Statistical Counterexample Detector for Differential Privacy.

You have to define your algorithm with the first argument being Queries.

Then you can simply call the detection tool with automatic database generation and event selection:

from statdp import detect_counterexample

def your_algorithm(Q, epsilon, ...):
     # your algorithm implementation here
 
if __name__ == '__main__':
    # algorithm privacy budget argument(`epsilon`) is needed
    # otherwise detector won't work properly since it will try to generate a privacy budget
    result = detect_counterexample(your_algorithm, {'epsilon': privacy_budget}, test_epsilon)

The result is returned in variable result, which is stored as [(epsilon, p, d1, d2, kwargs, event), (...)].

The detect_counterexample accepts multiple extra arguments to customize the process, check the signature and notes of detect_counterexample method to see how to use.

def detect_counterexample(algorithm, test_epsilon, default_kwargs={},
                           event_search_space=None, databases=None,
                           event_iterations=100000, detect_iterations=500000, cores=0,
                           loglevel=logging.INFO):
    """
    :param algorithm: The algorithm to test for.
    :param test_epsilon: The privacy budget to test for, can either be a number or a tuple/list.
    :param default_kwargs: The default arguments the algorithm needs except the first Queries argument, 'epsilon' must be provided.
    :param event_search_space: The search space for event selector to reduce search time, optional.
    :param databases: The databases to run for detection, optional.
    :param event_iterations: The iterations for event selector to run, default is 100000.
    :param detect_iterations: The iterations for detector to run, default is 500000.
    :param cores: The cores to utilize, 0 means auto-detection.
    :param loglevel: The loglevel for logging package.
    :return: [(epsilon, p, d1, d2, kwargs, event)] The epsilon-p pairs along with databases/arguments/selected event.
    """

A nice python library matplotlib is recommended for visualizing your result.

There's a python code snippet at /examples/run.py(draw_graph method) to show an example of plotting the results.

Then you can generate a figure like the iSVT 4 in our paper.

Our tool is designed to be modular and components are fully decoupled. You can write your own input generator/event selector and apply them to hypothesis test.

In general the detection process is generate_databases -> select_event -> hypothesis_test, you can checkout the definition and docstrings of the functions respectively to define your own generator/selector.Basically the detect_counterexample function in statdp.core package is just shortcut function to take care of the above process for you.

hypothesis_test function can be used universally by all algorithms, but you may need to design your own generator or selector for your own algorithm since our input generator and event selector are designed to work with numerical queries on databases.

You are encouraged to cite the following paper if you use this tool for academic research:

@inproceedings{Ding:2018:DVD:3243734.3243818,
 author = {Ding, Zeyu and Wang, Yuxin and Wang, Guanhong and Zhang, Danfeng and Kifer, Daniel},
 title = {Detecting Violations of Differential Privacy},
 booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
 series = {CCS '18},
 year = {2018},
 isbn = {978-1-4503-5693-0},
 location = {Toronto, Canada},
 pages = {475--489},
 numpages = {15},
 url = {http://doi.acm.org/10.1145/3243734.3243818},
 doi = {10.1145/3243734.3243818},
 acmid = {3243818},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {counterexample detection, differential privacy, statistical testing},
} 

MIT.