Trace abstraction modulo probability

Smith, Calvin; Hsu, Justin; Albarghouthi, Aws

doi:10.1145/3290352

Cited by 16 publications

(31 citation statements)

References 79 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast, our language allows for arbitrary loops and we provide a decision procedure for accuracy. Trace Abstraction Modulo Probability (TAMP) in Smith et al [2019], is an automated proof technique for accuracy of probabilistic programs. TAMP generalizes the trace abstraction technique of Heizmann et al [2009] to the probabilistic setting.…”

Section: Related Workmentioning

confidence: 99%

“…In some cases, the definition of accuracy is similar to the one used in the context of randomized algorithm design [Motwani and Raghavan 1995], where we require that the output of the differentially private algorithm be close to the true output (say within distance γ ) with high probability (say at least 1 − β). Such a notion of accuracy is similar to computing error bounds, and there has been work on formally verifying such a definition of accuracy on some examples [Barthe et al 2016b;Smith et al 2019;Vesga et al 2019]. Unfortunately, prior work on formal verification of accuracy suffers from two shortcomings:…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Deciding accuracy of differential privacy schemes

Barthe

Chadha

Krogmeier

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Differential privacy is a mathematical framework for developing statistical computations with provable guarantees of privacy and accuracy. In contrast to the privacy component of differential privacy, which has a clear mathematical and intuitive meaning, the accuracy component of differential privacy does not have a generally accepted definition; accuracy claims of differential privacy algorithms vary from algorithm to algorithm and are not instantiations of a general definition. We identify program discontinuity as a common theme in existing ad hoc definitions and introduce an alternative notion of accuracy parametrized by, what we call, — the of an input x w.r.t. a deterministic computation f and a distance d , is the minimal distance d ( x , y ) over all y such that f ( y )≠ f ( x ). We show that our notion of accuracy subsumes the definition used in theoretical computer science, and captures known accuracy claims for differential privacy algorithms. In fact, our general notion of accuracy helps us prove better claims in some cases. Next, we study the decidability of accuracy. We first show that accuracy is in general undecidable. Then, we define a non-trivial class of probabilistic computations for which accuracy is decidable (unconditionally, or assuming Schanuel’s conjecture). We implement our decision procedure and experimentally evaluate the effectiveness of our approach for generating proofs or counterexamples of accuracy for common algorithms from the literature.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Deciding accuracy of differential privacy schemes

Barthe

Chadha

Krogmeier

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…In order to make these estimates as precise as possible, DPella uses taint analysis to track the use of noise to identify which variables are statistically independent. This information is used by DPella to soundly replace, when needed, the union bound with the Cherno bound, something that to the best of our knowl-edge other program logics or program analyses also focusing on accuracy, such as [8] and [54], do not consider. We envision DPella's accuracy estimations to be used in scenarios which align with those considered by tools like GUPT, PSI, and Apex.…”

Section: Contributionmentioning

confidence: 99%

“…We leave exploring this direction for future works. More recently, Smith et al [54] propose an automated approach for computing accuracy bounds of probabilistic imperative programs. This work shares some similarities with our.…”

Section: Formal Calculi For Dpmentioning

confidence: 99%

A Programming Language for Data Privacy with Accuracy Estimations

Lobo-Vesga

Russo

Gaboardi

2021

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

Differential privacy offers a formal framework for reasoning about the privacy and accuracy of computations on private data. It also offers a rich set of building blocks for constructing private data analyses. When carefully calibrated, these analyses simultaneously guarantee the privacy of the individuals contributing their data, and the accuracy of the data analysis results, inferring useful properties about the population. The compositional nature of differential privacy has motivated the design and implementation of several programming languages to ease the implementation of differentially private analyses. Even though these programming languages provide support for reasoning about privacy, most of them disregard reasoning about the accuracy of data analyses. To overcome this limitation, we present DPella, a programming framework providing data analysts with support for reasoning about privacy, accuracy, and their trade-offs. The distinguishing feature of DPella is a novel component that statically tracks the accuracy of different data analyses. To provide tight accuracy estimations, this component leverages taint analysis for automatically inferring statistical independence of the different noise quantities added for guaranteeing privacy. We evaluate our approach by implementing several classical queries from the literature and showing how data analysts can calibrate the privacy parameters to meet the accuracy requirements, and vice versa.

show abstract

“…Most proofs are constructed by hand, and as such are tailored to the algorithm of interest. While there exist program logics for reasoning about accuracy [Barthe et al 2016], automations of said logics (i) are so slow as to dwarf the cost of synthesis (see ğ6), and (ii) themselves reduce to synthesis [Smith et al 2019]. Considering accuracy in addition to privacy therefore poses a significant challenge to program synthesis, which necessitates our use of the weak notion of deterministic satisfaction (ğ3) to ensure programs have some utility to an end user.…”

Section: Utility Of Synthesis Solutionsmentioning

confidence: 99%

Synthesizing differentially private programs

Smith

Albarghouthi

2019

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

Inspired by the proliferation of data-analysis tasks, recent research in program synthesis has had a strong focus on enabling users to specify data-analysis programs through intuitive specifications, like examples and natural language. However, with the ever-increasing threat to privacy through data analysis, we believe it is imperative to reimagine program synthesis technology in the presence of formal privacy constraints. In this paper, we study the problem of automatically synthesizing randomized, differentially private programs, where the user can provide the synthesizer with a constraint on the privacy of the desired algorithm. We base our technique on a linear dependent type system that can track the resources consumed by a program, and hence its privacy cost. We develop a novel type-directed synthesis algorithm that constructs randomized differentially private programs. We apply our technique to the problems of synthesizing database-like queries as well as recursive differential privacy mechanisms from the literature. CCS Concepts: • Security and privacy → Privacy-preserving protocols; • Theory of computation → Type theory; Theory of database privacy and security; • Software and its engineering → Programming by example.

show abstract

Trace abstraction modulo probability

Cited by 16 publications

References 79 publications

Deciding accuracy of differential privacy schemes

Deciding accuracy of differential privacy schemes

A Programming Language for Data Privacy with Accuracy Estimations

Synthesizing differentially private programs

Contact Info

Product

Resources

About