Timing Attacks on Differential Privacy are Practical

Differential privacy (DP) has become a standard approach for computing privacy-preserving statistics. However, in interactive settings, the observable runtime of DP queries can inadvertently leak sensitive information, violating privacy guarantees. Prior work has shown that timing side channels can undermine DP in specific settings. In this work, we show that popular libraries for implementing differential privacy, including diffprivlib, OpenDP, and PyDP, frequently introduce such timing side channels, leading to measurable privacy degradation. Our analysis reveals timing vulnerabilities not only within commonly used DP mechanisms (e.g., private sums, counts, means, and selection) but also in commonly used pre-processing steps such as filtering and sorting. We show that these seemingly innocuous operations frequently exhibit runtimes that are sensitive not only to the presence of an individual's data in the input but also to the ordering of the input data.