Skip to main content

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
Cancel
×
×
Home
  • Home
Chapter
  • Get access
    Buy the print book
    Check if you have access via personal or institutional login
    Log in Register Recommend to librarian
  • Cited by 4
  • Cited by
    Crossref Citations
    Crossref logo
    This (lowercase (translateProductType product.productType)) has been cited by the following publications. This list is generated based on data provided by CrossRef.
    Foster, Ian 2018. Research Infrastructure for the Safe Analysis of Sensitive Data. The ANNALS of the American Academy of Political and Social Science, Vol. 675, Issue. 1, p. 102.
    Goroff, Daniel Polonetsky, Jules and Tene, Omer 2018. Privacy Protective Research: Facilitating Ethically Responsible Access to Administrative Data. The ANNALS of the American Academy of Political and Social Science, Vol. 675, Issue. 1, p. 46.
    Karr, Alan F. 2017. Total Survey Error in Practice. p. 71.
    Karr, Alan F. 2016. Data Sharing and Access. Annual Review of Statistics and Its Application, Vol. 3, Issue. 1, p. 113.
    ×
  • Print publication year: 2014
  • Online publication date: July 2014

14 - Differential Privacy: A Cryptographic Approach to Private Data Analysis

Export citation
Summary

Introduction

Propose. Break. Propose again. So pre-modern cryptography cycled. An encryption scheme was proposed; a cryptanalyst broke it; a modification, or even a completely new scheme, was proposed. Nothing ensured that the new scheme would in any sense be better than the old. Among the astonishing breakthroughs of modern cryptography is the methodology of rigorously defining the goal of a cryptographic primitive – what it means to break the primitive – and providing a clear delineation of the power – information, computational ability – of the adversary to be resisted (Goldwasser and Micali 1984; Goldwasser et al. 1988). Then, for any proposed method, one proves that no adversary of the specified class can break the primitive. If the class of adversaries captures all feasible adversaries, the scheme can be considered to achieve the stated goal.

This does not mean the scheme is invulnerable, as the goal may have been too weak to capture the full demands placed on the primitive. For example, when the cryptosystem needs to be secure against a passive eavesdropper the requirements are weaker than when the cryptosystem needs to be secure against an active adversary that can determine whether or not arbitrary ciphertexts are well formed (such an attack was successfully launched against PKCS#1; Bleichenbacher 1998). In this case the goal may be reformulated to be strictly more stringent than the original goal, and a new system proposed (and proved). This strengthening of the goal converts the propose–break–propose again cycle into a path of progress.

Recommend this book

Email your librarian or administrator to recommend adding this book to your organisation's collection.

Privacy, Big Data, and the Public Good
  • Online ISBN: 9781107590205
  • Book DOI: https://doi.org/10.1017/CBO9781107590205
Please enter your name
Please enter a valid email address
Who would you like to send this to *

CAPTCHA *

Skip to the audio challenge
×
References
Abowd, J., Gehrke, J., and Vilhuber, L.. 2009. Parameter exploration for synthetic data with privacy guarantees for OnTheMap. In Proc. Joint UNECE/Eurostat Work Session on Statistical Data Confidentiality (Bilbao, Spain, 2–4 December). Available at (accessed January 9, 2014).
Backstrom, Lars, Dwork, Cynthia, and Kleinberg, Jon. 2007. Wherefore art thou r3579x? Anonymized social networks, hidden patterns, and structural steganography. In Proc. 16th International Conference on World Wide Web, 181–190.
Barthe, Gilles, Köpf, Boris, Olmedo, Federico, and Beguelin, Santiago Zanella. 2012. Probabilistic relational reasoning for differential privacy. In Proc. POPL 2012.
Bleichenbacher, D. 1998. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1. In CRYPTO ’98, LNCS 1462, 1–12.
Blum, A., Dwork, C., McSherry, F., and Nissim, K.. 2005. Practical privacy: The SuLQ framework. In Proc. 24th ACM Symposium on Principles of Database Systems (PODS), 128–138.
Blum, A., Ligett, K., and Roth, A.. 2008. A learning theory approach to non-interactive database privacy. In Proc. 40th ACM SIGACT Symposium on Theory of Computing (STOC), 609–618.
Brakerski, Z., and Vaikuntanathan, V.. 2011. Efficient fully homomorphic encryption from (standard) LWE. In Proc. 52nd Annual IEEE Symposium on Foundations of Computing (FOCS), 97–106.
Calandrino, J., Kilzer, A., Narayanan, A., Felten, E., and Shmatikov, V.. 2011. You might also like: Privacy risks of collaborative filtering. In Proc. IEEE Symposium on Security and Privacy (SP), 231–246.
Dinur, I., and Nissim, K.. 2003. Revealing information while preserving privacy. In Proc. 22nd ACM Symposium on Principles of Database Systems (PODS), 202–210.
Duchi, John, Jordan, Michael, and Wainwright, Martin. 2013. Local privacy and statistical minimax rates. In Proc. 54th Annual IEEE Symposium on Foundations of Computer Science (FOCS).
Dwork, C. 2006. Differential privacy. In Proc. 33rd International Colloquium on Automata, Languages and Programming (ICALP), 2:1–12.
Dwork, C., Kenthapadi, K., McSherry, F., Mironov, I., and Naor, M.. 2006a. Our data, ourselves: Privacy via distributed noise generation. In Advances in Cryptology: Proc. EUROCRYPT, 486–503.
Dwork, C., McSherry, F., Nissim, K., and Smith, A.. 2006b. Calibrating noise to sensitivity in private data analysis. In Proc. 3rd Theory of Cryptography Conference (TCC), 265–284.
Dwork, C., McSherry, F., and Talwar, K.. 2007. The price of privacy and the limits of LP decoding. In Proc. 39th ACM Symposium on Theory of Computing (STOC), 85–94.
Dwork, C., and Naor, M.. 2010. On the difficulties of disclosure prevention in statistical databases or the case for differential privacy. Journal of Privacy and Confidentiality 2. Available at .
Dwork, C., Naor, M., Reingold, O., Rothblum, G., and Vadhan, S.. 2009. When and how can privacy-preserving data release be done efficiently? In Proc. 41st ACM Symposium on Theory of Computing (STOC), 381–390.
Dwork, C., and Yekhanin, S.. 2008. New efficient attacks on statistical disclosure control mechanisms. In Proc. CRYPTO, 468–480.
Dwork, Cynthia, McSherry, Frank, Nissim, Kobbi, and Smith, Adam. 2011. Differential privacy – a primer for the perplexed. In Joint UNECE/Eurostat Work Session on Statistical Data Confidentiality. Available at .
Dwork, Cynthia, Rothblum, Guy N., and Vadhan, Salil P.. 2010. Boosting and differential privacy. In Proc. 51st Annual IEEE Symposium on Foundations of Computer Science (FOCS), 51–60.
Evfimievski, Alexandre, Gehrke, Johannes, and Srikant, Ramakrishnan. 2003. Limiting privacy breaches in privacy preserving data mining. In Proc. 22nd ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS).
Fienberg, Stephen, Rinaldo, Alessandro, and Yang, Xiaolin. 2011. Differential privacy and the risk-utility tradeoff for multi-dimensional contingency tables. In Privacy in Statistical Databases, LNCS 6344, 187–199.
Gentry, C. 2009. A fully homomorphic encryption scheme. PhD thesis, Stanford University.
Goldwasser, S., and Micali, S.. 1984. Probabilistic encryption. Journal of Computer and Systems Sciences 28:270–299.
Goldwasser, Shafi, Micali, Silvio, and Rivest, Ron. 1988. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17:281–308.
Gupta, Anupam, Hardt, Moritz, Roth, Aaron, and Ullman, Jonathan. 2011. Privately releasing conjunctions and the statistical query barrier. In Proc. 43rd Annual ACM Symposium on Theory of Computing (STOC), 803–812.
Hardt, M., Ligett, K., and McSherry, F.. 2012. A simple and practical algorithm for differentially private data release. Advances in Neural Information Processing Systems 25:2348– 2356.
Hardt, M., and Talwar, K.. 2010. On the geometry of differential privacy. In Proc. 42nd ACM Symposium on Theory of Computing (STOC), 705–714.
Hardt, Moritz, and Rothblum, Guy. 2010. A multiplicative weights mechanism for privacy-preserving data analysis. In Proc. 51st Annual IEEE Symposium on Foundations of Computer Science (FOCS), 61–70.
Michael, Hay, Rastogi, Vibhor, Miklau, Gerome, and Suciu, Dan. 2010. Boosting the accuracy of differentially private histograms through consistency. Proc. VLDB Endowment 3(1–2):1021–1032.
Hirsch, D. 2006. Protecting the inner environment: What privacy regulation can learn from environmental law. Georgia Law Review 41.
Homer, N., Szelinger, S., Redman, M., Duggan, D., Tembe, W., Muehling, J., Pearson, J.V., Stephan, D.A., Nelson, S.F., and Craig, D.W.. 2008. Resolving individuals contributing trace amounts of dna to highly complex mixtures using high-density snp genotyping microarrays. PLoS Genetics 4(8):e1000167.
Hsu, Justin, Khanna, Sanjeev, and Roth, Aaron. 2012. Distributed private heavy hitters. In Proc. 39th International Colloquium Conference on Automata, Languages, and Programming (ICALP)(Track 1), 461–472.
Isaacman, Sibren, Becker, Richard, Cáceres, Ramón, Kobourov, Stephen, Martonosi, Margaret, Rowland, James, and Varshavsky, Alexancer. 2011. Identifying important places in people’s lives from cellular network data. In Pervasive Computing, LNCS 6696, 133–151.
Isaacman, Sibren, Becker, Richard, Cáceres, Ramón, Martonosi, Margaret, Rowland, James, Varshavsky, Alexander, and Willinger, Walter. Human mobility modeling at metropolitan scales. 2012. In Proc.10th International Conference on Mobile Systems, Applications, and Services, 239–252.
Kasiviswanathan, Shiva, Homin, K. Lee, Kobbi Nissim, Sofya Raskhodnikova, and Adam Smith. What can we learn privately?SIAM Journal on Computing 40:793–826.
Kasiviswanathan, Shiva, Rudelson, Mark, and Smith, Adam. 2012. The power of linear reconstruction attacks. arXiv:1210.2381.
Kocher, P., Jaffe, J., and Jun, B.. 1999. Differential power analysis. In Advances in Cryptology: Proc. CRYPTO’99, 388–397.
Kocher, Paul. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology: Proc. CRYPTO’96, 104–113.
Machanavajjhala, Ashwin, Kifer, Daniel, Abowd, John, Gehrke, Johannes, and Vilhuber, Lars. 2008. Privacy: Theory meets practice on the map. In Proc. International Conference on Data Engineering (ICDE), 277–286.
McSherry, F. 2009. Privacy integrated queries (codebase). Available on Microsoft Research downloads website. See also Proc. SIGMOD 2009, 19–30.
McSherry, F., and Talwar, K.. 2007. Mechanism design via differential privacy. In Proc. 48th Annual Symposium on Foundations of Computer Science (FOCS), 94–103.
Mir, Darakhshan, Isaacman, Sibren, Cáceres, Ramón, Martonosi, Margaret, and Wright, Rebecca N. 2013. DP-WHERE: Differentially private modeling of human mobility. In Proc. IEEE Conference on Big Data, 580–588.
Mironov, Ilya. 2012. On significance of the least significant bits for differential privacy. In Proc. ACM Conference on Computer and Communications Security (CCS), 650– 661.
Narayanan, Arvind, and Shmatikov, Vitaly. 2008. Robust de-anonymization of large sparse datasets. In Proc. IEEE Symposium on Security and Privacy (SP), 111–125.
Nikolov, Aleksandar, Talwar, Kunal, and Zhang, Li. 2013. The geometry of differential privacy: The sparse and approximate cases. In Proc. 45th ACM Symposium on Theory of Computing (STOC), 351–360.
Papadopoulos, S., and Kellaris, G.. 2013. Practical differential privacy via grouping and smoothing. In Proc. 39th International Conference on Very Large Data Bases, 301–312.
Prabhakaran, Manoj, and Sahai, Amit. 2013. Secure Multi-party Computation. Washington, DC: IOS Press.
Roth, Aaron, and Roughgarden, Tim. 2010. Interactive privacy via the median mechanism. In Proc. 42nd ACM Symposium on Theory of Computing (STOC), 765–774.
Roy, Indrajit, Setty, Srinath, Kilzer, Ann, Shmatikov, Vitaly, and Witchel, Emmett. 2010. Airavat: Security and privacy for MapReduce. In Proc. 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI), 10:297–312.
Sweeney, L. 1997. Weaving technology and policy together to maintain confidentiality. Journal of Law, Medicine and Ethics 25:98–110.
Sweeney, Latanya. 2012. Keynote Lecture, Second Annual iDASH All-Hands Symposium, UCSD, La Jolla, CA.
Ullman, Jonathan, and Vadhan, Salil P.. 2011. PCPs and the hardness of generating private synthetic data. In Proc. 8th Theory of Cryptography Conference (TCC), 400–416.
Warner, S. 1965. Randomized response: A survey technique for eliminating evasive answer bias. Journal of the American Statistical Association 60:63–69.
Cancel
Confirm
×