# Computing Over Distributed Sensitive Data Large amounts of data are being collected about individuals by a variety of organizations: government agencies, banks, hospitals, research institutions, privacy companies, etc. Many of these organizations collect similar data, or data about similar populations. Sharing this data between organizations could bring about many benefits in social, scientific, business, and security domains. For example, by sharing their data, hospitals and small clinics can obtain statistically significant results in cases where the individual datasets are otherwise too small. Unfortunately, much of the collected data is sensitive: it contains personal details about individuals or information that may damage an organization’s reputation and competitiveness. The sharing of data is hence often curbed for ethical, legal, or business reasons. This project develops a collection of tools that will enable the benefits of data sharing without requiring data owners to share their data. The techniques developed respect principles of data ownership and privacy requirement, and draw on recent scientific developments in privacy, cryptography, machine learning, computational statistics, program verification, and system security. The tools developed in this project will contribute to existing research and business infrastructure, and hence enable new ways to create value in information whose use would otherwise have been restricted. The project supports the development of new curricula material and trains a new generation of researchers and citizens with the multidisciplinary perspectives required to address the complex issues surrounding data privacy. This project is funded by grant [1565387](https://www.nsf.gov/awardsearch/showAward?AWD_ID=1565387) from the National Science Foundation to [Harvard University](https://www.nsf.gov/awardsearch/showAward?AWD_ID=1565387) and [SUNY at Buffalo](https://www.nsf.gov/awardsearch/showAward?AWD_ID=1565365). ### Personnel expand\_more [### Salil Vadhan ](/people/salil-vadhan)Principal Investigator Vicky Joseph Professor of Computer Science and Applied Mathematics, SEAS, Harvard ![salil-vadhan.jpg](/sites/g/files/omnuum6656/files/styles/hwp_4_5__690x865/public/privacytools/files/salil-vadhan.jpg?itok=Ba7yWYPB) [### Victor Balcer ](/people/victor-balcer)Undergraduate Researcher (REU Summer 2014) Graduate student, Theory of Computing Group ![photo-vb.jpeg](/sites/g/files/omnuum6656/files/styles/hwp_4_5__690x865/public/privacytools/files/photo-vb.jpeg?itok=Jwwh5Rh3) [### Stephen Chong ](/people/stephen-chong)Gordon McKay Professor of Computer Science, SEAS, Harvard Current Member of Datatags Team ![chong-jul13-01.jpg](/sites/g/files/omnuum6656/files/styles/hwp_4_5__690x865/public/privacytools/files/chong-jul13-01.jpg?itok=To9WDGtI) [### Marco Gaboardi ](/people/marco-gaboardi)Visiting Scholar, Center for Research on Computation & Society State University of New York at Buffalo Current Member of Datatags Team ![io.jpg](/sites/g/files/omnuum6656/files/styles/hwp_4_5__690x865/public/privacytools/files/io.jpg?itok=zB7vqRoi) [### Anitha Gollamudi ](/people/anitha-gollamudi)Graduate Student Researcher person [### James Honaker ](/people/james-honaker)Chief Privacy Engineer and Research Associate ![james-honaker.png](/sites/g/files/omnuum6656/files/styles/hwp_4_5__690x865/public/privacytools/files/james-honaker.png?itok=SB8yL2VQ) - Previous page chevron\_left - [1](?page=0 "Current page") - [2](?page=1 "Go to page 2") - [ Next page chevron\_right ](?page=1 "Go to next page") ### Publications expand\_more Download 21 citations download- [BibTeX](/bibcite/export?pager_style=standard_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_agenda%5D&taxonomy_filters%5Bfield_hwp_c_grants%5D%5B0%5D%5Btarget_id%5D=90296&taxonomy_filters%5Bfield_hwp_c_research1234567%5D&taxonomy_filters%5Bfield_hwp_c_presentations%5D&&&format=bibtex) - [EndNote X3 XML](/bibcite/export?pager_style=standard_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_agenda%5D&taxonomy_filters%5Bfield_hwp_c_grants%5D%5B0%5D%5Btarget_id%5D=90296&taxonomy_filters%5Bfield_hwp_c_research1234567%5D&taxonomy_filters%5Bfield_hwp_c_presentations%5D&&&format=endnote8) - [EndNote 7 XML](/bibcite/export?pager_style=standard_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_agenda%5D&taxonomy_filters%5Bfield_hwp_c_grants%5D%5B0%5D%5Btarget_id%5D=90296&taxonomy_filters%5Bfield_hwp_c_research1234567%5D&taxonomy_filters%5Bfield_hwp_c_presentations%5D&&&format=endnote7) - [Endnote tagged](/bibcite/export?pager_style=standard_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_agenda%5D&taxonomy_filters%5Bfield_hwp_c_grants%5D%5B0%5D%5Btarget_id%5D=90296&taxonomy_filters%5Bfield_hwp_c_research1234567%5D&taxonomy_filters%5Bfield_hwp_c_presentations%5D&&&format=tagged) - [Marc](/bibcite/export?pager_style=standard_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_agenda%5D&taxonomy_filters%5Bfield_hwp_c_grants%5D%5B0%5D%5Btarget_id%5D=90296&taxonomy_filters%5Bfield_hwp_c_research1234567%5D&taxonomy_filters%5Bfield_hwp_c_presentations%5D&&&format=marc) - [PubMedId](/bibcite/export?pager_style=standard_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_agenda%5D&taxonomy_filters%5Bfield_hwp_c_grants%5D%5B0%5D%5Btarget_id%5D=90296&taxonomy_filters%5Bfield_hwp_c_research1234567%5D&taxonomy_filters%5Bfield_hwp_c_presentations%5D&&&format=pubmed_id) - [RIS](/bibcite/export?pager_style=standard_pager&number_of_items=6&sort_field=bibcite_year--desc&taxonomy_filters%5Bfield_hwp_c_agenda%5D&taxonomy_filters%5Bfield_hwp_c_grants%5D%5B0%5D%5Btarget_id%5D=90296&taxonomy_filters%5Bfield_hwp_c_research1234567%5D&taxonomy_filters%5Bfield_hwp_c_presentations%5D&&&format=ris) ### 2021 Victor Balcer, Albert Cheu, Matthew Joseph, and Jieming Mao. 2021. “[Connecting Robust Shuffle Privacy and Pan-Privacy](/publications/connecting-robust-shuffle-privacy-and-pan-privacy)”. In In Proceedings of the 2021 ACM-SIAM Symposium on Discrete Algorithms (SODA), Pp. 2384-2403 Victor Balcer, Albert Cheu, Matthew Joseph, and Jieming Mao. 2021. “[Connecting Robust Shuffle Privacy and Pan-Privacy](/publications/connecting-robust-shuffle-privacy-and-pan-privacy)”. In In Proceedings of the 2021 ACM-SIAM Symposium on Discrete Algorithms (SODA), Pp. 2384-2403 - add\_circle\_outline do\_not\_disturb\_on Abstract - [ descriptionPublisher's Version](https://arxiv.org/abs/2004.09481) - [ picture\_as\_pdfARXIV.pdf](/sites/g/files/omnuum6656/files/privacytools/files/2004.09481v4.pdf) In the \emph{shuffle model} of differential privacy, data-holding users send randomized messages to a secure shuffler, the shuffler permutes the messages, and the resulting collection of messages must be differentially private with regard to user data. In... - [ descriptionPublisher's Version](https://arxiv.org/abs/2004.09481) - [ picture\_as\_pdfARXIV.pdf](/sites/g/files/omnuum6656/files/privacytools/files/2004.09481v4.pdf) ### 2020 Owen Arden, Anitha Gollamudi, Ethan Cecchetti, Stephen Chong, and Andrew C. Myers. 2020. “[A Calculus for Flow-Limited Authorization](/publications/calculus-flow-limited-authorization)”. Journal of Computer Security Owen Arden, Anitha Gollamudi, Ethan Cecchetti, Stephen Chong, and Andrew C. Myers. 2020. “[A Calculus for Flow-Limited Authorization](/publications/calculus-flow-limited-authorization)”. Journal of Computer Security - add\_circle\_outline do\_not\_disturb\_on Abstract - [ picture\_as\_pdfJCS 2020 Submitted.pdf](/sites/g/files/omnuum6656/files/privacytools/files/a_calculus_for_flow_limited_authorization.pdf) - [ picture\_as\_pdfCSF 2016.pdf](/sites/g/files/omnuum6656/files/privacytools/files/a_calculus_for_flow_sensitive_data_-_csf_2016.pdf) Real-world applications routinely make authorization decisions based on dynamic computation. Reasoning about dynamically computed authority is challenging. Integrity of the system might be compromised if attackers can improperly influence the authorizing... - [ picture\_as\_pdfJCS 2020 Submitted.pdf](/sites/g/files/omnuum6656/files/privacytools/files/a_calculus_for_flow_limited_authorization.pdf) - [ picture\_as\_pdfCSF 2016.pdf](/sites/g/files/omnuum6656/files/privacytools/files/a_calculus_for_flow_sensitive_data_-_csf_2016.pdf) Victor Balcer and Albert Cheu. 2020. “[Separating Local & Shuffled Differential Privacy via Histograms](/publications/separating-local-shuffled-differential-privacy-histograms-0)”. In In First Information-Theoretic Cryptography Conference (ITC) Victor Balcer and Albert Cheu. 2020. “[Separating Local & Shuffled Differential Privacy via Histograms](/publications/separating-local-shuffled-differential-privacy-histograms-0)”. In In First Information-Theoretic Cryptography Conference (ITC) - add\_circle\_outline do\_not\_disturb\_on Abstract - [ descriptionPublisher's Version](https://arxiv.org/abs/1911.06879) - [ picture\_as\_pdfARXIV.pdf](/sites/g/files/omnuum6656/files/privacytools/files/1911.06879v4.pdf) Recent work in differential privacy has highlighted the shuffled model as a promising avenue to compute accurate statistics while keeping raw data in users' hands. We present a protocol in this model that estimates histograms with error independent of the... - [ descriptionPublisher's Version](https://arxiv.org/abs/1911.06879) - [ picture\_as\_pdfARXIV.pdf](/sites/g/files/omnuum6656/files/privacytools/files/1911.06879v4.pdf) Benny Applebaum, Amos Beimel, Oded Nir, and Naty Peter. 2020. “[Better Secret-Sharing via Robust Conditional Disclosure of Secrets](/publications/better-secret-sharing-robust-conditional-disclosure-secrets)”. In 52nd ACM Symposium on Theory of Computing (To Appear - STOC 2020) Benny Applebaum, Amos Beimel, Oded Nir, and Naty Peter. 2020. “[Better Secret-Sharing via Robust Conditional Disclosure of Secrets](/publications/better-secret-sharing-robust-conditional-disclosure-secrets)”. In 52nd ACM Symposium on Theory of Computing (To Appear - STOC 2020) - add\_circle\_outline do\_not\_disturb\_on Abstract - [ descriptionPublisher's Version](https://eprint.iacr.org/2020/080) - [ picture\_as\_pdfePrint-Jan 2020.pdf](/sites/g/files/omnuum6656/files/privacytools/files/better_secret-sharing_via_robust_conditional_disclosure_of_secrets-2020-080.pdf) - [ picture\_as\_pdfePrint-May 2020.pdf](/sites/g/files/omnuum6656/files/privacytools/files/better_secret_sharing_-_eprint_may_2020.pdf) A secret-sharing scheme allows to distribute a secret s among n parties such that only some predefined “authorized” sets of parties can reconstruct the secret, and all other “unauthorized” sets learn nothing about *s*. The collection of authorized sets is... - [ descriptionPublisher's Version](https://eprint.iacr.org/2020/080) - [ picture\_as\_pdfePrint-Jan 2020.pdf](/sites/g/files/omnuum6656/files/privacytools/files/better_secret-sharing_via_robust_conditional_disclosure_of_secrets-2020-080.pdf) - [ picture\_as\_pdfePrint-May 2020.pdf](/sites/g/files/omnuum6656/files/privacytools/files/better_secret_sharing_-_eprint_may_2020.pdf) Victor Balcer and Albert Cheu. 2020. “[Separating Local & Shuffled Differential Privacy via Histograms](/publications/separating-local-shuffled-differential-privacy-histograms)”. In Information-Theoretic Cryptography (To Appear - ITC 2020) Victor Balcer and Albert Cheu. 2020. “[Separating Local & Shuffled Differential Privacy via Histograms](/publications/separating-local-shuffled-differential-privacy-histograms)”. In Information-Theoretic Cryptography (To Appear - ITC 2020) - add\_circle\_outline do\_not\_disturb\_on Abstract - [ descriptionPublisher's Version](https://arxiv.org/abs/1911.06879) - [ picture\_as\_pdfARXIV 2019.pdf](/sites/g/files/omnuum6656/files/privacytools/files/separating_local_shuffled_differential_privacy_via_histograms-1911.06879v4.pdf) Recent work in differential privacy has highlighted the shuffled model as a promising avenue to compute accurate statistics while keeping raw data in users’ hands. We present a protocol in this model that estimates histograms with error independent of... - [ descriptionPublisher's Version](https://arxiv.org/abs/1911.06879) - [ picture\_as\_pdfARXIV 2019.pdf](/sites/g/files/omnuum6656/files/privacytools/files/separating_local_shuffled_differential_privacy_via_histograms-1911.06879v4.pdf) Amos Beimel, Aleksandra Korolova, Kobbi Nissim, Or Sheffet, and Uri Stemmer. 2020. “[The Power of Synergy in Differential Privacy: Combining a Small Curator With Local Randomizers](/publications/power-synergy-differential-privacy-combining-small-curator-local)”. In Information-Theoretic Cryptography (To Appear - ITC 2020) Amos Beimel, Aleksandra Korolova, Kobbi Nissim, Or Sheffet, and Uri Stemmer. 2020. “[The Power of Synergy in Differential Privacy: Combining a Small Curator With Local Randomizers](/publications/power-synergy-differential-privacy-combining-small-curator-local)”. In Information-Theoretic Cryptography (To Appear - ITC 2020) - add\_circle\_outline do\_not\_disturb\_on Abstract - [ descriptionPublisher's Version](https://arxiv.org/abs/1912.08951) - [ picture\_as\_pdfARXIV 2019.pdf](/sites/g/files/omnuum6656/files/privacytools/files/the_power_synergy_in_differential_privacay.pdf) Motivated by the desire to bridge the utility gap between local and trusted curator modelsof differential privacy for practical applications, we initiate the theoretical study of a hybridmodel introduced by “Blender” \[Avent et al., USENIX Security ’17\]... - [ descriptionPublisher's Version](https://arxiv.org/abs/1912.08951) - [ picture\_as\_pdfARXIV 2019.pdf](/sites/g/files/omnuum6656/files/privacytools/files/the_power_synergy_in_differential_privacay.pdf) - Previous page chevron\_left - [1](?page=0%2C0 "Current page") - [2](?page=1%2C0 "Go to page 2") - [ Next page chevron\_right ](?page=1%2C0 "Go to next page")