🤖 AI Summary
This study addresses privacy vulnerabilities in the Gale-Shapley algorithm for the stable marriage problem, particularly in privacy-sensitive settings where preference leakage can enable strategic manipulation and pose compliance risks. The work systematically demonstrates, for the first time, that a malicious proposer can fully reconstruct the private preference list of an honest participant, whereas an honest proposer may preserve privacy under certain preference distributions. Through interactive attack modeling, analysis of preference distributions, and algorithmic reverse inference—validated by experiments on both synthetic and real-world data—the paper reveals that privacy breaches are prevalent in practical matching scenarios. These findings underscore the urgent need to design privacy-preserving mechanisms for stable matching.
📝 Abstract
The stable marriage problem appears in many privacy-sensitive domains, for example in the National Resident Matching Program in the US. In such applications, preserving the privacy of users' preference lists is essential to prevent strategic manipulation, discourage misreporting, and comply with data protection regulations.
In this work, we investigate privacy attacks on stable marriage algorithms. Assuming that the attacker (e.g., the hospitals) can repeatedly interact with the stable marriage algorithm, we demonstrate how such interactions can reveal private preferences of the non-malicious side (e.g., the residents). We show that the widely applied Gale-Shapley Matching Algorithm, where the proposers' side is malicious, is vulnerable to privacy attacks and all honest agents' preferences can be revealed. We further investigate which preference distributions of the honest, non-malicious side are susceptible to privacy attacks and show that the Gale-Shapley Matching Algorithm where the honest side proposes can preserve privacy in non-susceptible preference distributions. We extend our results to the decentralized setting and show that the attacker's side can infer all preference orderings. In an experimental evaluation, we test privacy attacks on synthetic and real-world data and show that real-world data is indeed susceptible to privacy attacks. This work underlines a need for new privacy-preserving stable marriage algorithms.