composition verification and differential privacy
play

Composition, Verification, and Differential Privacy Justin Hsu - PowerPoint PPT Presentation

Feb 14, 2024 •98 likes •645 views

Composition, Verification, and Differential Privacy Justin Hsu University of WisconsinMadison 1 Lightning recap Definition (Dwork, McSherry, Nissim, Smith (2006)) An algorithm is ( , ) -differentially private if, for every two adjacent

  1. Composition, Verification, and Differential Privacy Justin Hsu University of Wisconsin–Madison 1

  2. Lightning recap Definition (Dwork, McSherry, Nissim, Smith (2006)) An algorithm is ( ε, δ ) -differentially private if, for every two adjacent inputs, the output distributions µ 1 , µ 2 satisfy: for all sets of outputs S , Pr µ 1 [ S ] ≤ e ε · Pr µ 2 [ S ] + δ Intuitively Output can’t depend too much on any single individual’s data 2

  3. Tremendous impact 3

  4. Tremendous impact 3

  5. Tremendous impact 3

  6. Tremendous impact 3

  7. Why so popular? Elegant definition Cleanly carve out a slice of privacy ◮ Mathematically formalize one kind of privacy ◮ “Your data” versus “data about you” (McSherry) Simple and flexible ◮ Can establish property in isolation ◮ Achievable via rich variety of techniques 4

  8. Why so popular? Theoretical features Protects against worst-case scenarios ◮ Strong adversaries ◮ Colluding individuals ◮ Arbitrary side information Rule out “blatantly” non-private algorithms ◮ Release data record at random: not private! 5

  9. Above all, one reason... 6

  10. Above all, one reason... Composition! 6

  11. Today 1. Review and motivate composition properties 2. Case study: formal verification for privacy 3. Case study: advanced composition 7

  12. A Quick Review: Composition and Privacy 8

  13. Sequential composition Database Output ε -private ε -private 9

  14. Sequential composition Database Output ε -private ε -private Theorem Consider randomized algorithms M : D → Distr ( R ) and M ′ : R × D → Distr ( R ′ ) . If M is ( ε, δ ) -private and for every r ∈ R , M ′ ( r, − ) is ( ε ′ , δ ′ ) -private, then the composition r ∼ M ( d ); out ∼ M ′ ( r, d ); return ( out ) is ( ε + ε ′ , δ + δ ′ ) -private. 9

  15. Example: post processing F Database Output ε -private 10

  16. Example: post processing F Database Output ε -private Privacy is preserved ◮ F is (0 , 0) -private: doesn’t use private data ◮ Result is still ( ε, δ ) -private 10

  17. Parallel composition Database 1 ε -private Database Output Database 2 ε -private 11

  18. Parallel composition Database 1 ε -private Database Output Database 2 ε -private Theorem Consider randomized algorithms M 1 : D → Distr ( R 1 ) and M 2 : D → Distr ( R 2 ) . If M 1 and M 2 are both ( ε, δ ) -private, then the parallel composition ( d 1 , d 2 ) ← split ( d ); r 1 ∼ M 1 ( d 1 ); r 2 ∼ M 2 ( d 2 ); return ( r 1 , r 2 ) is ( ε, δ ) -private. 11

  19. Example: local differential privacy Each individual adds noise ◮ Split data among individuals ◮ Each individual computation achieves privacy Central computation aggregates noisy data ◮ Post-processing 12

  20. Group privacy Bound output distance when multiple inputs differ ◮ Inputs databases differ in one individual: ( ε, 0) -privacy ◮ Inputs databases differ in k individuals: ( kε, 0) -privacy Cast privacy as Lipschitz continuity ◮ Composes well ◮ Not so clean for ( ε, δ ) -privacy... 13

  21. Why You Might Care About Composition 14

  22. Make definitions easier to use Easier to prove property ◮ Privacy proofs are often straightforward ◮ Don’t need to unfold definition each time More people can prove privacy ◮ Don’t need years of PhD training 15

  23. Increase re-usability Dramatically increases impact ◮ One useful algorithm can enable many others ◮ Repurpose for new, unforeseen applications 16

  24. Increase re-usability Dramatically increases impact ◮ One useful algorithm can enable many others ◮ Repurpose for new, unforeseen applications Key algorithms used everywhere ◮ Laplace, Gaussian, Exponential mechanisms ◮ Sparse vector technique ◮ Private counters ◮ Subsampling ◮ ... 16

  25. Build larger algorithms Scale up private algorithms ◮ Construct complex private algorithms out of simple pieces ◮ Composition ensures result is still correct Enables common toolboxes ◮ PINQ framework (McSherry) ◮ PSI project (see Salil’s talk) 17

  26. Sign of a “good” definition Not just about generalizing ◮ More general: must assume less about the pieces ◮ More specific: must prove more about the whole Sweet spot between specific and general ◮ One way of probing robustness of definitions 18

  27. Case Study: Verifying Privacy 19

  28. Recap: verification setting Dynamic ◮ Monitor program as it executes on particular input ◮ Raise error if it violates differential privacy Static ◮ Take program (maybe written in special language) ◮ Check differential privacy on all inputs 20

  29. Composition is crucial Simplify verification task ◮ Trust a (small) collection of primitives ◮ Verify components separately Enable automation ◮ Generally: enables faster/simpler verification ◮ So simple, a computer can do it 21

  30. Privacy-integrated queries (PINQ) C# library for private queries ◮ Proposed by Frank McSherry (2006) ◮ First verification technique for privacy Dynamic analysis ◮ User writes PINQ query in C# ◮ Runtime monitors privacy budget as query runs 22

  31. The Fuzz family of languages History ◮ Reed and Pierce (2010), many subsequent extensions ◮ Programming language and custom type system Main concept: function sensitivity ◮ Equip each type with a metric ◮ Types can express Lipschitz continuity 23

  32. The Fuzz family of languages History ◮ Reed and Pierce (2010), many subsequent extensions ◮ Programming language and custom type system Main concept: function sensitivity ◮ Equip each type with a metric ◮ Types can express Lipschitz continuity Example ! k σ ⊸ τ is type of a k -sensitive function from σ to τ 23

  33. The Fuzz family of languages Strengths ◮ Static analysis: don’t need to run program ◮ Typechecking/privacy checking can be automated ◮ Can express sequential and parallel composition ◮ Captures kind of group privacy (e.g., ( ε, 0) -privacy) Weaknesses ◮ Can’t verify programs where proof isn’t from composition ◮ Have to use a custom programming language 24

  34. The Fuzz family of languages Recent developments: extending to ( ε, δ ) -privacy ◮ Idea: cast ( ε, δ ) -privacy as sensitivity property ◮ For inputs that are two apart, output distributions are ( ε, δ ) -related via some intermediate distribution ◮ So-called path metric construction ◮ Incorporate ( ε, δ ) -privacy into Fuzz framework 25

  35. Privacy as an approximate coupling History ◮ Arose from work on verifying cryptographic protocols via game-based techniques, comparing pairs of hybrids ◮ Target more familiar, imperative programming language Main concept: prove privacy by constructing a coupling ◮ Consider program run on two adjacent inputs ◮ Approximately couple sampling instructions ◮ Establish relation between coupled outputs 26

  36. Privacy as an approximate coupling Strengths ◮ Static analysis: don’t need to run program ◮ Can verify examples beyond composition ◮ Sparse vector, propose-test-release, ... ◮ No issue handling ( ε, δ ) -privacy Weaknesses ◮ Checks proof automatically, but doesn’t build proof ◮ Human expert must provide proof, manual process 27

  37. Privacy as an approximate coupling Recent developments: automate proof construction ◮ Encode proof requirement as a logical constraint ◮ Use techniques from program synthesis to find valid proofs ◮ Automatically verify sophisticated algorithms ◮ Sparse vector, report-noisy-max, between thresholds, ... 28

  38. Brilliant collaborators 29

  39. Case Study: Advanced Composition 30

  40. Recap: advanced composition Sequentially compose k mechanisms ◮ Each ( ε, δ ) -private ◮ Basic analysis: result is ( kε, kδ ) -private 31

  41. Recap: advanced composition Sequentially compose k mechanisms ◮ Each ( ε, δ ) -private ◮ Basic analysis: result is ( kε, kδ ) -private Better analysis ◮ Proposed by Dwork, Rothblum, and Vadhan (2010) ◮ For any δ ′ , result is ( ε ′ , kδ + δ ′ ) -private for ε ′ = ε � 2 k ln(1 /δ ′ ) + kε ( e ε − 1) 31

  42. Extremely useful, but seems a bit off... Intuitively ◮ Slow growth of ε by increasing δ a bit more ◮ Privacy loss is “usually” much less than kε Composition is not so clean ◮ Best bounds if applied to a block of k mechanisms ◮ Weaker if repeatedly applied pairwise 32

  43. Improving the definitions: RDP and zCDP History ◮ “Concentrated DP”: Dwork and Rothblum (2016) ◮ “Zero-Concentrated DP”: Bun and Steinke (2016) ◮ “Rényi DP”: Mironov (2017) ◮ Bound Rényi divergence between output distributions ◮ Refinement of ( ε, δ ) -privacy 33

  44. Cleaner composition Theorem (Mironov (2017)) Consider randomized algorithms M : D → Distr ( R ) and M ′ : R × D → Distr ( R ′ ) . If M is ( α, ε ) -RDP and for every r ∈ R , M ′ ( r, − ) is ( α, ε ′ ) -RDP, then the composition r ∼ M ( d ); out ∼ M ′ ( r, d ); return ( out ) is ( α, ε + ε ′ ) -RDP. Benefits ◮ Composing pairwise or k -wise: same bounds ◮ Closure under post-processing ◮ Improved formulation of advanced composition 34

  45. Simplify reasoning Enable formal verification ◮ Extensions of techniques for imperative languages ◮ Also works for programs in functional languages ◮ Opens the way to automated proofs 35

  46. Wrapping Up 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

CS573 Data Privacy and Security Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques Composition theorems Statistical Data Privacy Non-interactive vs interactive Privacy goal: individual is

1.15k views • 64 slides
Beyond Differential Privacy: Composition Theorems and Relational Logic for f -divergences between

Beyond Differential Privacy: Composition Theorems and Relational Logic for f -divergences between

Beyond Differential Privacy: Composition Theorems and Relational Logic for f -divergences between Probabilistic Programs Gilles Barthe Federico Olmedo IMDEA Software Institute, Madrid, Spain 40 th International Colloquium on Automata, Languages

514 views • 32 slides
Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor University of Minnesota 1 Differential privacy? Isnt it just adding noise? How to add smart noise to guarantee privacy without sacrificing

592 views • 57 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Differential Privacy and Fairness: Foundations and New Frontiers Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New Settings - Pan Privacy - Privacy in multi-party settings - Fairness Outline

947 views • 49 slides
CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong Applying Differential Privacy Real world deployments of differential privacy OnTheMap RAPPOR Module 4 Tutorial: Differential Privacy in the Wild

617 views • 30 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole Polytechnique 1 Plan of the talk General introduction to privacy issues A naive approach to privacy protection: anonymization Why it

740 views • 44 slides
Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 14 : 590.03 Fall 12 1 Outline Differential Privacy Implementations PINQ: Privacy Integrated Queries [McSherry SIGMOD

1.22k views • 40 slides
Privacy Attacks Practicum Privacy & Fairness in Data Science CS848 Fall 2019 2 Module 1:

Privacy Attacks Practicum Privacy & Fairness in Data Science CS848 Fall 2019 2 Module 1:

Privacy Attacks Practicum Privacy & Fairness in Data Science CS848 Fall 2019 2 Module 1: Intro to Privacy 1. Privacy Attacks Practicum 2. Differential Privacy 3. Basic Algorithms 4. Designing Complex Algorithms & Composition 3

677 views • 44 slides
Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 7 : 590.03 Fall 12 1 Recap: Differential Privacy For every pair of inputs For every output that differ in one

445 views • 29 slides
Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka Differential Privacy A randomized computation M provides -differential privacy if for any datasets A and B that differ by 1 record and any set of

193 views • 17 slides
Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Do Computer Science Definitions of Privacy Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS LAW Kobbi Nissim Ben-Gurion University Center for Research on Computation and Society

865 views • 62 slides
Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue

Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue

Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue University) 1 Outline Motivation of Differential Privacy and Local Differential Privacy (LDP) Frequency Oracles in LDP Tradeoff between

821 views • 53 slides
Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law

Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law

Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law of Information Reconstruction The release of too many overly accurate statistics gives privacy violations. ( , )-Differential Privacy

1.26k views • 76 slides
L q be the determined by that of C . The following example suggests that vector space of n -tuples

L q be the determined by that of C . The following example suggests that vector space of n -tuples

JOURNAL OF L A T EX CLASS FILES, VOL. 1, NO. 11, NOVEMBER 2002 1 A Classication of Posets admitting MacWilliams Identity Hyun Kwang Kim and Dong Yeol Oh Remark : If P is an antichain, then P -metric is equal to Abstract In this paper

329 views • 7 slides
tt r stt

tt r stt

tt r stt tr r s s t rt

490 views • 20 slides
Rapid and in situ analysis of metal concentrations in agricultural fields in San Juan County

Rapid and in situ analysis of metal concentrations in agricultural fields in San Juan County

All About Discovery! New Mexico State University nmsu.edu Rapid and in situ analysis of metal concentrations in agricultural fields in San Juan County using Portable X ray fluorescence (PXRF) Gaurav Jha Department of Plant and

536 views • 34 slides
Surprising thermoelectric effects in Ionic Liquid /redox-couple mixtures Edith Laux, Laure

Surprising thermoelectric effects in Ionic Liquid /redox-couple mixtures Edith Laux, Laure

Lead Dr. S. Nakamae CEA Surprising thermoelectric effects in Ionic Liquid /redox-couple mixtures Edith Laux, Laure Jeandupeux, Alexandra Kaempfer-Homsy and Herbert Keppner Magenta consortium Outline: General aspects of generators, examples

471 views • 44 slides
First-Principles Prediction of Acidities in the Gas and Solution Phase Prof. Michelle Coote and

First-Principles Prediction of Acidities in the Gas and Solution Phase Prof. Michelle Coote and

First-Principles Prediction of Acidities in the Gas and Solution Phase Prof. Michelle Coote and Dr Junming Ho 1 Why are Chemists interested in p K a s? 2 1 Chemical Speciation Oxicams (polyprotic acids) are non-steroidal anti-

428 views • 14 slides
TYPES OF IMPERFECTIONS Vacancy atoms Interstitial atoms Point defects

TYPES OF IMPERFECTIONS Vacancy atoms Interstitial atoms Point defects

TYPES OF IMPERFECTIONS Vacancy atoms Interstitial atoms Point defects Substitutional atoms Line defects Dislocations Area defects Grain Boundaries Stacking faults 2 No longer perfect: Thermal Energy Lattice

479 views • 18 slides
Complexit y of nonrecursiv e logic programs with complex v alues Sergei V orob y o

Complexit y of nonrecursiv e logic programs with complex v alues Sergei V orob y o

Complexit y of nonrecursiv e logic programs with complex v alues Sergei V orob y o v Andrei V oronk o v MPI f ur Informatik Uppsala Univ ersit y Saarbr uc k en Uppsala German y Sw eden 1 S.V orob y

545 views • 21 slides
Ionic liquids and solids: open-access data, modeling and design Axel Drefahl

Ionic liquids and solids: open-access data, modeling and design Axel Drefahl

Ionic liquids and solids: open-access data, modeling and design Axel Drefahl axeleratio@yahoo.com Presentation at University of Nevada, Reno, on December 5, 2008 Outline Introduction: Ionic liquids and sustainable chemistry (green

646 views • 49 slides

More recommend