Further Reading#
Differential privacy has grown into a mature, interdisciplinary field spanning theory, systems, and practice. This chapter highlights foundational papers, influential systems, and active areas of research for readers who want to go the extra mile!
Foundations of Differential Privacy#
Practical Systems and Implementations#
Production-grade DP systems:
Google’s RAPPOR and Apple’s Differential Privacy Deployment
Libraries and frameworks:
Opacus for DP in PyTorch
Machine Learning with Differential Privacy#
DP-SGD and modern private ML:
Privacy attacks and auditing:
Experimental Design and Statistics#
DP for statistical estimation:
Private hypothesis testing:
Sheffet (2017): Differentially Private Ordinary Least Squares [35]
Advanced Topics#
Local differential privacy:
Composition and privacy accounting:
Verification and formal reasoning:
Applications and Policy#
Survey and Future Directions#
Ullman (2020): Privacy and Data Analysis: A Research Overview [42]
References#
In the web/html version of the book, the bibliography will appear directly below this current text section.
However in the print versions which are based on \(\text{\LaTeX}\), the bibliography will appear (more traditionally) as the penultimate un-numbered standalone chapter which precedes the Proof Index.
Kenneth H. Rosen. Discrete Mathematics and Its Applications. McGraw-Hill Education, 7th edition, 2011. ISBN 9780073383095.
Eric Lehman, Tom Leighton, and Albert R. Meyer. Mathematics for computer science. 2017. URL: https://people.csail.mit.edu/meyer/mcs.pdf.
Oscar Levin. Discrete mathematics: an open introduction. 2023. URL: https://discrete.openmathbooks.org/.
Sheldon M. Ross. A First Course in Probability. Pearson, 10th edition, 2019. ISBN 9780134753119.
Dimitri P. Bertsekas and John N. Tsitsiklis. Introduction to Probability. Athena Scientific, 2002. ISBN 9781886529236.
Charles M. Grinstead and J. Laurie Snell. Introduction to probability. 2003. URL: https://math.dartmouth.edu/~prob/prob/prob.pdf.
Latanya Sweeney. Simple demographics often identify people uniquely. URL: https://dataprivacylab.org/projects/identifiability/.
Latanya Sweeney. K-anonymity: a model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05):557–570, 2002. URL: https://doi.org/10.1142/S0218488502001648, arXiv:https://doi.org/10.1142/S0218488502001648, doi:10.1142/S0218488502001648.
Adam Meyerson and Ryan Williams. On the complexity of optimal k-anonymity. In Proceedings of the 23rd ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), 223–228. ACM, 2004. URL: https://doi.org/10.1145/1055558.1055591, doi:10.1145/1055558.1055591.
Cynthia Dwork. Differential privacy. In Proceedings of the 33rd International Conference on Automata, Languages and Programming - Volume Part II, ICALP'06, 1–12. Berlin, Heidelberg, 2006. Springer-Verlag. URL: https://doi.org/10.1007/11787006_1, doi:10.1007/11787006_1.
Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. Calibrating noise to sensitivity in private data analysis. In Proceedings of the Third Conference on Theory of Cryptography, TCC'06, 265–284. Berlin, Heidelberg, 2006. Springer-Verlag. URL: https://doi.org/10.1007/11681878_14, doi:10.1007/11681878_14.
Cynthia Dwork, Krishnaram Kenthapadi, Frank McSherry, Ilya Mironov, and Moni Naor. Our data, ourselves: privacy via distributed noise generation. In Serge Vaudenay, editor, Advances in Cryptology - EUROCRYPT 2006, 486–503. Berlin, Heidelberg, 2006. Springer Berlin Heidelberg.
Frank D. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, SIGMOD '09, 19–30. New York, NY, USA, 2009. Association for Computing Machinery. URL: https://doi.org/10.1145/1559845.1559850, doi:10.1145/1559845.1559850.
Ilya Mironov. On significance of the least significant bits for differential privacy. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, 650–661. New York, NY, USA, 2012. Association for Computing Machinery. URL: https://doi.org/10.1145/2382196.2382264, doi:10.1145/2382196.2382264.
Sílvia Casacuberta, Michael Shoemate, Salil Vadhan, and Connor Wagaman. Widespread underestimation of sensitivity in differentially private libraries and how to fix it. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS '22, 471–484. New York, NY, USA, 2022. Association for Computing Machinery. URL: https://doi.org/10.1145/3548606.3560708, doi:10.1145/3548606.3560708.
Borja Balle and Yu-Xiang Wang. Improving the Gaussian mechanism for differential privacy: analytical calibration and optimal denoising. In Jennifer Dy and Andreas Krause, editors, Proceedings of the 35th International Conference on Machine Learning, volume 80 of Proceedings of Machine Learning Research, 394–403. PMLR, 10–15 Jul 2018. URL: https://proceedings.mlr.press/v80/balle18a.html.
Cynthia Dwork, Guy N. Rothblum, and Salil Vadhan. Boosting and differential privacy. In 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, volume, 51–60. 2010. doi:10.1109/FOCS.2010.12.
Kobbi Nissim, Sofya Raskhodnikova, and Adam Smith. Smooth sensitivity and sampling in private data analysis. In Proceedings of the Thirty-Ninth Annual ACM Symposium on Theory of Computing, STOC '07, 75–84. New York, NY, USA, 2007. Association for Computing Machinery. URL: https://doi.org/10.1145/1250790.1250803, doi:10.1145/1250790.1250803.
Cynthia Dwork and Jing Lei. Differential privacy and robust statistics. In Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, STOC '09, 371–380. New York, NY, USA, 2009. Association for Computing Machinery. URL: https://doi.org/10.1145/1536414.1536466, doi:10.1145/1536414.1536466.
Ilya Mironov. Renyi differential privacy. In Computer Security Foundations Symposium (CSF), 2017 IEEE 30th, 263–275. IEEE, 2017.
Mark Bun and Thomas Steinke. Concentrated differential privacy: simplifications, extensions, and lower bounds. In Theory of Cryptography Conference, 635–658. Springer, 2016.
Frank McSherry and Kunal Talwar. Mechanism design via differential privacy. In 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07), volume, 94–103. 2007. doi:10.1109/FOCS.2007.66.
Cynthia Dwork, Aaron Roth, and others. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, 9(3–4):211–407, 2014.
Cynthia Dwork, Moni Naor, Omer Reingold, Guy N. Rothblum, and Salil Vadhan. On the complexity of differentially private data release: efficient algorithms and hardness results. In Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, STOC '09, 381–390. New York, NY, USA, 2009. Association for Computing Machinery. URL: https://doi.org/10.1145/1536414.1536467, doi:10.1145/1536414.1536467.
Úlfar Erlingsson, Vasyl Pihur, and Aleksandra Korolova. Rappor: randomized aggregatable privacy-preserving ordinal response. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, 1054–1067. New York, NY, USA, 2014. Association for Computing Machinery. URL: https://doi.org/10.1145/2660267.2660348, doi:10.1145/2660267.2660348.
Stanley L. Warner. Randomized response: a survey technique for eliminating evasive answer bias. Journal of the American Statistical Association, 60(309):63–69, 1965. PMID: 12261830. URL: https://www.tandfonline.com/doi/abs/10.1080/01621459.1965.10480775, doi:10.1080/01621459.1965.10480775.
Tianhao Wang, Jeremiah Blocki, Ninghui Li, and Somesh Jha. Locally differentially private protocols for frequency estimation. In 26th USENIX Security Symposium (USENIX Security 17), 729–745. Vancouver, BC, August 2017. USENIX Association. URL: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-tianhao.
Cynthia Dwork. Differential privacy: a survey of results. Theory and Applications of Models of Computation, pages 1–19, 2008.
Martin Abadi, Andy Chu, Ian Goodfellow, H Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 308–318. 2016.
Zhiqi Bu, Vitaly Feldman, Shuang Hoory, Kunal Talwar, and Abhradeep Thakurta. Deep learning with gaussian differential privacy. In International Conference on Machine Learning. PMLR, 2022.
Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. Membership inference attacks against machine learning models. In IEEE Symposium on Security and Privacy. 2017.
Nicholas Carlini, Chang Liu, Úlfar Erlingsson, Jernej Kos, and Dawn Song. The secret sharer: measuring unintended neural memorization. In USENIX Security Symposium. 2019.
Adam Smith. Privacy‑preserving statistical estimation with optimal convergence rates. In Proceedings of the 43rd ACM Symposium on Theory of Computing (STOC), 813–822. ACM, 2011. URL: https://doi.org/10.1145/1993636.1993743, doi:10.1145/1993636.1993743.
Vishesh Karwa and Aleksandra B. Slavković. Inference using noisy degrees: differentially private β-model and synthetic graphs. The Annals of Statistics, 44(1):87–112, 2016. URL: https://doi.org/10.1214/15-AOS1374, doi:10.1214/15-AOS1374.
Or Sheffet. Differentially private ordinary least squares. In Doina Precup and Yee Whye Teh, editors, Proceedings of the 34th International Conference on Machine Learning (ICML), volume 70 of Proceedings of Machine Learning Research, 3105–3114. PMLR, Aug 2017. URL: https://proceedings.mlr.press/v70/sheffet17a.html, doi:10.5555/3305890.3306002.
Shiva P. Kasiviswanathan, Homin K. Lee, Kobbi Nissim, Sofya Raskhodnikova, and Adam Smith. What can we learn privately? SIAM Journal on Computing, 40(3):793–826, 2011. URL: https://doi.org/10.1137/090756090, doi:10.1137/090756090.
Peter Kairouz, Sewoong Oh, and Pramod Viswanath. The composition theorem for differential privacy. In Francis Bach and David Blei, editors, Proceedings of the 32nd International Conference on Machine Learning, volume 37 of Proceedings of Machine Learning Research, 1376–1385. Lille, France, July 2015. PMLR. URL: https://proceedings.mlr.press/v37/kairouz15.html.
Jason Reed and Benjamin C. Pierce. Distance makes the types grow stronger: a calculus for differential privacy. In Proceedings of the 15th ACM SIGPLAN International Conference on Functional Programming, ICFP '10, 157–168. New York, NY, USA, 2010. Association for Computing Machinery. URL: https://doi.org/10.1145/1863543.1863568, doi:10.1145/1863543.1863568.
Chiké Abuah, David Darais, and Joseph P. Near. Solo: a lightweight static analysis for differential privacy. Proc. ACM Program. Lang., October 2022. URL: https://doi.org/10.1145/3563313, doi:10.1145/3563313.
U.S. Census Bureau. Disclosure avoidance for the 2020 census: an introduction. Handbook, U.S. Government Publishing Office, Washington, DC, November 2021. URL: https://www2.census.gov/library/publications/decennial/2020/2020-census-disclosure-avoidance-handbook.pdf.
John M. Abowd, Robert Ashmead, Ryan Cumings-Menon, Simson Garfinkel, Micah Heineck, Christine Heiss, Robert Johns, Daniel Kifer, Philip Leclerc, Ashwin Machanavajjhala, Brett Moran, William Sexton, Matthew Spence, and Pavel Zhuravlev. The 2020 census disclosure avoidance system topdown algorithm. Working Paper CED-WP-2022-002, U.S. Census Bureau, April 2022. URL: https://arxiv.org/abs/2204.08986.
Jonathan Ullman. Privacy and data analysis: a research overview. ACM SIGACT News, 2020.