{"id":13704505,"url":"https://github.com/brubinstein/diffpriv","last_synced_at":"2025-10-22T03:32:14.536Z","repository":{"id":41128705,"uuid":"95639698","full_name":"brubinstein/diffpriv","owner":"brubinstein","description":"Easy differential privacy in R","archived":false,"fork":false,"pushed_at":"2022-07-01T05:30:18.000Z","size":10433,"stargazers_count":68,"open_issues_count":0,"forks_count":15,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-05-03T10:03:05.773Z","etag":null,"topics":["data-science","differential-privacy","diffpriv","machine-learning","r","r-package","statistics"],"latest_commit_sha":null,"homepage":"https://brubinstein.github.io/diffpriv/","language":"R","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brubinstein.png","metadata":{"files":{"readme":"README.Rmd","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-06-28T07:07:04.000Z","updated_at":"2025-03-29T20:45:25.000Z","dependencies_parsed_at":"2022-08-21T01:10:10.733Z","dependency_job_id":null,"html_url":"https://github.com/brubinstein/diffpriv","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brubinstein%2Fdiffpriv","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brubinstein%2Fdiffpriv/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brubinstein%2Fdiffpriv/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brubinstein%2Fdiffpriv/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brubinstein","download_url":"https://codeload.github.com/brubinstein/diffpriv/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252480312,"owners_count":21754748,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["data-science","differential-privacy","diffpriv","machine-learning","r","r-package","statistics"],"created_at":"2024-08-02T21:01:11.073Z","updated_at":"2025-10-22T03:32:09.497Z","avatar_url":"https://github.com/brubinstein.png","language":"R","funding_links":[],"categories":["Tools","Code and Projects"],"sub_categories":["Privacy"],"readme":"---\noutput:\n  github_document:\n    html_preview: false\n---\n\n\u003c!-- README.md is generated from README.Rmd. Please edit that file --\u003e\n\n```{r, echo = FALSE}\nknitr::opts_chunk$set(\n  collapse = TRUE,\n  comment = \"#\u003e\",\n  fig.path = \"README-\"\n)\nset.seed(3033362) # for reproducibility\n```\n\n# diffpriv \u003cimg src=\"man/figures/logo.png\" align=\"right\" /\u003e\n\n```{r, echo = FALSE}                       \n#version \u003c- as.vector(read.dcf('DESCRIPTION')[, 'Version'])     \n#version \u003c- gsub('-', '.', version)                       \nversion \u003c- \"0.4.2.9000\"\n```                       \n\n```{r, echo = FALSE}         \n#dep \u003c- as.vector(read.dcf('DESCRIPTION')[, 'Depends'])         \n#m \u003c- regexpr('R *\\\\(\u003e= \\\\d+.\\\\d+.\\\\d+\\\\)', dep)         \n#rm \u003c- regmatches(dep, m)         \n#rvers \u003c- gsub('.*(\\\\d+.\\\\d+.\\\\d+).*', '\\\\1', rm)         \nrvers \u003c- \"3.4.0\"\n```\n\n[![packageversion](https://img.shields.io/badge/Package%20version-`r version`-orange.svg?style=flat-square)](commits/master)\n[![CRAN_Status_Badge](http://www.r-pkg.org/badges/version/diffpriv)](https://cran.r-project.org/package=diffpriv)\n[![Travis Build Status](https://travis-ci.org/brubinstein/diffpriv.svg?branch=master)](https://travis-ci.org/brubinstein/diffpriv)\n[![Coverage Status](https://img.shields.io/codecov/c/github/brubinstein/diffpriv/master.svg)](https://codecov.io/github/brubinstein/diffpriv?branch=master)\n[![license](https://img.shields.io/github/license/mashape/apistatus.svg)](http://choosealicense.com/licenses/mit/)\n[![minimal R version](https://img.shields.io/badge/R%3E%3D-`r rvers`-6666ff.svg)](https://cran.r-project.org/)\n\n## Overview\n\nThe `diffpriv` package makes privacy-aware data science in R easy. \n`diffpriv` implements the formal framework of differential privacy:\ndifferentially-private mechanisms can safely release to untrusted third parties:\nstatistics computed, models fit, or arbitrary structures derived on \nprivacy-sensitive data. Due to the worst-case nature of the framework, mechanism\ndevelopment typically requires involved theoretical analysis. `diffpriv` offers \na turn-key approach to differential privacy by automating this process with\nsensitivity sampling in place of theoretical sensitivity analysis.\n\n## Installation\n\nObtaining `diffpriv` is easy. From within R:\n\n```{r eval=FALSE}\n## Install the release version of diffpriv from CRAN:\ninstall.packages(\"diffpriv\")\n\n## Install the latest development version of diffpriv from GitHub:\ninstall.packages(\"devtools\")\ndevtools::install_github(\"brubinstein/diffpriv\")\n```\n\n## Example\n\nA typical example in differential privacy is privately releasing a simple \n`target` function of privacy-sensitive input data `X`. Say the mean of \n`numeric` data:\n\n```{r example-1}\n## a target function we'd like to run on private data X, releasing the result\ntarget \u003c- function(X) mean(X)\n```\n\nFirst load the `diffpriv` package (installed as above) and construct a \nchosen differentially-private mechanism for privatizing `target`.\n\n```{r example-2}\n## target seeks to release a numeric, so we'll use the Laplace mechanism---a\n## standard generic mechanism for privatizing numeric responses\nlibrary(diffpriv)\nmech \u003c- DPMechLaplace(target = target)\n```\n\nTo run `mech` on a dataset `X` we must first determine the sensitivity of\n`target` to small changes to input dataset. One avenue is to analytically bound\nsensitivity (on paper; see the [vignette](http://brubinstein.github.io/diffpriv/articles/diffpriv.pdf)) and supply it\nvia the `sensitivity` argument of mechanism construction: in this case not hard\nif we assume bounded data, but in general sensitivity can be very non-trivial \nto calculate manually. The other approach, which we follow in this example, is\nsensitivity sampling: repeated probing of `target` to estimate sensitivity \nautomatically. We need only specify a distribution for generating random probe\ndatasets; `sensitivitySampler()` takes care of the rest. The price we pay for \nthis convenience is the weaker form of random differential privacy.\n\n```{r example-3}\n## set a dataset sampling distribution, then estimate target sensitivity with\n## sufficient samples for subsequent mechanism responses to achieve random\n## differential privacy with confidence 1-gamma\ndistr \u003c- function(n) rnorm(n)\nmech \u003c- sensitivitySampler(mech, oracle = distr, n = 5, gamma = 0.1)\nmech@sensitivity    ## DPMech and subclasses are S4: slots accessed via @\n```\n\nWith a sensitivity-calibrated mechanism in hand, we can release private \nresponses on a dataset `X`, displayed alongside the non-private response \nfor comparison:\n\n```{r example-4}\nX \u003c- c(0.328,-1.444,-0.511,0.154,-2.062) # length is sensitivitySampler() n\nr \u003c- releaseResponse(mech, privacyParams = DPParamsEps(epsilon = 1), X = X)\ncat(\"Private response r$response:   \", r$response,\n  \"\\nNon-private response target(X):\", target(X))\n```\n\n## Getting Started\n\nThe above example demonstrates the main components of `diffpriv`:\n\n* Virtual class `DPMech` for generic mechanisms that captures the non-private\n  `target` and releases privatized responses from it. Current subclasses\n    + `DPMechLaplace`, `DPMechGaussian`: the Laplace and Gaussian mechanisms \n      for releasing numeric responses with additive noise;\n    + `DPMechExponential`: the exponential mechanism for privately \n      optimizing over finite sets (which need not be numeric); and\n    + `DPMechBernstein`: the Bernstein mechanism for privately releasing \n      multivariate real-valued functions. See the \n      [bernstein vignette](http://brubinstein.github.io/diffpriv/articles/bernstein.pdf) for more.\n* Class `DPParamsEps` and subclasses for encapsulating privacy parameters.\n* `sensitivitySampler()` method of `DPMech` subclasses estimates target \n  sensitivity necessary to run `releaseResponse()` of `DPMech` generic \n  mechanisms. This provides an easy alternative to exact sensitivity bounds\n  requiring mathematical analysis. The sampler repeatedly probes \n  `DPMech@target` to estimate sensitivity to data perturbation. Running \n  mechanisms with obtained sensitivities yield random differential privacy.\n\nRead the [package vignette](http://brubinstein.github.io/diffpriv/articles/diffpriv.pdf) for more, or [news](http://brubinstein.github.io/diffpriv/news/index.html)\nfor the latest release notes.\n\n## Citing the Package\n\n`diffpriv` is an open-source package offered with a permissive MIT License. \nPlease acknowledge use of `diffpriv` by citing the paper on the sensitivity \nsampler:\n\n\u003e Benjamin I. P. Rubinstein and Francesco Aldà. \"Pain-Free Random Differential \n\u003e Privacy with Sensitivity Sampling\", to appear in the 34th International\n\u003e Conference on Machine Learning (ICML'2017), 2017.\n\nOther relevant references to cite depending on usage:\n\n* **Differential privacy and the Laplace mechanism:** \n  Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. \"Calibrating \n  noise to sensitivity in private data analysis.\" In Theory of Cryptography \n  Conference, pp. 265-284. Springer Berlin Heidelberg, 2006.\n* **The Gaussian mechanism:** Cynthia Dwork and Aaron Roth. \"The algorithmic\n  foundations of differential privacy.\" Foundations and Trends in Theoretical \n  Computer Science 9(3–4), pp. 211-407, 2014.\n* **The exponential mechanism:** Frank McSherry and Kunal Talwar. \"Mechanism \n  design via differential privacy.\" In the 48th Annual IEEE Symposium on \n  Foundations of Computer Science (FOCS'07), pp. 94-103. IEEE, 2007.\n* **The Bernstein mechanism:** Francesco Aldà and Benjamin I. P. Rubinstein. \n  \"The Bernstein Mechanism: Function Release under Differential Privacy.\" In\n  Proceedings of the 31st AAAI Conference on Artificial Intelligence\n  (AAAI'2017), pp. 1705-1711, 2017.\n* **Random differential privacy:** Rob Hall, Alessandro Rinaldo, and Larry \n  Wasserman. \"Random Differential Privacy.\" Journal of Privacy and \n  Confidentiality, 4(2), pp. 43-59, 2012. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrubinstein%2Fdiffpriv","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrubinstein%2Fdiffpriv","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrubinstein%2Fdiffpriv/lists"}