Linear dependent types for differential privacy

GaboardiMarco,; HaeberlenAndreas,; HsuJustin,; NarayanArjun,; PierceBenjamin, C

doi:10.1145/2480359.2429113

Cited by 50 publications

(50 citation statements)

References 39 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[2010] present a differential static analysis to find code defects looking at two pieces of code relationally. Probabilistic relational verification has seen many applications in cryptography [Barthe et al 2014] and differential privacy [Barthe et al 2015;Gaboardi et al 2013]. The indexed types used by Gaboardi et al [2013] are similar in spirit to ours.…”

Section: Related Workmentioning

confidence: 95%

Relational cost analysis for functional-imperative programs

Gaboardi

Garg

2019

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

Relational cost analysis aims at formally establishing bounds on the difference in the evaluation costs of two programs. As a particular case, one can also use relational cost analysis to establish bounds on the difference in the evaluation cost of the same program on two different inputs. One way to perform relational cost analysis is to use a relational type-and-effect system that supports reasoning about relations between two executions of two programs.Building on this basic idea, we present a type-and-effect system, called ARel, for reasoning about the relative cost of array-manipulating, higher-order functional-imperative programs. The key ingredient of our approach is a new lightweight type refinement discipline that we use to track relations (differences) between two mutable arrays. This discipline combined with Hoare-style triples built into the types allows us to express and establish precise relative costs of several interesting programs which imperatively update their data. We have implemented ARel using ideas from bidirectional type checking.how ARel is implemented and used ARel to reason about the relational cost of several nontrivial examples.

show abstract

Section: Related Workmentioning

confidence: 95%

Relational cost analysis for functional-imperative programs

Gaboardi

Garg

2019

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Type-system-based solutions to proving that a program adheres to differential privacy began with Reed and Pierce's Fuzz language [44], which is based on linear typing. Fuzz, as well as subsequent work based on linear types aided by SMT solvers [29], supports type inference of privacy bounds with type-level dependency and higher-order composition of programs. However, these systems only support the original and most basic variant of differential privacy called ϵ-differential privacy.…”

Section: Related Workmentioning

confidence: 99%

“…Higher-order Relational Type Systems. Following the initial work on linear typing for differential privacy [44], a parallel line of work [6,8] leverages relational refinement types aided by SMT solvers in order to support type-level dependency of privacy parameters (à la DFuzz [29]) in addition to more powerful variants of differential privacy such as (ϵ, δ )-differential privacy. These approaches support (ϵ, δ )-differential privacy, but did not support usable type inference until a recently proposed heuristic bi-directional type system [19].…”

Section: Related Workmentioning

confidence: 99%

“…Duet consists of two languages: one for tracking sensitivities (typeset in green), and one for tracking privacy cost (typeset in red). The sensitivity language is similar to that of DFuzz [29]; its typing rules track the sensitivity of each variable by annotating the context. For example, the expression x + x is 2-sensitive in x; the typing rules in Figure 4 allow us to conclude:…”

Section: Duet By Examplementioning

confidence: 99%

“…Duet's sensitivity language is similar to that of DFuzz [29], except that we extend it with significant new tools for machine learning in Section 4. We do not present standard linear logic connectives such as sums, additive products and multiplicative products (a la Fuzz), or symbolic type-level expressions (a la DFuzz), although each are implemented in our tool and described formally in the extended version of this paper.…”

Section: Sensitivity Languagementioning

confidence: 99%

See 2 more Smart Citations

Duet: an expressive higher-order language and linear type system for statically enforcing differential privacy

Near

Darais

Abuah

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

During the past decade, differential privacy has become the gold standard for protecting the privacy of individuals. However, verifying that a particular program provides differential privacy often remains a manual task to be completed by an expert in the field. Language-based techniques have been proposed for fully automating proofs of differential privacy via type system design, however these results have lagged behind advances in differentially-private algorithms, leaving a noticeable gap in programs which can be automatically verified while also providing state-of-the-art bounds on privacy.We propose Duet, an expressive higher-order language, linear type system and tool for automatically verifying differential privacy of general-purpose higher-order programs. In addition to general purpose programming, Duet supports encoding machine learning algorithms such as stochastic gradient descent, as well as common auxiliary data analysis tasks such as clipping, normalization and hyperparameter tuning-each of which are particularly challenging to encode in a statically verified differential privacy framework.We present a core design of the Duet language and linear type system, and complete key proofs about privacy for well-typed programs. We then show how to extend Duet to support realistic machine learning applications and recent variants of differential privacy which result in improved accuracy for many practical differentially private algorithms. Finally, we implement several differentially private machine learning algorithms in Duet which have never before been automatically verified by a language-based tool, and we present experimental results which demonstrate the benefits of Duet's language design in terms of accuracy of trained machine learning models. privacy provides a robust solution to this problem, and as a result, a number of differentially private algorithms have been developed for machine learning [3,13,17,28,42,50,51,54].Few practical approaches exist, however, for automatically proving that a general-purpose program satisfies differential privacy-an increasingly desirable goal, since many machine learning pipelines are expressed as programs that combine existing algorithms with custom code. Enforcing differential privacy for a new program currently requires a new, manually-written privacy proof. This process is arduous, error-prone, and must be performed by an expert in differential privacy (and re-performed, each time the program is modified).We present Duet, a programming language, type system and tool for expressing and statically verifying privacy-preserving programs. Duet supports (1) general purpose programming features like compound datatypes and higher-order functions, (2) library functions for matrix-based computations, and (3) multiple state-of-the-art variants of differential privacy-(ϵ, δ )-differential privacy [25], Rényi differential privacy [38], zero-concentrated differential privacy (zCDP) [16], and truncated-concentrated differential privacy (tCDP) [15]-and can be easily extended to...

show abstract

A Logical Characterization of Differential Privacy via Behavioral Metrics

Castiglioni

Chatzikokolakis

Palamidessi

2018

Formal Aspects of Component Software

View full text Add to dashboard Cite

Differential privacy is a formal definition of privacy ensuring that sensitive information relative to individuals cannot be inferred by querying a database. In this paper, we exploit a modeling of this framework via labeled Markov Chains (LMCs) to provide a logical characterization of differential privacy: we consider a probabilistic variant of the Hennessy-Milner logic and we define a syntactical distance on formulae in it measuring their syntactic disparities. Then, we define a trace distance on LMCs in terms of the syntactic distance between the sets of formulae satisfied by them. We prove that such distance corresponds to the level of privacy of the LMCs. Moreover, we use the distance on formulae to define a real-valued semantics for them, from which we obtain a logical characterization of weak anonymity: the level of anonymity is measured in terms of the smallest formula distinguishing the considered LMCs. Then, we focus on bisimulation semantics on nondeterministic probabilistic processes and we provide a logical characterization of generalized bisimulation metrics, namely those defined via the generalized Kantorovich lifting. Our characterization is based on the notion of mimicking formula of a process and the syntactic distance on formulae, where the former captures the observable behavior of the corresponding process and allows us to characterize bisimilarity. We show that the generalized bisimulation distance on processes is equal to the syntactic distance on their mimicking formulae. Moreover, we use the distance on mimicking formulae to obtain bounds on differential privacy.

show abstract

Linear dependent types for differential privacy

Cited by 50 publications

References 39 publications

Relational cost analysis for functional-imperative programs

Relational cost analysis for functional-imperative programs

Duet: an expressive higher-order language and linear type system for statically enforcing differential privacy

A Logical Characterization of Differential Privacy via Behavioral Metrics

Contact Info

Product

Resources

About