Budget inference attacks and countermeasures in locally differentially private data collection

Abstract

Local differential privacy (LDP) has recently become a popular notion for privacy-preserving data collection from user devices. It has been applied in numerous contexts related to the Internet of Things (IoT) and cyber-physical systems to enable privacy-preserving edge data analytics. The strength of privacy protection in LDP deployments depends on the privacy budget ɛ, and there are several scenarios in which it is desirable for the value of ɛ to remain hidden from untrusted third parties, or the inference of ɛ by an untrusted third party may constitute a privacy leakage. In this article, we propose a new class of attacks called budget inference attacks (BIAs), which enable an adversary to infer the ɛ budget value from the outputs of an LDP protocol. We develop BIAs for two types of adversaries: informed adversaries who have knowledge of the statistical data distribution, and uninformed adversaries who do not. We apply our BIAs on five popular LDP protocols and experimentally evaluate them using multiple datasets, varying ɛ budgets, population sizes, and attack settings and parameters. Results show that our BIAs are highly effective, as they enable the adversary to infer the ɛ value with low errors. We also propose three potential countermeasures against our BIAs. Analyses show that while our countermeasures can be effective in reducing BIA accuracy, they also increase utility loss; therefore, the tradeoff between BIA accuracy and utility loss needs to be carefully considered. © 2026 Copyright held by the owner/author(s).