|
22 | 22 |
|
23 | 23 | #include "absl/container/flat_hash_map.h" |
24 | 24 | #include "base/statusor.h" |
| 25 | +#include "absl/types/optional.h" |
25 | 26 | #include "accounting/common/common.h" |
26 | 27 | #include "accounting/privacy_loss_mechanism.h" |
27 | 28 | #include "proto/accounting/privacy-loss-distribution.pb.h" |
@@ -122,12 +123,80 @@ class PrivacyLossDistribution { |
122 | 123 | // estimate_type: kPessimistic denoting that the rounding is done in such a |
123 | 124 | // way that the resulting epsilon-hockey stick divergence computation gives |
124 | 125 | // an upper estimate to the real value. |
| 126 | + // discretization_interval: the length of the dicretization interval for the |
| 127 | + // privacy loss distribution. The values will be rounded up/down to be |
| 128 | + // integer multiples of this number. |
125 | 129 | static base::StatusOr<std::unique_ptr<PrivacyLossDistribution>> |
126 | 130 | CreateForLaplaceMechanism( |
127 | 131 | double parameter, double sensitivity = 1, |
128 | 132 | EstimateType estimate_type = EstimateType::kPessimistic, |
129 | 133 | double discretization_interval = 1e-4); |
130 | 134 |
|
| 135 | + // Creates {@link PrivacyLossDistribution} for the Discrete Laplace mechanism. |
| 136 | + // |
| 137 | + // parameter: the parameter of the Discrete Laplace distribution. |
| 138 | + // sensitivity: the sensitivity of function f. (i.e. the maximum absolute |
| 139 | + // change in f when an input to a single user changes.) |
| 140 | + // estimate_type: kPessimistic denoting that the rounding is done in such a |
| 141 | + // way that the resulting epsilon-hockey stick divergence computation gives |
| 142 | + // an upper estimate to the real value. |
| 143 | + // discretization_interval: the length of the dicretization interval for the |
| 144 | + // privacy loss distribution. The values will be rounded up/down to be |
| 145 | + // integer multiples of this number. |
| 146 | + static base::StatusOr<std::unique_ptr<PrivacyLossDistribution>> |
| 147 | + CreateForDiscreteLaplaceMechanism( |
| 148 | + double parameter, int sensitivity = 1, |
| 149 | + EstimateType estimate_type = EstimateType::kPessimistic, |
| 150 | + double discretization_interval = 1e-4); |
| 151 | + |
| 152 | + // Creates {@link PrivacyLossDistribution} for the Gaussian mechanism. |
| 153 | + // |
| 154 | + // standard_deviation: the standard_deviation of the Gaussian distribution. |
| 155 | + // sensitivity: the sensitivity of function f. (i.e. the maximum absolute |
| 156 | + // change in f when an input to a single user changes.) |
| 157 | + // estimate_type: kPessimistic denoting that the rounding is done in such a |
| 158 | + // way that the resulting epsilon-hockey stick divergence computation gives |
| 159 | + // an upper estimate to the real value. |
| 160 | + // discretization_interval: the length of the dicretization interval for the |
| 161 | + // privacy loss distribution. The values will be rounded up/down to be |
| 162 | + // integer multiples of this number. |
| 163 | + // mass_truncation_bound: the natural log of the probability mass that might |
| 164 | + // be discarded from the noise distribution. The larger this number, the |
| 165 | + // more error it may introduce in divergence calculations. |
| 166 | + static base::StatusOr<std::unique_ptr<PrivacyLossDistribution>> |
| 167 | + CreateForGaussianMechanism( |
| 168 | + double standard_deviation, double sensitivity = 1, |
| 169 | + EstimateType estimate_type = EstimateType::kPessimistic, |
| 170 | + double discretization_interval = 1e-4, |
| 171 | + double mass_truncation_bound = -50); |
| 172 | + |
| 173 | + // Creates {@link PrivacyLossDistribution} for the Gaussian mechanism. |
| 174 | + // |
| 175 | + // sigma: he parameter of the discrete Gaussian distribution. Note that unlike |
| 176 | + // the (continuous) Gaussian distribution this is not equal to the standard |
| 177 | + // deviation of the noise. |
| 178 | + // sensitivity: the sensitivity of function f. (i.e. the maximum absolute |
| 179 | + // change in f when an input to a single user changes.) |
| 180 | + // estimate_type: kPessimistic denoting that the rounding is done in such a |
| 181 | + // way that the resulting epsilon-hockey stick divergence computation gives |
| 182 | + // an upper estimate to the real value. |
| 183 | + // discretization_interval: the length of the dicretization interval for the |
| 184 | + // privacy loss distribution. The values will be rounded up/down to be |
| 185 | + // integer multiples of this number. |
| 186 | + // mass_truncation_bound: the natural log of the probability mass that might |
| 187 | + // be discarded from the noise distribution. The larger this number, the |
| 188 | + // more error it may introduce in divergence calculations. |
| 189 | + // truncation_bound: bound for truncating the noise, i.e. the noise will only |
| 190 | + // have a support in [-truncation_bound, truncation_bound]. When not set, |
| 191 | + // truncation_bound will be chosen in such a way that the mass of the noise |
| 192 | + // outside of this range is at most 1e-30. |
| 193 | + static base::StatusOr<std::unique_ptr<PrivacyLossDistribution>> |
| 194 | + CreateForDiscreteGaussianMechanism( |
| 195 | + double sigma, int sensitivity = 1, |
| 196 | + EstimateType estimate_type = EstimateType::kPessimistic, |
| 197 | + double discretization_interval = 1e-4, |
| 198 | + absl::optional<int> truncation_bound = absl::nullopt); |
| 199 | + |
131 | 200 | // Creates {@link PrivacyLossDistribution} from epsilon and delta parameters. |
132 | 201 | // |
133 | 202 | // When the mechanism is (epsilon, delta)-differentially private, the |
|
0 commit comments