{"id":"https://openalex.org/W4288057781","doi":"https://doi.org/10.1109/sp46214.2022.9833672","title":"Are We There Yet? Timing and Floating-Point Attacks on Differential Privacy Systems","display_name":"Are We There Yet? Timing and Floating-Point Attacks on Differential Privacy Systems","publication_year":2022,"publication_date":"2022-05-01","ids":{"openalex":"https://openalex.org/W4288057781","doi":"https://doi.org/10.1109/sp46214.2022.9833672"},"language":"en","primary_location":{"id":"doi:10.1109/sp46214.2022.9833672","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46214.2022.9833672","pdf_url":null,"source":{"id":"https://openalex.org/S4363606603","display_name":"2022 IEEE Symposium on Security and Privacy (SP)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047825364","display_name":"Jiankai Jin","orcid":null},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Jiankai Jin","raw_affiliation_strings":["The University of Melbourne,School of Computing and Information Systems","School of Computing and Information Systems, The University of Melbourne"],"affiliations":[{"raw_affiliation_string":"The University of Melbourne,School of Computing and Information Systems","institution_ids":["https://openalex.org/I165779595"]},{"raw_affiliation_string":"School of Computing and Information Systems, The University of Melbourne","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002156252","display_name":"Eleanor McMurtry","orcid":null},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Eleanor McMurtry","raw_affiliation_strings":["ETH Zurich,Department of Computer Science","Department of Computer Science, ETH Zurich"],"affiliations":[{"raw_affiliation_string":"ETH Zurich,Department of Computer Science","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"Department of Computer Science, ETH Zurich","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078824132","display_name":"Benjamin I. P. Rubinstein","orcid":"https://orcid.org/0000-0002-2947-6980"},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Benjamin I. P. Rubinstein","raw_affiliation_strings":["The University of Melbourne,School of Computing and Information Systems","School of Computing and Information Systems, The University of Melbourne"],"affiliations":[{"raw_affiliation_string":"The University of Melbourne,School of Computing and Information Systems","institution_ids":["https://openalex.org/I165779595"]},{"raw_affiliation_string":"School of Computing and Information Systems, The University of Melbourne","institution_ids":["https://openalex.org/I165779595"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011082117","display_name":"Olga Ohrimenko","orcid":"https://orcid.org/0000-0002-9735-0538"},"institutions":[{"id":"https://openalex.org/I165779595","display_name":"University of Melbourne","ror":"https://ror.org/01ej9dk98","country_code":"AU","type":"education","lineage":["https://openalex.org/I165779595"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Olga Ohrimenko","raw_affiliation_strings":["The University of Melbourne,School of Computing and Information Systems","School of Computing and Information Systems, The University of Melbourne"],"affiliations":[{"raw_affiliation_string":"The University of Melbourne,School of Computing and Information Systems","institution_ids":["https://openalex.org/I165779595"]},{"raw_affiliation_string":"School of Computing and Information Systems, The University of Melbourne","institution_ids":["https://openalex.org/I165779595"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5047825364"],"corresponding_institution_ids":["https://openalex.org/I165779595"],"apc_list":null,"apc_paid":null,"fwci":3.4426,"has_fulltext":false,"cited_by_count":34,"citation_normalized_percentile":{"value":0.93990461,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"473","last_page":"488"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7296236157417297},{"id":"https://openalex.org/keywords/differential-privacy","display_name":"Differential privacy","score":0.7061288952827454},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6328664422035217},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.4303523898124695},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.42723894119262695},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.08545583486557007}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7296236157417297},{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.7061288952827454},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6328664422035217},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.4303523898124695},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.42723894119262695},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.08545583486557007},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46214.2022.9833672","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46214.2022.9833672","pdf_url":null,"source":{"id":"https://openalex.org/S4363606603","display_name":"2022 IEEE Symposium on Security and Privacy (SP)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6399999856948853}],"awards":[],"funders":[{"id":"https://openalex.org/F4320320974","display_name":"University of Melbourne","ror":"https://ror.org/01ej9dk98"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":62,"referenced_works":["https://openalex.org/W55681943","https://openalex.org/W1557855942","https://openalex.org/W1873763122","https://openalex.org/W1886087434","https://openalex.org/W1985511977","https://openalex.org/W1992926795","https://openalex.org/W2023439666","https://openalex.org/W2027595342","https://openalex.org/W2042946599","https://openalex.org/W2062463502","https://openalex.org/W2071825329","https://openalex.org/W2083767537","https://openalex.org/W2091815328","https://openalex.org/W2096870293","https://openalex.org/W2097774686","https://openalex.org/W2116807588","https://openalex.org/W2117106078","https://openalex.org/W2119028650","https://openalex.org/W2171867834","https://openalex.org/W2294904676","https://openalex.org/W2412886904","https://openalex.org/W2473418344","https://openalex.org/W2563052397","https://openalex.org/W2594311007","https://openalex.org/W2613335035","https://openalex.org/W2624413610","https://openalex.org/W2761138375","https://openalex.org/W2784621220","https://openalex.org/W2792220042","https://openalex.org/W2809008139","https://openalex.org/W2884738118","https://openalex.org/W2900370870","https://openalex.org/W2927692314","https://openalex.org/W2963047853","https://openalex.org/W2963965291","https://openalex.org/W2982157598","https://openalex.org/W3046518446","https://openalex.org/W3049709743","https://openalex.org/W3096074096","https://openalex.org/W3101414576","https://openalex.org/W3102360395","https://openalex.org/W3120740533","https://openalex.org/W3135562453","https://openalex.org/W3203011700","https://openalex.org/W4205228770","https://openalex.org/W4248861293","https://openalex.org/W4289766020","https://openalex.org/W4295358171","https://openalex.org/W4300449316","https://openalex.org/W6602201320","https://openalex.org/W6639246211","https://openalex.org/W6639438251","https://openalex.org/W6657138077","https://openalex.org/W6697139857","https://openalex.org/W6744992943","https://openalex.org/W6747855403","https://openalex.org/W6751920018","https://openalex.org/W6752007554","https://openalex.org/W6770149463","https://openalex.org/W6771350796","https://openalex.org/W6775830128","https://openalex.org/W6791673544"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W3038283795","https://openalex.org/W2604501336","https://openalex.org/W2558166297","https://openalex.org/W2734500670","https://openalex.org/W2315671126","https://openalex.org/W798507144","https://openalex.org/W2964481303"],"abstract_inverted_index":{"Differential":[0],"privacy":[1,6,184,201],"is":[2,72],"a":[3,15,62,148],"de":[4],"facto":[5],"framework":[7],"that":[8,123,139,154,193],"has":[9,27],"seen":[10],"adoption":[11],"in":[12,45,51,81],"practice":[13],"via":[14],"number":[16],"of":[17,22,68,110,117,131,134,186,199],"mature":[18],"software":[19],"platforms.":[20],"Implementation":[21],"differentially":[23],"private":[24,229],"(DP)":[25],"mechanisms":[26,122],"to":[28,32,61,74,127,159,176,204,212,222],"be":[29,174],"done":[30],"carefully":[31],"ensure":[33],"end-to-end":[34,225],"security":[35],"guarantees.":[36],"In":[37,106],"this":[38,69],"paper":[39,112],"we":[40,55,113,236],"study":[41,114],"two":[42],"implementation":[43],"flaws":[44],"the":[46,57,75,84,90,107,111,118,129,157,168],"noise":[47,165,169],"generation":[48],"commonly":[49,195],"used":[50,175],"DP":[52,94],"systems.":[53],"First":[54],"examine":[56],"Gaussian":[58,121,164],"mechanism\u2019s":[59],"susceptibility":[60],"floating-point":[63,132],"representation":[64,133],"attack.":[65,151],"The":[66],"premise":[67],"first":[70],"vulnerability":[71],"similar":[73],"one":[76],"carried":[77],"out":[78],"by":[79],"Mironov":[80],"2011":[82],"against":[83,93],"Laplace":[85,119,162],"mechanism.":[86],"Our":[87],"experiments":[88],"show":[89,138],"attack\u2019s":[91],"success":[92,209],"algorithms,":[95],"including":[96],"deep":[97],"learning":[98],"models":[99],"trained":[100],"using":[101],"differentially-private":[102],"stochastic":[103],"gradient":[104],"descent.":[105],"second":[108],"part":[109],"discrete":[115,233],"counterparts":[116],"and":[120,220,238],"were":[124],"previously":[125],"proposed":[126],"alleviate":[128],"shortcomings":[130],"real":[135],"numbers.":[136],"We":[137,191,207],"such":[140,189],"implementations":[141,198],"unfortunately":[142],"suffer":[143],"from":[144],"another":[145],"side":[146],"channel:":[147],"novel":[149],"timing":[150,226],"An":[152],"observer":[153],"can":[155,166,172],"measure":[156],"time":[158],"draw":[160],"(discrete)":[161],"or":[163],"predict":[167],"magnitude,":[170],"which":[171],"then":[173],"recover":[177],"sensitive":[178],"attributes.":[179],"This":[180],"attack":[181],"invalidates":[182],"differential":[183,200],"guarantees":[185],"systems":[187],"implementing":[188],"mechanisms.":[190],"demonstrate":[192],"several":[194],"used,":[196],"state-of-the-art":[197],"are":[202],"susceptible":[203],"these":[205],"attacks.":[206],"report":[208],"rates":[210],"up":[211,221],"92.56%":[213],"for":[214,224],"floating":[215],"point":[216],"attacks":[217,227],"on":[218,228],"DP-SGD,":[219],"99.65%":[223],"sum":[230],"protected":[231],"with":[232],"Laplace.":[234],"Finally,":[235],"evaluate":[237],"suggest":[239],"partial":[240],"mitigations.":[241]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":16},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":1}],"updated_date":"2026-04-22T08:38:42.863108","created_date":"2025-10-10T00:00:00"}