#8712;: A Framework for Defining Differentially-Private Computations
Abstract
The adoption of differential privacy is growing but the complexity of designing private, efficient and accurate algorithms is still high. We propose a novel programming framework and system, ∈ktelo, for implementing both existing and new privacy algorithms. For the task of answering linear counting queries, we show that nearly all existing algorithms can be composed from operators, each conforming to one of a small number of operator classes. While past programming frameworks have helped to ensure the privacy of programs, the novelty of our framework is its significant support for authoring accurate and efficient (as well as private) programs.
We describe the design and architecture of the ∈ktelo system and show that ∈ktelo is expressive enough to describe many algorithms from the privacy literature. ∈ktelo allows for safer implementations through code reuse and allows both privacy novices and experts to more easily design new algorithms. We demonstrate the use of ∈ktelo by designing new algorithms offering state-of-the-art accuracy and runtime.
References
[1]
https://onthemap.ces.census.gov/, 2010.
[2]
https://github.com/dpcomp-org/dpcomp_core, 2016.
[3]
G. Ács, C. Castelluccia, and R. Chen. Differentially private histogram publishing through lossy compression. In ICDM, pages 1--10, 2012.
[4]
A. Albarghouthi and J. Hsu. Synthesizing coupling proofs of differential privacy. Proc. ACM Program. Lang., (POPL), Dec. 2017.
[5]
B. Barak, K. Chaudhuri, C. Dwork, S. Kale, F. McSherry, and K. Talwar. Privacy, accuracy, and consistency too: A holistic solution to contingency table release. In PODS, pages 273 -- 282, 2007.
[6]
G. Barthe, G. P. Farina, M. Gaboardi, E. J. G. Arias, A. Gordon, J. Hsu, and P.-Y. Strub. Differentially private bayesian programming. In CCS, pages 68--79, 2016.
[7]
G. Cormode, M. Procopiuc, E. Shen, D. Srivastava, and T. Yu. Differentially private spatial decompositions. In ICDE, pages 20--31, 2012.
[8]
C. Dwork, F. M. K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In TCC, pages 265--284, 2006.
[9]
C. Dwork and A. Roth. The Algorithmic Foundations of Differential Privacy. Foundations and Trends in Theoretical Computer Science, 2014.
[10]
H. Ebadi and D. Sands. Featherweight pinq. JPC, 7(2), 2017.
[11]
Ú. Erlingsson, V. Pihur, and A. Korolova. Rappor: Randomized aggregatable privacy-preserving ordinal response. In CCS, 2014.
[12]
D. C.-L. Fong and M. Saunders. LSMR: An iterative algorithm for sparse least-squares problems. SIAM J. Sci. Comput., 33(5):2950--2971, Oct. 2011.
[13]
M. Gaboardi, A. Haeberlen, J. Hsu, A. Narayan, and B. C. Pierce. Linear dependent types for differential privacy. In POPL, pages 357--370, 2013.
[14]
A. Haeberlen, B. C. Pierce, and A. Narayan. Differential privacy under fire. In USENIX Conference on Security, 2011.
[15]
S. Haney, A. Machanavajjhala, J. Abowd, M. Graham, M. Kutzbach, and L. Vilhuber. Utility cost of formal privacy for releasing national employer-employee statistics. In SIGMOD, 2017.
[16]
M. Hardt, K. Ligett, and F. McSherry. A simple and practical algorithm for differentially private data release. In NIPS, 2012.
[17]
M. Hay, A. Machanavajjhala, G. Miklau, Y. Chen, and D. Zhang. Principled evaluation of differentially private algorithms using dpbench. In SIGMOD, 2016.
[18]
M. Hay, V. Rastogi, G. Miklau, and D. Suciu. Boosting the accuracy of differentially private histograms through consistency. PVLDB, 2010.
[19]
G. Kellaris, S. Papadopoulos, and D. Papadias. Differentially private histograms for range-sum queries: A modular approach. arXiv, 2015.
[20]
I. Kotsogiannis, A. Machanavajjhala, M. Hay, and G. Miklau. Pythia: Data dependent differentially private algorithm selection. In SIGMOD, 2017.
[21]
I. Kotsogiannis, Y. Tao, A. Machanavajjhala, G. Miklau, and M. Hay. Architecting a differentially private SQL engine. In Conf. on Innovative Data Systems Research (CIDR), 2019.
[22]
J. Lee, Y. Wang, and D. Kifer. Maximum likelihood postprocessing for differential privacy under consistency constraints. In KDD, 2015.
[23]
C. Li, M. Hay, and G. Miklau. A data- and workload-aware algorithm for range queries under differential privacy. PVLDB, 2014.
[24]
C. Li, M. Hay, V. Rastogi, G. Miklau, and A. McGregor. Optimizing linear counting queries under differential privacy. In PODS, pages 123--134, 2010.
[25]
C. Li, G. Miklau, M. Hay, A. McGregor, and V. Rastogi. The matrix mechanism: optimizing linear counting queries under differential privacy. The VLDB Journal, pages 1--25, 2015.
[26]
J. Liu and K. Talwar. Private selection from private candidates. CoRR, abs/1811.07971, 2018.
[27]
R. McKenna, G. Miklau, M. Hay, and A. Machanavajjhala. Optimizing error of high-dimensional statistical queries under differential privacy. PVLDB, 11(10), 2018.
[28]
R. McKenna, D. Sheldon, and G. Miklau. Graphical-model based estimation and inference for differential privacy. In ICML, 2019.
[29]
F. D. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In SIGMOD, pages 19--30, 2009.
[30]
I. Mironov. On significance of the least significant bits for differential privacy. In CCS, 2012.
[31]
D. Proserpio, S. Goldberg, and F. McSherry. A workflow for differentially-private graph synthesis. In Workshop on online social networks, 2012.
[32]
D. Proserpio, S. Goldberg, and F. McSherry. Calibrating data to sensitivity in private data analysis: A platform for differentially-private analysis of weighted datasets. Proc. VLDB Endow., 7(8):637--648, Apr. 2014.
[33]
W. Qardaji, W. Yang, and N. Li. Differentially private grids for geospatial data. In ICDE, pages 757--768. IEEE, 2013.
[34]
W. Qardaji, W. Yang, and N. Li. Understanding hierarchical methods for differentially private histograms. PVLDB, 2013.
[35]
I. Roy, S. T. V. Setty, A. Kilzer, V. Shmatikov, and E. Witchel. Airavat: Security and privacy for mapreduce. In NSDI, 2010.
[36]
O. Williams and F. McSherry. Probabilistic Inference and Differential Privacy. NIPS, pages 2451--2459, 2010.
[37]
X. Xiao, G. Wang, and J. Gehrke. Differential privacy via wavelet transforms. In ICDE, pages 225--236, 2010.
[38]
D. Zhang and D. Kifer. Lightdp: Towards automating differential privacy proofs. In POPL, pages 888--901, 2017.
[39]
D. Zhang, R. McKenna, I. Kotsogiannis, G. Bissias, M. Hay, A. Machanavajjhala, and G. Miklau. Ektelo: A framework for defining differentially-private computations. https://arxiv.org/abs/1808.03555v3.
[40]
D. Zhang, R. McKenna, I. Kotsogiannis, M. Hay, A. Machanavajjhala, and G. Miklau. Ektelo: A framework for defining differentially-private computations. In ACM Conference on Management of Data (SIGMOD), pages 115--130, 2018.
[41]
J. Zhang, G. Cormode, C. M. Procopiuc, D. Srivastava, and X. Xiao. PrivBayes: Private data release via Bayesian networks. TODS, 42, 2017.
[42]
J. Zhang, X. Xiao, and X. Xie. Privtree: A differentially private algorithm for hierarchical decompositions. In SIGMOD, 2016.
[43]
X. Zhang, R. Chen, J. Xu, X. Meng, and Y. Xie. Towards accurate histogram publication under differential privacy. In SDM, 2014.
Recommendations
Personalised anonymity for microdata release
Individual privacy protection in the released data sets has become an important issue in recent years. The release of microdata provides a significant information resource for researchers, whereas the release of person‐specific data poses a threat to ...
A new unpredictability-based radio frequency identification forward privacy model and a provably secure construction
The privacy model of radio frequency identification RFID systems is for formalizing the adversarial capabilities and the security requirements of RFID anonymity and untraceability. Existing unpredictability-based privacy models such as unp-privacy, eunp-...
An efficient privacy mechanism for electronic health records
Electronic health records (EHRs), digitization of patients' health record, offer many advantages over traditional ways of keeping patients' records, such as easing data management and facilitating quick access and real-time treatment. EHRs are a rich ...
Comments
Information & Contributors
Information
Published In
Copyright © 2019 Authors.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 November 2019
Published in SIGMOD Volume 48, Issue 1
Check for updates
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 69Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Reflects downloads up to 07 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in