├── .bazelrc ├── .bazelversion ├── .clang-format ├── .github └── workflows │ ├── bazel.yml │ └── go.yml ├── .gitignore ├── BUILD ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── WORKSPACE ├── cc ├── .bazelrc ├── .bazelversion ├── BUILD ├── README.md ├── WORKSPACE.bazel ├── accounting │ ├── BUILD │ ├── README.md │ ├── accountant.cc │ ├── accountant.h │ ├── accountant_test.cc │ ├── common │ │ ├── BUILD │ │ ├── common.cc │ │ ├── common.h │ │ ├── common_test.cc │ │ ├── test_util.cc │ │ ├── test_util.h │ │ └── test_util_test.cc │ ├── convolution.cc │ ├── convolution.h │ ├── convolution_test.cc │ ├── example.cc │ ├── kiss_fft_wrapper.h │ ├── kiss_fft_wrapper_test.cc │ ├── kissfft │ │ └── BUILD.bazel │ ├── privacy_loss_distribution.cc │ ├── privacy_loss_distribution.h │ ├── privacy_loss_distribution_test.cc │ ├── privacy_loss_mechanism.cc │ ├── privacy_loss_mechanism.h │ └── privacy_loss_mechanism_test.cc ├── algorithms │ ├── BUILD │ ├── algorithm-stochastic-dp_test.cc │ ├── algorithm.h │ ├── algorithm_test.cc │ ├── approx-bounds-as-bounds-provider.h │ ├── approx-bounds-as-bounds-provider_test.cc │ ├── approx-bounds-provider.h │ ├── approx-bounds-provider_test.cc │ ├── approx-bounds.h │ ├── approx-bounds_test.cc │ ├── binary-search.h │ ├── binary-search_test.cc │ ├── bounded-algorithm.h │ ├── bounded-algorithm_test.cc │ ├── bounded-mean-ci-statistical_test.cc │ ├── bounded-mean.h │ ├── bounded-mean_test.cc │ ├── bounded-standard-deviation.h │ ├── bounded-standard-deviation_test.cc │ ├── bounded-sum.h │ ├── bounded-sum_test.cc │ ├── bounded-variance.h │ ├── bounded-variance_test.cc │ ├── bounds-provider.h │ ├── count.h │ ├── count_test.cc │ ├── distributions.cc │ ├── distributions.h │ ├── distributions_benchmark_test.cc │ ├── distributions_test.cc │ ├── gaussian-dp-calculator.cc │ ├── gaussian-dp-calculator.h │ ├── gaussian-dp-calculator_test.cc │ ├── internal │ │ ├── BUILD │ │ ├── bounded-mean-ci.cc │ │ ├── bounded-mean-ci.h │ │ ├── bounded-mean-ci_test.cc │ │ ├── clamped-calculation-without-bounds.h │ │ ├── clamped-calculation-without-bounds_test.cc │ │ ├── count-tree.cc │ │ ├── count-tree.h │ │ ├── count-tree_test.cc │ │ ├── gaussian-stddev-calculator.cc │ │ ├── gaussian-stddev-calculator.h │ │ └── gaussian-stddev-calculator_test.cc │ ├── numerical-mechanisms-testing.h │ ├── numerical-mechanisms-testing_test.cc │ ├── numerical-mechanisms.cc │ ├── numerical-mechanisms.h │ ├── numerical-mechanisms_test.cc │ ├── order-statistics.h │ ├── order-statistics_test.cc │ ├── partition-selection-testing.h │ ├── partition-selection.h │ ├── partition-selection_test.cc │ ├── quantile-tree.h │ ├── quantile-tree_test.cc │ ├── quantiles.h │ ├── quantiles_test.cc │ ├── rand.cc │ ├── rand.h │ ├── rand_test.cc │ ├── util.cc │ ├── util.h │ └── util_test.cc ├── base │ ├── BUILD │ ├── percentile.h │ ├── percentile_test.cc │ ├── status_macros.h │ ├── status_macros_test.cc │ └── testing │ │ ├── BUILD │ │ ├── proto_matchers.h │ │ ├── status_matchers.cc │ │ ├── status_matchers.h │ │ └── status_matchers_test.cc ├── cc_accounting_deps.bzl ├── cc_differential_privacy_deps.bzl ├── docs │ ├── algorithms │ │ ├── README.md │ │ ├── algorithm.md │ │ ├── approx-bounds.md │ │ ├── bounded-algorithm.md │ │ ├── bounded-mean.md │ │ ├── bounded-sum.md │ │ ├── bounded-variance.md │ │ ├── count.md │ │ └── quantiles.md │ ├── index.md │ └── protos.md ├── postgres │ ├── .bazelversion │ ├── BUILD │ ├── README.md │ ├── anon_func--1.0.0.sql │ ├── anon_func.cc │ ├── anon_func.control │ ├── docker │ │ ├── Dockerfile │ │ ├── README.md │ │ ├── docker-entrypoint-initdb.d │ │ │ └── init-permissions.sh │ │ └── postgresql.conf.sample │ ├── dp_func.cc │ ├── dp_func.h │ ├── dp_func_test.cc │ ├── fruiteaten.csv │ ├── install_extension.sh │ ├── postgres.BUILD │ └── shirts.csv ├── proto │ ├── BUILD │ ├── util.h │ └── util_test.cc └── testing │ ├── BUILD │ ├── README.md │ ├── density_estimation.h │ ├── density_estimation_test.cc │ ├── quantile_tree_dp_test.cc │ ├── sequence.h │ ├── sequence_test.cc │ ├── statistical_tests_utils.cc │ ├── statistical_tests_utils.h │ ├── statistical_tests_utils_test.cc │ ├── stochastic_tester.h │ └── stochastic_tester_test.cc ├── common_docs ├── Delta_For_Thresholding.pdf ├── Differential_Privacy_Computations_In_Data_Pipelines.pdf ├── Differentially_Private_Quantile_Trees.pdf ├── Privacy_Loss_Distributions.pdf ├── Secure_Noise_Generation.pdf ├── attack_model.md ├── confidence_intervals.md ├── partition_selection.md ├── partition_selection_playground.ipynb └── pre_thresholding.md ├── differential_privacy.md ├── differential_privacy_deps.bzl ├── examples ├── cc │ ├── .bazelrc │ ├── .bazelversion │ ├── BUILD │ ├── README.md │ ├── WORKSPACE.bazel │ ├── animals_and_carrots.cc │ ├── animals_and_carrots.csv │ ├── animals_and_carrots.h │ ├── animals_and_carrots_test.cc │ └── report_the_carrots.cc ├── go │ ├── README.md │ ├── data │ │ ├── day_data.csv │ │ ├── outliers_week_data.csv │ │ └── week_data.csv │ ├── go.mod │ ├── go.sum │ ├── img │ │ ├── partition_selection.png │ │ ├── sums_per_day.png │ │ ├── visits_per_day.png │ │ ├── visits_per_duration.png │ │ └── visits_per_hour.png │ ├── io_utils.go │ ├── main │ │ └── main.go │ ├── scenarios.go │ └── visit.go ├── java │ ├── .bazelversion │ ├── BUILD │ ├── ContributionBoundingUtils.java │ ├── CountVisitsPerDay.java │ ├── CountVisitsPerHour.java │ ├── IOUtils.java │ ├── InputFilePath.java │ ├── Main.java │ ├── README.md │ ├── RestaurantSchedule.java │ ├── SumRevenuePerDay.java │ ├── SumRevenuePerDayWithPreAggregation.java │ ├── Visit.java │ ├── VisitsForWeek.java │ ├── WORKSPACE.bazel │ ├── day_data.csv │ ├── img │ │ ├── counts_per_day.png │ │ ├── counts_per_hour.png │ │ ├── sum_per_day_w_preaggregation.png │ │ └── sums_per_day.png │ └── week_data.csv ├── pipelinedp4j │ ├── .bazelrc │ ├── .bazelversion │ ├── README.md │ ├── WORKSPACE.bazel │ ├── beam │ │ ├── pom.xml │ │ └── src │ │ │ └── main │ │ │ └── java │ │ │ └── com │ │ │ └── google │ │ │ └── privacy │ │ │ └── differentialprivacy │ │ │ └── pipelinedp4j │ │ │ └── examples │ │ │ ├── BUILD.bazel │ │ │ └── BeamExample.java │ ├── common │ │ ├── pom.xml │ │ └── src │ │ │ └── main │ │ │ └── java │ │ │ └── com │ │ │ └── google │ │ │ └── privacy │ │ │ └── differentialprivacy │ │ │ └── pipelinedp4j │ │ │ └── examples │ │ │ ├── BUILD.bazel │ │ │ ├── MovieMetrics.java │ │ │ └── MovieView.java │ ├── pom.xml │ └── spark │ │ ├── pom.xml │ │ └── src │ │ └── main │ │ └── java │ │ └── com │ │ └── google │ │ └── privacy │ │ └── differentialprivacy │ │ └── pipelinedp4j │ │ └── examples │ │ ├── BUILD.bazel │ │ ├── SparkDataFrameExample.java │ │ └── SparkExample.java └── zetasql │ ├── .bazelrc │ ├── .bazelversion │ ├── BUILD │ ├── README.md │ ├── WORKSPACE │ ├── codelab.md │ ├── data │ ├── day_data.csv │ ├── outliers_week_data.csv │ └── week_data.csv │ ├── execute_query.cc │ └── img │ ├── sums_per_day.png │ ├── visits_per_day.png │ ├── visits_per_duration.png │ └── visits_per_hour.png ├── experiments └── testers │ ├── README.md │ ├── cc │ ├── BUILD │ ├── WORKSPACE.bazel │ ├── create_samples_count.cc │ ├── create_samples_count.h │ ├── create_samples_mean.cc │ ├── create_samples_mean.h │ ├── create_samples_sum.cc │ ├── create_samples_sum.h │ ├── insufficient_noise_algorithms.cc │ ├── insufficient_noise_algorithms.h │ └── main.cc │ └── java │ ├── BUILD │ ├── StatisticalTester.java │ ├── StatisticalTesterCount.java │ ├── StatisticalTesterMean.java │ ├── StatisticalTesterSum.java │ ├── StatisticalUtils.java │ └── WORKSPACE.bazel ├── go ├── README.md ├── checks │ ├── checks.go │ └── checks_test.go ├── dpagg │ ├── aggregation_state.go │ ├── coders.go │ ├── count.go │ ├── count_confidence_interval_test.go │ ├── count_test.go │ ├── dpagg_test.go │ ├── helpers.go │ ├── helpers_test.go │ ├── mean.go │ ├── mean_confidence_interval_test.go │ ├── mean_test.go │ ├── quantiles.go │ ├── quantiles_test.go │ ├── select_partition.go │ ├── select_partition_test.go │ ├── standard_deviation.go │ ├── standard_deviation_test.go │ ├── sum.go │ ├── sum_confidence_interval_test.go │ ├── sum_test.go │ ├── variance.go │ └── variance_test.go ├── go.mod ├── go.sum ├── noise │ ├── gaussian_noise.go │ ├── gaussian_noise_test.go │ ├── laplace_noise.go │ ├── laplace_noise_test.go │ ├── noise.go │ ├── noise_test.go │ ├── secure_noise_math.go │ └── secure_noise_math_test.go ├── rand │ ├── rand.go │ └── rand_test.go └── stattestutils │ ├── stattestutils.go │ └── stattestutils_test.go ├── java ├── .bazelrc ├── .bazelversion ├── BUILD ├── README.md ├── WORKSPACE.bazel ├── dp_java_deps.bzl ├── dp_java_deps_preload.bzl ├── main │ └── com │ │ └── google │ │ └── privacy │ │ └── differentialprivacy │ │ ├── AggregationState.java │ │ ├── ApproximateBounds.java │ │ ├── BUILD │ │ ├── BoundedMean.java │ │ ├── BoundedQuantiles.java │ │ ├── BoundedSum.java │ │ ├── BoundedVariance.java │ │ ├── ConfidenceInterval.java │ │ ├── Count.java │ │ ├── DiscreteLaplaceNoise.java │ │ ├── DpPreconditions.java │ │ ├── GaussianNoise.java │ │ ├── LaplaceNoise.java │ │ ├── LongBoundedSum.java │ │ ├── Noise.java │ │ ├── PreAggSelectPartition.java │ │ ├── SamplingUtil.java │ │ ├── SecureNoiseMath.java │ │ ├── TestNoiseFactory.java │ │ ├── ZeroNoise.java │ │ └── testing │ │ ├── BUILD │ │ ├── ReferenceNoiseUtil.java │ │ ├── StatisticalTestsUtil.java │ │ └── VotingUtil.java ├── maven_install.json ├── pom.template └── tests │ └── com │ └── google │ └── privacy │ └── differentialprivacy │ ├── AllTests.java │ ├── ApproximateBoundsBuilderTest.java │ ├── ApproximateBoundsTest.java │ ├── BUILD │ ├── BoundedMeanBuilderTest.java │ ├── BoundedMeanConfidenceIntervalTest.java │ ├── BoundedMeanTest.java │ ├── BoundedQuantilesBuilderTest.java │ ├── BoundedQuantilesConfidenceIntervalTest.java │ ├── BoundedQuantilesTest.java │ ├── BoundedSumBiasTest.java │ ├── BoundedSumBuilderTest.java │ ├── BoundedSumConfidenceIntervalTest.java │ ├── BoundedSumTest.java │ ├── BoundedVarianceBuilderTest.java │ ├── BoundedVarianceTest.java │ ├── CountBiasTest.java │ ├── CountBuilderTest.java │ ├── CountConfidenceIntervalTest.java │ ├── CountTest.java │ ├── DiscreteLaplaceNoiseTest.java │ ├── GaussianNoiseConfidenceIntervalTest.java │ ├── GaussianNoiseQuantileTest.java │ ├── GaussianNoiseTest.java │ ├── LaplaceNoiseConfidenceIntervalTest.java │ ├── LaplaceNoiseQuantileTest.java │ ├── LaplaceNoiseTest.java │ ├── LongBoundedSumBiasTest.java │ ├── LongBoundedSumBuilderTest.java │ ├── LongBoundedSumConfidenceIntervalTest.java │ ├── LongBoundedSumTest.java │ ├── PreAggSelectPartitionTest.java │ ├── SamplingUtilTest.java │ ├── SecureNoiseMathTest.java │ ├── statistical │ ├── ApproximateBoundsDpTest.java │ ├── BUILD │ ├── BoundedMeanDpTest.java │ ├── BoundedQuantilesDpTest.java │ ├── BoundedSumDpTest.java │ ├── BoundedVarianceDpTest.java │ ├── CountDpTest.java │ ├── GaussianClosenessTest.java │ ├── LaplaceClosenessTest.java │ └── LongBoundedSumDpTest.java │ └── testing │ ├── ApproximateBoundsDpTestCasesValidityTest.java │ ├── BUILD │ ├── BoundedMeanDpTestCasesValidityTest.java │ ├── BoundedQuantilesDpTestCasesValidityTest.java │ ├── BoundedStdvDpTestCasesValidityTest.java │ ├── BoundedSumDpTestCasesValidityTest.java │ ├── CountDpTestCasesValidityTest.java │ ├── GaussianClosenessTestCasesValidityTest.java │ ├── LaplaceClosenessTestCasesValidityTest.java │ ├── LongBoundedSumDpTestCasesValidityTest.java │ ├── ReferenceNoiseUtilTest.java │ └── StatisticalTestsUtilTest.java ├── learning ├── .bazelversion ├── BUILD.bazel ├── MODULE.bazel ├── WORKSPACE ├── clustering │ ├── BUILD.bazel │ ├── README.md │ ├── __init__.py │ ├── central_privacy_utils.py │ ├── central_privacy_utils_test.py │ ├── clustering_algorithm.py │ ├── clustering_algorithm_test.py │ ├── clustering_params.py │ ├── clustering_params_test.py │ ├── coreset_params.py │ ├── coreset_params_test.py │ ├── default_clustering_params.py │ ├── default_clustering_params_test.py │ ├── demo │ │ ├── BUILD.bazel │ │ ├── __init__.py │ │ ├── clustering_demo.py │ │ ├── data_generation.py │ │ └── data_generation_test.py │ ├── lsh.py │ ├── lsh_test.py │ ├── lsh_tree.py │ ├── lsh_tree_test.py │ ├── plots │ │ ├── MNIST-embed_vary_k_loss.png │ │ ├── Synthetic_vary_k_loss.png │ │ ├── UCI-emissions_vary_k_loss.png │ │ └── UCI-letter_vary_k_loss.png │ ├── privacy_calculator.py │ ├── privacy_calculator_test.py │ ├── private_outputs.py │ ├── private_outputs_test.py │ └── test_utils.py ├── requirements.txt ├── requirements_lock.txt └── setup.py ├── pipelinedp4j ├── .bazelrc ├── .bazelversion ├── BUILD.bazel ├── README.md ├── WORKSPACE.bazel ├── main │ └── com │ │ └── google │ │ └── privacy │ │ └── differentialprivacy │ │ └── pipelinedp4j │ │ ├── api │ │ ├── AggregationBuilder.kt │ │ ├── AggregationSpec.kt │ │ ├── BUILD.bazel │ │ ├── BeamApi.kt │ │ ├── BudgetSpec.kt │ │ ├── ColumnsNames.kt │ │ ├── ContributionBoundingLevel.kt │ │ ├── ContributionBounds.kt │ │ ├── Extractors.kt │ │ ├── GroupsBalance.kt │ │ ├── GroupsType.kt │ │ ├── LocalApi.kt │ │ ├── NoiseKind.kt │ │ ├── Query.kt │ │ ├── QueryPerGroupResult.kt │ │ ├── SparkApi.kt │ │ ├── SparkDataFrameApi.kt │ │ ├── TestMode.kt │ │ ├── ValueAggregationsBuilder.kt │ │ └── VectorAggregationsBuilder.kt │ │ ├── beam │ │ ├── BUILD.bazel │ │ ├── BeamCollection.kt │ │ ├── BeamDpEngineFactory.kt │ │ ├── BeamEncoders.kt │ │ └── BeamTable.kt │ │ ├── core │ │ ├── BUILD.bazel │ │ ├── Combiners.kt │ │ ├── ComputationalGraph.kt │ │ ├── ContributionSampler.kt │ │ ├── CoreTypes.kt │ │ ├── DataExtractors.kt │ │ ├── DpEngine.kt │ │ ├── DpFunctionsParams.kt │ │ ├── Encoders.kt │ │ ├── FrameworkCollection.kt │ │ ├── FrameworkTable.kt │ │ ├── NoPrivacySampler.kt │ │ ├── PartitionAndPerPartitionSampler.kt │ │ ├── PartitionSampler.kt │ │ ├── PerPartitionContributionsSampler.kt │ │ ├── PrivatePartitions.kt │ │ ├── PublicPartitions.kt │ │ └── budget │ │ │ ├── AllocatedBudget.kt │ │ │ ├── BUILD.bazel │ │ │ ├── BudgetAccountant.kt │ │ │ └── BudgetSpec.kt │ │ ├── dplibrary │ │ ├── BUILD.bazel │ │ ├── NoiseFactories.kt │ │ └── PreAggregationPartitionSelectionFactory.kt │ │ ├── local │ │ ├── BUILD.bazel │ │ ├── LocalCollection.kt │ │ ├── LocalDpEngineFactory.kt │ │ ├── LocalEncoderFactory.kt │ │ └── LocalTable.kt │ │ ├── proto │ │ ├── BUILD.bazel │ │ ├── accumulators.proto │ │ └── dpaggregates.proto │ │ └── spark │ │ ├── BUILD.bazel │ │ ├── SparkCollection.kt │ │ ├── SparkDpEngineFactory.kt │ │ ├── SparkEncoders.kt │ │ └── SparkTable.kt ├── pom.template └── tests │ └── com │ └── google │ └── privacy │ └── differentialprivacy │ └── pipelinedp4j │ ├── api │ ├── ApiTests.kt │ ├── BUILD.bazel │ ├── BeamApiTest.kt │ ├── LocalApiTest.kt │ ├── SparkApiTest.kt │ ├── SparkDataFrameApiTest.kt │ └── TestDataRow.kt │ ├── beam │ ├── BUILD.bazel │ ├── BeamCollectionTest.kt │ ├── BeamEncodersTest.kt │ ├── BeamTableTest.kt │ └── BeamTests.kt │ ├── core │ ├── BUILD.bazel │ ├── CompoundCombinerTest.kt │ ├── CoreTests.kt │ ├── CountCombinerTest.kt │ ├── DataExtractorsTest.kt │ ├── DpEngineTest.kt │ ├── DpEngineTestFactory.kt │ ├── DpFunctionsParamsTest.kt │ ├── EndToEndTest.kt │ ├── ExactPrivacyIdCountCombinerTest.kt │ ├── MeanCombinerTest.kt │ ├── NoPrivacySamplerTest.kt │ ├── PartitionAndPerPartitionSamplerTest.kt │ ├── PartitionSamplerTest.kt │ ├── PartitionSamplerWithoutValuesTest.kt │ ├── PerPartitionContributionsSamplerTest.kt │ ├── PostAggregationPartitionSelectionCombinerTest.kt │ ├── PrivacyIdCombinerTest.kt │ ├── PrivatePartitionsComputationalGraphTest.kt │ ├── PrivatePartitionsTest.kt │ ├── PublicPartitionsComputationalGraphTest.kt │ ├── PublicPartitionsTest.kt │ ├── QuantilesCombinerTest.kt │ ├── SelectPartitionsComputationalGraphTest.kt │ ├── SumCombinerTest.kt │ ├── TestDataTypes.kt │ ├── VarianceCombinerTest.kt │ ├── VectorSumCombinerTest.kt │ └── budget │ │ ├── AbsoluteBudgetPerOpSpecTest.kt │ │ ├── BUILD.bazel │ │ ├── BudgetTests.kt │ │ ├── NaiveBudgetAccountantTest.kt │ │ ├── RelativeBudgetPerOpSpecTest.kt │ │ └── TotalBudgetTest.kt │ ├── local │ ├── BUILD.bazel │ ├── LocalCollectionTest.kt │ ├── LocalFrameworkTests.kt │ └── LocalTableTest.kt │ └── spark │ ├── BUILD.bazel │ ├── SparkCollectionTest.kt │ ├── SparkEncodersTest.kt │ ├── SparkTableTest.kt │ └── SparkTests.kt ├── privacy-on-beam ├── README.md ├── codelab │ ├── README.md │ ├── count.go │ ├── main │ │ ├── day_data.csv │ │ ├── main.go │ │ └── utils.go │ ├── mean.go │ ├── multiple.go │ ├── public_partitions.go │ ├── sum.go │ └── visit.go ├── docs │ └── Tolerance_Calculation.pdf ├── go.mod ├── go.sum ├── internal │ ├── generated │ │ └── generated_functions.go │ ├── kv │ │ ├── kv.go │ │ └── kv_test.go │ └── testoption │ │ └── testoption.go ├── pbeam │ ├── aggregations.go │ ├── aggregations_test.go │ ├── coders.go │ ├── count.go │ ├── count_test.go │ ├── distinct_id.go │ ├── distinct_id_test.go │ ├── distinct_per_key.go │ ├── distinct_per_key_test.go │ ├── example_pbeamtest_test.go │ ├── example_test.go │ ├── mean.go │ ├── mean_test.go │ ├── no_noise.go │ ├── pardo.go │ ├── pardo_test.go │ ├── pbeam.go │ ├── pbeam_main_test.go │ ├── pbeam_test.go │ ├── pbeamtest │ │ ├── pbeamtest.go │ │ └── pbeamtest_test.go │ ├── public_partitions.go │ ├── public_partitions_test.go │ ├── quantiles.go │ ├── quantiles_test.go │ ├── select_partitions.go │ ├── select_partitions_test.go │ ├── sum.go │ ├── sum_test.go │ ├── testutils │ │ ├── testutils.go │ │ └── testutils_test.go │ ├── variance.go │ └── variance_test.go └── testdata │ ├── test.pb.go │ └── test.proto ├── proto ├── BUILD ├── accounting │ ├── BUILD │ └── privacy-loss-distribution.proto ├── confidence-interval.proto ├── data.proto ├── numerical-mechanism.proto ├── summary.proto └── testing │ ├── BUILD │ ├── approximate_bounds_dp_test_cases.textproto │ ├── bounded_mean_dp_test_cases.textproto │ ├── bounded_quantiles_dp_test_cases.textproto │ ├── bounded_stdv_dp_test_cases.textproto │ ├── bounded_sum_dp_test_cases.textproto │ ├── count_dp_test_cases.textproto │ ├── gaussian_closeness_test_cases.textproto │ ├── laplace_closeness_test_cases.textproto │ ├── long_bounded_sum_dp_test_cases.textproto │ └── statistical_tests.proto ├── python ├── dp_accounting │ ├── .bazelversion │ ├── BUILD.bazel │ ├── MODULE.bazel │ ├── README.md │ ├── VERSION │ ├── WORKSPACE │ ├── dp_accounting │ │ ├── BUILD.bazel │ │ ├── __init__.py │ │ ├── dp_event.py │ │ ├── dp_event_builder.py │ │ ├── dp_event_builder_test.py │ │ ├── dp_event_test.py │ │ ├── mechanism_calibration.py │ │ ├── mechanism_calibration_test.py │ │ ├── pld │ │ │ ├── BUILD.bazel │ │ │ ├── __init__.py │ │ │ ├── accountant.py │ │ │ ├── accountant_test.py │ │ │ ├── common.py │ │ │ ├── common_test.py │ │ │ ├── pld_pmf.py │ │ │ ├── pld_pmf_test.py │ │ │ ├── pld_privacy_accountant.py │ │ │ ├── pld_privacy_accountant_test.py │ │ │ ├── privacy_loss_distribution.py │ │ │ ├── privacy_loss_distribution_basic_example.py │ │ │ ├── privacy_loss_distribution_test.py │ │ │ ├── privacy_loss_mechanism.py │ │ │ ├── privacy_loss_mechanism_test.py │ │ │ ├── test_util.py │ │ │ └── test_util_test.py │ │ ├── privacy_accountant.py │ │ ├── privacy_accountant_test.py │ │ └── rdp │ │ │ ├── BUILD.bazel │ │ │ ├── __init__.py │ │ │ ├── rdp_privacy_accountant.py │ │ │ └── rdp_privacy_accountant_test.py │ ├── requirements.txt │ ├── requirements_lock.txt │ └── setup.py └── dp_auditorium │ ├── .bazelversion │ ├── BUILD.bazel │ ├── MODULE.bazel │ ├── README.md │ ├── VERSION │ ├── WORKSPACE │ ├── dp_auditorium │ ├── BUILD.bazel │ ├── __init__.py │ ├── configs │ │ ├── BUILD.bazel │ │ ├── __init__.py │ │ ├── dataset_generator_config.py │ │ ├── mechanism_config.py │ │ ├── privacy_property.py │ │ ├── privacy_test_runner_config.py │ │ └── property_tester_config.py │ ├── examples │ │ ├── BUILD.bazel │ │ ├── pipelinedp_mean_mechanism_example.ipynb │ │ ├── run_mean_mechanism_example.ipynb │ │ ├── run_mean_mechanism_example.py │ │ └── run_mean_mechanism_example_test.py │ ├── generators │ │ ├── BUILD.bazel │ │ ├── __init__.py │ │ ├── classification_dataset_generator.py │ │ ├── classification_dataset_generator_test.py │ │ ├── constant_dataset_generator.py │ │ ├── constant_dataset_generator_test.py │ │ ├── pipeline_dp_vizier_dataset_generator.py │ │ ├── pipeline_dp_vizier_dataset_generator_test.py │ │ ├── vizier_dataset_generator.py │ │ └── vizier_dataset_generator_test.py │ ├── interfaces.py │ ├── mechanisms │ │ ├── BUILD.bazel │ │ ├── __init__.py │ │ ├── mean.py │ │ ├── mean_test.py │ │ ├── mechanisms_utils.py │ │ ├── noisy_max.py │ │ ├── noisy_max_test.py │ │ ├── pipeline_dp │ │ │ ├── aggregation.py │ │ │ └── aggregation_test.py │ │ ├── sparse_vector_technique.py │ │ └── sparse_vector_technique_test.py │ ├── privacy_test_runner.py │ ├── privacy_test_runner_test.py │ └── testers │ │ ├── BUILD.bazel │ │ ├── __init__.py │ │ ├── divergence_tester.py │ │ ├── divergence_tester_test.py │ │ ├── histogram_tester.py │ │ ├── histogram_tester_test.py │ │ ├── hockey_stick_tester.py │ │ ├── hockey_stick_tester_test.py │ │ ├── mmd_tester.py │ │ ├── mmd_tester_test.py │ │ ├── property_tester_utils.py │ │ ├── property_tester_utils_test.py │ │ ├── renyi_tester.py │ │ └── renyi_tester_test.py │ ├── requirements.in │ ├── requirements.txt │ └── setup.py └── third_party └── cephes ├── BUILD ├── LICENSE ├── inverse_gaussian_cdf.cc ├── inverse_gaussian_cdf.h └── inverse_gaussian_cdf_test.cc /.bazelrc: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2023 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Platform specific compiler flags 18 | build --enable_platform_specific_config 19 | build:linux --copt="-Wno-sign-compare" --cxxopt="-std=c++17" 20 | build:macos --copt="-Wno-sign-compare" --cxxopt="-std=c++17" 21 | build:windows --copt="/wd4244" --cxxopt="/std:c++17" 22 | -------------------------------------------------------------------------------- /.bazelversion: -------------------------------------------------------------------------------- 1 | 7.5.0 2 | -------------------------------------------------------------------------------- /.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | Language: Cpp 3 | BasedOnStyle: Google 4 | SortIncludes: false 5 | ... 6 | -------------------------------------------------------------------------------- /.github/workflows/go.yml: -------------------------------------------------------------------------------- 1 | name: Go 2 | 3 | on: 4 | push: 5 | branches-ignore: 6 | # Version 1.0 does not work with the "go" tool properly. 7 | - "1.0" 8 | pull_request: 9 | branches-ignore: 10 | # Version 1.0 does not work with the "go" tool properly. 11 | - "1.0" 12 | workflow_dispatch: 13 | 14 | jobs: 15 | 16 | build: 17 | runs-on: ubuntu-latest 18 | timeout-minutes: 15 19 | steps: 20 | - uses: actions/checkout@v2 21 | 22 | - name: Set up Go 23 | uses: actions/setup-go@v2 24 | with: 25 | go-version: 1.22 26 | 27 | - name: Build go 28 | run: go build -mod=mod -v ./... 29 | working-directory: ./go 30 | 31 | - name: Test go 32 | run: go test -mod=mod -v ./... 33 | working-directory: ./go 34 | 35 | - name: Build examples/go 36 | run: go build -mod=mod -v ./... 37 | working-directory: ./examples/go 38 | 39 | - name: Build privacy-on-beam 40 | run: go build -mod=mod -v ./... 41 | working-directory: ./privacy-on-beam 42 | 43 | - name: Test privacy-on-beam 44 | run: go test -mod=mod -v ./... 45 | working-directory: ./privacy-on-beam 46 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/bazel-bin 2 | **/bazel-java 3 | **/bazel-out 4 | **/bazel-testlogs 5 | -------------------------------------------------------------------------------- /BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | """ Additional bazel imports for differential privacy library """ 18 | 19 | exports_files([ 20 | "differential_privacy_deps.bzl", 21 | ]) 22 | -------------------------------------------------------------------------------- /WORKSPACE: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | """ Workspace for Open Source differential privacy library """ 18 | 19 | workspace(name = "com_google_differential_privacy") 20 | 21 | # Differential privacy library dependencies. 22 | load(":differential_privacy_deps.bzl", "differential_privacy_deps") 23 | differential_privacy_deps() 24 | 25 | # Protobuf transitive dependencies. 26 | load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") 27 | protobuf_deps() 28 | -------------------------------------------------------------------------------- /cc/.bazelrc: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Platform specific compiler flags 18 | build --enable_platform_specific_config 19 | build:linux --copt="-Wno-sign-compare" --cxxopt="-std=c++17" 20 | build:macos --copt="-Wno-sign-compare" --cxxopt="-std=c++17" 21 | build:windows --copt="/wd4244" --cxxopt="/std:c++17" 22 | -------------------------------------------------------------------------------- /cc/.bazelversion: -------------------------------------------------------------------------------- 1 | 7.5.0 2 | -------------------------------------------------------------------------------- /cc/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | """ Additional bazel imports for differential privacy library """ 18 | 19 | exports_files([ 20 | "cc_differential_privacy_deps.bzl", 21 | "cc_accounting_deps.bzl", 22 | ]) 23 | -------------------------------------------------------------------------------- /cc/README.md: -------------------------------------------------------------------------------- 1 | ## Differential Privacy library in C++ 2 | 3 | This is the C++ implementation of the differential privacy library. For general 4 | details and key definitions, see the top-level documentation. 5 | This document describes C++-specific aspects. 6 | 7 | ## How to Use 8 | 9 | Full documentation on how to use the library is in the 10 | [cpp/docs](https://github.com/google/differential-privacy/tree/main/cc/docs) 11 | subdirectory. Here's a minimal example showing how to compute the count of some 12 | data: 13 | 14 | ``` 15 | #include "algorithms/count.h" 16 | 17 | // Epsilon is a configurable parameter. A lower value means more privacy but 18 | // less accuracy. 19 | int64_t count(const std::vector& values, double epsilon) { 20 | // Construct the Count object to run on double inputs. 21 | std::unique_ptr> count = 22 | differential_privacy::Count::Builder().SetEpsilon(epsilon) 23 | .Build() 24 | .ValueOrDie(); 25 | 26 | // Compute the count and get the result. 27 | absl::StatusOr result = 28 | count->Result(values.begin(), values.end()); 29 | if (!result.ok()) { 30 | return 0; 31 | } 32 | 33 | // GetValue can be used to extract the value from an Output protobuf. For 34 | // count, this is always an int64_t value. 35 | return differential_privacy::GetValue(result.ValueOrDie()); 36 | } 37 | ``` 38 | 39 | We also include the following example code: 40 | - A [tool for releasing epsilon-DP aggregate statistics](https://github.com/google/differential-privacy/tree/main/examples/cc/). 41 | - A [PostgreSQL extension](https://github.com/google/differential-privacy/tree/main/cc/postgres) 42 | that adds epsilon-DP aggregate functions. 43 | 44 | 45 | -------------------------------------------------------------------------------- /cc/WORKSPACE.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | """ Workspace for Open Source differential privacy library """ 18 | 19 | workspace(name = "com_google_cc_differential_privacy") 20 | 21 | local_repository( 22 | name = "com_google_differential_privacy", 23 | path = "..", 24 | ) 25 | 26 | # Load dependencies for the base workspace. 27 | load("@com_google_differential_privacy//:differential_privacy_deps.bzl", "differential_privacy_deps") 28 | differential_privacy_deps() 29 | 30 | # Differential privacy library dependencies. 31 | load(":cc_differential_privacy_deps.bzl", "cc_differential_privacy_deps") 32 | cc_differential_privacy_deps() 33 | 34 | # Skylib setup. 35 | load("@bazel_skylib//:workspace.bzl", "bazel_skylib_workspace") 36 | bazel_skylib_workspace() 37 | 38 | # Protobuf transitive dependencies. 39 | load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") 40 | protobuf_deps() 41 | 42 | # Allows us to take source-dependencies on non-bazelified packages. 43 | load("@rules_foreign_cc//foreign_cc:repositories.bzl", "rules_foreign_cc_dependencies") 44 | rules_foreign_cc_dependencies() 45 | 46 | # Accounting dependencies. 47 | load(":cc_accounting_deps.bzl", "cc_accounting_deps") 48 | cc_accounting_deps() 49 | 50 | load("@com_github_nelhage_rules_boost//:boost/boost.bzl", "boost_deps") 51 | boost_deps() 52 | -------------------------------------------------------------------------------- /cc/accounting/README.md: -------------------------------------------------------------------------------- 1 | # Differential Privacy Accounting 2 | 3 | This directory contains tools for tracking differential privacy budgets, 4 | available as part of the 5 | [Google differential privacy library](https://github.com/google/differential-privacy). 6 | Currently, it provides an implementation of Privacy Loss Distributions (PLDs) 7 | which can help compute an accurate estimate of the total ε, δ across multiple 8 | executions of differentially private aggregations. Our implementation currently 9 | supports Laplace mechanisms, Gaussian mechanisms and randomized response. More 10 | detailed definitions and references can be found 11 | [in our supplementary pdf document](https://github.com/google/differential-privacy/tree/main/common_docs/Privacy_Loss_Distributions.pdf). 12 | 13 | ## Examples 14 | 15 | We provide basic examples on how to use the library in example.cc. 16 | 17 | ### Run via Bazel 18 | 19 | For running the example using Bazel, you need to have 20 | [Bazel installed](https://docs.bazel.build/versions/main/install.html). 21 | Once that is done, run: 22 | ``` 23 | bazel build :all 24 | bazel run :example 25 | ``` 26 | 27 | ### Common Issues 28 | The current version of the library is not supported on Windows. 29 | -------------------------------------------------------------------------------- /cc/accounting/common/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | package( 17 | default_visibility = ["//visibility:public"], 18 | ) 19 | 20 | cc_library( 21 | name = "common", 22 | srcs = ["common.cc"], 23 | hdrs = ["common.h"], 24 | deps = [ 25 | "@com_google_absl//absl/container:flat_hash_map", 26 | "@com_google_absl//absl/functional:function_ref", 27 | "@com_google_absl//absl/status", 28 | "@com_google_absl//absl/status:statusor", 29 | "@com_google_absl//absl/strings:str_format", 30 | "@com_google_cc_differential_privacy//base:status_macros", 31 | ], 32 | ) 33 | 34 | cc_test( 35 | name = "common_test", 36 | srcs = ["common_test.cc"], 37 | deps = [ 38 | ":common", 39 | "//base/testing:status_matchers", 40 | "@com_google_absl//absl/status", 41 | "@com_google_absl//absl/status:statusor", 42 | "@com_google_googletest//:gtest_main", 43 | ], 44 | ) 45 | 46 | cc_library( 47 | name = "test_util", 48 | testonly = 1, 49 | srcs = ["test_util.cc"], 50 | hdrs = ["test_util.h"], 51 | deps = [ 52 | ":common", 53 | "@com_google_googletest//:gtest_main", 54 | ], 55 | ) 56 | 57 | cc_test( 58 | name = "test_util_test", 59 | srcs = [ 60 | "test_util_test.cc", 61 | ], 62 | deps = [ 63 | ":common", 64 | ":test_util", 65 | "@com_google_googletest//:gtest_main", 66 | ], 67 | ) 68 | -------------------------------------------------------------------------------- /cc/accounting/common/test_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef DIFFERENTIAL_PRIVACY_CPP_ACCOUNTING_COMMON_TEST_UTIL_H_ 16 | #define DIFFERENTIAL_PRIVACY_CPP_ACCOUNTING_COMMON_TEST_UTIL_H_ 17 | 18 | #include "gmock/gmock.h" 19 | #include "accounting/common/common.h" 20 | 21 | namespace differential_privacy { 22 | namespace accounting { 23 | 24 | // Matches a given PMF if it is nearly equal to expected. Probabilities masses 25 | // are allowed to be within max_error. (This also means that unexpected outcomes 26 | // can be in PMF as long as its mass is no more than max_error.) 27 | ::testing::Matcher PMFIsNear( 28 | const ProbabilityMassFunction& expected_pmf, const double max_error); 29 | } // namespace accounting 30 | } // namespace differential_privacy 31 | 32 | #endif // DIFFERENTIAL_PRIVACY_CPP_ACCOUNTING_COMMON_TEST_UTIL_H_ 33 | -------------------------------------------------------------------------------- /cc/accounting/kissfft/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | load("@rules_foreign_cc//foreign_cc:defs.bzl", "cmake") 17 | 18 | licenses(["notice"]) 19 | 20 | package(default_visibility = ["//visibility:public"]) 21 | 22 | cmake( 23 | name = "kissfft", 24 | generate_args = [ 25 | # See README of kissfft package for explanations of each flag. 26 | "-DKISSFFT_DATATYPE=double", 27 | "-DKISSFFT_STATIC=ON", 28 | "-DKISSFFT_TEST=OFF", 29 | "-DKISSFFT_TOOLS=OFF", 30 | ], 31 | lib_source = "@kissfft//:all", 32 | out_static_libs = ["libkissfft-double.a"], 33 | ) 34 | -------------------------------------------------------------------------------- /cc/algorithms/gaussian-dp-calculator.cc: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2022 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | #include "algorithms/gaussian-dp-calculator.h" 18 | 19 | #include "algorithms/internal/gaussian-stddev-calculator.h" 20 | 21 | namespace differential_privacy { 22 | 23 | // Implemented as a wrapper for the internal function. 24 | double CalculateDeltaForGaussianStddev(double epsilon, double l2_sensitivity, 25 | double stddev) { 26 | return internal::CalculateDeltaForGaussianStddev(epsilon, l2_sensitivity, 27 | stddev); 28 | } 29 | 30 | } // namespace differential_privacy 31 | -------------------------------------------------------------------------------- /cc/algorithms/gaussian-dp-calculator.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2022 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | #ifndef DIFFERENTIAL_PRIVACY_CPP_ALGORITHMS_GAUSSIAN_DP_CALCULATOR_H_ 18 | #define DIFFERENTIAL_PRIVACY_CPP_ALGORITHMS_GAUSSIAN_DP_CALCULATOR_H_ 19 | 20 | namespace differential_privacy { 21 | 22 | // Returns the delta for a Gaussian mechanism with the given standard deviation 23 | // and the given epsilon and l2 sensitivity. 24 | double CalculateDeltaForGaussianStddev(double epsilon, double l2_sensitivity, 25 | double stddev); 26 | 27 | } // namespace differential_privacy 28 | 29 | #endif // DIFFERENTIAL_PRIVACY_CPP_ALGORITHMS_GAUSSIAN_DP_CALCULATOR_H_ 30 | -------------------------------------------------------------------------------- /cc/algorithms/gaussian-dp-calculator_test.cc: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2022 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | #include "algorithms/gaussian-dp-calculator.h" 18 | 19 | #include "gmock/gmock.h" 20 | #include "gtest/gtest.h" 21 | 22 | namespace differential_privacy { 23 | namespace { 24 | 25 | using ::testing::Gt; 26 | 27 | TEST(GaussianDpCalculatorTest, 28 | CalculateDeltaForGaussianStddevReturnsPositiveValue) { 29 | const double epsilon = std::log(3); 30 | const double l2_sensitivity = 5.2; 31 | const double stddev = 1.3; 32 | EXPECT_THAT(CalculateDeltaForGaussianStddev(epsilon, l2_sensitivity, stddev), 33 | Gt(0)); 34 | } 35 | 36 | } // namespace 37 | } // namespace differential_privacy 38 | -------------------------------------------------------------------------------- /cc/algorithms/internal/gaussian-stddev-calculator.h: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2022 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | #ifndef DIFFERENTIAL_PRIVACY_CPP_ALGORITHMS_INTERNAL_GAUSSIAN_STDDEV_CALCULATOR_H_ 18 | #define DIFFERENTIAL_PRIVACY_CPP_ALGORITHMS_INTERNAL_GAUSSIAN_STDDEV_CALCULATOR_H_ 19 | 20 | namespace differential_privacy { 21 | namespace internal { 22 | 23 | // Calculates the standard deviation that is required for the Gaussian 24 | // distribution to have required DP guarantees. 25 | double CalculateGaussianStddev(double epsilon, double delta, 26 | double l2_sensitivity); 27 | 28 | // Returns delta when using a given standard deviation. Exposed for testing. 29 | double CalculateDeltaForGaussianStddev(double epsilon, double l2_sensitivity, 30 | double stddev); 31 | 32 | struct BoundsForGaussianStddev { 33 | double upper; 34 | double lower; 35 | }; 36 | 37 | // Returns an upper bound for the standard deviation. Exposed for testing. 38 | BoundsForGaussianStddev CalculateBoundsForGaussianStddev(double epsilon, 39 | double delta, 40 | double l2_sensitivity); 41 | 42 | } // namespace internal 43 | } // namespace differential_privacy 44 | 45 | #endif // DIFFERENTIAL_PRIVACY_CPP_ALGORITHMS_INTERNAL_GAUSSIAN_STDDEV_CALCULATOR_H_ 46 | -------------------------------------------------------------------------------- /cc/base/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Dependencies for C++ Differential Privacy Library OSS 18 | 19 | licenses(["notice"]) 20 | 21 | package( 22 | default_visibility = [ 23 | "//visibility:public", 24 | ], 25 | ) 26 | 27 | cc_library( 28 | name = "percentile", 29 | hdrs = ["percentile.h"], 30 | deps = [ 31 | "//proto:util-lib", 32 | "@com_google_protobuf//:protobuf_lite", 33 | ], 34 | ) 35 | 36 | cc_library( 37 | name = "status_macros", 38 | hdrs = [ 39 | "status_macros.h", 40 | ], 41 | deps = [ 42 | "@com_google_absl//absl/base:core_headers", 43 | "@com_google_absl//absl/status", 44 | ], 45 | ) 46 | 47 | cc_test( 48 | name = "percentile_test", 49 | srcs = ["percentile_test.cc"], 50 | deps = [ 51 | ":percentile", 52 | "@com_google_differential_privacy//proto:summary_cc_proto", 53 | "@com_google_googletest//:gtest_main", 54 | ], 55 | ) 56 | 57 | cc_test( 58 | name = "status_macros_test", 59 | srcs = ["status_macros_test.cc"], 60 | deps = [ 61 | ":status_macros", 62 | "@com_google_absl//absl/base:core_headers", 63 | "@com_google_absl//absl/memory", 64 | "@com_google_absl//absl/status", 65 | "@com_google_absl//absl/status:statusor", 66 | "@com_google_absl//absl/strings", 67 | "@com_google_googletest//:gtest_main", 68 | ], 69 | ) 70 | -------------------------------------------------------------------------------- /cc/base/testing/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # Copyright 2018 ZetaSQL Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | licenses(["notice"]) 19 | 20 | package( 21 | default_visibility = [ 22 | "//visibility:public", 23 | ], 24 | ) 25 | 26 | cc_library( 27 | name = "proto_matchers", 28 | testonly = 1, 29 | hdrs = ["proto_matchers.h"], 30 | deps = [ 31 | "@com_google_absl//absl/log:check", 32 | "@com_google_absl//absl/strings", 33 | "@com_google_googletest//:gtest_main", 34 | "@com_google_protobuf//:protobuf", 35 | ], 36 | ) 37 | 38 | cc_library( 39 | name = "status_matchers", 40 | testonly = 1, 41 | srcs = ["status_matchers.cc"], 42 | hdrs = ["status_matchers.h"], 43 | deps = [ 44 | "@com_google_absl//absl/status", 45 | "@com_google_absl//absl/status:statusor", 46 | "@com_google_googletest//:gtest", 47 | ], 48 | ) 49 | 50 | cc_test( 51 | name = "status_matchers_test", 52 | size = "small", 53 | srcs = ["status_matchers_test.cc"], 54 | deps = [ 55 | ":status_matchers", 56 | "@com_google_absl//absl/status", 57 | "@com_google_absl//absl/status:statusor", 58 | "@com_google_googletest//:gtest", 59 | "@com_google_googletest//:gtest_main", 60 | ], 61 | ) 62 | -------------------------------------------------------------------------------- /cc/cc_accounting_deps.bzl: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2021 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | """Declares dependencies of the differential privacy accounting.""" 17 | 18 | load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository") 19 | load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") 20 | 21 | def cc_accounting_deps(): 22 | """Loads required dependencies.""" 23 | http_archive( 24 | name = "kissfft", 25 | build_file_content = """filegroup(name = "all", srcs = glob(["**"]), visibility = ["//visibility:public"])""", 26 | strip_prefix = "kissfft-8f47a67f595a6641c566087bf5277034be64f24d", 27 | urls = ["https://github.com/mborgerding/kissfft/archive/8f47a67f595a6641c566087bf5277034be64f24d.tar.gz"], 28 | sha256 = "93cfa11a344ad552472f7d93c228d55969ac586275692d73d5e7ce73a69b047f", 29 | ) 30 | 31 | # Begin Boost 32 | git_repository( 33 | name = "com_github_nelhage_rules_boost", 34 | commit = "f2494bf3b9de990889ae05a484e5f0fabf1fbdc9", 35 | remote = "https://github.com/nelhage/rules_boost", 36 | shallow_since = "1679023729 +0000", 37 | ) 38 | # End boost 39 | -------------------------------------------------------------------------------- /cc/docs/algorithms/README.md: -------------------------------------------------------------------------------- 1 | # Algorithms Documentation 2 | 3 | This directory contains the documentation for the available algorithms in the 4 | differential privacy library. 5 | 6 | ## License 7 | 8 | [Apache License 2.0](../LICENSE) 9 | -------------------------------------------------------------------------------- /cc/docs/algorithms/bounded-mean.md: -------------------------------------------------------------------------------- 1 | # Bounded Mean 2 | 3 | [`BoundedMean`](https://github.com/google/differential-privacy/blob/main/cc/algorithms/bounded-mean.h) 4 | computes the average of values in a dataset in a differentially private manner. 5 | 6 | ## Input & Output 7 | 8 | `BoundedMean` supports `int64_t` and `double` types as input. When successful, 9 | the returned [`Output`](../protos.md) message will contain one element 10 | containing the differentially private mean. When bounds are inferred, the 11 | `Output` additionally contains a `BoundingReport`. The returned value is 12 | guaranteed to be <= the upper bound, and >= the lower bound. 13 | 14 | ## Construction 15 | 16 | `BoundedMean` is a bounded algorithm. There are no additional parameters. 17 | Information on how to construct a `BoundedMean` is found in the 18 | [bounded algorithm documentation](bounded-algorithm.md). Below is a minimal 19 | construction example. 20 | 21 | ``` 22 | absl::StatusOr>> bounded_mean = 23 | BoundedMean::Builder.SetEpsilon(1) 24 | .SetLower(-10) 25 | .SetUpper(10) 26 | .Build(); 27 | ``` 28 | 29 | ## Use 30 | 31 | `BoundedMean` is an [`Algorithm`](algorithm.md) and supports its full API. 32 | 33 | ### Result Performance 34 | 35 | For `BoundedMean`, calling `Result` is an O(n) operation. 36 | -------------------------------------------------------------------------------- /cc/docs/algorithms/bounded-sum.md: -------------------------------------------------------------------------------- 1 | # Bounded Sum 2 | 3 | [`BoundedSum`](https://github.com/google/differential-privacy/blob/main/cc/algorithms/bounded-sum.h) 4 | computes the sum of values in a dataset in a differentially private manner. 5 | 6 | ## Input & Output 7 | 8 | `BoundedSum` supports `int64_t` and `double` types as input. When successful, 9 | the returned [`Output`](../protos.md) message will contain one element with the 10 | differentially private sum, and a `ConfidenceInterval` describing the 95% 11 | confidence interval of the noise added. When bounds are inferred, the `Output` 12 | also contains a `BoundingReport`. 13 | 14 | The differentially private sum provided by the `Output` is an unbiased estimate 15 | of the raw bounded sum. Consequently, its value may sometimes be higher than the 16 | upper bound or lower than the lower bound. 17 | 18 | ## Construction 19 | 20 | `BoundedSum` is a bounded algorithm. There are no additional parameters. 21 | Information on how to construct a `BoundedSum` is found in the 22 | [bounded algorithm documentation](bounded-algorithm.md). Below is a minimal 23 | construction example. 24 | 25 | ``` 26 | absl::StatusOr>> bounded_sum = 27 | BoundedSum::Builder.SetEpsilon(1) 28 | .SetLower(-10) 29 | .SetUpper(10) 30 | .Build(); 31 | ``` 32 | 33 | ## Use 34 | 35 | `BoundedSum` is an [`Algorithm`](algorithm.md) and supports its full API. 36 | 37 | ### Result Performance 38 | 39 | For `BoundedSum`, calling `Result` is an O(n) operation. 40 | -------------------------------------------------------------------------------- /cc/docs/algorithms/bounded-variance.md: -------------------------------------------------------------------------------- 1 | # Bounded Variance 2 | 3 | [`BoundedVariance`](https://github.com/google/differential-privacy/blob/main/cc/algorithms/bounded-variance.h) computes the 4 | variance of values in a dataset, in a differentially private manner. 5 | 6 | ## Input & Output 7 | 8 | `BoundedVariance` supports `int64_t` and `double` types as input. When 9 | successful, the returned [`Output`](../protos.md) message will contain one 10 | element with the differentially private variance. When bounds are inferred, the 11 | `Output` additionally contains a `BoundingReport`. The returned value is 12 | guaranteed to be non-negative, with a maximum possible value of the maximum 13 | variance (length of the bounded interval squared divided by four). 14 | 15 | ## Construction 16 | 17 | `BoundedVariance` is a bounded algorithm. There are no additional parameters. 18 | Information on how to construct a `BoundedVariance` is found in the 19 | [bounded algorithm documentation](bounded-algorithm.md). Below is a minimal 20 | construction example. 21 | 22 | ``` 23 | absl::StatusOr>> bounded_var = 24 | BoundedVariance::Builder.SetEpsilon(1) 25 | .SetLower(-10) 26 | .SetUpper(10) 27 | .Build(); 28 | ``` 29 | 30 | ## Use 31 | 32 | `BoundedVariance` is an [`Algorithm`](algorithm.md) and supports its full API. 33 | 34 | ### Result Performance 35 | 36 | For `BoundedVariance`, calling `Result` is an O(n) operation and requires O(1) 37 | additional memory. 38 | -------------------------------------------------------------------------------- /cc/docs/algorithms/count.md: -------------------------------------------------------------------------------- 1 | # Count 2 | 3 | [`Count`](https://github.com/google/differential-privacy/blob/main/cc/algorithms/count.h) 4 | computes the number of values in a dataset in a differentially private manner. 5 | 6 | ## Input & Output 7 | 8 | `Count` supports any input type. Count always returns an 9 | [`Output`](../protos.md) message containing a single element with the 10 | differentially private count, and a `ConfidenceInterval` with the 95% 11 | confidence interval of noise added. 12 | 13 | The differentially private count provided by the `Output` is an unbiased 14 | estimate of the raw count. Consequently, its value may sometimes be negative, in 15 | particular if the raw count is close to 0. 16 | 17 | ## Construction 18 | 19 | `Count` takes the usual parameters for [`Algorithm`](algorithm.md), with no 20 | additional parameters. 21 | 22 | ## Use 23 | 24 | `Count` is an [`Algorithm`](algorithm.md) and supports its full API. Below is a 25 | minimal construction example. 26 | 27 | ``` 28 | absl::StatusOr>> count = 29 | Count::Builder.SetEpsilon(1) 30 | .Build(); 31 | ``` 32 | 33 | ### Result Performance 34 | 35 | For `Count`, calling `Result` is an O(n) operation. `Count` uses O(1) memory. 36 | -------------------------------------------------------------------------------- /cc/postgres/.bazelversion: -------------------------------------------------------------------------------- 1 | 7.5.0 2 | -------------------------------------------------------------------------------- /cc/postgres/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # The files in this directory implement a postgres extension adding 17 | # anonymous aggregate functions. 18 | 19 | licenses(["notice"]) 20 | 21 | package( 22 | default_visibility = ["//visibility:private"], 23 | ) 24 | 25 | cc_binary( 26 | name = "anon_func.so", 27 | srcs = ["anon_func.cc"], 28 | copts = [ 29 | "-fPIC", 30 | ], 31 | linkopts = [ 32 | "-fno-strict-aliasing", 33 | "-fwrapv", 34 | "-fexcess-precision=standard", 35 | "-fPIC", 36 | "-shared", 37 | ], 38 | linkshared = 1, 39 | linkstatic = 1, 40 | deps = [ 41 | ":dp_func", 42 | "@postgres//:pg_headers", 43 | ], 44 | ) 45 | 46 | cc_library( 47 | name = "dp_func", 48 | srcs = ["dp_func.cc"], 49 | hdrs = ["dp_func.h"], 50 | deps = [ 51 | "//algorithms:algorithm", 52 | "//algorithms:bounded-mean", 53 | "//algorithms:bounded-standard-deviation", 54 | "//algorithms:bounded-sum", 55 | "//algorithms:bounded-variance", 56 | "//algorithms:count", 57 | "//algorithms:order-statistics", 58 | ], 59 | ) 60 | 61 | cc_test( 62 | name = "dp_func_test", 63 | srcs = ["dp_func_test.cc"], 64 | deps = [ 65 | ":dp_func", 66 | "@com_google_googletest//:gtest_main", 67 | ], 68 | ) 69 | -------------------------------------------------------------------------------- /cc/postgres/anon_func.control: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # This file is used by postgres to configure the extension. 18 | 19 | comment = 'Anonymous aggregate functions' 20 | default_version = '1.0.0' 21 | module_pathname = '$libdir/anon_func' 22 | relocatable = true -------------------------------------------------------------------------------- /cc/postgres/docker/docker-entrypoint-initdb.d/init-permissions.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | #!/bin/bash 18 | set -e 19 | 20 | { echo "host replication $POSTGRES_USER 0.0.0.0/0 trust"; } >> "$PGDATA/pg_hba.conf" 21 | -------------------------------------------------------------------------------- /cc/postgres/docker/postgresql.conf.sample: -------------------------------------------------------------------------------- 1 | # LOGGING 2 | # log_min_error_statement = fatal 3 | # log_min_messages = DEBUG1 4 | 5 | # CONNECTION 6 | listen_addresses = '*' 7 | 8 | # MODULES 9 | shared_preload_libraries = 'anon_func' -------------------------------------------------------------------------------- /cc/postgres/install_extension.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | #!/bin/bash 18 | 19 | set -ex 20 | 21 | WORKSPACE_DIR=`bazel info workspace` 22 | BIN_DIR=`bazel info -c opt bazel-bin` 23 | 24 | LIB_DIR=`pg_config --pkglibdir` 25 | SHARE_DIR=`pg_config --sharedir` 26 | 27 | bazel build -c opt //postgres:anon_func.so 28 | sudo install -c -m 755 $BIN_DIR/postgres/anon_func.so $LIB_DIR 29 | sudo install -c -m 644 $WORKSPACE_DIR/postgres/anon_func.control $SHARE_DIR/extension/ 30 | sudo install -c -m 644 $WORKSPACE_DIR/postgres/anon_func--1.0.0.sql $SHARE_DIR/extension/ 31 | -------------------------------------------------------------------------------- /cc/postgres/postgres.BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | licenses(["notice"]) # Apache v2.0 17 | 18 | load("@rules_foreign_cc//foreign_cc:configure.bzl", "configure_make") 19 | 20 | package( 21 | default_visibility = ["//visibility:public"], 22 | ) 23 | 24 | # We need to label this for configure_make. 25 | filegroup( 26 | name = "all", 27 | srcs = glob(["**"]), 28 | ) 29 | 30 | config_setting( 31 | name = "darwin_build", 32 | values = {"cpu": "darwin"}, 33 | ) 34 | 35 | configure_make( 36 | name = "postgres", 37 | configure_command = "configure", 38 | env = select({ 39 | ":darwin_build": { 40 | # Neccessary to create a fully static linked library. 41 | "CXXFLAGS": "-fPIC", 42 | "CFLAGS": "-fPIC", 43 | # OSX crosstools specific flags 44 | "LDFLAGS": "-undefined error", 45 | "AR": "", 46 | }, 47 | "//conditions:default": { 48 | # Neccessary to create a fully static linked library. 49 | "CXXFLAGS": "-fPIC", 50 | "CFLAGS": "-fPIC", 51 | }, 52 | }), 53 | lib_source = "@postgres//:all", 54 | out_headers_only = True, 55 | ) 56 | 57 | cc_library( 58 | name = "pg_headers", 59 | hdrs = glob(["**/*.h"]), 60 | includes = [ 61 | "postgres/include/internal", 62 | "postgres/include/server", 63 | ], 64 | deps = [ 65 | "postgres", 66 | ], 67 | ) 68 | -------------------------------------------------------------------------------- /cc/proto/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Differential Privacy related proto utilities. 18 | 19 | package( 20 | default_visibility = ["//visibility:public"], 21 | ) 22 | 23 | cc_library( 24 | name = "util-lib", 25 | hdrs = ["util.h"], 26 | deps = [ 27 | "@com_google_differential_privacy//proto:confidence_interval_cc_proto", 28 | "@com_google_differential_privacy//proto:data_cc_proto", 29 | ], 30 | ) 31 | 32 | cc_test( 33 | name = "util_test", 34 | srcs = ["util_test.cc"], 35 | deps = [ 36 | ":util-lib", 37 | "@com_google_googletest//:gtest_main", 38 | ], 39 | ) 40 | -------------------------------------------------------------------------------- /common_docs/Delta_For_Thresholding.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/common_docs/Delta_For_Thresholding.pdf -------------------------------------------------------------------------------- /common_docs/Differential_Privacy_Computations_In_Data_Pipelines.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/common_docs/Differential_Privacy_Computations_In_Data_Pipelines.pdf -------------------------------------------------------------------------------- /common_docs/Differentially_Private_Quantile_Trees.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/common_docs/Differentially_Private_Quantile_Trees.pdf -------------------------------------------------------------------------------- /common_docs/Privacy_Loss_Distributions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/common_docs/Privacy_Loss_Distributions.pdf -------------------------------------------------------------------------------- /common_docs/Secure_Noise_Generation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/common_docs/Secure_Noise_Generation.pdf -------------------------------------------------------------------------------- /common_docs/confidence_intervals.md: -------------------------------------------------------------------------------- 1 | # Confidence intervals in the Differential Privacy libraries 2 | 3 | The mechanisms of the DP library (including the Laplace mechanism, the Gaussian 4 | mechanism, count, bounded sum and bounded mean) provide confidence intervals to 5 | capture the scale of the noise they add to a metric during the anonymization 6 | process. 7 | 8 | Given a noised metric **M** and a confidence level **1 - alpha**, the mechanisms 9 | return confidence intervals **[L, R]** containing the raw metric **m** (where 10 | **m** is the value after contribution bounding, but before applying noise) with 11 | a probability of at least **1 - alpha**, i.e., **Pr[L ≤ m ≤ R] ≥ 1 - alpha**. 12 | 13 | A particular confidence interval is purely based on **M** and non-personal 14 | parameters of the respective mechanism, such as epsilon, delta, sensitivities 15 | and contribution bounds. In particular, its computation does not access the raw 16 | metric **m** and consequently it also does not consume any privacy budget. 17 | 18 | ## Contribution bounding 19 | 20 | The confidence intervals provided by the library do not account for discrepancy 21 | due to contribution bounding. 22 | 23 | For instance, consider a bounded sum over the raw entries [5, 5, 10, 20] with a 24 | lower bound of 0 and an upper bound of 10. The true sum is 40, but the bounded 25 | sum is 30. In this case, a confidence interval will contain **m = 30** with the 26 | respective confidence level. No guarantees whether the interval also contains 27 | the true sum of 40 are given. 28 | -------------------------------------------------------------------------------- /common_docs/partition_selection.md: -------------------------------------------------------------------------------- 1 | # Partition Selection (Truncated Geometric Thresholding) 2 | 3 | Many data analysis operations can be expressed as a `GROUP BY` query on an 4 | unbounded set of partitions, followed by a per-partition aggregation. To make 5 | such a query differentially private, adding noise to each aggregation is not 6 | enough: we also need to make sure that the set of partitions released is itself 7 | differentially private. 8 | 9 | For the common case where each user contributes a record to exactly one 10 | partition, an optimal $$(\varepsilon,\delta)$$-differentially private mechanism 11 | for publishing or dropping partitions is described in 12 | https://arxiv.org/abs/2006.03684. In the paper, it is also shown that the 13 | optimal mechanism can be closely approximated by adding noise drawn from a 14 | truncated geometric distribution to the raw count of unique users in a 15 | partition, and then thresholding the noisy count. This library includes 16 | implementations of the mechanism in 17 | [C++](https://github.com/google/differential-privacy/blob/main/cc/algorithms/partition-selection.h) 18 | and 19 | [Go](https://github.com/google/differential-privacy/blob/main/go/dpagg/select_partition.go). 20 | A simple Python implementation and visualization is also provided in this 21 | [Google Colab notebook](https://colab.research.google.com/github/google/differential-privacy/blob/main/common_docs/partition_selection_playground.ipynb). 22 | 23 | In addition to the raw algorithm, 24 | [Privacy-On-Beam](https://github.com/google/differential-privacy/tree/main/privacy-on-beam) 25 | wraps partition selection as one component of an end-to-end differentially 26 | private data pipeline. Privacy-On-Beam also guarantees differential privacy in 27 | the case when users contribute to multiple partitions by splitting the privacy 28 | budget across these contributions. However, this is not guaranteed to be optimal 29 | in the sense of maximizing the number of partitions reported. 30 | -------------------------------------------------------------------------------- /common_docs/pre_thresholding.md: -------------------------------------------------------------------------------- 1 | # Partition Selection with pre-thresholding 2 | 3 | Pre-thresholding is a technique in differentially private partition selection 4 | that guarantees that some minimum number of privacy units, n, contribute to 5 | every partition in an anonymized dataset. This ensures a partition with fewer 6 | than n privacy units is never released. For partitions with n or more 7 | contributing privacy units, the probability of releasing the partition increases 8 | with the number of privacy units. 9 | 10 | This feature combines the thresholding capability of k-anonymity together with 11 | the guarantees of $$(\varepsilon,\delta)$$-differential privacy. A minimum 12 | threshold may, for instance, be suitable as an extra layer of protection in 13 | cases where the partitions themselves are inherently sensitive. 14 | 15 | This library includes an implementation of this technique in 16 | [Java](https://github.com/google/differential-privacy/blob/main/java/main/com/google/privacy/differentialprivacy/PreAggSelectPartition.java), [C++](https://github.com/google/differential-privacy/blob/main/cc/algorithms/partition-selection.h), [Go](https://github.com/google/differential-privacy/blob/main/go/dpagg/select_partition.go), and [Privacy on Beam](https://github.com/google/differential-privacy/blob/privacy-on-beam/v3.0.0/privacy-on-beam/pbeam/pbeam.go#L201). 17 | -------------------------------------------------------------------------------- /differential_privacy_deps.bzl: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | """ Declares dependencies of the differential privacy library """ 18 | 19 | load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") 20 | 21 | def differential_privacy_deps(): 22 | """ Macro to include the differential privacy library's critical dependencies in a WORKSPACE. 23 | 24 | """ 25 | 26 | # Protobuf 27 | http_archive( 28 | name = "com_google_protobuf", 29 | url = "https://github.com/protocolbuffers/protobuf/releases/download/v21.12/protobuf-all-21.12.tar.gz", 30 | sha256 = "2c6a36c7b5a55accae063667ef3c55f2642e67476d96d355ff0acb13dbb47f09", 31 | strip_prefix = "protobuf-21.12", 32 | ) 33 | -------------------------------------------------------------------------------- /examples/cc/.bazelrc: -------------------------------------------------------------------------------- 1 | build --cxxopt='-std=c++17' 2 | -------------------------------------------------------------------------------- /examples/cc/.bazelversion: -------------------------------------------------------------------------------- 1 | 7.5.0 2 | -------------------------------------------------------------------------------- /examples/cc/WORKSPACE.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | """ Workspace for C++ Differential Privacy library example """ 18 | 19 | workspace(name = "animals_and_carrots") 20 | 21 | local_repository( 22 | name = "com_google_differential_privacy", 23 | path = "../..", 24 | ) 25 | 26 | local_repository( 27 | name = "com_google_cc_differential_privacy", 28 | path = "../../cc", 29 | ) 30 | 31 | # Load dependencies for the base workspace. 32 | load("@com_google_differential_privacy//:differential_privacy_deps.bzl", "differential_privacy_deps") 33 | differential_privacy_deps() 34 | 35 | # Load dependencies for the cc workspace. 36 | load("@com_google_cc_differential_privacy//:cc_differential_privacy_deps.bzl", "cc_differential_privacy_deps") 37 | cc_differential_privacy_deps() 38 | 39 | # Protobuf transitive dependencies. 40 | load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") 41 | protobuf_deps() 42 | -------------------------------------------------------------------------------- /examples/go/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/google/differential-privacy/examples/go 2 | 3 | go 1.22 4 | 5 | require ( 6 | github.com/golang/glog v1.2.0 7 | github.com/google/differential-privacy/go/v4 v4.0.0 8 | ) 9 | 10 | 11 | // Use the current version of the Go DP Library. 12 | replace github.com/google/differential-privacy/go/v4 => ../../go 13 | 14 | require ( 15 | golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect 16 | gonum.org/v1/gonum v0.14.0 // indirect 17 | ) 18 | -------------------------------------------------------------------------------- /examples/go/go.sum: -------------------------------------------------------------------------------- 1 | github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= 2 | github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= 3 | github.com/google/differential-privacy/go/v3 v3.0.0-20240306213115-7126f6194117 h1:yoWADpdysRF9xeFv26wIuc0YEr3o1nmsTmTqWX+C4vI= 4 | github.com/google/differential-privacy/go/v3 v3.0.0-20240306213115-7126f6194117/go.mod h1:7msb8H86cI/WUa9cu6hJaGRd5db/3s/zAQbVHb5lCTc= 5 | github.com/google/differential-privacy/go/v3 v3.0.0 h1:tZI3vVuQg4rv/X36JUFE6ltlk53QzMk0wiVG5QAy1Ps= 6 | github.com/google/differential-privacy/go/v3 v3.0.0/go.mod h1:oSU4a+FIQT0sMNW7oFoTyDCO5+Asv+YYrT/G4b9c/RQ= 7 | github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= 8 | github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 9 | golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ= 10 | golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= 11 | gonum.org/v1/gonum v0.14.0 h1:2NiG67LD1tEH0D7kM+ps2V+fXmsAnpUeec7n8tcr4S0= 12 | gonum.org/v1/gonum v0.14.0/go.mod h1:AoWeoz0becf9QMWtE8iWXNXc27fK4fNeHNf/oMejGfU= -------------------------------------------------------------------------------- /examples/go/img/partition_selection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/go/img/partition_selection.png -------------------------------------------------------------------------------- /examples/go/img/sums_per_day.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/go/img/sums_per_day.png -------------------------------------------------------------------------------- /examples/go/img/visits_per_day.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/go/img/visits_per_day.png -------------------------------------------------------------------------------- /examples/go/img/visits_per_duration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/go/img/visits_per_duration.png -------------------------------------------------------------------------------- /examples/go/img/visits_per_hour.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/go/img/visits_per_hour.png -------------------------------------------------------------------------------- /examples/go/visit.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package examples 18 | 19 | import ( 20 | "time" 21 | ) 22 | 23 | // Visit stores data about single visit of a visitor to the restaurant. 24 | type Visit struct { 25 | VisitorID int64 26 | VisitTime time.Time 27 | MinutesSpent int64 28 | EurosSpent int64 29 | Day int 30 | } 31 | -------------------------------------------------------------------------------- /examples/java/.bazelversion: -------------------------------------------------------------------------------- 1 | 7.5.0 2 | -------------------------------------------------------------------------------- /examples/java/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | load("@rules_java//java:defs.bzl", "java_binary") 18 | 19 | package( 20 | default_visibility = [ 21 | "//visibility:public", 22 | ], 23 | ) 24 | 25 | java_plugin( 26 | name = "autovalue_plugin", 27 | processor_class = "com.google.auto.value.processor.AutoValueProcessor", 28 | deps = [ 29 | "@maven//:com_google_auto_value_auto_value", 30 | ], 31 | ) 32 | 33 | java_library( 34 | name = "autovalue", 35 | exported_plugins = [ 36 | ":autovalue_plugin", 37 | ], 38 | exports = [ 39 | "@maven//:com_google_auto_value_auto_value", 40 | ], 41 | ) 42 | 43 | java_binary( 44 | name = "Main", 45 | srcs = glob(["*.java"]), 46 | main_class = "com.google.privacy.differentialprivacy.example.Main", 47 | resources = glob(["*.csv"]), 48 | deps = [ 49 | ":autovalue", 50 | "@com_google_java_differential_privacy//main/com/google/privacy/differentialprivacy", 51 | "@maven//:com_google_auto_value_auto_value_annotations", 52 | "@maven//:com_google_guava_guava", 53 | ], 54 | ) 55 | -------------------------------------------------------------------------------- /examples/java/InputFilePath.java: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package com.google.privacy.differentialprivacy.example; 18 | 19 | /** Stores paths to the input files. */ 20 | public final class InputFilePath { 21 | static final String DAY_STATISTICS = "day_data.csv"; 22 | static final String WEEK_STATISTICS = "week_data.csv"; 23 | static final String WEEK_STATISTICS_N_VISITS_PER_DAY = "week_data_N_visits_per_day.csv"; 24 | 25 | private InputFilePath(){} 26 | } 27 | -------------------------------------------------------------------------------- /examples/java/Main.java: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package com.google.privacy.differentialprivacy.example; 18 | 19 | import java.util.Arrays; 20 | 21 | public class Main { 22 | public static void main(String[] args) { 23 | if (args == null || args.length == 0) { 24 | throw new IllegalArgumentException( 25 | "The scenario should be set as a first argument. " 26 | + "Accepted values: " 27 | + Arrays.toString(Scenario.values())); 28 | } 29 | 30 | Scenario scenario = Scenario.valueOf(args[0]); 31 | // TODO: add more examples 32 | switch (scenario) { 33 | case COUNT_VISITS_PER_HOUR: 34 | CountVisitsPerHour.run(); 35 | break; 36 | case COUNT_VISITS_PER_DAY: 37 | CountVisitsPerDay.run(); 38 | break; 39 | case SUM_REVENUE_PER_DAY: 40 | SumRevenuePerDay.run(); 41 | break; 42 | case SUM_REVENUE_PER_DAY_WITH_PREAGGREGATION: 43 | SumRevenuePerDayWithPreAggregation.run(); 44 | break; 45 | } 46 | } 47 | 48 | private Main() {} 49 | 50 | enum Scenario { 51 | COUNT_VISITS_PER_HOUR, 52 | COUNT_VISITS_PER_DAY, 53 | SUM_REVENUE_PER_DAY, 54 | SUM_REVENUE_PER_DAY_WITH_PREAGGREGATION 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /examples/java/RestaurantSchedule.java: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package com.google.privacy.differentialprivacy.example; 18 | 19 | import com.google.common.collect.Range; 20 | 21 | public class RestaurantSchedule { 22 | /** An hour when visitors start entering the restaurant. */ 23 | static final int OPENING_HOUR = 9; 24 | /** An hour when visitors stop entering the restaurant. */ 25 | static final int CLOSING_HOUR = 20; 26 | /**For how many hours visitors can enter the restaurant. */ 27 | static final int NUM_OF_WORK_HOURS = CLOSING_HOUR - OPENING_HOUR + 1; 28 | /** Range of valid work hours when a visitor can enter the restaurant. */ 29 | static final Range VALID_HOURS = Range.closed(OPENING_HOUR, CLOSING_HOUR); 30 | 31 | private RestaurantSchedule() {} 32 | } 33 | -------------------------------------------------------------------------------- /examples/java/Visit.java: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package com.google.privacy.differentialprivacy.example; 18 | 19 | import com.google.auto.value.AutoValue; 20 | import java.time.DayOfWeek; 21 | import java.time.LocalTime; 22 | 23 | /** Stores data about single visit of a user to the restaurant. */ 24 | @AutoValue 25 | abstract class Visit { 26 | 27 | static Visit create( 28 | String visitorId, LocalTime entryTime, int minutesSpent, int eurosSpent, DayOfWeek day) { 29 | return new AutoValue_Visit(visitorId, entryTime, minutesSpent, eurosSpent, day); 30 | } 31 | 32 | abstract String visitorId(); 33 | 34 | abstract LocalTime entryTime(); 35 | 36 | abstract int minutesSpent(); 37 | 38 | abstract int eurosSpent(); 39 | 40 | abstract DayOfWeek day(); 41 | } 42 | -------------------------------------------------------------------------------- /examples/java/VisitsForWeek.java: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package com.google.privacy.differentialprivacy.example; 18 | 19 | import java.time.DayOfWeek; 20 | import java.util.Arrays; 21 | import java.util.Collection; 22 | import java.util.EnumMap; 23 | import java.util.HashSet; 24 | 25 | /** 26 | * Stores {@link Visit}s for each {@link DayOfWeek}. 27 | */ 28 | class VisitsForWeek { 29 | private final EnumMap> visits; 30 | 31 | VisitsForWeek() { 32 | visits = new EnumMap<>(DayOfWeek.class); 33 | Arrays.stream(DayOfWeek.values()).forEach(d -> visits.put(d, new HashSet<>())); 34 | } 35 | 36 | /** 37 | * Adds the given {@link Visit}. 38 | */ 39 | void addVisit(Visit visit) { 40 | visits.get(visit.day()).add(visit); 41 | } 42 | 43 | Collection getVisitsForDay(DayOfWeek day) { 44 | return visits.get(day); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /examples/java/WORKSPACE.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | workspace(name = "examples_java") 18 | 19 | local_repository( 20 | name = "com_google_differential_privacy", 21 | path = "../..", 22 | ) 23 | 24 | local_repository( 25 | name = "com_google_java_differential_privacy", 26 | path = "../../java", 27 | ) 28 | 29 | # Load maven rules. 30 | load("@com_google_java_differential_privacy//:dp_java_deps_preload.bzl", "dp_java_deps_prework") 31 | 32 | dp_java_deps_prework() 33 | 34 | load("@rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps") 35 | 36 | rules_jvm_external_deps() 37 | 38 | load("@rules_jvm_external//:setup.bzl", "rules_jvm_external_setup") 39 | 40 | rules_jvm_external_setup() 41 | 42 | load("@com_google_java_differential_privacy//:dp_java_deps.bzl", "dp_java_deps") 43 | 44 | dp_java_deps() 45 | 46 | # Load dependencies for the base workspace. 47 | load("@com_google_differential_privacy//:differential_privacy_deps.bzl", "differential_privacy_deps") 48 | 49 | differential_privacy_deps() 50 | 51 | # Protobuf transitive dependencies. 52 | load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") 53 | 54 | protobuf_deps() 55 | 56 | # Complete pinning after defining dependencies. 57 | load("@maven//:defs.bzl", "pinned_maven_install") 58 | 59 | pinned_maven_install() 60 | -------------------------------------------------------------------------------- /examples/java/img/counts_per_day.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/java/img/counts_per_day.png -------------------------------------------------------------------------------- /examples/java/img/counts_per_hour.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/java/img/counts_per_hour.png -------------------------------------------------------------------------------- /examples/java/img/sum_per_day_w_preaggregation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/java/img/sum_per_day_w_preaggregation.png -------------------------------------------------------------------------------- /examples/java/img/sums_per_day.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/java/img/sums_per_day.png -------------------------------------------------------------------------------- /examples/pipelinedp4j/.bazelrc: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2023 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | build --java_language_version=11 18 | build --java_runtime_version=remotejdk_11 -------------------------------------------------------------------------------- /examples/pipelinedp4j/.bazelversion: -------------------------------------------------------------------------------- 1 | 7.5.0 2 | -------------------------------------------------------------------------------- /examples/pipelinedp4j/beam/src/main/java/com/google/privacy/differentialprivacy/pipelinedp4j/examples/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | java_binary( 16 | name = "BeamExample", 17 | srcs = [ 18 | "BeamExample.java", 19 | ], 20 | main_class = "com.google.privacy.differentialprivacy.pipelinedp4j.examples.BeamExample", 21 | runtime_deps = [ 22 | "@maven//:org_apache_beam_beam_runners_direct_java", 23 | ], 24 | deps = [ 25 | "//common/src/main/java/com/google/privacy/differentialprivacy/pipelinedp4j/examples:common", 26 | "@com_google_privacy_differentialprivacy_pipelinedp4j//main/com/google/privacy/differentialprivacy/pipelinedp4j/api", 27 | "@maven//:org_apache_beam_beam_sdks_java_core", 28 | "@maven//:org_apache_beam_beam_sdks_java_extensions_avro", 29 | "@maven//:org_jetbrains_kotlin_kotlin_stdlib", 30 | ], 31 | ) 32 | -------------------------------------------------------------------------------- /examples/pipelinedp4j/common/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 18 | 19 | 22 | 4.0.0 23 | 24 | 25 | com.google.privacy.differentialprivacy 26 | pipelinedp4j 27 | 1.0-SNAPSHOT 28 | 29 | 30 | common 31 | jar 32 | 33 | 34 | -------------------------------------------------------------------------------- /examples/pipelinedp4j/common/src/main/java/com/google/privacy/differentialprivacy/pipelinedp4j/examples/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | package( 16 | default_visibility = [ 17 | "//beam/src/main/java/com/google/privacy/differentialprivacy/pipelinedp4j/examples:__subpackages__", 18 | "//spark/src/main/java/com/google/privacy/differentialprivacy/pipelinedp4j/examples:__subpackages__", 19 | ], 20 | ) 21 | 22 | java_library( 23 | name = "common", 24 | srcs = [ 25 | "MovieMetrics.java", 26 | "MovieView.java", 27 | ], 28 | deps = [ 29 | "@maven//:com_google_guava_guava", 30 | ], 31 | ) 32 | -------------------------------------------------------------------------------- /examples/pipelinedp4j/common/src/main/java/com/google/privacy/differentialprivacy/pipelinedp4j/examples/MovieMetrics.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.examples; 18 | 19 | /** 20 | * Metrics for a single movie in the Netflix dataset. 21 | * 22 | *

It is the result of the DP metrics query. 23 | */ 24 | public final class MovieMetrics { 25 | private final String movieId; 26 | 27 | private final long numberOfViewers; 28 | private final long numberOfViews; 29 | 30 | private final double averageOfRatings; 31 | 32 | MovieMetrics(String movieId, long numberOfViewers, long numberOfViews, double averageOfRatings) { 33 | this.movieId = movieId; 34 | this.numberOfViewers = numberOfViewers; 35 | this.numberOfViews = numberOfViews; 36 | this.averageOfRatings = averageOfRatings; 37 | } 38 | 39 | // 0-arg constructor is necessary for serialization to work. 40 | private MovieMetrics() { 41 | this("", 0, 0, 0.0); 42 | } 43 | 44 | @Override 45 | public String toString() { 46 | return String.format( 47 | "movieId=%s, numberOfViewers=%s, numberOfViews=%s, averageOfRatings=%s", 48 | movieId, numberOfViewers, numberOfViews, averageOfRatings); 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /examples/pipelinedp4j/common/src/main/java/com/google/privacy/differentialprivacy/pipelinedp4j/examples/MovieView.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.examples; 18 | 19 | import com.google.common.base.Splitter; 20 | import java.util.List; 21 | 22 | /** Represents a single movie view from the Netflix dataset. */ 23 | public final class MovieView { 24 | private final String userId; 25 | private final String movieId; 26 | private final Double rating; 27 | 28 | MovieView(String userId, String movieId, Double rating) { 29 | this.userId = userId; 30 | this.movieId = movieId; 31 | this.rating = rating; 32 | } 33 | 34 | // 0-arg constructor is necessary for serialization to work. 35 | private MovieView() { 36 | this("", "", 0.0); 37 | } 38 | 39 | String getUserId() { 40 | return userId; 41 | } 42 | 43 | String getMovieId() { 44 | return movieId; 45 | } 46 | 47 | Double getRating() { 48 | return rating; 49 | } 50 | 51 | static MovieView parseView(String s) { 52 | List spl = Splitter.on(',').splitToList(s); 53 | return new MovieView(spl.get(1), spl.get(0), Double.parseDouble(spl.get(2))); 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /examples/zetasql/.bazelrc: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2021 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Platform specific compiler flags 18 | build --enable_platform_specific_config 19 | build:linux --copt="-Wno-sign-compare" --cxxopt="-std=c++17" 20 | build:macos --copt="-Wno-sign-compare" --cxxopt="-std=c++17" -------------------------------------------------------------------------------- /examples/zetasql/.bazelversion: -------------------------------------------------------------------------------- 1 | 6.5.0 2 | -------------------------------------------------------------------------------- /examples/zetasql/WORKSPACE: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2021 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | """ Workspace for Zetasql example """ 18 | 19 | workspace(name = "zetasql_example") 20 | 21 | load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") 22 | 23 | http_archive( 24 | name = "com_google_zetasql", 25 | sha256 = "58510f44dc815648039fd4e45fc40da3d9f0a746cf483e6bbc5171e984eb7e79", 26 | strip_prefix = "zetasql-2024.03.1", 27 | url = "https://github.com/google/zetasql/archive/refs/tags/2024.03.1.tar.gz", 28 | ) 29 | 30 | # Transitive dependencies from the ZetaSQL WORKSPACE file: 31 | 32 | load("@com_google_zetasql//bazel:zetasql_deps_step_1.bzl", "zetasql_deps_step_1") 33 | 34 | zetasql_deps_step_1() 35 | 36 | load("@com_google_zetasql//bazel:zetasql_deps_step_2.bzl", "zetasql_deps_step_2") 37 | 38 | zetasql_deps_step_2( 39 | java_deps = False, 40 | testing_deps = False, 41 | ) 42 | 43 | # Only need to load a subset of zetasql_deps_step_3: 44 | 45 | load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") 46 | 47 | protobuf_deps() 48 | 49 | load("@com_github_grpc_grpc//bazel:grpc_deps.bzl", "grpc_deps") 50 | 51 | grpc_deps() 52 | 53 | load("@com_google_zetasql//bazel:zetasql_deps_step_4.bzl", "zetasql_deps_step_4") 54 | 55 | zetasql_deps_step_4() 56 | -------------------------------------------------------------------------------- /examples/zetasql/img/sums_per_day.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/zetasql/img/sums_per_day.png -------------------------------------------------------------------------------- /examples/zetasql/img/visits_per_day.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/zetasql/img/visits_per_day.png -------------------------------------------------------------------------------- /examples/zetasql/img/visits_per_duration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/zetasql/img/visits_per_duration.png -------------------------------------------------------------------------------- /examples/zetasql/img/visits_per_hour.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/examples/zetasql/img/visits_per_hour.png -------------------------------------------------------------------------------- /experiments/testers/cc/WORKSPACE.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | """ Workspace for Part 1 of Evaluating Testing Tools for Differential Privacy """ 18 | 19 | workspace(name = "stochastic_tester") 20 | 21 | local_repository( 22 | name = "com_google_differential_privacy", 23 | path = "../../..", 24 | ) 25 | 26 | local_repository( 27 | name = "com_google_cc_differential_privacy", 28 | path = "../../../cc", 29 | ) 30 | 31 | 32 | # Load dependencies for the base workspace. 33 | load("@com_google_differential_privacy//:differential_privacy_deps.bzl", "differential_privacy_deps") 34 | differential_privacy_deps() 35 | 36 | # Load dependencies for the cc workspace. 37 | load("@com_google_cc_differential_privacy//:cc_differential_privacy_deps.bzl", "cc_differential_privacy_deps") 38 | cc_differential_privacy_deps() 39 | 40 | # Protobuf transitive dependencies. 41 | load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") 42 | protobuf_deps() 43 | -------------------------------------------------------------------------------- /experiments/testers/java/WORKSPACE.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | workspace(name = "statistical_tester") 18 | 19 | local_repository( 20 | name = "com_google_differential_privacy", 21 | path = "../../..", 22 | ) 23 | 24 | local_repository( 25 | name = "com_google_java_differential_privacy", 26 | path = "../../../java", 27 | ) 28 | 29 | # Load dependencies for the base workspace. 30 | load("@com_google_differential_privacy//:differential_privacy_deps.bzl", "differential_privacy_deps") 31 | differential_privacy_deps() 32 | 33 | # Protobuf transitive dependencies. 34 | load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") 35 | protobuf_deps() 36 | 37 | # Load maven rules. 38 | load("@com_google_java_differential_privacy//:dp_java_deps_preload.bzl", "dp_java_deps_prework") 39 | dp_java_deps_prework() 40 | 41 | load("@com_google_java_differential_privacy//:dp_java_deps.bzl", "dp_java_deps") 42 | dp_java_deps() 43 | 44 | -------------------------------------------------------------------------------- /go/README.md: -------------------------------------------------------------------------------- 1 | # Differential Privacy in Go 2 | 3 | This is the Go implementation of the differential privacy library. For general 4 | details and key definitions, see the top-level documentation. 5 | This document describes Go-specific aspects. 6 | 7 | ## How to Use 8 | 9 | Usage of the Go Differential Privacy library is demonstrated in the 10 | [codelab](../examples/go/). 11 | 12 | Full documentation of the API is available as [godoc](https://godoc.org/github.com/google/differential-privacy/go/v4/dpagg). 13 | 14 | ## Using with the "go" Command 15 | 16 | For building the differential privacy library with the ["go" command](https://golang.org/cmd/go/), 17 | you can run the following: 18 | ```shell 19 | go build -mod=mod ./... 20 | ``` 21 | This will build all the packages. `-mod=mod` is necessary for installing all the 22 | dependencies automatically. Otherwise, you'll be asked to install each 23 | dependency manually. 24 | 25 | Similarly, you can run all the tests with: 26 | ```shell 27 | go test -mod=mod ./... 28 | ``` 29 | 30 | If you already built the code with `go build`, you can omit `-mod=mod`. 31 | 32 | If you wish to run the 33 | [codelab](../examples/go/), 34 | you can do so by (from the root of the repository): 35 | 36 | ```shell 37 | cd examples/go/main 38 | go run -mod=mod . -scenario=CountVisitsPerHour -input_file=../data/day_data.csv -non_private_output_file=out1.csv -private_output_file=out2.csv 39 | ``` 40 | 41 | Change `scenario` and `input_file` to run other scenarios. Check out the 42 | [README](../examples/go/README.md) for more information. 43 | -------------------------------------------------------------------------------- /go/dpagg/aggregation_state.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package dpagg 18 | 19 | type aggregationState int 20 | 21 | var errorMessages = map[int]string{ 22 | defaultState: "", 23 | merged: "Object has been already merged", 24 | serialized: "Object has been already serialized", 25 | resultReturned: "DP result was already computed and returned.", 26 | } 27 | var stateName = map[int]string{ 28 | defaultState: "Default", 29 | merged: "Merged", 30 | serialized: "Serialized", 31 | resultReturned: "ResultReturned", 32 | } 33 | 34 | const ( 35 | defaultState = iota 36 | merged 37 | serialized 38 | resultReturned 39 | ) 40 | 41 | func (s aggregationState) errorMessage() string { 42 | return errorMessages[int(s)] 43 | } 44 | 45 | func (s aggregationState) String() string { 46 | return stateName[int(s)] 47 | } 48 | -------------------------------------------------------------------------------- /go/dpagg/coders.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package dpagg 18 | 19 | import ( 20 | "bytes" 21 | "encoding/gob" 22 | ) 23 | 24 | // Helpers for serializing DP aggregations. 25 | 26 | func encode(v interface{}) ([]byte, error) { 27 | var buf bytes.Buffer 28 | enc := gob.NewEncoder(&buf) 29 | err := enc.Encode(v) 30 | return buf.Bytes(), err 31 | } 32 | 33 | func decode(v interface{}, data []byte) error { 34 | return gob.NewDecoder(bytes.NewReader(data)).Decode(v) 35 | } 36 | -------------------------------------------------------------------------------- /go/dpagg/helpers.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package dpagg 18 | 19 | import ( 20 | "fmt" 21 | "math" 22 | ) 23 | 24 | // LargestRepresentableDelta is the largest delta we could support in 64 bit precision, approximately equal to one. 25 | var LargestRepresentableDelta = 1 - math.Pow(2, -53) 26 | 27 | // ClampFloat64 clamps e within lower and upper, such that lower is returned 28 | // if e < lower, and upper is returned if e > upper. Otherwise, e is returned. 29 | func ClampFloat64(e, lower, upper float64) (float64, error) { 30 | if lower > upper { 31 | return 0, fmt.Errorf("lower must be less than or equal to upper, got lower = %v, upper = %v", lower, upper) 32 | } 33 | 34 | if e > upper { 35 | return upper, nil 36 | } 37 | if e < lower { 38 | return lower, nil 39 | } 40 | return e, nil 41 | } 42 | 43 | // ClampInt64 clamps e within lower and upper. 44 | // Returns lower if e < lower. 45 | // Returns upper if e > upper. 46 | func ClampInt64(e, lower, upper int64) (int64, error) { 47 | if lower > upper { 48 | return 0, fmt.Errorf("lower must be less than or equal to upper, got lower = %v, upper = %v", lower, upper) 49 | } 50 | if e > upper { 51 | return upper, nil 52 | } 53 | if e < lower { 54 | return lower, nil 55 | } 56 | return e, nil 57 | } 58 | -------------------------------------------------------------------------------- /go/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/google/differential-privacy/go/v4 2 | 3 | go 1.22 4 | 5 | require ( 6 | github.com/golang/glog v1.2.0 7 | github.com/google/go-cmp v0.6.0 8 | gonum.org/v1/gonum v0.14.0 9 | ) 10 | 11 | require golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect 12 | -------------------------------------------------------------------------------- /go/go.sum: -------------------------------------------------------------------------------- 1 | github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= 2 | github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= 3 | github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= 4 | github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 5 | golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ= 6 | golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= 7 | gonum.org/v1/gonum v0.14.0 h1:2NiG67LD1tEH0D7kM+ps2V+fXmsAnpUeec7n8tcr4S0= 8 | gonum.org/v1/gonum v0.14.0/go.mod h1:AoWeoz0becf9QMWtE8iWXNXc27fK4fNeHNf/oMejGfU= 9 | -------------------------------------------------------------------------------- /go/noise/noise_test.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package noise 18 | 19 | import ( 20 | "math" 21 | "testing" 22 | ) 23 | 24 | var ( 25 | ln2 = math.Log(2) 26 | ln3 = math.Log(3) 27 | 28 | lap = Laplace() 29 | gauss = Gaussian() 30 | ) 31 | 32 | func nearEqual(a, b, maxError float64) bool { 33 | return math.Abs(a-b) < maxError 34 | } 35 | 36 | var benchResultFloat64 float64 37 | 38 | func BenchmarkLaplaceFloat64(b *testing.B) { 39 | var r float64 40 | var err error 41 | for i := 0; i < b.N; i++ { 42 | r, err = lap.AddNoiseFloat64(42, 1, 1, ln3, 0) 43 | if err != nil { 44 | b.Fatalf("Couldn't add laplace noise: %v", err) 45 | } 46 | } 47 | benchResultFloat64 = r 48 | } 49 | 50 | func approxEqual(a, b float64) bool { 51 | maxMagnitude := math.Max(math.Abs(a), math.Abs(b)) 52 | if math.IsInf(maxMagnitude, +1) { 53 | return a == b 54 | } 55 | return math.Abs(a-b) <= 1e-6*maxMagnitude 56 | } 57 | -------------------------------------------------------------------------------- /go/rand/rand_test.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package rand 18 | 19 | import ( 20 | "bytes" 21 | "testing" 22 | ) 23 | 24 | func TestBooleanBufIsShifting(t *testing.T) { 25 | randBuf = bytes.NewReader([]byte{ 26 | 0b00100100, 27 | 0b10010000, 28 | }) 29 | for pos, want := range []bool{ 30 | // first byte 31 | false, 32 | false, 33 | true, 34 | false, 35 | false, 36 | true, 37 | false, 38 | false, 39 | // second byte 40 | false, 41 | false, 42 | false, 43 | false, 44 | true, 45 | false, 46 | false, 47 | true, 48 | } { 49 | if got := Boolean(); got != want { 50 | t.Errorf("Boolean: got %v, want %v in %v-th iteration", got, want, pos) 51 | } 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /go/stattestutils/stattestutils.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2023 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | // Package stattestutils provides basic statistical utility functions. 18 | // 19 | // This package is not optimized for performance or speed and is only intended 20 | // to be used in tests. 21 | package stattestutils 22 | 23 | import "math" 24 | 25 | // SampleMean returns the mean of a slice, calculated as the average over the 26 | // values in the slice. 27 | func SampleMean(values []float64) float64 { 28 | var sum float64 = 0.0 29 | for _, v := range values { 30 | sum += v 31 | } 32 | return sum / math.Max(1, float64(len(values))) 33 | } 34 | 35 | // SampleVariance returns the variance of a slice, calculated as the sum of 36 | // sqaures of the distance to the mean of each of the values, divided by the 37 | // number of values. 38 | func SampleVariance(values []float64) float64 { 39 | mean := SampleMean(values) 40 | var sumOfSquares float64 = 0.0 41 | for _, v := range values { 42 | sumOfSquares += math.Pow(v-mean, 2) 43 | } 44 | return sumOfSquares / math.Max(1, float64(len(values))) 45 | } 46 | -------------------------------------------------------------------------------- /go/stattestutils/stattestutils_test.go: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package stattestutils 16 | 17 | import ( 18 | "math" 19 | "testing" 20 | ) 21 | 22 | func TestSampleMean(t *testing.T) { 23 | for _, tc := range []struct { 24 | input []float64 25 | wantMean float64 26 | }{ 27 | { 28 | input: []float64{}, 29 | wantMean: 0, 30 | }, 31 | { 32 | input: []float64{100.123}, 33 | wantMean: 100.123, 34 | }, 35 | { 36 | input: []float64{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10}, 37 | wantMean: 5, 38 | }, 39 | } { 40 | output := SampleMean(tc.input) 41 | if math.Abs(output-tc.wantMean) > 10e-10 { 42 | t.Errorf("got sampleMean(%v)=%f, want %f", tc.input, output, tc.wantMean) 43 | } 44 | } 45 | } 46 | 47 | func TestSampleVariance(t *testing.T) { 48 | for _, tc := range []struct { 49 | input []float64 50 | wantVariance float64 51 | }{ 52 | { 53 | input: []float64{}, 54 | wantVariance: 0, 55 | }, 56 | { 57 | input: []float64{100.123}, 58 | wantVariance: 0, 59 | }, 60 | { 61 | input: []float64{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10}, 62 | wantVariance: 10, 63 | }, 64 | } { 65 | output := SampleVariance(tc.input) 66 | if math.Abs(output-tc.wantVariance) > 10e-10 { 67 | t.Errorf("got sampleVariance(%v)=%f, want %f", tc.input, output, tc.wantVariance) 68 | } 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /java/.bazelrc: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2023 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | build --java_language_version=11 18 | build --java_runtime_version=remotejdk_11 -------------------------------------------------------------------------------- /java/.bazelversion: -------------------------------------------------------------------------------- 1 | 7.5.0 2 | -------------------------------------------------------------------------------- /java/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | load("@bazel_common//tools/maven:pom_file.bzl", "pom_file") 18 | load("@rules_jvm_external//:defs.bzl", "java_export") 19 | 20 | # Update the following version for packaging of a new release. 21 | _DP_LIB_VERSION = "4.0.0" 22 | 23 | exports_files([ 24 | "dp_java_deps.bzl", 25 | "dp_java_deps_preload.bzl", 26 | ]) 27 | 28 | pom_file( 29 | name = "differentialprivacy_pom", 30 | substitutions = {"DP_LIB_VERSION": _DP_LIB_VERSION}, 31 | targets = [ 32 | "//main/com/google/privacy/differentialprivacy", 33 | ], 34 | template_file = "pom.template", 35 | ) 36 | 37 | java_export( 38 | name = "differentialprivacy-export", 39 | maven_coordinates = "com.google.privacy.differentialprivacy:differentialprivacy:%s" % _DP_LIB_VERSION, 40 | pom_template = ":differentialprivacy_pom", 41 | runtime_deps = [ 42 | "//main/com/google/privacy/differentialprivacy", 43 | ], 44 | ) 45 | -------------------------------------------------------------------------------- /java/README.md: -------------------------------------------------------------------------------- 1 | ## Differential Privacy library in Java 2 | 3 | This is the Java implementation of the differential privacy library. For general 4 | details and key definitions, see the top-level documentation. 5 | This document describes Java-specific aspects. 6 | 7 | ### How to Use 8 | Usage of the Java Differential Privacy library is demonstrated in the 9 | [codelab](https://github.com/google/differential-privacy/tree/main/examples/java). 10 | -------------------------------------------------------------------------------- /java/WORKSPACE.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | workspace(name = "com_google_java_differential_privacy") 18 | 19 | local_repository( 20 | name = "com_google_differential_privacy", 21 | path = "..", 22 | ) 23 | 24 | # Load maven rules. 25 | load("//:dp_java_deps_preload.bzl", "dp_java_deps_prework") 26 | 27 | dp_java_deps_prework() 28 | 29 | load("@rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps") 30 | 31 | rules_jvm_external_deps() 32 | 33 | load("@rules_jvm_external//:setup.bzl", "rules_jvm_external_setup") 34 | 35 | rules_jvm_external_setup() 36 | 37 | load("//:dp_java_deps.bzl", "dp_java_deps") 38 | 39 | dp_java_deps() 40 | 41 | # Load dependencies for the base workspace. 42 | load("@com_google_differential_privacy//:differential_privacy_deps.bzl", "differential_privacy_deps") 43 | 44 | differential_privacy_deps() 45 | 46 | # Protobuf transitive dependencies. 47 | load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") 48 | 49 | protobuf_deps() 50 | 51 | # Complete pinning after defining dependencies. 52 | load("@maven//:defs.bzl", "pinned_maven_install") 53 | 54 | pinned_maven_install() 55 | -------------------------------------------------------------------------------- /java/dp_java_deps.bzl: -------------------------------------------------------------------------------- 1 | """ Dependencies for java library. """ 2 | 3 | load("@rules_jvm_external//:defs.bzl", "maven_install") 4 | 5 | def dp_java_deps(): 6 | maven_install( 7 | # Run `REPIN=1 bazel run @unpinned_maven//:pin` after changing dependencies. 8 | artifacts = [ 9 | # artifacts for building and testing 10 | "org.apache.commons:commons-math3:3.6.1", 11 | "com.google.auto.value:auto-value-annotations:1.11.0", 12 | "com.google.auto.value:auto-value:1.11.0", 13 | "com.google.code.findbugs:jsr305:3.0.2", 14 | "com.google.errorprone:error_prone_annotations:2.37.0", 15 | "com.google.guava:guava:33.4.5-jre", 16 | "com.google.protobuf:protobuf-java:4.30.1", 17 | # artifacts for testing only 18 | "org.mockito:mockito-core:5.16.1", 19 | "junit:junit:4.13.2", 20 | "com.google.truth:truth:1.4.4", 21 | "com.google.truth.extensions:truth-java8-extension:1.4.4", 22 | "com.google.testparameterinjector:test-parameter-injector:1.18", 23 | ], 24 | repositories = [ 25 | "https://jcenter.bintray.com/", 26 | "https://maven.google.com", 27 | "https://repo1.maven.org/maven2", 28 | ], 29 | maven_install_json = "@com_google_java_differential_privacy//:maven_install.json", 30 | ) 31 | -------------------------------------------------------------------------------- /java/dp_java_deps_preload.bzl: -------------------------------------------------------------------------------- 1 | """Setup code to allow loading dependencies from maven.""" 2 | 3 | load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") 4 | 5 | def dp_java_deps_prework(): 6 | """ Does the pre-work necessary to use the maven_install rule. 7 | 8 | This must be called before the rest of the dependencies are loaded. 9 | """ 10 | RULES_JVM_EXTERNAL_TAG = "6.0" 11 | RULES_JVM_EXTERNAL_SHA = "85fd6bad58ac76cc3a27c8e051e4255ff9ccd8c92ba879670d195622e7c0a9b7" 12 | BAZEL_COMMON_TAG = "a9e1d8efd54cbf27249695b23775b75ca65bb59d" 13 | BAZEL_COMMON_SHA = "17ea98149586dff60aa741c67fbd9a010fbb1507df90e741c50403bf5228bea3" 14 | http_archive( 15 | name = "rules_jvm_external", 16 | strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG, 17 | sha256 = RULES_JVM_EXTERNAL_SHA, 18 | url = "https://github.com/bazelbuild/rules_jvm_external/releases/download/%s/rules_jvm_external-%s.tar.gz" % (RULES_JVM_EXTERNAL_TAG, RULES_JVM_EXTERNAL_TAG), 19 | ) 20 | http_archive( 21 | name = "bazel_common", 22 | url = "https://github.com/google/bazel-common/archive/%s.tar.gz" % BAZEL_COMMON_TAG, 23 | sha256 = BAZEL_COMMON_SHA, 24 | strip_prefix = "bazel-common-%s" % BAZEL_COMMON_TAG, 25 | ) 26 | -------------------------------------------------------------------------------- /java/main/com/google/privacy/differentialprivacy/AggregationState.java: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package com.google.privacy.differentialprivacy; 18 | 19 | /** Represents the state of the aggregation. */ 20 | public enum AggregationState { 21 | /** Object hasn't been serialized and computeResult() hasn't been called. */ 22 | DEFAULT(""), 23 | /** Object has been serialized. */ 24 | SERIALIZED("Object has been already serialized."), 25 | /** computeResult() was called. */ 26 | RESULT_RETURNED("DP result was already computed and returned."); 27 | private final String errorMessage; 28 | 29 | AggregationState(String errorMessage) { 30 | this.errorMessage = errorMessage; 31 | } 32 | 33 | public String getErrorMessage() { 34 | return errorMessage; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /java/main/com/google/privacy/differentialprivacy/ConfidenceInterval.java: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package com.google.privacy.differentialprivacy; 18 | 19 | import com.google.auto.value.AutoValue; 20 | 21 | /** Stores the upper and lower bounds of a confidence interval. */ 22 | @AutoValue 23 | public abstract class ConfidenceInterval { 24 | public static ConfidenceInterval create(double lowerBound, double upperBound) { 25 | return new AutoValue_ConfidenceInterval(lowerBound, upperBound); 26 | } 27 | 28 | public abstract double lowerBound(); 29 | 30 | public abstract double upperBound(); 31 | } 32 | -------------------------------------------------------------------------------- /java/main/com/google/privacy/differentialprivacy/TestNoiseFactory.java: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2022 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package com.google.privacy.differentialprivacy; 18 | 19 | import java.util.Random; 20 | 21 | /** 22 | * Factory for creating Noise instances with a specified randomness source. This should only be used 23 | * when a large number of samples need to be generated without concern for the security of the 24 | * results as in the statistical tests. 25 | */ 26 | public final class TestNoiseFactory { 27 | private TestNoiseFactory() {} 28 | 29 | public static GaussianNoise createGaussianNoise(Random random) { 30 | return GaussianNoise.createForTesting(random); 31 | } 32 | 33 | public static LaplaceNoise createLaplaceNoise(Random random) { 34 | return LaplaceNoise.createForTesting(random); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /java/main/com/google/privacy/differentialprivacy/testing/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | load("@rules_java//java:defs.bzl", "java_library") 18 | 19 | package( 20 | default_visibility = [ 21 | "//visibility:public", 22 | ], 23 | ) 24 | 25 | java_library( 26 | name = "reference_noise", 27 | testonly = 1, 28 | srcs = ["ReferenceNoiseUtil.java"], 29 | deps = [ 30 | "@com_google_differential_privacy//proto/testing:statistical_tests_java_proto", 31 | "@maven//:com_google_guava_guava", 32 | "@maven//:com_google_protobuf_protobuf_java", 33 | "@maven//:org_apache_commons_commons_math3", 34 | ], 35 | ) 36 | 37 | java_library( 38 | name = "statistical_utils", 39 | testonly = 1, 40 | srcs = [ 41 | "StatisticalTestsUtil.java", 42 | "VotingUtil.java", 43 | ], 44 | deps = [ 45 | "@maven//:com_google_guava_guava", 46 | ], 47 | ) 48 | -------------------------------------------------------------------------------- /java/pom.template: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | com.google.privacy.differentialprivacy 7 | differentialprivacy 8 | DP_LIB_VERSION 9 | jar 10 | 11 | Google's Differential Privacy Library 12 | 13 | Differential Privacy library to generate (epsilon, delta)-differential private statistics over datasets. 14 | 15 | https://github.com/google/differential-privacy 16 | 17 | 18 | 19 | Apache License, Version 2.0 20 | http://www.apache.org/licenses/LICENSE-2.0.txt 21 | 22 | 23 | 24 | 25 | 26 | Differential Privacy Team 27 | dp-open-source@google.com 28 | Google 29 | https://google.com 30 | 31 | 32 | 33 | 34 | scm:git:git://github.com/google/differential-privacy.git 35 | https://github.com/google/differential-privacy/tree/main 36 | 37 | 38 | 39 | {generated_bzl_deps} 40 | 41 | 42 | -------------------------------------------------------------------------------- /learning/.bazelversion: -------------------------------------------------------------------------------- 1 | 8.1.1 2 | -------------------------------------------------------------------------------- /learning/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2021 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Private Learning Algorithms 18 | -------------------------------------------------------------------------------- /learning/MODULE.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2025 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | bazel_dep(name = "rules_python", version = "1.2.0") 18 | 19 | python = use_extension("@rules_python//python/extensions:python.bzl", "python") 20 | python.toolchain( 21 | ignore_root_user_error = True, 22 | python_version = "3.9", 23 | ) 24 | 25 | pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip") 26 | pip.parse( 27 | hub_name = "learning_py_pip_deps", 28 | python_version = "3.9", 29 | requirements_lock = "//:requirements_lock.txt", 30 | ) 31 | use_repo(pip, "learning_py_pip_deps") 32 | 33 | bazel_dep(name = "google_dp_accounting_py") 34 | local_path_override( 35 | module_name = "google_dp_accounting_py", 36 | path = "../python/dp_accounting", 37 | ) 38 | -------------------------------------------------------------------------------- /learning/WORKSPACE: -------------------------------------------------------------------------------- 1 | # This file marks the root of the Bazel workspace. 2 | # See MODULE.bazel for external dependencies setup. 3 | -------------------------------------------------------------------------------- /learning/clustering/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """Clustering package.""" 16 | -------------------------------------------------------------------------------- /learning/clustering/coreset_params.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Parameters for coreset generation.""" 15 | 16 | import dataclasses 17 | import typing 18 | 19 | from clustering import clustering_params 20 | from clustering import privacy_calculator 21 | 22 | 23 | @dataclasses.dataclass 24 | class CoresetParam(): 25 | """Parameters that determine the clustering algorithm. 26 | 27 | Attributes: 28 | pcalc: Privacy calculator. 29 | tree_param: Parameters for constructing LSH tree. 30 | short_description: Text description for clustering parameters. 31 | radius: Bound on the distance of each point from the origin in datapoints. 32 | """ 33 | pcalc: privacy_calculator.PrivacyCalculator 34 | tree_param: clustering_params.TreeParam 35 | short_description: typing.Optional[str] 36 | radius: float 37 | -------------------------------------------------------------------------------- /learning/clustering/coreset_params_test.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Tests for coreset_params.""" 15 | 16 | from absl.testing import absltest 17 | 18 | from clustering import clustering_params 19 | from clustering import coreset_params 20 | from clustering import test_utils 21 | 22 | 23 | class ClusteringParamTest(absltest.TestCase): 24 | 25 | def test_coreset_param(self): 26 | pcalc = test_utils.get_test_privacy_calculator() 27 | tree_param = clustering_params.TreeParam( 28 | min_num_points_in_branching_node=4, 29 | min_num_points_in_node=2, 30 | max_depth=5) 31 | coreset_param = coreset_params.CoresetParam( 32 | pcalc=pcalc, 33 | tree_param=tree_param, 34 | short_description="TestCoresetParam", 35 | radius=20) 36 | self.assertEqual(coreset_param.pcalc, pcalc) 37 | self.assertEqual(coreset_param.tree_param, tree_param) 38 | self.assertEqual(coreset_param.short_description, "TestCoresetParam") 39 | self.assertEqual(coreset_param.radius, 20) 40 | 41 | 42 | if __name__ == "__main__": 43 | absltest.main() 44 | -------------------------------------------------------------------------------- /learning/clustering/demo/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2021 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Demo for private clustering 18 | 19 | package(default_visibility = [ 20 | "//visibility:public", 21 | ]) 22 | 23 | licenses(["notice"]) 24 | 25 | py_library( 26 | name = "data_generation", 27 | srcs = ["data_generation.py"], 28 | srcs_version = "PY3", 29 | deps = [ 30 | "//clustering:clustering_params", 31 | "@learning_py_pip_deps//numpy", 32 | ], 33 | ) 34 | 35 | py_test( 36 | name = "data_generation_test", 37 | srcs = ["data_generation_test.py"], 38 | python_version = "PY3", 39 | srcs_version = "PY3", 40 | deps = [ 41 | ":data_generation", 42 | "//clustering:clustering_params", 43 | "@learning_py_pip_deps//absl_py", 44 | "@learning_py_pip_deps//numpy", 45 | ], 46 | ) 47 | 48 | py_binary( 49 | name = "clustering_demo", 50 | srcs = ["clustering_demo.py"], 51 | python_version = "PY3", 52 | srcs_version = "PY3", 53 | deps = [ 54 | ":data_generation", 55 | "//clustering:clustering_algorithm", 56 | "//clustering:clustering_params", 57 | "@learning_py_pip_deps//absl_py", 58 | "@learning_py_pip_deps//numpy", 59 | ], 60 | ) 61 | -------------------------------------------------------------------------------- /learning/clustering/demo/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """Clustering package.""" 16 | -------------------------------------------------------------------------------- /learning/clustering/plots/MNIST-embed_vary_k_loss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/learning/clustering/plots/MNIST-embed_vary_k_loss.png -------------------------------------------------------------------------------- /learning/clustering/plots/Synthetic_vary_k_loss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/learning/clustering/plots/Synthetic_vary_k_loss.png -------------------------------------------------------------------------------- /learning/clustering/plots/UCI-emissions_vary_k_loss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/learning/clustering/plots/UCI-emissions_vary_k_loss.png -------------------------------------------------------------------------------- /learning/clustering/plots/UCI-letter_vary_k_loss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/learning/clustering/plots/UCI-letter_vary_k_loss.png -------------------------------------------------------------------------------- /learning/clustering/private_outputs.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Objects used for storing intermediate private results.""" 15 | 16 | import dataclasses 17 | import numpy as np 18 | 19 | from clustering import clustering_params 20 | 21 | 22 | @dataclasses.dataclass 23 | class PrivateWeightedData(): 24 | """Differentially private weighted dataset. 25 | 26 | Attributes: 27 | datapoints: Datapoints where each row is a datapoint. 28 | weights: Weights for each datapoint. 29 | """ 30 | datapoints: clustering_params.Points 31 | weights: np.ndarray 32 | -------------------------------------------------------------------------------- /learning/clustering/private_outputs_test.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Tests for private_outputs.""" 15 | 16 | from absl.testing import absltest 17 | 18 | import numpy as np 19 | 20 | from clustering import private_outputs 21 | 22 | 23 | class PrivateOutputsTest(absltest.TestCase): 24 | 25 | def test_data(self): 26 | weights = np.array([2., 3., 1.]) 27 | data = private_outputs.PrivateWeightedData( 28 | np.ones(shape=(3, 2)), weights) 29 | self.assertSequenceAlmostEqual(data.weights, weights) 30 | 31 | 32 | if __name__ == '__main__': 33 | absltest.main() 34 | -------------------------------------------------------------------------------- /learning/requirements.txt: -------------------------------------------------------------------------------- 1 | # The version of these dependencies need to be compatible with the versions of 2 | # the dependenices from `../python/dp_accounting/requirements.txt`. 3 | 4 | absl-py~=1.0 5 | numpy~=1.21 6 | scikit-learn>=1.5.0 7 | scipy~=1.7 8 | -------------------------------------------------------------------------------- /learning/requirements_lock.txt: -------------------------------------------------------------------------------- 1 | absl-py==1.4.0 2 | joblib==1.4.2 3 | numpy==1.26.4 4 | scikit-learn==0.24.2 5 | scipy==1.13.1 6 | threadpoolctl==3.6.0 7 | -------------------------------------------------------------------------------- /learning/setup.py: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Setup for DP Learning package.""" 15 | 16 | import os 17 | import setuptools 18 | 19 | here = os.path.dirname(os.path.abspath(__file__)) 20 | 21 | 22 | def _parse_requirements(path): 23 | """Parses requirements from file.""" 24 | with open(os.path.join(here, path)) as f: 25 | return [line.rstrip() for line in f] + ["dp-accounting"] 26 | 27 | 28 | setuptools.setup( 29 | name="dp-learning", 30 | author="Google Differential Privacy Team", 31 | author_email="dp-open-source@google.com", 32 | description="Differential privacy learning algorithms", 33 | long_description_content_type="text/markdown", 34 | url="https://github.com/google/differential-privacy/", 35 | packages=setuptools.find_packages(), 36 | install_requires=_parse_requirements("requirements.txt"), 37 | classifiers=[ 38 | "Programming Language :: Python :: 3.7", 39 | "Programming Language :: Python :: 3.8", 40 | "Programming Language :: Python :: 3.9", 41 | "Topic :: Software Development :: Libraries :: Python Modules", 42 | ], 43 | python_requires=">=3.7", 44 | license="Apache 2.0", 45 | keywords="differential-privacy clustering", 46 | ) 47 | -------------------------------------------------------------------------------- /pipelinedp4j/.bazelrc: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | 16 | build --java_language_version=11 17 | build --java_runtime_version=remotejdk_11 18 | -------------------------------------------------------------------------------- /pipelinedp4j/.bazelversion: -------------------------------------------------------------------------------- 1 | 7.3.1 -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/api/ColumnsNames.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.api 18 | 19 | import java.io.Serializable 20 | 21 | @ConsistentCopyVisibility 22 | data class ColumnNames internal constructor(internal val names: List) : Serializable { 23 | constructor(vararg names: String) : this(names.toList()) 24 | } 25 | 26 | /** 27 | * Type of List implementation where column values of the same row will be stored. 28 | * 29 | * It is important for list comparisons (e.g. in "group by" operations) to have the same 30 | * implementations of the list. It is not enough that these lists have the same elements in the same 31 | * order (i.e. l1.equals(l2)). This is because keys (which are lists in our case) in join/group by 32 | * operations are compared just as a sequence of bytes and different list implementations have 33 | * different serialized representation even if they are equal. 34 | */ 35 | internal typealias ColumnValuesListImplementation = ArrayList 36 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/api/GroupsBalance.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.api 18 | 19 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.PartitionsBalance 20 | 21 | /** 22 | * The balance of the groups in the input dataset. 23 | * 24 | * Groups are balanced if there is no group which contribute > 1% of data. Otherwise, the groups are 25 | * unbalanced. 26 | */ 27 | enum class GroupsBalance { 28 | /** Use if you don't know the answer. */ 29 | UNKNOWN, 30 | /** Use if you know that the groups are balanced according to the definition above. */ 31 | BALANCED, 32 | /** Use if you know that the groups are unbalanced according to the definition above. */ 33 | UNBALANCED, 34 | } 35 | 36 | /** 37 | * Converts the [GroupsBalance] to the [PartitionsBalance] which is used internally. 38 | * 39 | * We delibaretly do not expose the internal classes in the public API to limit the surface of the 40 | * API. This will give us more flexibility to change the implementation. 41 | */ 42 | internal fun GroupsBalance.toPartitionsBalance() = 43 | when (this) { 44 | GroupsBalance.UNKNOWN -> PartitionsBalance.UNKNOWN 45 | GroupsBalance.BALANCED -> PartitionsBalance.BALANCED 46 | GroupsBalance.UNBALANCED -> PartitionsBalance.UNBALANCED 47 | } 48 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/api/NoiseKind.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.api 18 | 19 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.NoiseKind as InternalNoiseKind 20 | 21 | /** 22 | * The kind of noise that will be applied to the data. 23 | * 24 | * @property LAPLACE noise is sampled from a Laplace distribution. To use it, you need to specify 25 | * epsilon, delta is not required if groups are public. 26 | * @property GAUSSIAN noise is sampled from a Gaussian distribution. To use it, you need to specify 27 | * both epsilon and delta in absolute budgets for aggregations and total budgets. 28 | */ 29 | enum class NoiseKind { 30 | LAPLACE, 31 | GAUSSIAN, 32 | } 33 | 34 | /** 35 | * Converts the [NoiseKind] to the [InternalNoiseKind]. 36 | * 37 | * We delibaretly do not expose the internal classes in the public API to limit the surface of the 38 | * API. This will give us more flexibility to change the implementation. 39 | */ 40 | internal fun NoiseKind.toInternalNoiseKind() = 41 | when (this) { 42 | NoiseKind.LAPLACE -> InternalNoiseKind.LAPLACE 43 | NoiseKind.GAUSSIAN -> InternalNoiseKind.GAUSSIAN 44 | } 45 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/api/TestMode.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.api 18 | 19 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.ExecutionMode 20 | 21 | /** 22 | * The test mode to apply in tests to make them deterministic. 23 | * 24 | * Always use NONE in production code. 25 | * 26 | * @property NONE default, no test mode, the only mode that can be used in production, applies all 27 | * privacy measures requested by the pipeline code. 28 | * @property FULL no contribution bounding, no noise and no groups selection. The pipeline will 29 | * calculate metrics as if no privacy measures were applied. 30 | */ 31 | enum class TestMode { 32 | NONE, 33 | FULL, 34 | } 35 | 36 | /** 37 | * Converts the [TestMode] to the [ExecutionMode] which is used internally. 38 | * 39 | * We delibaretly do not expose the internal classes in the public API to limit the surface of the 40 | * API. This will give us more flexibility to change the implementation. 41 | */ 42 | internal fun TestMode.toExecutionMode() = 43 | when (this) { 44 | TestMode.NONE -> ExecutionMode.PRODUCTION 45 | TestMode.FULL -> ExecutionMode.FULL_TEST_MODE 46 | } 47 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/api/VectorAggregationsBuilder.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.api 18 | 19 | /** Builder to specify which aggregations to perform on a vector. */ 20 | class VectorAggregationsBuilder() { 21 | internal val aggregations = mutableListOf() 22 | 23 | /** 24 | * Instructs the query to calculate the sum of vectors in each group. 25 | * 26 | * @param outputColumnName the name of the key in [QueryPerGroupResult.aggregationResults] which 27 | * will be the output of the query. 28 | * @param budget the budget to use for the aggregation, optional. If not specified, then the 29 | * budget will be relative and have weight 1. See [RelativeBudgetPerOpSpec] for details on what 30 | * weights mean. 31 | */ 32 | @JvmOverloads 33 | fun vectorSum( 34 | outputColumnName: String, 35 | budget: BudgetPerOpSpec? = null, 36 | ): VectorAggregationsBuilder { 37 | aggregations.add(VectorAggregationSpec.vectorSum(outputColumnName, budget)) 38 | return this 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/beam/BeamDpEngineFactory.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.beam 18 | 19 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.DpEngine 20 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.DpEngineBudgetSpec 21 | 22 | // TODO: add tests either in respective test class or preferably delete this file and 23 | // and parameterize the dp engine end2end tests with all different types of backends. 24 | 25 | /** Creates a [DpEngine] that runs DP aggregations on Beam. */ 26 | fun DpEngine.Factory.createBeamEngine(budgetSpec: DpEngineBudgetSpec) = 27 | create(BeamEncoderFactory(), budgetSpec) 28 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/core/NoPrivacySampler.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.core 18 | 19 | /** 20 | * Performs no sampling and thus has no privacy. Use for testing and utility analysis only. 21 | * 22 | * Returns a map from [PartitionKey] to [PrivacyIdContributions] where [PrivacyIdContributions] is a 23 | * representation of all contributions of a [PrivacyId] to the corresponding [PartitionKey]. 24 | */ 25 | class NoPrivacySampler( 26 | privacyIdEncoder: Encoder, 27 | partitionKeyEncoder: Encoder, 28 | encoderFactory: EncoderFactory, 29 | ) : 30 | ContributionSampler by OnlyPerPartitionContributionSampler< 31 | PrivacyIdT, 32 | PartitionKeyT, 33 | >( 34 | maxContributionsPerPartition = Int.MAX_VALUE, 35 | privacyIdEncoder, 36 | partitionKeyEncoder, 37 | encoderFactory, 38 | ) 39 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/core/budget/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_kotlin//kotlin:jvm.bzl", "kt_jvm_library") 16 | 17 | package( 18 | default_visibility = [ 19 | "//:__pkg__", 20 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/api:__subpackages__", 21 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/core:__subpackages__", 22 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/dev_examples:__subpackages__", 23 | "//tests/com/google/privacy/differentialprivacy/pipelinedp4j/core:__subpackages__", 24 | "//tests/com/google/privacy/differentialprivacy/pipelinedp4j/core/budget:__subpackages__", 25 | ], 26 | ) 27 | 28 | kt_jvm_library( 29 | name = "budget_spec", 30 | srcs = ["BudgetSpec.kt"], 31 | deps = [ 32 | "@maven//:com_google_errorprone_error_prone_annotations", 33 | ], 34 | ) 35 | 36 | kt_jvm_library( 37 | name = "allocated_budget", 38 | srcs = ["AllocatedBudget.kt"], 39 | ) 40 | 41 | kt_jvm_library( 42 | name = "budget_accountant", 43 | srcs = ["BudgetAccountant.kt"], 44 | deps = [ 45 | ":allocated_budget", 46 | ":budget_spec", 47 | ], 48 | ) 49 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/dplibrary/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_kotlin//kotlin:jvm.bzl", "kt_jvm_library") 16 | 17 | package( 18 | default_visibility = [ 19 | "//:__pkg__", 20 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/core:__subpackages__", 21 | "//tests/com/google/privacy/differentialprivacy/pipelinedp4j/core:__subpackages__", 22 | ], 23 | ) 24 | 25 | kt_jvm_library( 26 | name = "noise_factories", 27 | srcs = ["NoiseFactories.kt"], 28 | deps = [ 29 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/core:dp_functions_params", 30 | "@maven//:com_google_privacy_differentialprivacy_differentialprivacy", 31 | ], 32 | ) 33 | 34 | kt_jvm_library( 35 | name = "pre_aggregation_partition_selection_factory", 36 | srcs = ["PreAggregationPartitionSelectionFactory.kt"], 37 | deps = [ 38 | "@maven//:com_google_privacy_differentialprivacy_differentialprivacy", 39 | ], 40 | ) 41 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/dplibrary/NoiseFactories.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.dplibrary 18 | 19 | import com.google.privacy.differentialprivacy.GaussianNoise 20 | import com.google.privacy.differentialprivacy.LaplaceNoise 21 | import com.google.privacy.differentialprivacy.Noise 22 | import com.google.privacy.differentialprivacy.ZeroNoise 23 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.NoiseKind 24 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.NoiseKind.GAUSSIAN 25 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.NoiseKind.LAPLACE 26 | import java.io.Serializable 27 | 28 | /** Generates a [Noise] instance with the given [NoiseKind]. */ 29 | class NoiseFactory : (NoiseKind) -> Noise, Serializable { 30 | override fun invoke(noiseKind: NoiseKind) = 31 | when (noiseKind) { 32 | LAPLACE -> LaplaceNoise() 33 | GAUSSIAN -> GaussianNoise() 34 | } 35 | } 36 | 37 | /** For any [NoiseKind] returns ZeroNoise (i.e. no noise at all). */ 38 | class ZeroNoiseFactory : (NoiseKind) -> Noise, Serializable { 39 | override fun invoke(noiseKind: NoiseKind) = ZeroNoise() 40 | } 41 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/dplibrary/PreAggregationPartitionSelectionFactory.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.dplibrary 18 | 19 | import com.google.privacy.differentialprivacy.PreAggSelectPartition 20 | import java.io.Serializable 21 | 22 | open class PreAggregationPartitionSelectionFactory : Serializable { 23 | open fun create( 24 | epsilon: Double, 25 | delta: Double, 26 | maxPartitionsContributed: Int, 27 | preThreshold: Int, 28 | ) = 29 | PreAggSelectPartition.builder() 30 | .epsilon(epsilon) 31 | .delta(delta) 32 | .maxPartitionsContributed(maxPartitionsContributed) 33 | .preThreshold(preThreshold) 34 | .build() 35 | } 36 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/local/LocalDpEngineFactory.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.local 18 | 19 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.DpEngine 20 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.DpEngineBudgetSpec 21 | 22 | /** Creates a [DpEngine] that runs DP aggregations locally. */ 23 | fun DpEngine.Factory.createLocalEngine(budgetSpec: DpEngineBudgetSpec) = 24 | create(LocalEncoderFactory(), budgetSpec) 25 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/proto/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@com_github_grpc_grpc_kotlin//:kt_jvm_grpc.bzl", "kt_jvm_proto_library") 16 | 17 | package( 18 | default_visibility = [ 19 | "//:__pkg__", 20 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/api:__subpackages__", 21 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/core:__subpackages__", 22 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/dev_examples:__subpackages__", 23 | "//tests/com/google/privacy/differentialprivacy/pipelinedp4j/beam:__subpackages__", 24 | "//tests/com/google/privacy/differentialprivacy/pipelinedp4j/core:__subpackages__", 25 | "//tests/com/google/privacy/differentialprivacy/pipelinedp4j/spark:__subpackages__", 26 | ], 27 | ) 28 | 29 | proto_library( 30 | name = "accumulators_proto", 31 | srcs = ["accumulators.proto"], 32 | ) 33 | 34 | kt_jvm_proto_library( 35 | name = "accumulators_kt_proto", 36 | deps = [":accumulators_proto"], 37 | ) 38 | 39 | proto_library( 40 | name = "dpaggregates_proto", 41 | srcs = ["dpaggregates.proto"], 42 | ) 43 | 44 | kt_jvm_proto_library( 45 | name = "dpaggregates_kt_proto", 46 | deps = [":dpaggregates_proto"], 47 | ) 48 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/proto/dpaggregates.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package privacy.differentialprivacy.pipelinedp4j.proto; 18 | 19 | option java_package = "com.google.privacy.differentialprivacy.pipelinedp4j.proto"; 20 | option java_outer_classname = "DpAggregatesProto"; 21 | option java_multiple_files = true; 22 | 23 | // The anonymized aggregated result returned by PipelineDP4j. The proto has 24 | // fields for all possible metrics that can be computed. Only metrics requested 25 | // by the user are populated. 26 | message DpAggregates { 27 | double privacy_id_count = 3; 28 | double count = 1; 29 | double sum = 2; 30 | repeated double vector_sum = 7; 31 | double mean = 4; 32 | // Sorted by rank. 33 | repeated double quantiles = 5; 34 | double variance = 6; 35 | } 36 | 37 | // Contribution that belong to the same privacy ID and partition key. 38 | message PrivacyIdContributions { 39 | message MultiValueContribution { 40 | repeated double values = 1; 41 | } 42 | 43 | // Used for metrics like VECTOR_SUM where a single contribution has 44 | // multiple double values. 45 | repeated MultiValueContribution multi_value_contributions = 1; 46 | // Used for metrics like SUM where a single contribution has 47 | // a single double value. 48 | repeated double single_value_contributions = 2; 49 | } 50 | -------------------------------------------------------------------------------- /pipelinedp4j/main/com/google/privacy/differentialprivacy/pipelinedp4j/spark/SparkDpEngineFactory.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.spark 18 | 19 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.DpEngine 20 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.DpEngineBudgetSpec 21 | 22 | /** Creates a [DpEngine] that runs DP aggregations on Spark. */ 23 | fun DpEngine.Factory.createSparkEngine(budgetSpec: DpEngineBudgetSpec) = 24 | create(SparkEncoderFactory(), budgetSpec) 25 | -------------------------------------------------------------------------------- /pipelinedp4j/pom.template: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | com.google.privacy.differentialprivacy.pipelinedp4j 7 | pipelinedp4j 8 | RELEASE_VERSION 9 | jar 10 | 11 | A framework for Differential Privacy 12 | 13 | Solution for generating differential private statistics using large-scale data 14 | processing, such as Apache Beam or Apache Spark. 15 | 16 | https://github.com/google/differential-privacy/tree/main/pipelinedp4j 17 | 18 | 19 | 20 | Apache License, Version 2.0 21 | http://www.apache.org/licenses/LICENSE-2.0.txt 22 | 23 | 24 | 25 | 26 | 27 | Differential Privacy Team 28 | dp-open-source@google.com 29 | Google 30 | https://google.com 31 | 32 | 33 | 34 | 35 | scm:git:git://github.com/google/differential-privacy.git 36 | https://github.com/google/differential-privacy/tree/main/pipelinedp4j 37 | 38 | 39 | 40 | {generated_bzl_deps} 41 | 42 | 43 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/api/ApiTests.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.api 18 | 19 | import org.junit.runner.RunWith 20 | import org.junit.runners.Suite 21 | 22 | /** Provides a list of JUnit test classes to Bazel. When creating a new test class, add it here. */ 23 | @RunWith(Suite::class) 24 | @Suite.SuiteClasses( 25 | BeamApiTest::class, 26 | SparkApiTest::class, 27 | SparkDataFrameApiTest::class, 28 | LocalApiTest::class, 29 | ) 30 | class ApiTests {} 31 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/api/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_kotlin//kotlin:jvm.bzl", "kt_jvm_test") 16 | 17 | kt_jvm_test( 18 | name = "api_tests", 19 | srcs = [ 20 | "ApiTests.kt", 21 | "BeamApiTest.kt", 22 | "LocalApiTest.kt", 23 | "SparkApiTest.kt", 24 | "SparkDataFrameApiTest.kt", 25 | "TestDataRow.kt", 26 | ], 27 | associates = ["//main/com/google/privacy/differentialprivacy/pipelinedp4j/api"], 28 | test_class = "com.google.privacy.differentialprivacy.pipelinedp4j.api.ApiTests", 29 | runtime_deps = [ 30 | "@maven//:org_apache_beam_beam_runners_direct_java", 31 | ], 32 | deps = [ 33 | "//tests/com/google/privacy/differentialprivacy/pipelinedp4j/spark:spark_tests", 34 | "@maven//:com_google_truth_truth", 35 | "@maven//:junit_junit", 36 | "@maven//:org_apache_beam_beam_sdks_java_core", 37 | "@maven//:org_apache_beam_beam_sdks_java_extensions_avro", 38 | "@maven//:org_jetbrains_kotlin_kotlin_test", 39 | ], 40 | ) 41 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/beam/BeamTests.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.beam 18 | 19 | import org.junit.runner.RunWith 20 | import org.junit.runners.Suite 21 | 22 | /** Provides a list of JUnit test classes to Bazel. When creating a new test class, add it here. */ 23 | @RunWith(Suite::class) 24 | @Suite.SuiteClasses(BeamCollectionTest::class, BeamEncodersTest::class, BeamTableTest::class) 25 | class BeamTests {} 26 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/core/CoreTests.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.core 18 | 19 | import org.junit.runner.RunWith 20 | import org.junit.runners.Suite 21 | 22 | /** Provides a list of JUnit test classes to Bazel. When creating a new test class, add it here. */ 23 | @RunWith(Suite::class) 24 | @Suite.SuiteClasses( 25 | CompoundCombinerTest::class, 26 | CountCombinerTest::class, 27 | DataExtractorsTest::class, 28 | DpEngineTest::class, 29 | DpFunctionsParamsTest::class, 30 | EndToEndTest::class, 31 | ExactPrivacyIdCountCombinerTest::class, 32 | MeanCombinerTest::class, 33 | NoPrivacySamplerTest::class, 34 | PartitionAndPerPartitionSamplerTest::class, 35 | PartitionSamplerTest::class, 36 | PartitionSamplerWithoutValuesTest::class, 37 | PerPartitionContributionsSamplerTest::class, 38 | PostAggregationPartitionSelectionCombinerTest::class, 39 | PrivacyIdCombinerTest::class, 40 | PrivatePartitionsComputationalGraphTest::class, 41 | PrivatePartitionsTest::class, 42 | PublicPartitionsComputationalGraphTest::class, 43 | PublicPartitionsTest::class, 44 | QuantilesCombinerTest::class, 45 | SelectPartitionsComputationalGraphTest::class, 46 | SumCombinerTest::class, 47 | VarianceCombinerTest::class, 48 | ) 49 | class CoreTests {} 50 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/core/DpEngineTestFactory.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.core 18 | 19 | import com.google.privacy.differentialprivacy.Noise 20 | import com.google.privacy.differentialprivacy.pipelinedp4j.core.budget.BudgetAccountantFactory 21 | import com.google.privacy.differentialprivacy.pipelinedp4j.dplibrary.NoiseFactory 22 | 23 | internal fun DpEngine.Factory.createForTesting( 24 | encoderFactory: EncoderFactory, 25 | budgetSpec: DpEngineBudgetSpec, 26 | noiseFactory: (NoiseKind) -> Noise = NoiseFactory(), 27 | computationalGraphFactory: ComputationalGraphFactory = ComputationalGraphFactory(), 28 | ) = 29 | DpEngine( 30 | encoderFactory, 31 | BudgetAccountantFactory.forStrategy(budgetSpec.accountingStrategy, budgetSpec.budget), 32 | noiseFactory, 33 | computationalGraphFactory, 34 | ) 35 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/core/TestDataTypes.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.core 18 | 19 | import com.google.privacy.differentialprivacy.pipelinedp4j.local.LocalEncoderFactory 20 | 21 | data class TestDataRow(val privacyId: String, val partitionKey: String, val value: Double = 0.0) { 22 | private constructor() : this("defaultPrivacyId", "defaultPartitionKey", 0.0) 23 | } 24 | 25 | val testDataExtractors = testDataExtractors(LocalEncoderFactory()) 26 | 27 | fun testDataExtractors(encoderFactory: EncoderFactory) = 28 | DataExtractors.from( 29 | { dataRow -> dataRow.privacyId }, 30 | encoderFactory.strings(), 31 | { dataRow -> dataRow.partitionKey }, 32 | encoderFactory.strings(), 33 | { dataRow -> dataRow.value }, 34 | ) 35 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/core/budget/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_kotlin//kotlin:jvm.bzl", "kt_jvm_test") 16 | 17 | kt_jvm_test( 18 | name = "budget_tests", 19 | srcs = [ 20 | "AbsoluteBudgetPerOpSpecTest.kt", 21 | "BudgetTests.kt", 22 | "NaiveBudgetAccountantTest.kt", 23 | "RelativeBudgetPerOpSpecTest.kt", 24 | "TotalBudgetTest.kt", 25 | ], 26 | kotlinc_opts = "//:kotlinc_options_for_parameterized_tests", 27 | test_class = "com.google.privacy.differentialprivacy.pipelinedp4j.core.budget.BudgetTests", 28 | deps = [ 29 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/core/budget:budget_accountant", 30 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/core/budget:budget_spec", 31 | "@maven//:com_google_testparameterinjector_test_parameter_injector", 32 | "@maven//:com_google_truth_truth", 33 | "@maven//:junit_junit", 34 | "@maven//:org_jetbrains_kotlin_kotlin_test", 35 | ], 36 | ) 37 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/core/budget/BudgetTests.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.core.budget 18 | 19 | import org.junit.runner.RunWith 20 | import org.junit.runners.Suite 21 | 22 | /** Provides a list of JUnit test classes to Bazel. When creating a new test class, add it here. */ 23 | @RunWith(Suite::class) 24 | @Suite.SuiteClasses( 25 | AbsoluteBudgetPerOpSpecTest::class, 26 | NaiveBudgetAccountantTest::class, 27 | RelativeBudgetPerOpSpecTest::class, 28 | TotalBudgetTest::class, 29 | ) 30 | class BudgetTests {} 31 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/core/budget/TotalBudgetTest.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.core.budget 18 | 19 | import com.google.common.truth.Truth.assertThat 20 | import com.google.testing.junit.testparameterinjector.TestParameterInjector 21 | import com.google.testing.junit.testparameterinjector.TestParameters 22 | import kotlin.test.assertFailsWith 23 | import org.junit.Test 24 | import org.junit.runner.RunWith 25 | 26 | @RunWith(TestParameterInjector::class) 27 | class TotalBudgetTest { 28 | @Test 29 | @TestParameters( 30 | "{epsilon: -1.0, delta: 0.5}", 31 | "{epsilon: 0.0, delta: 0.5}", 32 | "{epsilon: 0.5, delta: -1.0}", 33 | ) 34 | fun create_invalidParameters_throws(epsilon: Double, delta: Double) { 35 | assertFailsWith { TotalBudget(epsilon, delta) } 36 | } 37 | 38 | @Test 39 | @TestParameters("{epsilon: 0.5, delta: 0.5}", "{epsilon: 0.5, delta: 0.0}") 40 | fun create_validParameters_createsObjectChecksContents(epsilon: Double, delta: Double) { 41 | val totalBudget = TotalBudget(epsilon, delta) 42 | assertThat(totalBudget).isNotNull() 43 | assertThat(totalBudget.epsilon).isEqualTo(epsilon) 44 | assertThat(totalBudget.delta).isEqualTo(delta) 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/local/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_kotlin//kotlin:jvm.bzl", "kt_jvm_test") 16 | 17 | kt_jvm_test( 18 | name = "local_framework_tests", 19 | srcs = glob( 20 | ["*.kt"], 21 | ), 22 | test_class = "com.google.privacy.differentialprivacy.pipelinedp4j.local.LocalFrameworkTests", 23 | deps = [ 24 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/local:local_collections", 25 | "//main/com/google/privacy/differentialprivacy/pipelinedp4j/local:local_encoders", 26 | "@maven//:com_google_testparameterinjector_test_parameter_injector", 27 | "@maven//:com_google_truth_truth", 28 | "@maven//:junit_junit", 29 | ], 30 | ) 31 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/local/LocalFrameworkTests.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.local 18 | 19 | import org.junit.runner.RunWith 20 | import org.junit.runners.Suite 21 | 22 | /** Provides a list of JUnit test classes to Bazel. When creating a new test class, add it here. */ 23 | @RunWith(Suite::class) 24 | @Suite.SuiteClasses(LocalCollectionTest::class, LocalTableTest::class) 25 | class LocalFrameworkTests {} 26 | -------------------------------------------------------------------------------- /pipelinedp4j/tests/com/google/privacy/differentialprivacy/pipelinedp4j/spark/SparkTests.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.google.privacy.differentialprivacy.pipelinedp4j.spark 18 | 19 | import org.apache.spark.sql.SparkSession 20 | import org.junit.rules.ExternalResource 21 | import org.junit.runner.RunWith 22 | import org.junit.runners.Suite 23 | 24 | /** Provides a list of JUnit test classes to Bazel. When creating a new test class, add it here. */ 25 | @RunWith(Suite::class) 26 | @Suite.SuiteClasses(SparkCollectionTest::class, SparkEncodersTest::class, SparkTableTest::class) 27 | class SparkTests {} 28 | 29 | /** 30 | * Class rule to start and stop spark session once per test class which is equivalent 31 | * to @BeforeClass and @AfterClass 32 | */ 33 | class SparkSessionRule : ExternalResource() { 34 | lateinit var spark: SparkSession 35 | 36 | override fun before() { 37 | // Create SparkSession once for the entire test class 38 | spark = 39 | SparkSession.builder() 40 | .appName("Kotlin Spark Example") 41 | .master("local[*]") 42 | .config("spark.driver.bindAddress", "127.0.0.1") 43 | .getOrCreate() 44 | } 45 | 46 | override fun after() { 47 | // Stop SparkSession after all tests in the class 48 | spark.stop() 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /privacy-on-beam/codelab/README.md: -------------------------------------------------------------------------------- 1 | # Codelab 2 | 3 | Please check out [Privacy on Beam codelab](https://codelabs.developers.google.com/codelabs/privacy-on-beam/) 4 | for instructions. 5 | 6 | See [main/main.go](main/main.go) for instructions on how to run the codelab 7 | binary in Windows or in Linux with the "go" command. 8 | -------------------------------------------------------------------------------- /privacy-on-beam/docs/Tolerance_Calculation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/differential-privacy/a7cc26ad91f74756fbe39bab44af6d655b37cc61/privacy-on-beam/docs/Tolerance_Calculation.pdf -------------------------------------------------------------------------------- /privacy-on-beam/internal/testoption/testoption.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | // Package testoption contains a PrivacySpecOption for enabling testMode for pbeam. 18 | package testoption 19 | 20 | // EnableNoNoiseWithContributionBounding is a PrivacySpecOption that enables testMode 21 | // NoneWithContributionBounding. 22 | type EnableNoNoiseWithContributionBounding struct{} 23 | 24 | // EnableNoNoiseWithoutContributionBounding is a PrivacySpecOption that enables testMode 25 | // NoneWithoutContributionBounding. 26 | type EnableNoNoiseWithoutContributionBounding struct{} 27 | -------------------------------------------------------------------------------- /privacy-on-beam/pbeam/pbeam_main_test.go: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | package pbeam 17 | 18 | import ( 19 | "testing" 20 | 21 | "github.com/apache/beam/sdks/v2/go/pkg/beam/testing/ptest" 22 | ) 23 | 24 | func TestMain(m *testing.M) { 25 | ptest.MainWithDefault(m, "direct") 26 | } 27 | 28 | // Below are used in various tests. 29 | var gaussianNoise = GaussianNoise{} 30 | 31 | // Helper function to create a PrivacySpec that deals with error handling. 32 | func privacySpec(t *testing.T, params PrivacySpecParams) *PrivacySpec { 33 | t.Helper() 34 | spec, err := NewPrivacySpec(params) 35 | if err != nil { 36 | t.Fatalf("Failed to create PrivacySpec") 37 | } 38 | return spec 39 | } 40 | -------------------------------------------------------------------------------- /privacy-on-beam/pbeam/pbeamtest/pbeamtest.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | // Package pbeamtest provides PrivacySpecs for testing Privacy on Beam pipelines 18 | // without noise. 19 | package pbeamtest 20 | 21 | import ( 22 | "math" 23 | 24 | "github.com/google/differential-privacy/go/v4/dpagg" 25 | ) 26 | 27 | // QuantilesTolerance returns a tolerance t such that the output of QuantilesPerKey is 28 | // within t of the exact result for given MinValue and MaxValue parameters of 29 | // QuantilesParams when pbeamtest is used. 30 | // 31 | // Due to the implementation details of Quantiles, it has an inherent (non-DP) noise. So, 32 | // even when we disable DP noise, the results will be still slightly noisy. 33 | func QuantilesTolerance(MinValue, MaxValue float64) float64 { 34 | return (MaxValue - MinValue) / math.Pow(float64(dpagg.DefaultBranchingFactor), float64(dpagg.DefaultTreeHeight)) 35 | } 36 | -------------------------------------------------------------------------------- /privacy-on-beam/testdata/test.proto: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2020 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | syntax = "proto2"; 18 | 19 | package differential_privacy.privacy_on_beam.test; 20 | 21 | message TestAnon { 22 | optional int64 foo = 1; 23 | optional string bar = 2; 24 | } 25 | 26 | message TestComplex { 27 | optional string simple = 1; 28 | optional string empty = 2; 29 | repeated string repeat = 3; 30 | message Submessage { 31 | optional string simple = 1; 32 | repeated string repeat = 2; 33 | } 34 | optional Submessage sub = 4; 35 | repeated Submessage subrepeat = 5; 36 | } 37 | -------------------------------------------------------------------------------- /proto/accounting/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2021 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Differential Privacy Accounting related proto definitions. 18 | 19 | package( 20 | default_visibility = ["//visibility:public"], 21 | ) 22 | 23 | proto_library( 24 | name = "privacy_loss_distribution_proto", 25 | srcs = ["privacy-loss-distribution.proto"], 26 | ) 27 | 28 | cc_proto_library( 29 | name = "privacy_loss_distribution_cc_proto", 30 | deps = [":privacy_loss_distribution_proto"], 31 | ) 32 | -------------------------------------------------------------------------------- /proto/accounting/privacy-loss-distribution.proto: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | // Serialization of privacy loss distributions. 18 | 19 | syntax = "proto2"; 20 | 21 | package differential_privacy.accounting.serialization; 22 | 23 | // An "unpacked" representation of a probability distribution over real numbers. 24 | // values[i] = p means that the probability mass at (min_key + i) * 25 | // discretization_interval is equal to p. The probability mass at infinity is 26 | // infinity_mass. 27 | message ProbabilityMassFunction { 28 | optional int32 min_key = 1; 29 | repeated double values = 2; 30 | optional double infinity_mass = 3; 31 | optional double discretization_interval = 4 [default = 1e-4]; 32 | } 33 | 34 | message PrivacyLossDistribution { 35 | // Assumed to be a pessimistic estimate of the privacy loss distribution. 36 | optional ProbabilityMassFunction pessimistic_pmf = 1; 37 | } 38 | -------------------------------------------------------------------------------- /proto/confidence-interval.proto: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2019 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | syntax = "proto3"; 18 | 19 | package differential_privacy; 20 | 21 | option java_package = "com.google.privacy.differentialprivacy.proto"; 22 | 23 | message ConfidenceInterval { 24 | double upper_bound = 1; 25 | double lower_bound = 2; 26 | 27 | // The percentile confidence level. For 95% CI, this value is 0.95. 28 | double confidence_level = 3; 29 | } 30 | -------------------------------------------------------------------------------- /proto/numerical-mechanism.proto: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | // Serialization of numerical mechanisms. 18 | 19 | syntax = "proto2"; 20 | 21 | package differential_privacy.serialization; 22 | 23 | message GaussianMechanism { 24 | optional double epsilon = 1; 25 | optional double delta = 2; 26 | optional double l2_sensitivity = 3; 27 | } 28 | 29 | message LaplaceMechanism { 30 | optional double epsilon = 1; 31 | optional double l1_sensitivity = 2; 32 | } 33 | -------------------------------------------------------------------------------- /proto/testing/BUILD: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2019 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | proto_library( 17 | name = "statistical_tests_proto", 18 | srcs = ["statistical_tests.proto"], 19 | ) 20 | 21 | java_proto_library( 22 | name = "statistical_tests_java_proto", 23 | visibility = [ 24 | "//visibility:public", 25 | ], 26 | deps = [":statistical_tests_proto"], 27 | ) 28 | 29 | exports_files([ 30 | "approximate_bounds_dp_test_cases.textproto", 31 | "bounded_mean_dp_test_cases.textproto", 32 | "bounded_quantiles_dp_test_cases.textproto", 33 | "bounded_stdv_dp_test_cases.textproto", 34 | "bounded_sum_dp_test_cases.textproto", 35 | "count_dp_test_cases.textproto", 36 | "gaussian_closeness_test_cases.textproto", 37 | "laplace_closeness_test_cases.textproto", 38 | "laplace_dp_test_cases.textproto", 39 | "long_bounded_sum_dp_test_cases.textproto", 40 | ]) 41 | 42 | cc_proto_library( 43 | name = "statistical_tests_cc_proto", 44 | visibility = [ 45 | "//visibility:public", 46 | ], 47 | deps = [":statistical_tests_proto"], 48 | ) 49 | -------------------------------------------------------------------------------- /python/dp_accounting/.bazelversion: -------------------------------------------------------------------------------- 1 | 8.1.1 2 | -------------------------------------------------------------------------------- /python/dp_accounting/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -------------------------------------------------------------------------------- /python/dp_accounting/MODULE.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2025 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | module(name = "google_dp_accounting_py") 18 | 19 | bazel_dep(name = "rules_python", version = "1.2.0") 20 | 21 | python = use_extension("@rules_python//python/extensions:python.bzl", "python") 22 | python.toolchain( 23 | ignore_root_user_error = True, 24 | python_version = "3.9", 25 | ) 26 | 27 | pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip") 28 | pip.parse( 29 | hub_name = "accounting_py_pip_deps", 30 | python_version = "3.9", 31 | requirements_lock = "//:requirements_lock.txt", 32 | ) 33 | use_repo(pip, "accounting_py_pip_deps") 34 | -------------------------------------------------------------------------------- /python/dp_accounting/README.md: -------------------------------------------------------------------------------- 1 | # Differential Privacy Accounting 2 | 3 | This directory contains tools for tracking differential privacy budgets, 4 | available as part of the 5 | [Google differential privacy library](https://github.com/google/differential-privacy). 6 | 7 | The set of DpEvent classes allow you to describe complex differentially private 8 | mechanisms such as Laplace and Gaussian, subsampling mechanisms, and their 9 | compositions. The PrivacyAccountant classes can ingest DpEvents and return the 10 | ε, δ of the composite mechanism. Privacy Loss Distributions (PLDs) and RDP 11 | accounting are currently supported. 12 | 13 | More detailed definitions and references about PLDs can be found 14 | [in our supplementary pdf document](https://github.com/google/differential-privacy/tree/main/common_docs/Privacy_Loss_Distributions.pdf). 15 | 16 | Our library only support Python version >= 3.9. We test this library on Linux 17 | with Python version 3.9. If you experience any problems, please file an issue on 18 | GitHub, also for other platforms or Python versions. 19 | 20 | ## Examples 21 | 22 | We provide basic examples on how to use the library in 23 | privacy_loss_distribution_basic_example.py. There are two ways to run this, 24 | either via Bazel or after installing the library using setup.py. 25 | 26 | ### Run with Bazel 27 | 28 | For running the example using Bazel, you need to have 29 | [Bazel installed](https://docs.bazel.build/versions/main/install.html). 30 | Once that is done, run: 31 | ``` 32 | bazel build dp_accounting:all 33 | bazel run dp_accounting:privacy_loss_distribution_basic_example 34 | ``` 35 | 36 | ### Run via setup.py 37 | 38 | For the second option, you will need the 39 | [setuptools package](https://pypi.org/project/setuptools/) installed. 40 | To ensure this, you may run 41 | ``` 42 | pip install --upgrade setuptools 43 | ``` 44 | Then, to demonstrate our example, run: 45 | ``` 46 | python setup.py install 47 | python dp_accounting/privacy_loss_distribution_basic_example.py 48 | ``` 49 | -------------------------------------------------------------------------------- /python/dp_accounting/VERSION: -------------------------------------------------------------------------------- 1 | """ Version of the current release of DP Accounting """ 2 | 0.5.0 3 | -------------------------------------------------------------------------------- /python/dp_accounting/WORKSPACE: -------------------------------------------------------------------------------- 1 | # This file marks the root of the Bazel workspace. 2 | # See MODULE.bazel for external dependencies setup. 3 | -------------------------------------------------------------------------------- /python/dp_accounting/dp_accounting/pld/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """PLD Accounting package.""" 16 | 17 | from dp_accounting.pld import accountant 18 | from dp_accounting.pld import common 19 | from dp_accounting.pld import pld_pmf 20 | from dp_accounting.pld import pld_privacy_accountant 21 | from dp_accounting.pld import privacy_loss_distribution 22 | from dp_accounting.pld import privacy_loss_mechanism 23 | from dp_accounting.pld.pld_privacy_accountant import PLDAccountant 24 | -------------------------------------------------------------------------------- /python/dp_accounting/dp_accounting/rdp/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Renyi differential privacy (RDP) tools. 18 | 19 | load("@rules_python//python:py_library.bzl", "py_library") 20 | load("@rules_python//python:py_test.bzl", "py_test") 21 | 22 | package(default_visibility = [ 23 | "//visibility:public", 24 | ]) 25 | 26 | licenses(["notice"]) 27 | 28 | py_library( 29 | name = "rdp", 30 | srcs = ["__init__.py"], 31 | deps = [":rdp_privacy_accountant"], 32 | ) 33 | 34 | py_library( 35 | name = "rdp_privacy_accountant", 36 | srcs = ["rdp_privacy_accountant.py"], 37 | deps = [ 38 | "//dp_accounting:dp_event", 39 | "//dp_accounting:privacy_accountant", 40 | "@accounting_py_pip_deps//absl_py", 41 | "@accounting_py_pip_deps//numpy", 42 | "@accounting_py_pip_deps//scipy", 43 | ], 44 | ) 45 | 46 | py_test( 47 | name = "rdp_privacy_accountant_test", 48 | srcs = ["rdp_privacy_accountant_test.py"], 49 | deps = [ 50 | ":rdp_privacy_accountant", 51 | "//dp_accounting:dp_event", 52 | "//dp_accounting:dp_event_builder", 53 | "//dp_accounting:privacy_accountant", 54 | "//dp_accounting:privacy_accountant_test", 55 | "@accounting_py_pip_deps//absl_py", 56 | "@accounting_py_pip_deps//mpmath", 57 | "@accounting_py_pip_deps//numpy", 58 | ], 59 | ) 60 | -------------------------------------------------------------------------------- /python/dp_accounting/dp_accounting/rdp/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """RDP Accounting package.""" 16 | 17 | from dp_accounting.rdp import rdp_privacy_accountant 18 | from dp_accounting.rdp.rdp_privacy_accountant import compute_epsilon 19 | from dp_accounting.rdp.rdp_privacy_accountant import RdpAccountant 20 | -------------------------------------------------------------------------------- /python/dp_accounting/requirements.txt: -------------------------------------------------------------------------------- 1 | # The version of these dependencies need to be compatible with the versios of 2 | # the dependenices from `../learning/requirements.txt`. 3 | 4 | absl-py~=1.0 5 | attrs>=22,<24 6 | dm-tree~=0.1.8 7 | mpmath~=1.2 8 | numpy>=1.21,<3.0 9 | scipy~=1.7 10 | -------------------------------------------------------------------------------- /python/dp_accounting/requirements_lock.txt: -------------------------------------------------------------------------------- 1 | absl-py==1.4.0 2 | attrs==23.2.0 3 | dm-tree==0.1.8 4 | mpmath==1.3.0 5 | numpy==1.26.4 6 | scipy==1.13.1 7 | -------------------------------------------------------------------------------- /python/dp_auditorium/.bazelversion: -------------------------------------------------------------------------------- 1 | 8.1.1 2 | -------------------------------------------------------------------------------- /python/dp_auditorium/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2024 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | -------------------------------------------------------------------------------- /python/dp_auditorium/MODULE.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2025 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | bazel_dep(name = "rules_python", version = "1.2.0") 18 | 19 | python = use_extension("@rules_python//python/extensions:python.bzl", "python") 20 | python.toolchain( 21 | ignore_root_user_error = True, 22 | python_version = "3.9", 23 | ) 24 | 25 | pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip") 26 | pip.parse( 27 | hub_name = "pypi", 28 | python_version = "3.9", 29 | requirements_lock = "//:requirements.txt", 30 | ) 31 | use_repo(pip, "pypi") 32 | -------------------------------------------------------------------------------- /python/dp_auditorium/VERSION: -------------------------------------------------------------------------------- 1 | """ Version of the current release of the DP testing library.""" 2 | 0.0.1 3 | -------------------------------------------------------------------------------- /python/dp_auditorium/WORKSPACE: -------------------------------------------------------------------------------- 1 | # This file marks the root of the Bazel workspace. 2 | # See MODULE.bazel for external dependencies setup. 3 | -------------------------------------------------------------------------------- /python/dp_auditorium/dp_auditorium/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2024 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Top-level APIs 18 | 19 | load("@rules_python//python:py_library.bzl", "py_library") 20 | load("@rules_python//python:py_test.bzl", "py_test") 21 | 22 | package(default_visibility = ["//visibility:public"]) 23 | 24 | py_library( 25 | name = "dp_auditorium", 26 | srcs = ["__init__.py"], 27 | deps = [ 28 | ":interfaces", 29 | ":privacy_test_runner", 30 | "//dp_auditorium/generators", 31 | "//dp_auditorium/mechanisms", 32 | "//dp_auditorium/testers", 33 | ], 34 | ) 35 | 36 | py_library( 37 | name = "interfaces", 38 | srcs = ["interfaces.py"], 39 | deps = [ 40 | "//dp_auditorium/configs", 41 | "@pypi//numpy", 42 | ], 43 | ) 44 | 45 | py_library( 46 | name = "privacy_test_runner", 47 | srcs = ["privacy_test_runner.py"], 48 | deps = [ 49 | ":interfaces", 50 | "//dp_auditorium/configs", 51 | "@pypi//numpy", 52 | "@pypi//scipy", 53 | ], 54 | ) 55 | 56 | py_test( 57 | name = "privacy_test_runner_test", 58 | srcs = ["privacy_test_runner_test.py"], 59 | deps = [ 60 | ":interfaces", 61 | ":privacy_test_runner", 62 | "//dp_auditorium/configs", 63 | "@pypi//absl_py", 64 | "@pypi//numpy", 65 | "@pypi//tensorflow", 66 | ], 67 | ) 68 | -------------------------------------------------------------------------------- /python/dp_auditorium/dp_auditorium/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """Differential Privacy Testing Library.""" 16 | 17 | from dp_auditorium import configs 18 | from dp_auditorium import generators 19 | from dp_auditorium import interfaces 20 | from dp_auditorium import mechanisms 21 | from dp_auditorium import privacy_test_runner 22 | from dp_auditorium import testers 23 | -------------------------------------------------------------------------------- /python/dp_auditorium/dp_auditorium/configs/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | 16 | # Differential Privacy Data Generators. 17 | 18 | load("@rules_python//python:py_library.bzl", "py_library") 19 | 20 | package(default_visibility = ["//visibility:public"]) 21 | 22 | licenses(["notice"]) 23 | 24 | py_library( 25 | name = "configs", 26 | srcs = [ 27 | "dataset_generator_config.py", 28 | "mechanism_config.py", 29 | "privacy_property.py", 30 | "privacy_test_runner_config.py", 31 | "property_tester_config.py", 32 | ], 33 | deps = ["@pypi//google_vizier"], 34 | ) 35 | -------------------------------------------------------------------------------- /python/dp_auditorium/dp_auditorium/configs/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /python/dp_auditorium/dp_auditorium/examples/run_mean_mechanism_example_test.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from absl.testing import absltest 16 | import numpy as np 17 | from vizier.service import clients 18 | 19 | from dp_auditorium import interfaces 20 | from dp_auditorium.configs import dataset_generator_config 21 | from dp_auditorium.examples.run_mean_mechanism_example import mean_mechanism_report 22 | from dp_auditorium.generators import vizier_dataset_generator 23 | 24 | 25 | class StubVizierGenerator( 26 | vizier_dataset_generator.VizierScalarDataAddRemoveGenerator 27 | ): 28 | 29 | def get_neighboring_datasets_from_vizier_params( 30 | self, vizier_params: np.ndarray 31 | ) -> interfaces.NeighboringDatasetsType: 32 | return np.ones(2), np.ones(2) 33 | 34 | 35 | class RunMeanMechanismExampleTest(absltest.TestCase): 36 | 37 | def test_generates_result(self): 38 | clients.environment_variables.servicer_use_sql_ram() 39 | output = mean_mechanism_report( 40 | 0.1, 41 | 0.1, 42 | 1, 43 | lambda config: vizier_dataset_generator.VizierScalarDataAddRemoveGenerator( 44 | config=config 45 | ), 46 | ) 47 | self.assertNotEmpty(str(output)) 48 | 49 | 50 | if __name__ == "__main__": 51 | absltest.main() 52 | -------------------------------------------------------------------------------- /python/dp_auditorium/dp_auditorium/generators/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """Differential Privacy Data Generators.""" 16 | 17 | from dp_auditorium.generators.classification_dataset_generator import ClassificationDatasetGenerator 18 | from dp_auditorium.generators.constant_dataset_generator import ConstantDatasetGenerator 19 | from dp_auditorium.generators.pipeline_dp_vizier_dataset_generator import PipelineDpDatasetGenerator 20 | from dp_auditorium.generators.vizier_dataset_generator import VizierDatasetGenerator 21 | -------------------------------------------------------------------------------- /python/dp_auditorium/dp_auditorium/generators/constant_dataset_generator.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Implements a constant dataset generator. 15 | 16 | This is a simple wrapper to integrate with the DP tester when using a constant 17 | dataset pair. 18 | """ 19 | 20 | from typing import Optional 21 | 22 | from dp_auditorium import interfaces 23 | 24 | 25 | class ConstantDatasetGenerator(interfaces.DatasetGenerator): 26 | """Implements a constant dataset generator. 27 | 28 | Always returns the dataset pair that is passed during initialization. 29 | """ 30 | 31 | def __init__(self, dataset_pair: interfaces.NeighboringDatasetsType): 32 | self._dataset_pair = dataset_pair 33 | 34 | def __call__( 35 | self, 36 | last_trial_result: Optional[float], 37 | ) -> interfaces.NeighboringDatasetsType: 38 | return self._dataset_pair 39 | -------------------------------------------------------------------------------- /python/dp_auditorium/dp_auditorium/generators/constant_dataset_generator_test.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Test for constant dataset generator.""" 15 | 16 | from absl.testing import absltest 17 | import numpy as np 18 | from dp_auditorium.generators import constant_dataset_generator 19 | 20 | 21 | class ConstantDatasetGeneratorTest(absltest.TestCase): 22 | 23 | def test_returns_constant_data(self): 24 | data1, data2 = np.array([1.0, 2.0, 3.0]), np.array([4.0, 5.0, 6.0]) 25 | data_generator = constant_dataset_generator.ConstantDatasetGenerator( 26 | (data1, data2)) 27 | np.testing.assert_array_equal( 28 | data_generator(None), (data1, data2) 29 | ) 30 | np.testing.assert_array_equal( 31 | data_generator(1.0), (data1, data2) 32 | ) 33 | 34 | 35 | if __name__ == "__main__": 36 | absltest.main() 37 | -------------------------------------------------------------------------------- /python/dp_auditorium/dp_auditorium/mechanisms/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """Differential Privacy Mechanisms.""" 16 | 17 | from dp_auditorium.mechanisms.mean import MeanMechanism 18 | from dp_auditorium.mechanisms.noisy_max import NoisyMaxMechanism 19 | from dp_auditorium.mechanisms.sparse_vector_technique import SVT1 20 | from dp_auditorium.mechanisms.sparse_vector_technique import SVT2 21 | from dp_auditorium.mechanisms.sparse_vector_technique import SVT3 22 | from dp_auditorium.mechanisms.sparse_vector_technique import SVT4 23 | from dp_auditorium.mechanisms.sparse_vector_technique import SVT5 24 | from dp_auditorium.mechanisms.sparse_vector_technique import SVT6 25 | -------------------------------------------------------------------------------- /python/dp_auditorium/dp_auditorium/testers/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """Differential Privacy Property Testers.""" 16 | 17 | from dp_auditorium.testers.histogram_tester import HistogramTester 18 | from dp_auditorium.testers.hockey_stick_tester import HockeyStickPropertyTester 19 | from dp_auditorium.testers.mmd_tester import MMDPropertyTester 20 | from dp_auditorium.testers.renyi_tester import RenyiModel 21 | from dp_auditorium.testers.renyi_tester import RenyiPropertyTester 22 | -------------------------------------------------------------------------------- /python/dp_auditorium/requirements.in: -------------------------------------------------------------------------------- 1 | # Base requirements needed to generate `requirements.txt`. To compile, use the 2 | # command `python3 -m piptools compile` from this directory, and modify the 3 | # last line in the generated `requirements.txt` file to `setuptools~=69.0.3` 4 | # in order to include `setuptools` as one of the package requirements. 5 | absl-py~=1.0.0 6 | etils~=1.5.2 7 | # v0.1.7 uses `dataclass.kw_only` which is unsupported in Python 3.9 8 | google-vizier~=0.1.6 9 | importlib-metadata~=7.0.1 10 | numpy~=1.26.3 11 | scipy~=1.11.4 12 | tensorflow~=2.15.0 13 | tensorflow-probability~=0.23.0 14 | typing-extensions~=4.9.0 15 | # Required to run on older Ubuntu machines. 16 | urllib3~=1.26.18 17 | # Used only for google-vizier compatibility. 18 | equinox~=0.11.3 19 | flax~=0.8.0 20 | jax~=0.4.23 21 | jaxlib~=0.4.23 22 | jaxopt~=0.8.3 23 | google-api-core~=2.15.0 24 | googleapis-common-protos~=1.56.4 25 | pysqlite3~=0.5.2 26 | # Used for multi-platform compatibility. 27 | tensorflow-io-gcs-filesystem~=0.36.0 28 | pipeline-dp 29 | python-dp -------------------------------------------------------------------------------- /third_party/cephes/BUILD: -------------------------------------------------------------------------------- 1 | cc_library( 2 | name = "inverse_gaussian_cdf", 3 | srcs = ["inverse_gaussian_cdf.cc"], 4 | hdrs = ["inverse_gaussian_cdf.h"], 5 | visibility = ["//visibility:public"], 6 | ) 7 | 8 | cc_test( 9 | name = "inverse_gaussian_cdf_test", 10 | srcs = ["inverse_gaussian_cdf_test.cc"], 11 | deps = [ 12 | ":inverse_gaussian_cdf", 13 | "@com_google_googletest//:gtest_main", 14 | ], 15 | ) 16 | -------------------------------------------------------------------------------- /third_party/cephes/LICENSE: -------------------------------------------------------------------------------- 1 | Distributed under 3-clause BSD license with permission from the author, 2 | see https://lists.debian.org/debian-legal/2004/12/msg00295.html 3 | 4 | Cephes Math Library Release 2.8: June, 2000 5 | 6 | Copyright 1984, 1995, 2000 by Stephen L. Moshier 7 | 8 | This software is derived from the Cephes Math Library and is 9 | incorporated herein by permission of the author. 10 | 11 | All rights reserved. 12 | 13 | Redistribution and use in source and binary forms, with or without 14 | modification, are permitted provided that the following conditions are met: 15 | 16 | * Redistributions of source code must retain the above copyright 17 | notice, this list of conditions and the following disclaimer. 18 | * Redistributions in binary form must reproduce the above copyright 19 | notice, this list of conditions and the following disclaimer in the 20 | documentation and/or other materials provided with the distribution. 21 | * Neither the name of the nor the 22 | names of its contributors may be used to endorse or promote products 23 | derived from this software without specific prior written permission. 24 | 25 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 26 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 27 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 28 | DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY 29 | DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 30 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 31 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 32 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 34 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --------------------------------------------------------------------------------