Differential Privacy (Uber/Berkeley)

The GDA Score Project has added an interface for Differential Privacy. Specifically, we have added the open-source DP implementation released by Uber in 2017, which was the result of a collaboration between researchers at UC Berkeley and Uber. That implementation has since been deprecated, and can be found at https://github.com/uber-archive/sql-differential-privacy.

The open-source implementation did not include a budget mechanism. The GDA Score implementation includes a naive budget mechanism that simply subtracts the epsilon value of each query from a total budget. The total budget is specified by the calling code.

A reference implementation of an attack using the Uber DP interface can be found at https://github.com/gda-score/attacks/blob/master/examples/testUberSinglingOut.py.

The following additions were made to the GDA Score gdaAttack interface:

The anonymization type is 'uber_anon', for example:

config = {
    "configVersion": "compact1",
    "basic": {
        "attackType": "Test",
        "criteria": "singlingOut"
    },
    'anonTypes': [['uber_anon']],
    'tables': [['banking', 'accounts']]
}

paramsList = setupGdaAttackParameters(config)
params = paramsList[0]

The budget itself is set in gdaAttack(params) using the new attribute params['db_budget']:

params['dp_budget'] = 5.0
x = gdaAttack(params)

The epsilon for each individual attack query is conveyed in the askAttack(query) call with the new attribute query['epsilon']:

query = {}
sql = """Select count(*)
         from transactions
         where operation = 'VKLAD'
         """
query['sql'] = sql
query['epsilon'] = 1
x.askAttack(query)

The amount of budget remaining after the query is conveyed in the answer provided by the getAttack() call in the attribute reply['remaining_dp_budget']:

reply = x.getAttack()
remaining_budget = reply['remaining_dp_budget']

If the budget was exceeded by the query, the reply contains an error code that includes the phrase ‘Budget Exceeded’:

if 'answer' in reply:
    # Budget not exceeded
    ....
else if 'Budget Exceeded' in reply['error']:
    # Budget is exceeded
    ....
else:
    # Some other error
    ....

All other aspects of the gdaAttack API operate as normal.

Other query interfaces

The GDA Score project implements dynamic anonymization methods and opens interfaces to them.

Postgres Query Interface

The GDA Score project opens a postgres interface to the raw datasets as well as all static anonymized datasets.

Find out more

Diffix Query Interface

The GDA Score project provides both browser-based and postgres-based interfaces to Diffix.

Find out more