## Cryptology ePrint Archive: Report 2017/1107

Hardness of Non-Interactive Differential Privacy from One-Way Functions

Lucas Kowalczyk and Tal Malkin and Jonathan Ullman and Daniel Wichs

Abstract: A central challenge in differential privacy is to design computationally efficient non-interactive algorithms that can answer large numbers of \emph{statistical queries} on a sensitive dataset. That is, we would like to design a differentially private algorithm that takes a dataset $D \in X^n$ consisting of some small number of elements $n$ from some large data universe $X$, and efficiently outputs a summary that allows a user to efficiently obtain an answer to any query in some large family $Q$.

Ignoring computational constraints, this problem can be solved even when $X$ and $Q$ are exponentially large and $n$ is just a small polynomial; however, all algorithms with remotely similar guarantees run in exponential time. There have been several results showing that, under the strong assumption of indistinguishability obfuscation (iO), no efficient differentially private algorithm exists when $X$ and $Q$ can be exponentially large. However, there are no strong separations between information-theoretic and computationally efficient differentially private algorithms under any standard complexity assumption.

In this work we show that, if one-way functions exist, there is no general purpose differentially private algorithm that works when $X$ and $Q$ are exponentially large, and $n$ is an arbitrary polynomial. In fact, we show that this result holds even if $X$ is just subexponentially large (assuming only polynomially-hard one-way functions). This result solves an open problem posed by Vadhan in his recent survey.

Category / Keywords: differential privacy, one-way functions, traitor tracing, functional encryption

Date: received 13 Nov 2017, last revised 22 Dec 2017

Contact author: jullman at ccs neu edu

Available format(s): PDF | BibTeX Citation

Note: A paragraph was added to discuss a concurrent and independent work on a similar topic.

Short URL: ia.cr/2017/1107

[ Cryptology ePrint archive ]