{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T12:06:22Z","timestamp":1771329982390,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation of China","award":["62272306,62032020,62136006"],"award-info":[{"award-number":["62272306,62032020,62136006"]}]},{"DOI":"10.13039\/501100006374","name":"National Science and Technology Major Project","doi-asserted-by":"publisher","award":["2021ZD0112801"],"award-info":[{"award-number":["2021ZD0112801"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690367","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"3540-3554","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Curator Attack: When Blackbox Differential Privacy Auditing Loses Its Power"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-4064-1312","authenticated-orcid":false,"given":"Shiming","family":"Wang","sequence":"first","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0165-4930","authenticated-orcid":false,"given":"Liyao","family":"Xiang","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-5163-9313","authenticated-orcid":false,"given":"Bowei","family":"Cheng","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8803-1737","authenticated-orcid":false,"given":"Zhe","family":"Ji","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-8834-7288","authenticated-orcid":false,"given":"Tianran","family":"Sun","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0357-8356","authenticated-orcid":false,"given":"Xinbing","family":"Wang","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. DP-Sniper Code. https:\/\/github.com\/eth-sri\/dp-sniper. Accessed: 2023-02-07."},{"key":"e_1_3_2_1_2_1","unstructured":"[n.d.]. Our Curator Attack. https:\/\/github.com\/ShimingWang98\/Curator-Attack-When-Blackbox-DP-Auditing-Loses-Its-Power."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3219819.3226070"},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the ACM on Programming Languages 2, POPL","author":"Albarghouthi Aws","year":"2017","unstructured":"Aws Albarghouthi and Justin Hsu. 2017. Synthesizing coupling proofs of differential privacy. Proceedings of the ACM on Programming Languages 2, POPL (2017), 1--30."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833689"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373718.3394796"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2013.26"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978391"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2014.36"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243863"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00081"},{"key":"e_1_3_2_1_12_1","volume-title":"Collecting telemetry data privately. Advances in Neural Information Processing Systems 30","author":"Ding Bolin","year":"2017","unstructured":"Bolin Ding, Janardhan Kulkarni, and Sergey Yekhanin. 2017. Collecting telemetry data privately. Advances in Neural Information Processing Systems 30 (2017)."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243818"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36594-2_24"},{"key":"e_1_3_2_1_15_1","volume-title":"Gaussian differential privacy. arXiv preprint arXiv:1905.02383","author":"Dong Jinshuo","year":"2019","unstructured":"Jinshuo Dong, Aaron Roth, and Weijie J Su. 2019. Gaussian differential privacy. arXiv preprint arXiv:1905.02383 (2019)."},{"key":"e_1_3_2_1_16_1","first-page":"22205","article-title":"Auditing differentially private machine learning: How private is private sgd","volume":"33","author":"Jagielski Matthew","year":"2020","unstructured":"Matthew Jagielski, Jonathan Ullman, and Alina Oprea. 2020. Auditing differentially private machine learning: How private is private sgd? Advances in Neural Information Processing Systems 33 (2020), 22205--22216.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3187009.3177733"},{"key":"e_1_3_2_1_18_1","volume-title":"Propile: Probing privacy leakage in large language models. Advances in Neural Information Processing Systems 36","author":"Kim Siwon","year":"2024","unstructured":"Siwon Kim, Sangdoo Yun, Hwaran Lee, Martin Gubri, Sungroh Yoon, and Seong Joon Oh. 2024. Propile: Probing privacy leakage in large language models. Advances in Neural Information Processing Systems 36 (2024)."},{"key":"e_1_3_2_1_19_1","volume-title":"Minimax optimal estimation of approximate differential privacy on neighboring databases. Advances in neural information processing systems 32","author":"Liu Xiyang","year":"2019","unstructured":"Xiyang Liu and Sewoong Oh. 2019. Minimax optimal estimation of approximate differential privacy on neighboring databases. Advances in neural information processing systems 32 (2019)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616607"},{"key":"e_1_3_2_1_21_1","first-page":"4165","article-title":"A general framework for auditing differentially private machine learning","volume":"35","author":"Lu Fred","year":"2022","unstructured":"Fred Lu, Joseph Munoz, Maya Fuchs, Tyler LeBlond, Elliott Zaresky-Williams, Edward Raff, Francis Ferraro, and Brian Testa. 2022. A general framework for auditing differentially private machine learning. Advances in Neural Information Processing Systems 35 (2022), 4165--4176.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_22_1","unstructured":"Lyu Min Su Dong and Li Ninghui. 2016. Understanding the sparse vector technique for differential privacy."},{"key":"e_1_3_2_1_23_1","volume-title":"Tight Auditing of Differentially Private Machine Learning. arXiv preprint arXiv:2302.07956","author":"Nasr Milad","year":"2023","unstructured":"Milad Nasr, Jamie Hayes, Thomas Steinke, Borja Balle, Florian Tram\u00e8r, Matthew Jagielski, Nicholas Carlini, and Andreas Terzis. 2023. Tight Auditing of Differentially Private Machine Learning. arXiv preprint arXiv:2302.07956 (2023)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00069"},{"key":"e_1_3_2_1_25_1","unstructured":"Vishal Jagannath Ravi. 2019. Automated methods for checking differential privacy. (2019)."},{"key":"e_1_3_2_1_26_1","volume-title":"Privacy auditing with one (1) training run. Advances in Neural Information Processing Systems 36","author":"Steinke Thomas","year":"2024","unstructured":"Thomas Steinke, Milad Nasr, and Matthew Jagielski. 2024. Privacy auditing with one (1) training run. Advances in Neural Information Processing Systems 36 (2024)."},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security.","author":"Ulfar Erlingsson","year":"2014","unstructured":"Erlingsson Ulfar, Pihur Wasyl, and Korolova Aleksandra. 2014. RAPPOR: Randomized aggregatable privacy-preserving ordinal response. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417282"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 655--669","author":"Ding Zeyu","year":"2019","unstructured":"YuxinWang, Zeyu Ding, GuanhongWang, Daniel Kifer, and Danfeng Zhang. 2019. Proving differential privacy with shadow execution. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 655--669."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0025"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3089884"},{"key":"e_1_3_2_1_32_1","volume-title":"International Conference on Machine Learning. PMLR, 40624--40636","author":"Zanella-B\u00e9guelin Santiago","year":"2023","unstructured":"Santiago Zanella-B\u00e9guelin, Lukas Wutschitz, Shruti Tople, Ahmed Salem, Victor R\u00fchle, Andrew Paverd, Mohammad Naseri, Boris K\u00f6pf, and Daniel Jones. 2023. Bayesian estimation of differential privacy. In International Conference on Machine Learning. PMLR, 40624--40636."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690367","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690367","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:05:15Z","timestamp":1755842715000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690367"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":32,"alternative-id":["10.1145\/3658644.3690367","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690367","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}