The library provides tools for calibrating the noise scale in (epsilon, delta)-DP mechanisms to one of the two notions of operational attack risk (attack accuracy/advantage, or attack TPR and FPR) instead of the (epsilon, delta) parameters, as well as for efficient measurement of these notions. The library enables to reduce the noise scale at the same level of targeted attack risk.
Install with:
pip install riskcal
To measure the attack trade-off curve (equivalent to attack's receiver-operating curve) for DP-SGD, you can run
import riskcal
import numpy as np
alphas = np.array([0.01, 0.05, 0.1])
betas = riskcal.pld.get_beta(
alpha=alphas,
noise_multiplier=noise_multiplier,
sample_rate=sample_rate,
num_steps=num_steps,
)
You can also get the trade-off curve for any DP mechanism supported by Google's DP accounting library, given its privacy loss distribution (PLD):
import riskcal
import numpy as np
alphas = np.array([0.01, 0.05, 0.1])
betas = riskcal.pld.get_beta_from_pld(pld, alpha=alphas)
To calibrate noise scale in DP-SGD to a given attack FPR (beta) and FNR (alpha), run:
import riskcal
noise_multiplier = riskcal.pld.find_noise_multiplier_for_err_rates(
beta=0.2,
alpha=0.01,
sample_rate=sample_rate,
num_steps=num_steps
)