Unexpected Information Leakage of Differential Privacy Due to Linear Property of Queries
This reveals a vulnerability in widely used privacy-preserving methods, which could impact data security in applications like healthcare or finance.
The paper identifies that differential privacy mechanisms, specifically the Laplace mechanism, can leak unexpected information due to the linear property of queries, allowing attackers to exploit query divisions to obtain multiple answers with different privacy budget consumption, and demonstrates this through a membership inference attack.
The differential privacy is a widely accepted conception of privacy preservation and the Laplace mechanism is a famous instance of differential privacy mechanisms to deal with numerical data. In this paper, we find that the differential privacy does not take liner property of queries into account, resulting in unexpected information leakage. In specific, the linear property makes it possible to divide one query into two queries such as $q(D)=q(D_1)+q(D_2)$ if $D=D_1\cup D_2$ and $D_1\cap D_2=\emptyset$. If attackers try to obtain an answer of $q(D)$, they not only can issue the query $q(D)$, but also can issue the $q(D_1)$ and calculate the $q(D_2)$ by themselves as long as they know $D_2$. By different divisions of one query, attackers can obtain multiple different answers for the query from differential privacy mechanisms. However, from attackers' perspective and from differential privacy mechanisms' perspective, the totally consumed privacy budget is different if divisions are delicately designed. The difference leads to unexpected information leakage because the privacy budget is the key parameter to control the amount of legally released information from differential privacy mechanisms. In order to demonstrate the unexpected information leakage, we present a membership inference attacks against the Laplace mechanism.