Passive and active attackers in noiseless privacy
Differential privacy offers clear and strong quantitative guarantees for privacy mechanisms, but it assumes an attacker that knows all but one records of the dataset. This assumption leads in many applications to an overapproximation of an attacker's actual strength. This can lead to over-cautiously chosen noise parameters, which can in turn lead to unnecessarily poor utility. Recent work has made significant steps towards privacy in the presence of limited background knowledge. Definitions like noiseless privacy are modeling a weaker attacker who has uncertainty about the data. In this technical report, we show that existing definitions implicitly assume an active attacker, who can not only see, but control some of the data. We argue that in some cases, it makes sense to consider a passive attacker, who has some knowledge about the data, but cannot influence it. We propose an alternative definition to capture this attacker model, we study the link between these two alternatives, and we show some consequences of this distinction on the security of thresholding schemes.
READ FULL TEXT