Data Reconstruction: When You See It and When You Don't

Edith Cohen,Haim Kaplan,Yishay Mansour,Shay Moran,Kobbi Nissim,Uri Stemmer,Eliad Tsfadia
2024-05-25
Abstract:We revisit the fundamental question of formally defining what constitutes a reconstruction attack. While often clear from the context, our exploration reveals that a precise definition is much more nuanced than it appears, to the extent that a single all-encompassing definition may not exist. Thus, we employ a different strategy and aim to "sandwich" the concept of reconstruction attacks by addressing two complementing questions: (i) What conditions guarantee that a given system is protected against such attacks? (ii) Under what circumstances does a given attack clearly indicate that a system is not protected? More specifically,
Cryptography and Security
What problem does this paper attempt to address?
### Problems the paper attempts to solve This paper aims to solve the problem of the formal definition of **reconstruction attacks**. Specifically, the authors explore the following core issues: 1. **What is a reconstruction attack?** - The authors point out that in different contexts, the definitions of reconstruction attacks vary, and there is no single, universal definition that can cover all cases. Therefore, they attempt to better understand the concept of reconstruction attacks through the "squeeze" strategy. 2. **How to ensure that the system is protected from reconstruction attacks?** - The authors propose a new definition paradigm - **Narcissus Resiliency** - to describe the security of protecting the system from reconstruction attacks. This paradigm has a self - referential nature and can avoid the shortcomings of security definitions in previous studies. 3. **Under what circumstances does it indicate that the system is vulnerable to attacks?** - The authors also explore under which circumstances a successful attack can clearly indicate that there are vulnerabilities in the system. For this purpose, they introduce the connection with Kolmogorov complexity, providing a criterion for evaluating the success of an attack. ### Presentation of formulas In the paper, the authors use multiple formulas to accurately describe their definitions and conclusions. Here are some of the key formulas and their explanations: - **Definition of Narcissus Resiliency**: \[ \Pr_{S \leftarrow D, y \leftarrow M(S), z \leftarrow A(y)}[R(S, z) = 1] \leq e^\varepsilon \cdot \Pr_{S \leftarrow D, T \leftarrow D, y \leftarrow M(S), z \leftarrow A(y)}[R(T, z) = 1] + \delta \] This formula indicates that for a given distribution \(D\) and an attacker \(A\), the probability of success of the output \(y\) of algorithm \(M\) on the real data set \(S\) should not be significantly higher than the probability of success on a random data set \(T\). - **Extract KL complexity in the definition**: \[ \text{KL}(x)=\min\{|p| : p \text{ is a program that outputs } x \text{ and halts}\} \] This formula is used to measure the length of the shortest program for string \(x\), that is, its Kolmogorov complexity. ### Summary The main goal of this paper is to re - examine and formally define the concept of reconstruction attacks, and better understand and evaluate the security of the system by introducing new definition paradigms (such as Narcissus Resiliency). At the same time, the authors also explore how to quantify and verify the effectiveness of reconstruction attacks, providing theoretical basis and practical guidance for future research.