345 research outputs found
Hypothesis Testing Interpretations and Renyi Differential Privacy
Differential privacy is a de facto standard in data privacy, with
applications in the public and private sectors. A way to explain differential
privacy, which is particularly appealing to statistician and social scientists
is by means of its statistical hypothesis testing interpretation. Informally,
one cannot effectively test whether a specific individual has contributed her
data by observing the output of a private mechanism---any test cannot have both
high significance and high power.
In this paper, we identify some conditions under which a privacy definition
given in terms of a statistical divergence satisfies a similar interpretation.
These conditions are useful to analyze the distinguishability power of
divergences and we use them to study the hypothesis testing interpretation of
some relaxations of differential privacy based on Renyi divergence. This
analysis also results in an improved conversion rule between these definitions
and differential privacy
Proving uniformity and independence by self-composition and coupling
Proof by coupling is a classical proof technique for establishing
probabilistic properties of two probabilistic processes, like stochastic
dominance and rapid mixing of Markov chains. More recently, couplings have been
investigated as a useful abstraction for formal reasoning about relational
properties of probabilistic programs, in particular for modeling
reduction-based cryptographic proofs and for verifying differential privacy. In
this paper, we demonstrate that probabilistic couplings can be used for
verifying non-relational probabilistic properties. Specifically, we show that
the program logic pRHL---whose proofs are formal versions of proofs by
coupling---can be used for formalizing uniformity and probabilistic
independence. We formally verify our main examples using the EasyCrypt proof
assistant
A Relational Logic for Higher-Order Programs
Relational program verification is a variant of program verification where
one can reason about two programs and as a special case about two executions of
a single program on different inputs. Relational program verification can be
used for reasoning about a broad range of properties, including equivalence and
refinement, and specialized notions such as continuity, information flow
security or relative cost. In a higher-order setting, relational program
verification can be achieved using relational refinement type systems, a form
of refinement types where assertions have a relational interpretation.
Relational refinement type systems excel at relating structurally equivalent
terms but provide limited support for relating terms with very different
structures.
We present a logic, called Relational Higher Order Logic (RHOL), for proving
relational properties of a simply typed -calculus with inductive types
and recursive definitions. RHOL retains the type-directed flavour of relational
refinement type systems but achieves greater expressivity through rules which
simultaneously reason about the two terms as well as rules which only
contemplate one of the two terms. We show that RHOL has strong foundations, by
proving an equivalence with higher-order logic (HOL), and leverage this
equivalence to derive key meta-theoretical properties: subject reduction,
admissibility of a transitivity rule and set-theoretical soundness. Moreover,
we define sound embeddings for several existing relational type systems such as
relational refinement types and type systems for dependency analysis and
relative cost, and we verify examples that were out of reach of prior work.Comment: Submitted to ICFP 201
Formal Verification of an SSA-based Middle-end for CompCert
CompCert is a formally verified compiler that generates compact and efficient PowerPC, ARM and x86 code for a large and realistic subset of the C language. However, CompCert foregoes using Static Single Assignment (SSA), an intermediate representation that allows for writing simpler and faster optimizers, and that is used by many compilers. In fact, it has remained an open problem to verify formally an SSA-based compiler middle-end. We report on a formally verified, SSA-based, middle-end for CompCert. Our middle-end performs conversion from CompCert intermediate form to SSA form, optimization of SSA programs, including Global Value Numbering, and transforming out of SSA to intermediate form. In addition to provide the first formally verified SSA-based middle-end, we address two problems raised by Leroy in 2009: giving a simple and intuitive formal semantics to SSA, and leveraging the global properties of SSA to reason locally about program optimizations
- …