Mitch Rudominer

Mitch Rudominer is a software engineer at Google, and a mathematician. Earlier in his career he was an Assistant Professor of Mathematics at Florida International University. His research interests are in Set Theory, particularly inner models for large cardinals and determinacy. Mitch holds a Ph.D. in Mathematics from UCLA.

Research Areas

Authored Publications
Google Publications
Other Publications
Sort By
  • Title
  • Title, descending
  • Year
  • Year, descending
    Prochlo: Strong Privacy for Analytics in the Crowd
    Andrea Bittau
    Úlfar Erlingsson
    Ilya Mironov
    Ananth Raghunathan
    David Lie
    Ushasree Kode
    Julien Tinnes
    Bernhard Seefeld
    Proceedings of the Symposium on Operating Systems Principles (SOSP)(2017), pp. 441-459
    Preview abstract The large-scale monitoring of computer users’ software activities has become commonplace, e.g., for application telemetry, error reporting, or demographic profiling. This paper describes a principled systems architecture—Encode, Shuffle, Analyze (ESA)—for performing such monitoring with high utility while also protecting user privacy. The ESA design, and its Prochlo implementation, are informed by our practical experiences with an existing, large deployment of privacy-preserving software monitoring. With ESA, the privacy of monitored users’ data is guaranteed by its processing in a three-step pipeline. First, the data is encoded to control scope, granularity, and randomness. Second, the encoded data is collected in batches subject to a randomized threshold, and blindly shuffled, to break linkability and to ensure that individual data items get “lost in the crowd” of the batch. Third, the anonymous, shuffled data is analyzed by a specific analysis engine that further prevents statistical inference attacks on analysis results. ESA extends existing best-practice methods for sensitive-data analytics, by using cryptography and statistical techniques to make explicit how data is elided and reduced in precision, how only common-enough, anonymous data is analyzed, and how this is done for only specific, permitted purposes. As a result, ESA remains compatible with the established workflows of traditional database analysis. Strong privacy guarantees, including differential privacy, can be established at each processing step to defend against malice or compromise at one or more of those steps. Prochlo develops new techniques to harden those steps, including the Stash Shuffle, a novel scalable and efficient oblivious-shuffling algorithm based on Intel’s SGX, and new applications of cryptographic secret sharing and blinding. We describe ESA and Prochlo, as well as experiments that validate their ability to balance utility and privacy. View details
    Inner model operators in L(R)
    Annals of Pure and Applied Logic, 101(2000), pp. 147-194
    Preview abstract In the context of AD, we study inner model operators M such that for a.e. d, there is a wellorder of M(d) in L(R). View details
    The Largest Countable Inductive Set is a Mouse Set
    The Journal of Symbolic Logic, 64(1999), pp. 443-459
    Preview abstract We show that the set of reals in the canonical inner model for the theory ZFC - Replacement + "There exists omega Woodin cardinals cofinal in the ordinals" is equal to the largest countable inductive set of reals. View details
    Mouse Sets
    Annals of Pure and Applied Logic, 87(1997), pp. 1-100
    Preview abstract We explore a connection between descriptive set theory and inner model theory. From descriptive set theory, we will take a countable, definable set of reals, A. We will then show that A = ℝ ∩ M, where M is a canonical model from inner model theory. In technical terms, M is a "mouse". Consequently, we say that A is a mouse set. View details