Manipulation Attacks in Local Differential Privacy
This highlights a critical security flaw in widely deployed privacy systems, urging caution and reinforcing the need for cryptographic solutions, though it is incremental as it builds on existing privacy research.
The paper investigates the vulnerability of non-interactive local differential privacy protocols to adversarial manipulation, showing that attackers controlling a small fraction of users can completely obscure input distributions, especially under high privacy or large domains.
Local differential privacy is a widely studied restriction on distributed algorithms that collect aggregates about sensitive user data, and is now deployed in several large systems. We initiate a systematic study of a fundamental limitation of locally differentially private protocols: they are highly vulnerable to adversarial manipulation. While any algorithm can be manipulated by adversaries who lie about their inputs, we show that any non-interactive locally differentially private protocol can be manipulated to a much greater extent. Namely, when the privacy level is high or the input domain is large, an attacker who controls a small fraction of the users in the protocol can completely obscure the distribution of the users' inputs. We also show that existing protocols differ greatly in their resistance to manipulation, even when they offer the same accuracy guarantee with honest execution. Our results suggest caution when deploying local differential privacy and reinforce the importance of efficient cryptographic techniques for emulating mechanisms from central differential privacy in distributed settings.