**Hardness of Non-Interactive Differential Privacy from One-Way Functions**

*Lucas Kowalczyk and Tal Malkin and Jonathan Ullman and Daniel Wichs*

**Abstract: **A central challenge in differential privacy is to design computationally efficient noninteractive algorithms that can answer large numbers of statistical queries on a sensitive dataset. That is, we would like to design a differentially private algorithm that takes a dataset $D \in X^n$ consisting of some small number of elements $n$ from some large data universe $X$, and efficiently outputs a summary that allows a user to efficiently obtain an answer to any query in some large family $Q$.

Ignoring computational constraints, this problem can be solved even when $X$ and $Q$ are exponentially large and $n$ is just a small polynomial; however, all algorithms with remotely similar guarantees run in exponential time. There have been several results showing that, under the strong assumption of indistinguishability obfuscation (iO), no efficient differentially private algorithm exists when $X$ and $Q$ can be exponentially large. However, there are no strong separations between information-theoretic and computationally efficient differentially private algorithms under any standard complexity assumption.

In this work we show that, if one-way functions exist, there is no general purpose differentially private algorithm that works when $X$ and $Q$ are exponentially large, and $n$ is an arbitrary polynomial. In fact, we show that this result holds even if $X$ is just subexponentially large (assuming only polynomially-hard one-way functions). This result solves an open problem posed by Vadhan in his recent survey.

**Category / Keywords: **applications / differential privacy, one-way functions, traitor tracing, functional encryption

**Date: **received 13 Nov 2017

**Contact author: **jullman at ccs neu edu

**Available format(s): **PDF | BibTeX Citation

**Version: **20171120:141027 (All versions of this report)

**Short URL: **ia.cr/2017/1107

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]