skip to main content
research-article

Distance makes the types grow stronger: a calculus for differential privacy

Published:27 September 2010Publication History
Skip Abstract Section

Abstract

We want assurances that sensitive information will not be disclosed when aggregate data derived from a database is published. Differential privacy offers a strong statistical guarantee that the effect of the presence of any individual in a database will be negligible, even when an adversary has auxiliary knowledge. Much of the prior work in this area consists of proving algorithms to be differentially private one at a time; we propose to streamline this process with a functional language whose type system automatically guarantees differential privacy, allowing the programmer to write complex privacy-safe query programs in a flexible and compositional way.

The key novelty is the way our type system captures function sensitivity, a measure of how much a function can magnify the distance between similar inputs: well-typed programs not only can't go wrong, they can't go too far on nearby inputs. Moreover, by introducing a monad for random computations, we can show that the established definition of differential privacy falls out naturally as a special case of this soundness principle. We develop examples including known differentially private algorithms, privacy-aware variants of standard functional programming idioms, and compositionality principles for differential privacy.

Skip Supplemental Material Section

Supplemental Material

icfp-tues-1150-reed.mov

References

  1. }}A. Ahmed. Step-indexed syntactic logical relations for recursive and quantified types. In of Lecture Notes in Computer Science, volume 3924, pages 69--83, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. }}M. Ajtai, J. Komlós, and E. Szemerédi. Sorting in c log n parallel steps. Combinatorica, 3 (1): 1--19, March 1983. ISSN 0209-9683. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. }}A. W. Appel and D. McAllester. An indexed model of recursive types for foundational proof-carrying code. ACM Trans. Program. Lang. Syst., 23 (5): 657--683, 2001. ISSN 0164-0925. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. }}A. Barber. Dual intuitionistic linear logic. Technical Report ECS-LFCS-96-347, University of Edinburgh, 1996.Google ScholarGoogle Scholar
  5. }}K. E. Batcher. Sorting networks and their applications. In AFIPS '68 (Spring): Proceedings of the April 30-May 2, 1968, spring joint computer conference, pages 307--314, New York, NY, USA, 1968. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. }}A. Blum, C. Dwork, F. McSherry, and K. Nissim. Practical privacy: the sulq framework. In PODS '05: Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 128--138, New York, NY, USA, 2005. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. }}A. Blum, K. Ligett, and A. Roth. A learning theory approach to non-interactive database privacy. In STOC '08: Proceedings of the 40th annual ACM symposium on Theory of computing, pages 609--618, New York, NY, USA, 2008. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. }}P. Buneman, S. Khanna, and T. Wang-Chiew. Why and where: A characterization of data provenance. In J. Bussche and V. Vianu, editors, Database Theory ICDT 2001, volume 1973 of Lecture Notes in Computer Science, chapter 20, pages 316--330. Springer Berlin Heidelberg, Berlin, Heidelberg, October 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. }}T.-H. H. Chan, E. Shi, and D. Song. Private and continual release of statistics. Cryptology ePrint Archive, Report 2010/076, 2010. http://eprint.iacr.org/.Google ScholarGoogle Scholar
  10. }}S. Chaudhuri, S. Gulwani, and R. Lublinerman. Continuity analysis of programs. SIGPLAN Not., 45 (1): 57--70, 2010. ISSN 0362-1340. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. }}N. Dalvi, C. Ré, and D. Suciu. Probabilistic databases: diamonds in the dirt. Commun. ACM, 52 (7): 86--94, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. }}C. Dwork. The differential privacy frontier (extended abstract). In Theory of Cryptography, Lecture Notes in Computer Science, chapter 29, pages 496--502. 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. }}C. Dwork. Differential privacy: A survey of results. 5th International Conference on Theory and Applications of Models of Computation, pages 1--19, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. }}C. Dwork. Differential privacy. In Proceedings of ICALP (Part, volume 2, pages 1--12, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. }}C. Dwork, F. Mcsherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. }}J. Girard. Linear logic. Theoretical Computer Science, 50 (1): 1--102, 1987. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. }}T. J. Green, G. Karvounarakis, and V. Tannen. Provenance semirings. In PODS '07: Proceedings of the twenty-sixth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 31--40, New York, NY, USA, 2007. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. }}A. Gupta, K. Ligett, F. McSherry, A. Roth, and K. Talwar. Differentially private combinatorial optimization. Nov 2009.Google ScholarGoogle Scholar
  19. }}J. Ketonen. A decidable fragment of predicate calculus. Theoretical Computer Science, 32 (3): 297--307, 1984. ISSN 03043975.Google ScholarGoogle ScholarCross RefCross Ref
  20. }}J. Lambek. The mathematics of sentence structure. American Mathematical Monthly, 65 (3): 154--170, 1958.Google ScholarGoogle ScholarCross RefCross Ref
  21. }}G. Lowe. Quantifying information flow. In In Proc. IEEE Computer Security Foundations Workshop, pages 18--31, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. }}A. Machanavajjhala, D. Kifer, J. Abowd, J. Gehrke, and L. Vilhuber. Privacy: Theory meets practice on the map. In ICDE '08: Proceedings of the 2008 IEEE 24th International Conference on Data Engineering, pages 277--286, Washington, DC, USA, 2008. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. }}S. McCamant and M. D. Ernst. Quantitative information flow as network flow capacity. In PLDI '08: Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation, pages 193--205, New York, NY, USA, 2008. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. }}F. McSherry and K. Talwar. Mechanism design via differential privacy. In FOCS '07: Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science, pages 94--103, Washington, DC, USA, 2007. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. }}F. D. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In SIGMOD '09: Proceedings of the 35th SIGMOD international conference on Management of data, pages 19--30, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. }}A. Narayanan and V. Shmatikov. Robust de-anonymization of large sparse datasets. In SP '08: Proceedings of the 2008 IEEE Symposium on Security and Privacy, pages 111--125, Washington, DC, USA, 2008. IEEE Computer Society. ISBN 978-0-7695-3168-7. http://dx.doi.org/10.1109/SP.2008.33. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. }}K. Nissim, S. Raskhodnikova, and A. Smith. Smooth sensitivity and sampling in private data analysis. In STOC '07: Proceedings of the thirty-ninth annual ACM symposium on Theory of computing, pages 75--84, New York, NY, USA, 2007. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. }}P. O'Hearn and D. Pym. The logic of bunched implications. Bulletin of Symbolic Logic, 5 (2): 215--244, 1999.Google ScholarGoogle ScholarCross RefCross Ref
  29. }}S. Park, F. Pfenning, and S. Thrun. A monadic probabilistic language. In In Proceedings of the 2003 ACM SIGPLAN international workshop on Types in languages design and implementation, pages 38--49. ACM Press, 2003.Google ScholarGoogle Scholar
  30. }}N. Ramsey and A. Pfeffer. Stochastic lambda calculus and monads of probability distributions. In In 29th ACM POPL, pages 154--165. ACM Press, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. }}A. Roth and T. Roughgarden. The median mechanism: Interactive and efficient privacy with multiple queries, 2010. To appear in STOC 2010.Google ScholarGoogle Scholar
  32. }}D. Wright and C. Baker-Finch. Usage Analysis with Natural Reduction Types. In Proceedings of the Third International Workshop on Static Analysis, pages 254--266. Springer-Verlag London, UK, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Distance makes the types grow stronger: a calculus for differential privacy

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 45, Issue 9
      ICFP '10
      September 2010
      382 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/1932681
      Issue’s Table of Contents
      • cover image ACM Conferences
        ICFP '10: Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
        September 2010
        398 pages
        ISBN:9781605587943
        DOI:10.1145/1863543

      Copyright © 2010 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 27 September 2010

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    ePub

    View this article in ePub.

    View ePub
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!