Skip to content
No description, website, or topics provided.
C++ Python TSQL Shell
Branch: master
Clone or download
Latest commit 98b9317 Sep 7, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
differential_privacy Fix typo on the landing page, and incorrect citation. Sep 6, 2019
BUILD Project import Sep 5, 2019 Project import Sep 5, 2019
LICENSE Project import Sep 5, 2019 Fix typo on the landing page, and incorrect citation. Sep 6, 2019
WORKSPACE Project import Sep 5, 2019
differential_privacy_deps.bzl Project import Sep 5, 2019

Differential Privacy

This project contains a C++ library of ε-differentially private algorithms, which can be used to produce aggregate statistics over numeric data sets containing private or sensitive information. In addition, we provide a stochastic tester to check the correctness of the algorithms. Currently, we provide algorithms to compute the following:

  • Count
  • Sum
  • Mean
  • Variance
  • Standard deviation
  • Order statistics (including min, max, and median)

We also provide an implementation of the laplace mechanism that can be used to perform computations that aren't covered by our pre-built algorithms.

All of these algorithms are suitable for research, experimental or production use cases.

This project also contains a stochastic tester, used to help catch regressions that could make the differential privacy property no longer hold.

How to Build

This project uses bazel for building and dependency resolution. Install bazel and run the following:

bazel build differential_privacy/...


Here's a minimal example showing how to compute the count of some data:

#include "differential_privacy/algorithms/count.h"

// Epsilon is a configurable parameter. A lower value means more privacy but
// less accuracy.
int64_t count(const vector<double>& vals, double epsilon) {
  // Construct the Count object to run on double inputs.
  std::unique_pointer<differential_privacy::Count<double>> count =

  // Compute the count and get the result.
  differential_privacy::Output result = count->Result(v.begin(), v.end());

  // GetValue can be used to extract the value from an Output protobuf. For
  // count, this is always an int64_t value.
  return differential_privacy::GetValue<int64_t>(result);

We also include the following example code:


All of our code assume that each user contributes only a single row to each aggregation. You can use the library to build systems that allow multiple contributions per user - our paper describes one such system. To do so, multiple user contributions should be combined before they are passed to our algorithms. We chose not to implement this step at the library level because it's not the logical place for it - it's much easier to sort contributions by user and combine them together with a distributed processing framework before they're passed to our algorithms.


We will continue to publish updates and improvements to the library. We will not accept pull requests for the immediate future. We will respond to issues filed in this project. If we intend to stop publishing improvements and responding to issues we will publish notice here at least 3 months in advance.


Apache License 2.0

Support Disclaimer

This is not an officially supported Google product.

You can’t perform that action at this time.