Averaging Attacks on Bounded Perturbation Algorithms

February 22, 2019

We describe and evaluate an attack that reconstructs the histogram of any target attribute of a sensitive dataset which can only be queried through a type of privacy-preserving algorithms which we call bounded perturbation algorithms. A defining property of such an algorithm is that it perturbs answers to the queries by adding noise distributed within a bounded range (possibly undisclosed). Other key properties of the algorithm include only allowing restricted queries (enforced via an interface), suppressing answers to queries which are only satisfied by a small group of individuals (e.g., by returning a zero as an answer), and adding the same perturbation to two queries which are satisfied by the same set of individuals (to thwart differencing or averaging attacks).

Publisher's website.

Price: FREE

About the Provider

Macquarie University
While only 50 years young, Macquarie has risen to be a progressive and influential institution both locally and internationally. Our campus brings together 40,000 students and 2000 staff in one thriving hub of discovery.


algorithms, Averaging Attacks, privacy, sensitive data