Differential privacy primitives use insecure noise generation

[TedTed]

Hi folks,

This method is adding noise to a sum for the purpose of enforcing differential privacy (as described in a recent talk at PEPR '24). The method used to generate noise is naively calling java.util.Random.nextGaussian, and as such is vulnerable to floating-point attacks as described in this 2012 paper or (since this is Gaussian noise and not Laplace noise) this paper or this one.

This could allow an attacker to get more information out of the output data than they should, in potentially catastrophic ways (precision-based attacks, for attacker, are very simple and allow an attacker to perfectly distinguish between true inputs 0 or 1 more than 25% of the time). I have not gone through the trouble of actually installing Presto and build a PoC, but this is such a textbook example of a vulnerable implementation of this stuff that I hope you'll take this seriously even without it.