research-article

Distance makes the types grow stronger: a calculus for differential privacy

Authors:

Benjamin C. PierceAuthors Info & Claims

ICFP '10: Proceedings of the 15th ACM SIGPLAN international conference on Functional programming

Pages 157 - 168

https://doi.org/10.1145/1863543.1863568

Published: 27 September 2010 Publication History

Abstract

We want assurances that sensitive information will not be disclosed when aggregate data derived from a database is published. Differential privacy offers a strong statistical guarantee that the effect of the presence of any individual in a database will be negligible, even when an adversary has auxiliary knowledge. Much of the prior work in this area consists of proving algorithms to be differentially private one at a time; we propose to streamline this process with a functional language whose type system automatically guarantees differential privacy, allowing the programmer to write complex privacy-safe query programs in a flexible and compositional way.

The key novelty is the way our type system captures function sensitivity, a measure of how much a function can magnify the distance between similar inputs: well-typed programs not only can't go wrong, they can't go too far on nearby inputs. Moreover, by introducing a monad for random computations, we can show that the established definition of differential privacy falls out naturally as a special case of this soundness principle. We develop examples including known differentially private algorithms, privacy-aware variants of standard functional programming idioms, and compositionality principles for differential privacy.

Supplementary Material

JPG File (icfp-tues-1150-reed.jpg)

Download
11.08 KB

MOV File (icfp-tues-1150-reed.mov)

Download
118.39 MB

References

[1]

}}A. Ahmed. Step-indexed syntactic logical relations for recursive and quantified types. In of Lecture Notes in Computer Science, volume 3924, pages 69--83, 2006.

Digital Library

[2]

}}M. Ajtai, J. Komlós, and E. Szemerédi. Sorting in c log n parallel steps. Combinatorica, 3 (1): 1--19, March 1983. ISSN 0209-9683.

Digital Library

[3]

}}A. W. Appel and D. McAllester. An indexed model of recursive types for foundational proof-carrying code. ACM Trans. Program. Lang. Syst., 23 (5): 657--683, 2001. ISSN 0164-0925.

Digital Library

[4]

}}A. Barber. Dual intuitionistic linear logic. Technical Report ECS-LFCS-96-347, University of Edinburgh, 1996.

[5]

}}K. E. Batcher. Sorting networks and their applications. In AFIPS '68 (Spring): Proceedings of the April 30-May 2, 1968, spring joint computer conference, pages 307--314, New York, NY, USA, 1968. ACM.

Digital Library

[6]

}}A. Blum, C. Dwork, F. McSherry, and K. Nissim. Practical privacy: the sulq framework. In PODS '05: Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 128--138, New York, NY, USA, 2005. ACM.

Digital Library

[7]

}}A. Blum, K. Ligett, and A. Roth. A learning theory approach to non-interactive database privacy. In STOC '08: Proceedings of the 40th annual ACM symposium on Theory of computing, pages 609--618, New York, NY, USA, 2008. ACM.

Digital Library

[8]

}}P. Buneman, S. Khanna, and T. Wang-Chiew. Why and where: A characterization of data provenance. In J. Bussche and V. Vianu, editors, Database Theory ICDT 2001, volume 1973 of Lecture Notes in Computer Science, chapter 20, pages 316--330. Springer Berlin Heidelberg, Berlin, Heidelberg, October 2001.

Digital Library

[9]

}}T.-H. H. Chan, E. Shi, and D. Song. Private and continual release of statistics. Cryptology ePrint Archive, Report 2010/076, 2010. http://eprint.iacr.org/.

[10]

}}S. Chaudhuri, S. Gulwani, and R. Lublinerman. Continuity analysis of programs. SIGPLAN Not., 45 (1): 57--70, 2010. ISSN 0362-1340.

Digital Library

[11]

}}N. Dalvi, C. Ré, and D. Suciu. Probabilistic databases: diamonds in the dirt. Commun. ACM, 52 (7): 86--94, 2009.

Digital Library

[12]

}}C. Dwork. The differential privacy frontier (extended abstract). In Theory of Cryptography, Lecture Notes in Computer Science, chapter 29, pages 496--502. 2009.

Digital Library

[13]

}}C. Dwork. Differential privacy: A survey of results. 5th International Conference on Theory and Applications of Models of Computation, pages 1--19, 2008.

Digital Library

[14]

}}C. Dwork. Differential privacy. In Proceedings of ICALP (Part, volume 2, pages 1--12, 2006.

Digital Library

[15]

}}C. Dwork, F. Mcsherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference, 2006.

Digital Library

[16]

}}J. Girard. Linear logic. Theoretical Computer Science, 50 (1): 1--102, 1987.

Digital Library

[17]

}}T. J. Green, G. Karvounarakis, and V. Tannen. Provenance semirings. In PODS '07: Proceedings of the twenty-sixth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 31--40, New York, NY, USA, 2007. ACM.

Digital Library

[18]

}}A. Gupta, K. Ligett, F. McSherry, A. Roth, and K. Talwar. Differentially private combinatorial optimization. Nov 2009.

[19]

}}J. Ketonen. A decidable fragment of predicate calculus. Theoretical Computer Science, 32 (3): 297--307, 1984. ISSN 03043975.

[20]

}}J. Lambek. The mathematics of sentence structure. American Mathematical Monthly, 65 (3): 154--170, 1958.

[21]

}}G. Lowe. Quantifying information flow. In In Proc. IEEE Computer Security Foundations Workshop, pages 18--31, 2002.

Digital Library

[22]

}}A. Machanavajjhala, D. Kifer, J. Abowd, J. Gehrke, and L. Vilhuber. Privacy: Theory meets practice on the map. In ICDE '08: Proceedings of the 2008 IEEE 24th International Conference on Data Engineering, pages 277--286, Washington, DC, USA, 2008. IEEE Computer Society.

Digital Library

[23]

}}S. McCamant and M. D. Ernst. Quantitative information flow as network flow capacity. In PLDI '08: Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation, pages 193--205, New York, NY, USA, 2008. ACM.

Digital Library

[24]

}}F. McSherry and K. Talwar. Mechanism design via differential privacy. In FOCS '07: Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science, pages 94--103, Washington, DC, USA, 2007. IEEE Computer Society.

Digital Library

[25]

}}F. D. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In SIGMOD '09: Proceedings of the 35th SIGMOD international conference on Management of data, pages 19--30, New York, NY, USA, 2009. ACM.

Digital Library

[26]

}}A. Narayanan and V. Shmatikov. Robust de-anonymization of large sparse datasets. In SP '08: Proceedings of the 2008 IEEE Symposium on Security and Privacy, pages 111--125, Washington, DC, USA, 2008. IEEE Computer Society. ISBN 978-0-7695-3168-7. http://dx.doi.org/10.1109/SP.2008.33.

Digital Library

[27]

}}K. Nissim, S. Raskhodnikova, and A. Smith. Smooth sensitivity and sampling in private data analysis. In STOC '07: Proceedings of the thirty-ninth annual ACM symposium on Theory of computing, pages 75--84, New York, NY, USA, 2007. ACM.

Digital Library

[28]

}}P. O'Hearn and D. Pym. The logic of bunched implications. Bulletin of Symbolic Logic, 5 (2): 215--244, 1999.

[29]

}}S. Park, F. Pfenning, and S. Thrun. A monadic probabilistic language. In In Proceedings of the 2003 ACM SIGPLAN international workshop on Types in languages design and implementation, pages 38--49. ACM Press, 2003.

[30]

}}N. Ramsey and A. Pfeffer. Stochastic lambda calculus and monads of probability distributions. In In 29th ACM POPL, pages 154--165. ACM Press, 2002.

Digital Library

[31]

}}A. Roth and T. Roughgarden. The median mechanism: Interactive and efficient privacy with multiple queries, 2010. To appear in STOC 2010.

[32]

}}D. Wright and C. Baker-Finch. Usage Analysis with Natural Reduction Types. In Proceedings of the Third International Workshop on Static Analysis, pages 254--266. Springer-Verlag London, UK, 1993.

Digital Library

Cited By

Torczon CSuárez Acevedo EAgrawal SVelez-Ginorio JWeirich S(2024)Effects and Coeffects in Call-by-Push-ValueProceedings of the ACM on Programming Languages10.1145/36897508:OOPSLA2(1108-1134)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689750
Kellison AHsu J(2024)Numerical Fuzz: A Type System for Rounding Error AnalysisProceedings of the ACM on Programming Languages10.1145/36564568:PLDI(1954-1978)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656456
Toro MOlmedo FTanter É(2024)Gradual Differentially Private ProgrammingCommunications of the ACM10.1145/365332867:8(49-53)Online publication date: 18-Jul-2024
https://dl.acm.org/doi/10.1145/3653328
Show More Cited By

Index Terms

Distance makes the types grow stronger: a calculus for differential privacy
1. Software and its engineering
  1. Software notations and tools
    1. Context specific languages
      1. Specialized application languages

Recommendations

Linear dependent types for differential privacy
POPL '13: Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Differential privacy offers a way to answer queries about sensitive information while providing strong, provable privacy guarantees, ensuring that the presence or absence of a single individual in the database has a negligible statistical effect on the ...
Distance makes the types grow stronger: a calculus for differential privacy
ICFP '10

We want assurances that sensitive information will not be disclosed when aggregate data derived from a database is published. Differential privacy offers a strong statistical guarantee that the effect of the presence of any individual in a database will ...
Linear dependent types for differential privacy
POPL '13

Differential privacy offers a way to answer queries about sensitive information while providing strong, provable privacy guarantees, ensuring that the presence or absence of a single individual in the database has a negligible statistical effect on the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICFP '10: Proceedings of the 15th ACM SIGPLAN international conference on Functional programming

September 2010

398 pages

ISBN:9781605587943

DOI:10.1145/1863543

General Chair:
Paul Hudak
Yale University, USA
,
Program Chair:
Stephanie Weirich
University of Pennsylvania, USA

ACM SIGPLAN Notices Volume 45, Issue 9
ICFP '10
September 2010
382 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1932681
Issue’s Table of Contents

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 September 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICFP '10

Sponsor:

SIGPLAN

ICFP '10: ACM SIGPLAN International Conference on Functional Programming

September 27 - 29, 2010

Maryland, Baltimore, USA

Acceptance Rates

Overall Acceptance Rate 333 of 1,064 submissions, 31%

Upcoming Conference

ICFP '25

Sponsor:
sigplan

ACM SIGPLAN International Conference on Functional Programming

October 12 - 18, 2025

Singapore , Singapore

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

181
Total Citations
View Citations
1,042
Total Downloads

Downloads (Last 12 months)84
Downloads (Last 6 weeks)5

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Torczon CSuárez Acevedo EAgrawal SVelez-Ginorio JWeirich S(2024)Effects and Coeffects in Call-by-Push-ValueProceedings of the ACM on Programming Languages10.1145/36897508:OOPSLA2(1108-1134)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689750
Kellison AHsu J(2024)Numerical Fuzz: A Type System for Rounding Error AnalysisProceedings of the ACM on Programming Languages10.1145/36564568:PLDI(1954-1978)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656456
Toro MOlmedo FTanter É(2024)Gradual Differentially Private ProgrammingCommunications of the ACM10.1145/365332867:8(49-53)Online publication date: 18-Jul-2024
https://dl.acm.org/doi/10.1145/3653328
Oakley LHoltzen SOprea A(2024)Synthesizing Tight Privacy and Accuracy Bounds via Weighted Model Counting2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00048(449-463)Online publication date: 8-Jul-2024
https://doi.org/10.1109/CSF61375.2024.00048
Vasilenko EVazou NBarthe G(2024)OBRA: Oracle-Based, Relational, Algorithmic Type VerificationProgramming Languages and Systems10.1007/978-981-97-8943-6_14(283-302)Online publication date: 23-Oct-2024
https://dl.acm.org/doi/10.1007/978-981-97-8943-6_14
Lago UGalal ZGiusti G(2024)On Computational Indistinguishability and Logical RelationsProgramming Languages and Systems10.1007/978-981-97-8943-6_12(241-263)Online publication date: 23-Oct-2024
https://dl.acm.org/doi/10.1007/978-981-97-8943-6_12
Bell ZGoldwasser SKim MWatson J(2024)Certifying Private Probabilistic MechanismsAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68391-6_11(348-386)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68391-6_11
Ehling GKutsia T(2024)Solving Quantitative EquationsAutomated Reasoning10.1007/978-3-031-63501-4_20(381-400)Online publication date: 2-Jul-2024
https://doi.org/10.1007/978-3-031-63501-4_20
Pettersson MLjung Ekeroth JRusso A(2023)Calculating Function Sensitivity for Synthetic Data AlgorithmsProceedings of the 35th Symposium on Implementation and Application of Functional Languages10.1145/3652561.3652567(1-12)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3652561.3652567
Abel ADanielsson NEriksson O(2023)A Graded Modal Dependent Type Theory with a Universe and Erasure, FormalizedProceedings of the ACM on Programming Languages10.1145/36078627:ICFP(920-954)Online publication date: 31-Aug-2023
https://dl.acm.org/doi/10.1145/3607862
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

EPUB

View this article in ePub.

Figures

Tables

Media

View Table of Conten