Journal of Privacy and Confidentiality


We review the attack given by Dinur and Nissim [6] on the output perturbation sanitizer, and generalize it to a setting that includes, as particular cases, databases with values in {0,1}---with the metric considered in [6]---and databases with real values, with other appropriate metrics (hence the binary case is not included in the real case).

Previous works [12, 14] on the binary case gave results more efficient than ours. Those results could be used to extend the binary case to the real-valued case, hence implying our results. The contributions of this paper are: to make the implication explicit, and to give an alternative general proof.

We state a property about the function dist that measures the error of the attacker's approximation of the database, which is satisfied in our cases of interest, and is sufficiently strong to prove the impossibility results regarding the privacy provided by the output-perturbation sanitizer, in both the real and binary cases.

In this general context we establish an inequality (an upper bound to the probability of adversary's failure) that relates all the parameters of the problem---the size of the database, the relative error of the adversary, the number of queries made by the adversary (which determines its time complexity), its probability of failure, and the perturbation of the sanitizer---making explicit the trade-offs among them. From this inequality we deduce that for binary and real valued databases, the adversary described in [6] can defeat perturbation o(n1/2) with time complexity determined by o(n log n) number of queries (instead of O(n log2 n) as in [6]).