The adoption of differential privacy is growing, but the complexity of designing private, efficient, and accurate algorithms is still high. We propose a novel programming framework and system, ϵ KTELO for implementing both existing and new privacy algorithms. For the task of answering linear counting queries, we show that nearly all existing algorithms can be composed from operators, each conforming to one of a small number of operator classes. While past programming frameworks have helped to ensure the privacy of programs, the novelty of our framework is its significant support for authoring accurate and efficient (as well as private) programs. After describing the design and architecture of the ϵ KTELO system, we show that ϵ KTELO is expressive, allows for safer implementations through code reuse, and allows both privacy novices and experts to easily design algorithms. We provide a number of novel implementation techniques to support the generality and scalability of ϵ KTELO operators. These include methods to automatically compute lossless reductions of the data representation, implicit matrices that avoid materialized state but still support computations, and iterative inference implementations that generalize techniques from the privacy literature. We demonstrate the utility of ϵ KTELO by designing several new state-of-the-art algorithms, most of which result from simple re-combinations of operators defined in the framework. We study the accuracy and scalability of ϵ KTELO plans in a thorough empirical evaluation.

中文翻译：

---

ϵ KTELO

差分隐私的采用正在增长，但设计私有、高效和准确算法的复杂性仍然很高。我们提出了一种新颖的编程框架和系统，εKTELO用于实现现有和新的隐私算法。对于回答线性计数查询的任务，我们表明几乎所有现有算法都可以由运算符组成，每个运算符都符合少数运算符类别之一。虽然过去的编程框架有助于确保程序的隐私，但我们框架的新颖之处在于它对编写准确和高效（以及私有）程序的重要支持。在描述了 ϵ 的设计和架构之后KTELO系统，我们证明了 ϵKTELO具有表现力，允许通过代码重用实现更安全的实现，并允许隐私新手和专家轻松设计算法。我们提供了许多新颖的实现技术来支持 ϵ 的通用性和可扩展性KTELO运营商。其中包括自动计算数据表示的无损缩减的方法、避免物化状态但仍支持计算的隐式矩阵，以及概括隐私文献中的技术的迭代推理实现。我们证明了 ϵ 的效用KTELO通过设计几个新的最先进的算法，其中大部分来自框架中定义的运算符的简单重新组合。我们研究 ϵ 的准确性和可扩展性KTELO计划进行彻底的实证评估。