2,829 Hits in 3.1 sec

Proving Differential Privacy via Probabilistic Couplings [article]

Gilles Barthe, Marco Gaboardi, Benjamin Grégoire, Justin Hsu, Pierre-Yves Strub
2017 arXiv   accepted
Even when the composition theorem is not helpful, we can often prove privacy by a coupling argument.  ...  Our methods are based on the observation that differential privacy has deep connections with a generalization of probabilistic couplings, an established mathematical tool for reasoning about stochastic  ...  The first rule [FORALL-EQ] allows proving differential privacy via pointwise privacy; this rule reflects Proposition 6.  ... 
arXiv:1601.05047v4 fatcat:ebuijcjdzvbalcbqephgryxoyy

Advanced Probabilistic Couplings for Differential Privacy

Gilles Barthe, Noémie Fong, Marco Gaboardi, Benjamin Grégoire, Justin Hsu, Pierre-Yves Strub
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
We address these limitations with a new formalism extending apRHL, a relational program logic that has been used for proving differential privacy of non-interactive algorithms, and incorporating aHL, a  ...  We implement our logic in EasyCrypt, and formally verify privacy. We also introduce a novel coupling technique called optimal subset coupling that may be of independent interest.  ...  For the future, it would be interesting to explore generalizations of differential privacy like the recent notion of concentrated differential privacy [12, 18] .  ... 
doi:10.1145/2976749.2978391 dblp:conf/ccs/BartheFGGHS16 fatcat:4ge6fousn5frrkcicmszlniboa

Synthesizing coupling proofs of differential privacy

Aws Albarghouthi, Justin Hsu
2017 Proceedings of the ACM on Programming Languages  
Differential privacy has emerged as a promising probabilistic formulation of privacy, generating intense interest within academia and industry.  ...  strategies, which casts differential privacy proofs as a winning strategy in a game where we have finite privacy resources to expend.  ...  Proving differential privacy via coupling strategies Our main theoretical result shows that synchronizing coupling strategies encode couplings. , and let f : S × S → R be such that c ⩽ f (s ′ 1 , s ′ 2  ... 
doi:10.1145/3158146 dblp:journals/pacmpl/AlbarghouthiH18 fatcat:c3od4wpcbvhgfgaotao7crk5jm

Probabilistic Counters for Privacy Preserving Data Aggregation [article]

Dominik Bojko, Krzysztof Grining, Marek Klonowski
2022 arXiv   pre-print
We use standard, rigid differential privacy notion.  ...  Probabilistic counters are well known tools often used for space-efficient set cardinality estimation. In this paper we investigate probabilistic counters from the perspective of preserving privacy.  ...  Privacy-Preserving Survey via Probabilistic Counters In this section we present an example scenario for data aggregation using probabilistic counters.  ... 
arXiv:2003.11446v2 fatcat:x6eazya2wvbadoyxhoygbbryl4

Probabilistic Couplings for Probabilistic Reasoning [article]

Justin Hsu
2017 arXiv   pre-print
Couplings can imply various guarantees comparing two runs of a probabilistic computation. We first show that proofs in the program logic pRHL describe couplings.  ...  We give an approximate coupling proof of privacy for the Sparse Vector mechanism, a well-known algorithm from the privacy literature whose privacy proof is notoriously subtle, and produce the first formalized  ...  Variable approximate couplings As we saw in Chapters 4 and 5, approximate couplings are a powerful tool for proving differential privacy.  ... 
arXiv:1710.09951v2 fatcat:emqjytis65go3l6nuzy2ivw52y

Constraint-Based Synthesis of Coupling Proofs [chapter]

Aws Albarghouthi, Justin Hsu
2018 Lecture Notes in Computer Science  
Proof by coupling is a classical technique for proving properties about pairs of randomized algorithms by carefully relating (or coupling) two probabilistic executions.  ...  Second, we show how properties of f -coupled postconditions can imply various probabilistic properties of the original programs.  ...  To prove differential privacy, the behavior of a single program is compared on two related inputs.  ... 
doi:10.1007/978-3-319-96145-3_18 fatcat:mjv7leejdvazzdwrv4riyqhkku

Constraint-Based Synthesis of Coupling Proofs [article]

Aws Albarghouthi, Justin Hsu
2018 arXiv   pre-print
Proof by coupling is a classical technique for proving properties about pairs of randomized algorithms by carefully relating (or coupling) two probabilistic executions.  ...  Second, we show how properties of f-coupled postconditions can imply various probabilistic properties of the original programs.  ...  To prove differential privacy, the behavior of a single program is compared on two related inputs.  ... 
arXiv:1804.04052v1 fatcat:voa5gdpbrbbhhgydfyc7olp6bm

Local Distribution Obfuscation via Probability Coupling*

Yusuke Kawamoto, Takao Murakami
2019 2019 57th Annual Allerton Conference on Communication, Control, and Computing (Allerton)  
To provide f-divergence distribution privacy, we prove that probabilistic perturbation noise should be added proportionally to the Earth mover's distance between the probability distributions that we want  ...  We introduce a general model for the local obfuscation of probability distributions by probabilistic perturbation, e.g., by adding differentially private noise, and investigate its theoretical properties  ...  , and Rényi differential privacy [10] ).  ... 
doi:10.1109/allerton.2019.8919803 dblp:conf/allerton/0001M19 fatcat:g7hzy5pk7jatrpiiq4ksjdtbt4

Differentially Private Search Log Sanitization with Optimal Output Utility [article]

Yuan Hong, Jaideep Vaidya, Haibing Lu, Mingrui Wu
2011 arXiv   pre-print
In this paper, we propose utility-maximizing sanitization based on the rigorous privacy standard of differential privacy, in the context of search logs.  ...  Specifically, we utilize optimization models to maximize the output utility of the sanitization for different applications, while ensuring that the production process satisfies differential privacy.  ...  Our work utilizes the stronger relaxation of ǫ-differential privacy -probabilistic differential privacy.  ... 
arXiv:1108.0186v3 fatcat:p6wovqnze5dddge3dvmhmsausm

Probabilistic Relational Reasoning via Metrics [article]

Arthur Azevedo de Amorim, Marco Gaboardi, Justin Hsu, Shin-ya Katsumata
2019 arXiv   pre-print
We show how to extend Fuzz to capture more general relational properties of probabilistic programs, with approximate, or (ϵ, δ)-differential privacy serving as a leading example.  ...  privacy.  ...  N (x, Typing (ε, δ)-Differential Privacy: We can now capture (ε, δ)-privacy via Fuzz types. Consider the judgment: e : db (ε,δ) τ where db is interpreted as the path-metric space P (db, adj).  ... 
arXiv:1807.05091v3 fatcat:rl7rwnqeb5a77h2a3mg3fylvpa

SoK: Differential Privacies [article]

Damien Desfontaines, Balázs Pejó
2020 arXiv   pre-print
Shortly after it was first introduced in 2006, differential privacy became the flagship data privacy definition.  ...  We list all data privacy definitions based on differential privacy, and partition them into seven categories, depending on which aspect of the original definition is modified.  ...  Definition 9 ((ε, δ)-probabilistic differential privacy [Mei18] ).  ... 
arXiv:1906.01337v4 fatcat:dnkli276a5atll7xytbi23sjxq

Contextual Linear Types for Differential Privacy [article]

Matías Toro, David Darais, Chike Abuah, Joe Near, Damián Árquez, Federico Olmedo, Éric Tanter
2021 arXiv   pre-print
We formalize the core of the Jazz language, prove it sound for privacy via a logical relation for metric preservation, and illustrate its expressive power through a number of case studies drawn from the  ...  recent differential privacy literature.  ...  Approximate couplings [13] are a probabilistic abstraction that witnesses differential privacy properties of programs and have been successfully exploited for verification purposes.  ... 
arXiv:2010.11342v2 fatcat:gwgcsvx2mzewlpui56256g4noa

Privacy Amplification by Subsampling: Tight Analyses via Couplings and Divergences [article]

Borja Balle and Gilles Barthe and Marco Gaboardi
2018 arXiv   pre-print
Differential privacy comes equipped with multiple analytical tools for the design of private data analyses.  ...  Our method leverages a characterization of differential privacy as a divergence which emerged in the program verification community.  ...  Again, the proof of the inequality uses tools from probabilistic couplings.  ... 
arXiv:1807.01647v2 fatcat:cx5ov4b5ifgc3mif7p77w6uvaq

LightDP: towards automating differential privacy proofs

Danfeng Zhang, Daniel Kifer
2017 SIGPLAN notices  
The growing popularity and adoption of differential privacy in academic and industrial settings has resulted in the development of increasingly sophisticated algorithms for releasing information while  ...  However, existing formal methods for differential privacy face a dilemma: methods based on customized logics can verify sophisticated algorithms but come with a steep learning curve and significant annotation  ...  Program logic for differential privacy Probabilistic relational program logic (Barthe et al. 2012 Barthe and Olmedo 2013; Barthe et al. 2016c,b) use custom relational logics to verify differential privacy  ... 
doi:10.1145/3093333.3009884 fatcat:pmxbrti2c5bqjkodkeqylgnhhq

A Programming Framework for Differential Privacy with Accuracy Concentration Bounds [article]

Elisabet Lobo-Vesga Chalmers University of Technology
2019 arXiv   pre-print
The compositional nature of differential privacy has motivated the design and implementation of several programming languages aimed at helping a data analyst in programming differentially private analyses  ...  Differential privacy offers a formal framework for reasoning about privacy and accuracy of computations on private data. It also offers a rich set of building blocks for constructing data analyses.  ...  privacy [51] , zero concentrated differential privacy [52] , or truncated concentrated differential privacy [53] .  ... 
arXiv:1909.07918v1 fatcat:3kkbsxwi6bf4zhhez3nvedvmpu
« Previous Showing results 1 — 15 out of 2,829 results