skip to main content
research-article
Public Access

Coupling proofs are probabilistic product programs

Published:01 January 2017Publication History
Skip Abstract Section

Abstract

Couplings are a powerful mathematical tool for reasoning about pairs of probabilistic processes. Recent developments in formal verification identify a close connection between couplings and pRHL, a relational program logic motivated by applications to provable security, enabling formal construction of couplings from the probability theory literature. However, existing work using pRHL merely shows existence of a coupling and does not give a way to prove quantitative properties about the coupling, needed to reason about mixing and convergence of probabilistic processes. Furthermore, pRHL is inherently incomplete, and is not able to capture some advanced forms of couplings such as shift couplings. We address both problems as follows.

First, we define an extension of pRHL, called x-pRHL, which explicitly constructs the coupling in a pRHL derivation in the form of a probabilistic product program that simulates two correlated runs of the original program. Existing verification tools for probabilistic programs can then be directly applied to the probabilistic product to prove quantitative properties of the coupling. Second, we equip x-pRHL with a new rule for while loops, where reasoning can freely mix synchronized and unsynchronized loop iterations. Our proof rule can capture examples of shift couplings, and the logic is relatively complete for deterministic programs.

We show soundness of x-PRHL and use it to analyze two classes of examples. First, we verify rapid mixing using different tools from coupling: standard coupling, shift coupling, and path coupling, a compositional principle for combining local couplings into a global coupling. Second, we verify (approximate) equivalence between a source and an optimized program for several instances of loop optimizations from the literature.

References

  1. D. J. Aldous and H. Thorisson. Shift-coupling. Stochastic Processes and their Applications, 44:1–14, 1993.Google ScholarGoogle Scholar
  2. T. Amtoft, S. Bandhakavi, and A. Banerjee. A logic for information flow in object-oriented programs. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Charleston, South Carolina, pages 91–102, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. L. Avena, M. Heydenreich, F. den Hollander, E. Verbitskiy, and W. van Zuijlen. Random walks (lecture notes). Technical report, Mathematical Institute, Leiden University.Google ScholarGoogle Scholar
  4. G. Barthe, P. D’Argenio, and T. Rezk. Secure information flow by self-composition. In IEEE Computer Security Foundations Workshop (CSFW), Pacific Grove, California, pages 100–114, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. G. Barthe, B. Grégoire, and S. Zanella-Béguelin. Formal certification of code-based cryptographic proofs. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Savannah, Georgia, pages 90–101, New York, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. G. Barthe, J. M. Crespo, and C. Kunz. Relational verification using product programs. In International Symposium on Formal Methods (FM), Limerick, Ireland, volume 6664 of Lecture Notes in Computer Science, pages 200–214. Springer-Verlag, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. G. Barthe, B. Köpf, F. Olmedo, and S. Z. Béguelin. Probabilistic relational reasoning for differential privacy. In ACM SIGPLAN– SIGACT Symposium on Principles of Programming Languages (POPL), Philadelphia, Pennsylvania, pages 97–110, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. G. Barthe, J. M. Crespo, and C. Kunz. Beyond 2-safety: Asymmetric product programs for relational program verification. In Symposium on the Logical Foundations of Computer Science (LFCS), San Diego, California, volume 7734 of Lecture Notes in Computer Science, pages 29–43. Springer-Verlag, 2013.Google ScholarGoogle Scholar
  9. G. Barthe, F. Dupressoir, B. Grégoire, C. Kunz, B. Schmidt, and P. Strub. Easycrypt: A tutorial. In Foundations of Security Analysis and Design VII (FOSAD), volume 8604 of Lecture Notes in Computer Science, pages 146–166. Springer-Verlag, 2013. Tutorial Lectures.Google ScholarGoogle Scholar
  10. G. Barthe, C. Fournet, B. Grégoire, P. Strub, N. Swamy, and S. Z. Béguelin. Probabilistic relational verification for cryptographic implementations. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), San Diego, California, pages 193–206, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. G. Barthe, M. Gaboardi, E. J. Gallego Arias, J. Hsu, C. Kunz, and P.-Y. Strub. Proving differential privacy in Hoare logic. In IEEE Computer Security Foundations Symposium (CSF), Vienna, Austria, pages 411–424, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. G. Barthe, T. Espitau, B. Grégoire, J. Hsu, L. Stefanesco, and P.-Y. Strub. Relational reasoning via probabilistic coupling. In International Conference on Logic for Programming, Artificial Intelligence and Reasoning (LPAR), Suva, Fiji, volume 9450 of Lecture Notes in Computer Science, pages 387–401. Springer-Verlag, 2015.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. G. Barthe, M. Gaboardi, E. J. G. Arias, J. Hsu, A. Roth, and P. Strub. Higher-order approximate relational refinement types for mechanism design and differential privacy. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Mumbai, India, pages 55–68, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. G. Barthe, J. M. Crespo, and C. Kunz. Product programs and relational program logics. Journal of Logical and Algebraic Methods in Programming, 2016.Google ScholarGoogle ScholarCross RefCross Ref
  15. G. Barthe, M. Gaboardi, B. Grégoire, J. Hsu, and P.-Y. Strub. Proving differential privacy via probabilistic couplings. In IEEE Symposium on Logic in Computer Science (LICS), New York, New York, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. G. Barthe, M. Gaboardi, B. Grégoire, J. Hsu, and P.-Y. Strub. A program logic for union bounds. In International Colloquium on Automata, Languages and Programming (ICALP), Rome, Italy, volume 55 of Leibniz International Proceedings in Informatics, pages 107:1–107:15. Schloss Dagstuhl–Leibniz Center for Informatics, 2016.Google ScholarGoogle Scholar
  17. N. Benton. Simple relational correctness proofs for static analyses and program transformations. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Venice, Italy, pages 14–25, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. N. Benton, M. Hofmann, and V. Nigam. Proof-relevant logical relations for name generation. In International Conference on Typed Lambda Calculi and Applications (TLCA), Eindhoven, The Netherlands, volume 7941 of Lecture Notes in Computer Science, pages 48–60. Springer-Verlag, 2013.Google ScholarGoogle Scholar
  19. L. Beringer. Relational decomposition. In Interactive Theorem Proving (ITP), Nijmegen, The Netherlands, volume 6898 of Lecture Notes in Computer Science, pages 39–54. Springer-Verlag, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. L. Beringer and M. Hofmann. Secure information flow and program logics. In IEEE Computer Security Foundations Symposium (CSF), Venice, Italy, pages 233–248, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. A. Bizjak and L. Birkedal. Step-indexed logical relations for probability. In International Conference on Foundations of Software Science and Computation Structures (FoSSaCS), London, England, volume 9034 of Lecture Notes in Computer Science, pages 279–294. Springer-Verlag, 2015.Google ScholarGoogle Scholar
  22. S. Brooks, A. Gelman, G. Jones, and X.-L. Meng. Handbook of Markov Chain Monte Carlo. CRC press, 2011.Google ScholarGoogle ScholarCross RefCross Ref
  23. R. Bubley and M. Dyer. Path coupling: A technique for proving rapid mixing in Markov chains. In IEEE Symposium on Foundations of Computer Science (FOCS), Miami Beach, Florida, pages 223–231, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. A. Canteaut, T. Fuhr, M. Naya-Plasencia, P. Paillier, J. Reinhard, and M. Videau. A unified indifferentiability proof for permutationor block cipher-based hash functions. IACR Cryptology ePrint Archive, 2012: 363, 2012.Google ScholarGoogle Scholar
  25. M. Carbin, D. Kim, S. Misailovic, and M. C. Rinard. Proving acceptability properties of relaxed nondeterministic approximate programs. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Beijing, China, pages 169–180, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. S. Chaudhuri, S. Gulwani, and R. Lublinerman. Continuity analysis of programs. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Madrid, Spain, pages 57–70, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. A. Darvas, R. Hähnle, and D. Sands. A theorem proving approach to analysis of secure information flow. In Security in Pervasive Computing, volume 3450 of Lecture Notes in Computer Science, pages 193–209. Springer-Verlag, 2005. Preliminary version in the informal proceedings of WITS 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. J. den Hartog. Probabilistic extensions of semantical models. PhD thesis, Vrije Universiteit Amsterdam, 2002.Google ScholarGoogle Scholar
  29. P. Diaconis and D. Stroock. Geometric bounds for eigenvalues of Markov chains. The Annals of Applied Probability, 1(1):36–61, Feb. 1991.Google ScholarGoogle ScholarCross RefCross Ref
  30. N. M. Dixit, P. Srivastava, and N. K. Vishnoi. A finite population model of molecular evolution: Theory and computation. Journal of Computational Biology, 19(10):1176–1202, 2012.Google ScholarGoogle ScholarCross RefCross Ref
  31. N. Ghani, F. N. Forsberg, and A. Simpson. Comprehensive parametric polymorphism: Categorical models and type theory. In International Conference on Foundations of Software Science and Computation Structures (FoSSaCS), Eindhoven, The Netherlands, volume 9634 of Lecture Notes in Computer Science, pages 3–19. Springer-Verlag, 2016.Google ScholarGoogle Scholar
  32. M. Gomulkiewicz, M. Klonowski, and M. Kutylowski. Rapid mixing and security of Chaum’s visual electronic voting. In European Symposium on Programming on Research in Computer Security (ESORICS), Gjøvic, Norway, volume 2808 of Lecture Notes in Computer Science, pages 132–145. Springer-Verlag.Google ScholarGoogle Scholar
  33. M. Jerrum. A very simple algorithm for estimating the number of k -colorings of a low-degree graph. Random Structures and Algorithms, 7(2):157–166, 1995. Google ScholarGoogle ScholarCross RefCross Ref
  34. M. Jerrum and A. Sinclair. Approximating the permanent. SIAM Journal on Computing, 18(6):1149–1178, 1989. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. M. Kovács, H. Seidl, and B. Finkbeiner. Relational abstract interpretation for the verification of 2-hypersafety properties. In ACM SIGSAC Conference on Computer and Communications Security (CCS), Berlin, Germany, pages 211–222, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. D. Kozen. Semantics of probabilistic programs. In IEEE Symposium on Foundations of Computer Science (FOCS), San Juan, Puerto Rico, pages 101–114, 1979. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. D. Kozen. A probabilistic PDL. Journal of Computer and System Sciences, 30(2):162–178, 1985.Google ScholarGoogle ScholarCross RefCross Ref
  38. D. Kozen. Kolmogorov extension, martingale convergence, and compositionality of processes. In IEEE Symposium on Logic in Computer Science (LICS), New York, New York, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. V. S. A. Kumar and H. Ramesh. Coupling vs. conductance for the Jerrum-Sinclair chain. Random Structures and Algorithms, 18(1):1–17, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. U. D. Lago, D. Sangiorgi, and M. Alberti. On coinductive equivalences for higher-order probabilistic functional programs. In ACM SIGPLAN– SIGACT Symposium on Principles of Programming Languages (POPL), San Diego, California, pages 297–308, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. D. A. Levin, Y. Peres, and E. L. Wilmer. Markov chains and mixing times. American Mathematical Society, 2009.Google ScholarGoogle Scholar
  42. T. Lindvall. Lectures on the coupling method. Courier Corporation, 2002.Google ScholarGoogle Scholar
  43. N. Metropolis, A. W. Rosenbluth, M. N. Rosenbluth, A. H. Teller, and E. Teller. Equation of state calculations by fast computing machines. The Journal of Chemical Physics, 21(6):1087–1092, 1953.Google ScholarGoogle ScholarCross RefCross Ref
  44. S. Misailovic, D. M. Roy, and M. C. Rinard. Probabilistically accurate program transformations. In International Symposium on Static Analysis (SAS), Venice, Italy, volume 6887 of Lecture Notes in Computer Science, pages 316–333. Springer-Verlag, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. C. Morgan, A. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325–353, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. C. Müller, M. Kovács, and H. Seidl. An analysis of universal information flow based on self-composition. In IEEE Computer Security Foundations Symposium (CSF), Venice, Italy, pages 380–393, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. A. Nanevski, A. Banerjee, and D. Garg. Verification of information flow and access control policies with dependent types. In IEEE Symposium on Security and Privacy (S&P), Oakland, California, pages 165–179, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. L. H. Ramshaw. Formalizing the Analysis of Algorithms. PhD thesis, Computer Science, 1979. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. D. Sangiorgi and V. Vignudelli. Environmental bisimulations for probabilistic higher-order languages. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Saint Petersburg, Florida, pages 595–607, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. T. Sato. Approximate relational Hoare logic for continuous random samplings. In Conference on the Mathematical Foundations of Programming Semantics (MFPS), Pittsburgh, Pennsylvania, 2016.Google ScholarGoogle ScholarCross RefCross Ref
  51. S. Sidiroglou-Douskos, S. Misailovic, H. Hoffmann, and M. C. Rinard. Managing performance vs. accuracy trade-offs with loop perforation. In Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), Szeged, Hungary, pages 124–134, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. M. Sousa and I. Dillig. Cartesian Hoare logic for verifying k-safety properties. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Santa Barbara, California, pages 57–69, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. T. Terauchi and A. Aiken. Secure information flow as a safety problem. In International Symposium on Static Analysis (SAS), London, England, volume 3672 of Lecture Notes in Computer Science, pages 352–367. Springer-Verlag, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. H. Thorisson. Coupling, Stationarity, and Regeneration. Springer-Verlag, 2000.Google ScholarGoogle Scholar
  55. C. Villani. Optimal transport: old and new. Springer-Verlag, 2008.Google ScholarGoogle Scholar
  56. H. Yang. Relational separation logic. Theoretical Computer Science, 375(1-3):308–334, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. A. Zaks and A. Pnueli. CoVaC: Compiler validation by program analysis of the cross-product. In International Symposium on Formal Methods (FM), Turku, Finland, volume 5014 of Lecture Notes in Computer Science, pages 35–51. Springer-Verlag, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Coupling proofs are probabilistic product programs

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!