Cryptology ePrint Archive: Report 2016/153

Differentially Private Password Frequency Lists

Jeremiah Blocki and Anupam Datta and Joseph Bonneau

Abstract: Given a dataset of user-chosen passwords, the frequency list reveals the frequency of each unique password. We present a novel mechanism for releasing perturbed password frequency lists with rigorous security, efficiency, and distortion guarantees. Specifically, our mechanism is based on a novel algorithm for sampling that enables an efficient implementation of the exponential mechanism for differential privacy (na´ve sampling is exponential time). It provides the security guarantee that an adversary will not be able to use this perturbed frequency list to learn anything of significance about any individual user's password even if the adversary already possesses a wealth of background knowledge about the users in the dataset. We prove that our mechanism introduces minimal distortion, thus ensuring that the released frequency list is close to the actual list. Further, we empirically demonstrate, using the now-canonical password dataset leaked from RockYou, that the mechanism works well in practice: as the differential privacy parameter $\epsilon$ varies from $8$ to $0.002$ (smaller $\epsilon$ implies higher security), the normalized distortion coefficient (representing the distance between the released and actual password frequency list divided by the number of users $N$) varies from $8.8\times10^{-7}$ to $1.9\times 10^{-3}$. Given this appealing combination of security and distortion guarantees, our mechanism enables organizations to publish perturbed password frequency lists. This can facilitate new research comparing password security between populations and evaluating password improvement approaches. To this end, we have collaborated with Yahoo! to use our differentially private mechanism to publicly release a corpus of 50 password frequency lists representing approximately 70 million Yahoo! users. This dataset is now the largest password frequency corpus available. Using our perturbed dataset we are able to closely replicate the original published analysis of this data.

Category / Keywords: Password Frequencies, Differential Privacy, Exponential Mechanism, Yahoo!

Original Publication (with minor differences): NDSS 2016
DOI:
10.14722/ndss.2016.23328

Date: received 17 Feb 2016

Contact author: jblocki at microsoft com

Available format(s): PDF | BibTeX Citation

Version: 20160218:220658 (All versions of this report)

Short URL: ia.cr/2016/153

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]