DP Lib 1.0.0
This is the initial release of Google’s differential privacy libraries. We are using semantic versioning. The initial version number is 1.0.0, as this library is already used for production use cases and we consider our API as stable.
We are supporting C++, Java, and Go. This release also includes Privacy-on-Beam, a framework for differential privacy build on top of Apache Beam Go.
Note: All features not mentioned in the release notes are considered experimental for this release. In particular, the accounting library, the stochastic testing API in C++, and the PostgreSQL extension are experimental and likely to change or be removed in the future.
DP building blocks libraries
Overview table
Algorithm | C++ | Go | Java |
---|---|---|---|
Laplace mechanism | ✅ | ✅ | ✅ |
Gaussian mechanism | ✅ | ✅ | ✅ |
Count | ✅ | ✅ | ✅ |
Sum | ✅ | ✅ | ✅ |
Mean | ✅ | ✅ | ✅ |
Variance | ✅ | ❌ | ❌ |
Standard deviation | ✅ | ❌ | ❌ |
Quantiles | ✅ | ✅ | ✅ |
Automatic bounds approximation | ✅ | ❌ | ❌ |
Truncated geometric thresholding | ✅ | ✅ | ✅ |
Laplace thresholding | ✅ | ✅ | ✅ |
Gaussian thresholding | ❌ | ✅ | ✅ |
✅ => supported ; ❌ => not supported yet
Base features in C++/Java/Go
Aggregations: count, sum, mean, quantiles
Partition selection mechanisms: truncated geometric thresholding, Laplace thresholding
Numerical mechanisms for providing secure Laplace and Gaussian noise
Additional features in C++
Additional aggregations: variance, standard deviation, max, min
Automatic per-partition bounds approximation
Additional features in Java
Additional partition selection mechanisms: Gaussian thresholding
Additional features in Go
Additional partition selection mechanisms: Gaussian thresholding
Privacy-on-Beam (based on Apache Beam Go)
Aggregations: count distinct privacy IDs, count distinct values per key, count per key, sum per key, mean per key, partition selection
Partition selection mechanisms: truncated geometric thresholding, Laplace thresholding, Gaussian thresholding
Numerical mechanisms: Laplace noise, secure Gaussian noise
In-memory public partitions in aggregations when the list of public partitions is small enough to fit in memory
Two test modes: no noise with contribution bounding, no noise without contribution bounding
Support to modify private collections using functional DoFns.