HOME

TheInfoList



Click Here for Items Related To - Reconstruction Attack
OR:
Reconstruction Attack on:   [Wikipedia]   [Google]   [Amazon]

A reconstruction attack is any method for partially reconstructing a private dataset from public aggregate information. Typically, the dataset contains sensitive information about individuals, whose privacy needs to be protected. The attacker has no or only partial access to the dataset, but has access to public aggregate statistics about the datasets, which could be exact or distorted, for example by adding noise. If the public statistics are not sufficiently distorted, the attacker is able to accurately reconstruct a large portion of the original private data. Reconstruction attacks are relevant to the analysis of private data, as they show that, in order to preserve even a very weak notion of individual privacy, any published statistics need to be sufficiently distorted. This phenomenon was called the Fundamental Law of Information Recovery by Dwork and
Roth Roth may refer to: Places Germany * Roth (district), in Bavaria, Germany ** Roth, Bavaria, capital of that district ** Roth (electoral district), a federal electoral district * Rhineland-Palatinate, Germany: ** Roth an der Our, in the district ...
, and formulated as "overly accurate answers to too many questions will destroy privacy in a spectacular way."


The Dinur-Nissim Attack

In 2003,
Irit Dinur Irit Dinur (Hebrew: אירית דינור) is an Israeli mathematician. She is professor of computer science at the Weizmann Institute of Science. Her research is in foundations of computer science and in combinatorics, and especially in probabil ...
and
Kobbi Nissim Kobbi Nissim (קובי נסים) is a computer scientist at Georgetown University, where he is the McDevitt Chair of Computer Science. His areas of research include cryptography and data privacy. He is known for the introduction of differential p ...
proposed a reconstruction attack based on noisy answers to multiple statistical queries. Their work was recognized by the 2013 ACM PODS Alberto O. Mendelzon Test-of-Time Award in part for being the seed for the development of
differential privacy Differential privacy (DP) is a system for publicly sharing information about a dataset by describing the patterns of groups within the dataset while withholding information about individuals in the dataset. The idea behind differential privacy is t ...
. Dinur and Nissim model a ''private database'' as a sequence of bits D = (d_1, \ldots, d_n), where each bit is the private information of a single individual. A ''database query'' is specified by a subset S\subseteq \, and is defined to equal q_S(D) = \sum_. They show that, given approximate answers a_1, \ldots, a_m to queries specified by sets S_1, \ldots, S_m, such that , a_i - q_(D), \le \mathcal for all i \in \, if \mathcal is sufficiently small and m is sufficiently large, then an attacker can reconstruct most of the private bits in D. Here the error bound \mathcal can be a function of m and n. Nissim and Dinur's attack works in two regimes: in one regime, m is exponential in n, and the error \mathcal can be linear in n; in the other regime, m is polynomial in n, and the error \mathcal is on the order of \sqrt{n}.


References

Theory of cryptography Information privacy Differential privacy