V𝜖rity: Verifiable Local Differential Privacy
Abstract
Local differential privacy (LDP) enables individuals to report sensitive data while preserving privacy.
Unfortunately, LDP mechanisms are vulnerable to poisoning attacks, where adversaries controlling a
fraction of the reporting users can significantly distort the aggregate output–much more so than in a
non-private solution where the inputs are reported directly. In this paper, we present two novel solutions
that prevent poisoning attacks under LDP while preserving its privacy guarantees. Our first solution,
Vϵrity-Auth, addresses scenarios where the users report inputs with a ground truth available to a third
party. The second solution, Vϵrity, tackles the more challenging case in which the users locally generate
their input and there is no ground truth which can be used to bootstrap verifiable randomness generation.
Unfortunately, LDP mechanisms are vulnerable to poisoning attacks, where adversaries controlling a
fraction of the reporting users can significantly distort the aggregate output–much more so than in a
non-private solution where the inputs are reported directly. In this paper, we present two novel solutions
that prevent poisoning attacks under LDP while preserving its privacy guarantees. Our first solution,
Vϵrity-Auth, addresses scenarios where the users report inputs with a ground truth available to a third
party. The second solution, Vϵrity, tackles the more challenging case in which the users locally generate
their input and there is no ground truth which can be used to bootstrap verifiable randomness generation.
