Saved in:
Bibliographic Details
Main Authors: Cebere, Tudor, Erb, David, Desfontaines, Damien, Bellet, Aurélien, Fitzsimons, Jack
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2602.17454
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914339105013760
author Cebere, Tudor
Erb, David
Desfontaines, Damien
Bellet, Aurélien
Fitzsimons, Jack
author_facet Cebere, Tudor
Erb, David
Desfontaines, Damien
Bellet, Aurélien
Fitzsimons, Jack
contents Differential privacy (DP) implementations are notoriously prone to errors, with subtle bugs frequently invalidating theoretical guarantees. Existing verification methods are often impractical: formal tools are too restrictive, while black-box statistical auditing is intractable for complex pipelines and fails to pinpoint the source of the bug. This paper introduces Re:cord-play, a gray-box auditing paradigm that inspects the internal state of DP algorithms. By running an instrumented algorithm on neighboring datasets with identical randomness, Re:cord-play directly checks for data-dependent control flow and provides concrete falsification of sensitivity violations by comparing declared sensitivity against the empirically measured distance between internal inputs. We generalize this to Re:cord-play-sample, a full statistical audit that isolates and tests each component, including untrusted ones. We show that our novel testing approach is both effective and necessary by auditing 12 open-source libraries, including SmartNoise SDK, Opacus, and Diffprivlib, and uncovering 13 privacy violations that impact their theoretical guarantees. We release our framework as an open-source Python package, thereby making it easy for DP developers to integrate effective, computationally inexpensive, and seamless privacy testing as part of their software development lifecycle.
format Preprint
id arxiv_https___arxiv_org_abs_2602_17454
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Privacy in Theory, Bugs in Practice: Grey-Box Auditing of Differential Privacy Libraries
Cebere, Tudor
Erb, David
Desfontaines, Damien
Bellet, Aurélien
Fitzsimons, Jack
Cryptography and Security
Differential privacy (DP) implementations are notoriously prone to errors, with subtle bugs frequently invalidating theoretical guarantees. Existing verification methods are often impractical: formal tools are too restrictive, while black-box statistical auditing is intractable for complex pipelines and fails to pinpoint the source of the bug. This paper introduces Re:cord-play, a gray-box auditing paradigm that inspects the internal state of DP algorithms. By running an instrumented algorithm on neighboring datasets with identical randomness, Re:cord-play directly checks for data-dependent control flow and provides concrete falsification of sensitivity violations by comparing declared sensitivity against the empirically measured distance between internal inputs. We generalize this to Re:cord-play-sample, a full statistical audit that isolates and tests each component, including untrusted ones. We show that our novel testing approach is both effective and necessary by auditing 12 open-source libraries, including SmartNoise SDK, Opacus, and Diffprivlib, and uncovering 13 privacy violations that impact their theoretical guarantees. We release our framework as an open-source Python package, thereby making it easy for DP developers to integrate effective, computationally inexpensive, and seamless privacy testing as part of their software development lifecycle.
title Privacy in Theory, Bugs in Practice: Grey-Box Auditing of Differential Privacy Libraries
topic Cryptography and Security
url https://arxiv.org/abs/2602.17454