TY - GEN
T1 - Resistance to Timing Attacks for Sampling and Privacy Preserving Schemes
AU - Dov, Yoav Ben
AU - David, Liron
AU - Naor, Moni
AU - Tzalik, Elad
N1 - Publisher Copyright:
© Yoav Ben Dov, Liron David, Moni Naor, and Elad Tzalik; licensed under Creative Commons License CC-BY 4.0.
PY - 2023/6/1
Y1 - 2023/6/1
N2 - Side channel attacks, and in particular timing attacks, are a fundamental obstacle for secure implementation of algorithms and cryptographic protocols. These attacks and countermeasures have been widely researched for decades. We offer a new perspective on resistance to timing attacks. We focus on sampling algorithms and their application to differential privacy. We define sampling algorithms that do not reveal information about the sampled output through their running time. More specifically: (1) We characterize the distributions that can be sampled from in a “time oblivious” way, meaning that the running time does not leak any information about the output. We provide an optimal algorithm in terms of randomness used to sample for these distributions. We give an example of an efficient randomized algorithm A such that there is no subexponential algorithm with the same output as A that does not reveal information on the output or the input, therefore we show leaking information on either the input or the output is unavoidable. (2) We consider the impact of timing attacks on (pure) differential privacy mechanisms. It turns out that if the range of the mechanism is unbounded, such as counting, then any time oblivious pure DP mechanism must give a useless output with constant probability (the constant is mechanism dependent) and must have infinite expected running time. We show that up to this limitations it is possible to transform any pure DP mechanism into a time oblivious one.
AB - Side channel attacks, and in particular timing attacks, are a fundamental obstacle for secure implementation of algorithms and cryptographic protocols. These attacks and countermeasures have been widely researched for decades. We offer a new perspective on resistance to timing attacks. We focus on sampling algorithms and their application to differential privacy. We define sampling algorithms that do not reveal information about the sampled output through their running time. More specifically: (1) We characterize the distributions that can be sampled from in a “time oblivious” way, meaning that the running time does not leak any information about the output. We provide an optimal algorithm in terms of randomness used to sample for these distributions. We give an example of an efficient randomized algorithm A such that there is no subexponential algorithm with the same output as A that does not reveal information on the output or the input, therefore we show leaking information on either the input or the output is unavoidable. (2) We consider the impact of timing attacks on (pure) differential privacy mechanisms. It turns out that if the range of the mechanism is unbounded, such as counting, then any time oblivious pure DP mechanism must give a useless output with constant probability (the constant is mechanism dependent) and must have infinite expected running time. We show that up to this limitations it is possible to transform any pure DP mechanism into a time oblivious one.
KW - Differential Privacy
UR - http://www.scopus.com/inward/record.url?scp=85163637375&partnerID=8YFLogxK
U2 - 10.4230/LIPIcs.FORC.2023.11
DO - 10.4230/LIPIcs.FORC.2023.11
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85163637375
T3 - Leibniz International Proceedings in Informatics, LIPIcs
BT - 4th Symposium on Foundations of Responsible Computing, FORC 2023
A2 - Talwar, Kunal
PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
T2 - 4th Symposium on Foundations of Responsible Computing, FORC 2023
Y2 - 7 June 2023 through 9 June 2023
ER -