21 research outputs found
Differentially Oblivious Database Joins: Overcoming the Worst-Case Curse of Fully Oblivious Algorithms
Numerous high-profile works have shown that access patterns to even encrypted databases can leak secret information and sometimes even lead to reconstruction of the entire database. To thwart access pattern leakage, the literature has focused on oblivious algorithms, where obliviousness requires that the access patterns leak nothing about the input data.
In this paper, we consider the Join operator, an important database primitive that has been extensively studied and optimized. Unfortunately, any fully oblivious Join algorithm would require always padding the result to the worst-case length which is quadratic in the data size N. In comparison, an insecure baseline incurs only O(R + N) cost where R is the true result length, and in the common case in practice, R is relatively short. As a typical example, when R = O(N), any fully oblivious algorithm must inherently incur a prohibitive, N-fold slowdown relative to the insecure baseline. Indeed, the (non-private) database and algorithms literature invariably focuses on studying the instance-specific rather than worst-case performance of database algorithms. Unfortunately, the stringent notion of full obliviousness precludes the design of efficient algorithms with non-trivial instance-specific performance.
To overcome this worst-case performance barrier of full obliviousness and enable algorithms with good instance-specific performance, we consider a relaxed notion of access pattern privacy called (?, ?)-differential obliviousness (DO), originally proposed in the seminal work of Chan et al. (SODA\u2719). Rather than insisting that the access patterns leak no information whatsoever, the relaxed DO notion requires that the access patterns satisfy (?, ?)-differential privacy. We show that by adopting the relaxed DO notion, we can obtain efficient database Join mechanisms whose instance-specific performance approximately matches the insecure baseline, while still offering a meaningful notion of privacy to individual users. Complementing our upper bound results, we also prove new lower bounds regarding the performance of any DO Join algorithm.
Differential obliviousness (DO) is a new notion and is a relatively unexplored territory. Following the pioneering investigations by Chan et al. and others, our work is among the very first to formally explore how DO can help overcome the worst-case performance curse of full obliviousness; moreover, we motivate our work with database applications. Our work shows new evidence why DO might be a promising notion, and opens up several exciting future directions
Adore: Differentially Oblivious Relational Database Operators
There has been a recent effort in applying differential privacy on memory
access patterns to enhance data privacy. This is called differential
obliviousness. Differential obliviousness is a promising direction because it
provides a principled trade-off between performance and desired level of
privacy. To date, it is still an open question whether differential
obliviousness can speed up database processing with respect to full
obliviousness. In this paper, we present the design and implementation of three
new major database operators: selection with projection, grouping with
aggregation, and foreign key join. We prove that they satisfy the notion of
differential obliviousness. Our differentially oblivious operators have reduced
cache complexity, runtime complexity, and output size compared to their
state-of-the-art fully oblivious counterparts. We also demonstrate that our
implementation of these differentially oblivious operators can outperform their
state-of-the-art fully oblivious counterparts by up to .Comment: VLDB 202
UniPlonk: Plonk with Universal Verifier
We propose UniPlonK, a modification of the PlonK protocol that uniformizes the Verifierâs work for families of circuits. Specifically, a single fixed-cost âUniversal Verifierâ can check proofs for circuits of different: sizes, public input lengths, selector polynomials, copy constraints, and even different custom gate sets. UniPlonK therefore extends the universality of PlonK beyond the SRS; it enables a single âUniversal Verifier Circuitâ capable of verifying proofs from different PlonK circuits.
The Universal Verifierâs marginal cost over the ordinary Plonk verifier is small: for circuits using only the vanilla Plonk gate, the Universal Verifier performs a number of additional field multiplications proportional to the logarithm of the maximum supported circuit size; it incurs no additional elliptic curve operations. For circuits using custom gates, the Universal Verifier incurs additional elliptic curve arithmetic only when verifying proofs from circuits that do not use all supported gate types. For circuits that use all supported gates, the Universal Verifierâs additional cost consists only of field multiplications proportional to the logarithm of the maximum supported circuit size, the number of custom gate types, and the number of witness variables used by these gates. In both settings (vanilla-only and custom gates) the marginal cost to the prover is a fixed-base MSM of size â, the length of the public input vector
Genie: A Generator of Natural Language Semantic Parsers for Virtual Assistant Commands
To understand diverse natural language commands, virtual assistants today are
trained with numerous labor-intensive, manually annotated sentences. This paper
presents a methodology and the Genie toolkit that can handle new compound
commands with significantly less manual effort. We advocate formalizing the
capability of virtual assistants with a Virtual Assistant Programming Language
(VAPL) and using a neural semantic parser to translate natural language into
VAPL code. Genie needs only a small realistic set of input sentences for
validating the neural model. Developers write templates to synthesize data;
Genie uses crowdsourced paraphrases and data augmentation, along with the
synthesized data, to train a semantic parser. We also propose design principles
that make VAPL languages amenable to natural language translation. We apply
these principles to revise ThingTalk, the language used by the Almond virtual
assistant. We use Genie to build the first semantic parser that can support
compound virtual assistants commands with unquoted free-form parameters. Genie
achieves a 62% accuracy on realistic user inputs. We demonstrate Genie's
generality by showing a 19% and 31% improvement over the previous state of the
art on a music skill, aggregate functions, and access control.Comment: To appear in PLDI 201
Maintaining Triangle Queries under Updates
We consider the problem of incrementally maintaining the triangle queries
with arbitrary free variables under single-tuple updates to the input
relations. We introduce an approach called IVM that exhibits a
trade-off between the update time, the space, and the delay for the enumeration
of the query result, such that the update time ranges from the square root to
linear in the database size while the delay ranges from constant to linear
time. IVM achieves Pareto worst-case optimality in the update-delay
space conditioned on the Online Matrix-Vector Multiplication conjecture. It is
strongly Pareto optimal for the triangle queries with zero or three free
variables and weakly Pareto optimal for the triangle queries with one or two
free variables.Comment: 47 pages, 18 figure