Differential Privacy for Relational Algebra: Improving the Sensitivity Bounds via Constraint Systems

Palamidessi, Catuscia; Stronati, Marco

doi:10.4204/eptcs.85.7

Cited by 22 publications

(9 citation statements)

References 10 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…And (4) their analysis is "mostly automated" due to proof obligations that are not always automatically solvable, while ours is fully automated. Palamidessi and Stronati [20] recently proposed a constraintbased approach to compute the sensitivity of relational algebra queries. In particular, their analysis is able to compute the minimal sensitivity of wide range of queries.…”

Section: Related Workmentioning

confidence: 99%

Sensitivity analysis using type-based constraints

D’Antoni

Gaboardi

Arias

et al. 2013

Proceedings of the 1st Annual Workshop on Functional Programming Concepts in Domain-Specific Languages

View full text Add to dashboard Cite

International audienceFunction sensitivity ―- how much the result of a function can change with respect to linear changes in the input ―- is a key concept in many research areas. For instance, in differential privacy, one of the most common mechanisms for turning a (possibly privacy-leaking) query into a differentially private one involves establishing a boundon its sensitivity. One approach to sensitivity analysis is to use a type-based approach, extending the Hindley-Milner type system with functional types capturing statically the sensitivity of a functional expression. This approach ―- based on affine logic ―- has been used in Fuzz, a language for differentially private queries. We describe an automatic typed-based analysis that infers and checks the sensitivity annotations for simple functional programs. We have implemented a prototype in Fuzz's compiler. The first component of the analysis extends the typechecker to generate nonlinear constraints over the positive real numbers extended with infinity, which are then checked by the Z3 SMT solver; a solution for them will provide an upper bound on the sensitivity annotations and ensure the correctness of the annotations. We also present a simple sensitivity minimization procedure and demonstrate the effectiveness of the approach by analyzing several examples

show abstract

Section: Related Workmentioning

confidence: 99%

Sensitivity analysis using type-based constraints

D’Antoni

Gaboardi

Arias

et al. 2013

Proceedings of the 1st Annual Workshop on Functional Programming Concepts in Domain-Specific Languages

View full text Add to dashboard Cite

show abstract

“…In DP, there are proposals for using type systems to enforce differential privacy [19,32,41]. Other programming language techniques [5] include dynamic approaches [29,30,43], static checking [19,33,41], and machine-checked proofs [6]. A similar trend is occurring in MPC where implementations must also comply with design constraints to collaboratively compute functions while still protecting private inputs from other users.…”

Section: Compilers For Privacy-preserving Computationmentioning

confidence: 99%

Porcupine: a synthesizing compiler for vectorized homomorphic encryption

Cowan

Dangwal

Alaghi

et al. 2021

Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

Homomorphic encryption (HE) is a privacy-preserving technique that enables computation directly on encrypted data. Despite its promise, HE has seen limited use due to performance overheads and compilation challenges. Recent work has made significant advances to address the performance overheads but automatic compilation of efficient HE kernels remains relatively unexplored.This paper presents Porcupine, an optimizing compiler that generates vectorized HE code using program synthesis. HE poses three major compilation challenges: it only supports a limited set of SIMD-like operators, it uses long-vector operands, and decryption can fail if ciphertext noise growth is not managed properly. Porcupine captures the underlying HE operator behavior so that it can automatically reason about the complex trade-offs imposed by these challenges to generate optimized, verified HE kernels. To improve synthesis time, we propose a series of optimizations including a sketch design tailored to HE to narrow the program search space. We evaluate Porcupine using a set of kernels and show speedups of up to 52% (25% geometric mean) compared to heuristic-driven hand-optimized kernels. Analysis of Porcupine's synthesized code reveals that optimal solutions are not always intuitive, underscoring the utility of automated reasoning in this domain.

show abstract

“…Some of these are related to the deficiency of the sequential query composition principle, and are typically much more specialised (and therefore more technically sophisticated) than the method of provenance tracing described here -see for example [14,15,28]. Palamidessi and Stronati [21] provide a compositional method for improving the sensitivity estimation for relational algebra terms. It would be interesting to investigate whether these ideas can be used alongside our personalised approach.…”

Section: Provenance and Lineagementioning

confidence: 99%

Differential Privacy

2015

View full text Add to dashboard Cite

Differential privacy provides a way to get useful information about sensitive data without revealing much about any one individual. It enjoys many nice compositionality properties not shared by other approaches to privacy, including, in particular, robustness against side-knowledge.Designing differentially private mechanisms from scratch can be a challenging task. One way to make it easier to construct new differential private mechanisms is to design a system which allows more complex mechanisms (programs) to be built from differentially private building blocks in principled way, so that the resulting programs are guaranteed to be differentially private by construction.This paper is about a new accounting principle for building differentially private programs. It is based on a simple generalisation of classic differential privacy which we call Personalised Differential Privacy (PDP). In PDP each individual has its own personal privacy level. We describe ProPer, a interactive system for implementing PDP which maintains a privacy budget for each individual. When a primitive query is made on data derived from individuals, the provenance of the involved records determines how the privacy budget of an individual is affected: the number of records derived from Alice determines the multiplier for the privacy decrease in Alice's budget. This offers some advantages over previous systems, in particular its fine-grained character allows better utilisation of the privacy budget than mechanisms based purely on the concept of global sensitivity, and it applies naturally to the case of a live database where new individuals are added over time.We provide a formal model of the ProPer approach, prove that it provides personalised differential privacy, and describe a prototype implementation based on McSherry's PINQ system.

show abstract

Differential Privacy for Relational Algebra: Improving the Sensitivity Bounds via Constraint Systems

Cited by 22 publications

References 10 publications

Sensitivity analysis using type-based constraints

Sensitivity analysis using type-based constraints

Porcupine: a synthesizing compiler for vectorized homomorphic encryption

Differential Privacy

Contact Info

Product

Resources

About