Recent work on formal verification of differential privacy shows a trend toward usability and expressiveness – generating a correctness proof of sophisticated algorithm while minimizing the annotation burden on programmers. Sometimes, combining those two requires substantial changes to program logics: one recent paper is able to verify Report Noisy Max automatically, but it involves a complex verification system using customized program logics and verifiers.
In this paper, we propose a new proof technique, called shadow execution, and embed it into a language called ShadowDP. ShadowDP uses shadow execution to generate proofs of differential privacy with very few programmer annotations and without relying on customized logics and verifiers. In addition to verifying Report Noisy Max, we show that it can verify a new variant of Sparse Vector that reports the gap between some noisy query answers and the noisy threshold. Moreover, ShadowDP reduces the complexity of verification: for all of the algorithms we have evaluated, type checking and verification in total takes at most 3 seconds, while prior work takes minutes on the same algorithms.
Tue 25 JunDisplayed time zone: Tijuana, Baja California change
10:00 - 11:00 | |||
10:00 20mTalk | ILC: A Calculus for Composable, Computational Cryptography PLDI Research Papers | ||
10:20 20mTalk | Proving Differential Privacy with Shadow Execution PLDI Research Papers Yuxin Wang , Zeyu Ding Pennsylvania State University, USA, Guanhong Wang Pennsylvania State University, USA, Daniel Kifer Dept. of Computer Science and Engineering, Penn State University, Danfeng Zhang Pennsylvania State University Media Attached | ||
10:40 20mTalk | Data-Trace Types for Distributed Stream Processing Systems PLDI Research Papers Konstantinos Mamouras University of Pennsylvania, Caleb Stanford University of Pennsylvania, Rajeev Alur University of Pennsylvania, Zachary G. Ives University of Pennsylvania, Val Tannen University of Pennsylvania, USA Media Attached | ||