Preventing Manipulation Attack in Local Differential Privacy using Verifiable Randomization Mechanism

by   Fumiyuki Kato, et al.

Local differential privacy (LDP) has been received increasing attention as a formal privacy definition without a trusted server. In a typical LDP protocol, the clients perturb their data locally with a randomized mechanism before sending it to the server for analysis. Many studies in the literature of LDP implicitly assume that the clients honestly follow the protocol; however, two recent studies show that LDP is generally vulnerable under malicious clients. Cao et al. (USENIX Security '21) and Cheu et al. (IEEE S P '21) demonstrated that the malicious clients can effectively skew the analysis (such as frequency estimation) by sending fake data to the server, which is called data poisoning attack or manipulation attack against LDP. In this paper, we propose secure and efficient verifiable LDP protocols to prevent manipulation attacks. Specifically, we leverage Cryptographic Randomized Response Technique (CRRT) as a building block to convert existing LDP mechanisms into a verifiable version. In this way, the server can verify the completeness of executing an agreed randomization mechanism on the client side without sacrificing local privacy. Our proposed method can completely protect the LDP protocol from output manipulation attacks, and significantly mitigates the unexpected damage from malicious clients with acceptable computational overhead.


page 1

page 2

page 3

page 4


Active Membership Inference Attack under Local Differential Privacy in Federated Learning

Federated learning (FL) was originally regarded as a framework for colla...

PriFi: A Low-Latency Local-Area Anonymous Communication Network

Popular anonymity protocols such as Tor provide low communication latenc...

REMOTEGATE: Incentive-Compatible Remote Configuration of Security Gateways

Imagine that a malicious hacker is trying to attack a server over the In...

The Effect of False Positives: Why Fuzzy Message Detection Leads to Fuzzy Privacy Guarantees?

Fuzzy Message Detection (FMD) is a recent cryptographic primitive invent...

Amplification by Shuffling without Shuffling

Motivated by recent developments in the shuffle model of differential pr...

SIMC 2.0: Improved Secure ML Inference Against Malicious Clients

In this paper, we study the problem of secure ML inference against a mal...

Auditable Blockchain Randomization Tool

Randomization is an integral part of well-designed statistical trials, a...

Please sign up or login with your details

Forgot password? Click here to reset