Testing differential privacy with dual interpreters

Applying differential privacy at scale requires convenient ways to check that programs computing with sensitive data appropriately preserve privacy. We propose here a fully automated framework for testing differential privacy, adapting a well-known “pointwise” technique from informal proofs of differential privacy. Our framework, called DPCheck, requires no programmer annotations, handles all previously verified or tested algorithms, and is the first fully automated framework to distinguish correct and buggy implementations of PrivTree, a probabilistically terminating algorithm that has not previously been mechanically checked. We analyze the probability of DPCheck mistakenly accepting a non-private program and prove that, theoretically, the probability of false acceptance can be made exponentially small by suitable choice of test size. We demonstrate DPCheck’s utility empirically by implementing all benchmark algorithms from prior work on mechanical verification of differential privacy, plus several others and their incorrect variants, and show DPCheck accepts the correct implementations and rejects the incorrect variants. We also demonstrate how DPCheck can be deployed in a practical workflow to test differentially privacy for the 2020 US Census Disclosure Avoidance System (DAS).

[1]  Elaine Shi,et al.  Private and Continual Release of Statistics , 2010, TSEC.

[2]  Benjamin C. Pierce,et al.  Distance makes the types grow stronger: a calculus for differential privacy , 2010, ICFP '10.

[3]  Gilles Barthe,et al.  Approximate Span Liftings: Compositional Semantics for Relaxations of Differential Privacy , 2017, 2019 34th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[4]  Ninghui Li,et al.  Understanding the Sparse Vector Technique for Differential Privacy , 2016, Proc. VLDB Endow..

[5]  Eugenio Moggi,et al.  Computational lambda-calculus and monads , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[6]  Danfeng Zhang,et al.  Proving differential privacy with shadow execution , 2019, PLDI.

[7]  Ilya Mironov,et al.  On significance of the least significant bits for differential privacy , 2012, CCS.

[8]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.

[9]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[10]  Andreas Haeberlen,et al.  A framework for adaptive differential privacy , 2017, Proc. ACM Program. Lang..

[11]  Emina Torlak,et al.  A lightweight symbolic virtual machine for solver-aided host languages , 2014, PLDI.

[12]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[13]  Emil Axelsson,et al.  Combining Deep and Shallow Embedding for EDSL , 2012, Trends in Functional Programming.

[14]  Timon Gehr,et al.  DP-Finder: Finding Differential Privacy Violations by Sampling and Optimization , 2018, CCS.

[15]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[16]  D. Murdoch,et al.  P-Values are Random Variables , 2008 .

[17]  Simon L. Peyton Jones,et al.  Safe haskell , 2013, Haskell '12.

[18]  Jon Louis Bentley,et al.  Quad trees a data structure for retrieval on composite keys , 1974, Acta Informatica.

[19]  Emil Axelsson,et al.  Combining deep and shallow embedding of domain-specific languages , 2015, Comput. Lang. Syst. Struct..

[20]  Xing Xie,et al.  PrivTree: A Differentially Private Algorithm for Hierarchical Decompositions , 2016, SIGMOD Conference.

[21]  F. Massey The Kolmogorov-Smirnov Test for Goodness of Fit , 1951 .

[22]  Vishal Jagannath Ravi Automated methods for checking differential privacy , 2019 .

[23]  Andreas Haeberlen,et al.  Linear dependent types for differential privacy , 2013, POPL.

[24]  Danfeng Zhang,et al.  Free Gap Information from the Differentially Private Sparse Vector and Noisy Max Mechanisms , 2019, Proc. VLDB Endow..

[25]  Janardhan Kulkarni,et al.  Collecting Telemetry Data Privately , 2017, NIPS.

[26]  Shiva Prasad Kasiviswanathan,et al.  On the 'Semantics' of Differential Privacy: A Bayesian Formulation , 2008, J. Priv. Confidentiality.

[27]  Justin Hsu,et al.  Probabilistic Couplings for Probabilistic Reasoning , 2017, ArXiv.

[28]  William K. C. Lam,et al.  Differentially Private SQL with Bounded User Contribution , 2019, Proc. Priv. Enhancing Technol..

[29]  Aws Albarghouthi,et al.  Synthesizing coupling proofs of differential privacy , 2017, Proc. ACM Program. Lang..

[30]  Benjamin Grégoire,et al.  Proving Differential Privacy via Probabilistic Couplings , 2016, 2016 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[31]  Tim Roughgarden,et al.  Universally utility-maximizing privacy mechanisms , 2008, STOC '09.

[32]  Andreas Haeberlen,et al.  Differential Privacy: An Economic Method for Choosing Epsilon , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[33]  Danfeng Zhang,et al.  LightDP: towards automating differential privacy proofs , 2016, POPL.

[34]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[35]  Joseph P. Romano,et al.  Multivariate and multiple permutation tests , 2016 .

[36]  Mu Zhang,et al.  Duet: an expressive higher-order language and linear type system for statically enforcing differential privacy , 2019, Proc. ACM Program. Lang..

[37]  Danfeng Zhang,et al.  Detecting Violations of Differential Privacy , 2018, CCS.

[38]  Zoltán Horváth,et al.  Feldspar: A domain specific language for digital signal processing algorithms , 2010, Eighth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2010).

[39]  Abraham D. Flaxman,et al.  Differential privacy in the 2020 US census: what will it do? Quantifying the accuracy/privacy tradeoff , 2019, Gates open research.

[40]  Pierre-Yves Strub,et al.  Advanced Probabilistic Couplings for Differential Privacy , 2016, CCS.

[41]  BodikRastislav,et al.  A lightweight symbolic virtual machine for solver-aided host languages , 2014 .

[42]  Aaron Roth,et al.  Privacy Odometers and Filters: Pay-as-you-Go Composition , 2016, NIPS.

[43]  Larry A. Wasserman,et al.  Random Differential Privacy , 2011, J. Priv. Confidentiality.

[44]  Marco Gaboardi,et al.  Relational Symbolic Execution , 2017, PPDP.