Paper 2016/153

Differentially Private Password Frequency Lists

Jeremiah Blocki, Anupam Datta, and Joseph Bonneau

Abstract

Given a dataset of user-chosen passwords, the frequency list reveals the frequency of each unique password. We present a novel mechanism for releasing perturbed password frequency lists with rigorous security, efficiency, and distortion guarantees. Specifically, our mechanism is based on a novel algorithm for sampling that enables an efficient implementation of the exponential mechanism for differential privacy (naïve sampling is exponential time). It provides the security guarantee that an adversary will not be able to use this perturbed frequency list to learn anything of significance about any individual user's password even if the adversary already possesses a wealth of background knowledge about the users in the dataset. We prove that our mechanism introduces minimal distortion, thus ensuring that the released frequency list is close to the actual list. Further, we empirically demonstrate, using the now-canonical password dataset leaked from RockYou, that the mechanism works well in practice: as the differential privacy parameter $\epsilon$ varies from $8$ to $0.002$ (smaller $\epsilon$ implies higher security), the normalized distortion coefficient (representing the distance between the released and actual password frequency list divided by the number of users $N$) varies from $8.8\times10^{-7}$ to $1.9\times 10^{-3}$. Given this appealing combination of security and distortion guarantees, our mechanism enables organizations to publish perturbed password frequency lists. This can facilitate new research comparing password security between populations and evaluating password improvement approaches. To this end, we have collaborated with Yahoo! to use our differentially private mechanism to publicly release a corpus of 50 password frequency lists representing approximately 70 million Yahoo! users. This dataset is now the largest password frequency corpus available. Using our perturbed dataset we are able to closely replicate the original published analysis of this data.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. NDSS 2016
DOI
10.14722/ndss.2016.23328
Keywords
Password FrequenciesDifferential PrivacyExponential MechanismYahoo!
Contact author(s)
jblocki @ microsoft com
History
2016-02-18: received
Short URL
https://ia.cr/2016/153
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/153,
      author = {Jeremiah Blocki and Anupam Datta and Joseph Bonneau},
      title = {Differentially Private Password Frequency Lists},
      howpublished = {Cryptology ePrint Archive, Paper 2016/153},
      year = {2016},
      doi = {10.14722/ndss.2016.23328},
      note = {\url{https://eprint.iacr.org/2016/153}},
      url = {https://eprint.iacr.org/2016/153}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.