Local differential privacy (LDP) has been received increasing attention as a formal privacy definition without a trusted server. In a typical LDP protocol, the clients perturb their data locally with a randomized mechanism before sending it to the server for analysis. Many studies in the literature of LDP implicitly assume that the clients honestly follow the protocol; however, two recent studies show that LDP is generally vulnerable under malicious clients. Cao et al. (USENIX Security '21) and Cheu et al. (IEEE S&P '21) demonstrated that the malicious clients can effectively skew the analysis (such as frequency estimation) by sending fake data to the server, which is called data poisoning attack or manipulation attack against LDP. In this paper, we propose secure and efficient verifiable LDP protocols to prevent manipulation attacks. Specifically, we leverage Cryptographic Randomized Response Technique (CRRT) as a building block to convert existing LDP mechanisms into a verifiable version. In this way, the server can verify the completeness of executing an agreed randomization mechanism on the client side without sacrificing local privacy. Our proposed method can completely protect the LDP protocol from output manipulation attacks, and significantly mitigates the unexpected damage from malicious clients with acceptable computational overhead.
翻译:在典型的LDP协议中,客户在将数据发送到服务器进行分析之前,先用随机机制在本地对数据进行干扰,然后将数据发送到服务器进行分析。LDP的许多文献中隐含地认为客户诚实地遵守协议;然而,最近的两项研究表明,LDP在恶意客户之下通常很脆弱。 Cao等人(USENIX Security'21)和Cheu等人(IEEEE S&P '21)表明,恶意客户通过向服务器发送假数据(如频率估计),可以有效地扭曲分析(如频率估计),这被称为数据中毒攻击或操纵攻击LDP。在这份文件中,我们提出安全高效的可核实LDP协议,以防止操纵袭击。具体地说,我们利用加密随机反应技术(CRRRT)作为将现有的LDP机制转换为可核查版本的建筑块。通过这种方式,服务器可以核实在客户方面执行商定的随机化机制是否完整,同时又不牺牲当地隐私。我们提出的方法可以完全保护LDP协议不受LDP的产出操纵攻击,并且大大减轻意外的间接损失。