspects the internal state of DP algorithms. By running an instrumented algorithm on neighboring datasets with identical randomness, Re:cord-play directly checks for data-dependent control flow and provides concrete falsification of sensitivity violations by comparing declared sensitivity against the empirically measured distance between internal inputs. We generalize this to Re:cord-play-sample, a full statistical audit that isolates and tests each component, including untrusted ones. We show that our novel testing approach is both effective and necessary by auditing 12 open-source libraries, including SmartNoise SDK, Opacus, and Diffprivlib, and uncovering 13 privacy violations that impact their theoretical guarantees. We release our framework as an open-source Python package, thereby making it easy for DP developers to integrate effective, computationally inexpensive, and seamless privacy testing as part of their software development lifecycle.