TY - GEN
T1 - LightDP
T2 - 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017
AU - Zhang, Danfeng
AU - Kifer, Daniel
N1 - Funding Information:
We thank Adam Smith, our shepherd Marco Gaboardi and anonymous reviewers for their helpful suggestions. This work was supported by NSF grants CNS-1228669 and CCF-1566411.
Publisher Copyright:
© 2017 ACM.
PY - 2017/1/1
Y1 - 2017/1/1
N2 - The growing popularity and adoption of differential privacy in academic and industrial settings has resulted in the development of increasingly sophisticated algorithms for releasing information while preserving privacy. Accompanying this phenomenon is the natural rise in the development and publication of incorrect algorithms, thus demonstrating the necessity of formal verification tools. However, existing formal methods for differential privacy face a dilemma: methods based on customized logics can verify sophisticated algorithms but come with a steep learning curve and significant annotation burden on the programmers, while existing programming platforms lack expressive power for some sophisticated algorithms. In this paper, we present LightDP, a simple imperative language that strikes a better balance between expressive power and usability. The core of LightDP is a novel relational type system that separates relational reasoning from privacy budget calculations. With dependent types, the type system is powerful enough to verify sophisticated algorithms where the composition theorem falls short. In addition, the inference engine of LightDP infers most of the proof details, and even searches for the proof with minimal privacy cost when multiple proofs exist. We show that LightDP verifies sophisticated algorithms with little manual effort.
AB - The growing popularity and adoption of differential privacy in academic and industrial settings has resulted in the development of increasingly sophisticated algorithms for releasing information while preserving privacy. Accompanying this phenomenon is the natural rise in the development and publication of incorrect algorithms, thus demonstrating the necessity of formal verification tools. However, existing formal methods for differential privacy face a dilemma: methods based on customized logics can verify sophisticated algorithms but come with a steep learning curve and significant annotation burden on the programmers, while existing programming platforms lack expressive power for some sophisticated algorithms. In this paper, we present LightDP, a simple imperative language that strikes a better balance between expressive power and usability. The core of LightDP is a novel relational type system that separates relational reasoning from privacy budget calculations. With dependent types, the type system is powerful enough to verify sophisticated algorithms where the composition theorem falls short. In addition, the inference engine of LightDP infers most of the proof details, and even searches for the proof with minimal privacy cost when multiple proofs exist. We show that LightDP verifies sophisticated algorithms with little manual effort.
UR - http://www.scopus.com/inward/record.url?scp=85015336722&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85015336722&partnerID=8YFLogxK
U2 - 10.1145/3009837.3009884
DO - 10.1145/3009837.3009884
M3 - Conference contribution
AN - SCOPUS:85015336722
T3 - Conference Record of the Annual ACM Symposium on Principles of Programming Languages
SP - 888
EP - 901
BT - POPL 2017 - Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages
A2 - Gordon, Andrew D.
A2 - Castagna, Giuseppe
PB - Association for Computing Machinery
Y2 - 15 January 2017 through 21 January 2017
ER -