DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers



We present DP-Sniper, a practical black-box method that automatically finds violations of differential privacy.
DP-Sniper is based on two key ideas: (i) training a classifier to predict if an observed output was likely generated from one of two possible inputs, and (ii) transforming this classifier into an approximately optimal attack on differential privacy.
Our experimental evaluation demonstrates that DP-Sniper obtains up to 12.4 times stronger guarantees than state-of-the-art, while being 15.5 times faster. Further, we show that DP-Sniper is effective in exploiting floating-point vulnerabilities of naively implemented algorithms: it detects that a supposedly 0.1-differentially private implementation of the Laplace mechanism actually does not satisfy even 0.25-differential privacy.



Benjamin Bichsel

PhD student
Department of Computer Science
ETH Zürich



Benjamin Bichsel is a PhD student at the Department of Computer Science, ETH Zürich, in the Secure, Reliable, and Intelligent Systems Lab. His research includes Differential Privacy, Homomorphic Encryption, Zero-knowledge Proofs, Blockchain, Formal Languages and Quantum Computation. Benjamin Bichsel received the Willi Studer Prize 2018 for the best Master’s degree in computer science.