secretflow.security.privacy.mechanism.tensorflow package

Submodules

secretflow.security.privacy.mechanism.tensorflow.layers module

Classes:

EmbeddingDP(*args, **kwargs)
GaussianEmbeddingDP(*args, **kwargs)	Embedding differential privacy perturbation using gaussian noise
LabelDP(eps)	Label differential privacy perturbation

class secretflow.security.privacy.mechanism.tensorflow.layers.EmbeddingDP(*args, **kwargs)

Bases: Layer, ABC

Methods:

__init__()
call(inputs)	This is where the layer's logic lives.

__init__() → None

abstract call(inputs)

This is where the layer’s logic lives.

The call() method may not create state (except in its first invocation, wrapping the creation of variables or other resources in tf.init_scope()). It is recommended to create state in __init__(), or the build() method that is called automatically before call() executes the first time.

Parameters

• inputs –

  Input tensor, or dict/list/tuple of input tensors. The first positional inputs argument is subject to special rules: - inputs must be explicitly passed. A layer cannot have zero

  arguments, and inputs cannot be provided via the default value of a keyword argument.

  • NumPy array or Python scalar values in inputs get cast as tensors.

  • Keras mask metadata is only collected from inputs.

  • Layers are built (build(input_shape) method) using shape info from inputs only.

  • input_spec compatibility is only checked against inputs.

  • Mixed precision input casting is only applied to inputs. If a layer has tensor arguments in *args or **kwargs, their casting behavior in mixed precision should be handled manually.

  • The SavedModel input specification is generated using inputs only.

  • Integration with various ecosystem packages like TFMOT, TFLite, TF.js, etc is only supported for inputs and not for tensors in positional and keyword arguments.

• *args – Additional positional arguments. May contain tensors, although this is not recommended, for the reasons above.

• **kwargs –

  Additional keyword arguments. May contain tensors, although this is not recommended, for the reasons above. The following optional keyword arguments are reserved: - training: Boolean scalar tensor of Python boolean indicating

  whether the call is meant for training or inference.

  • mask: Boolean input mask. If the layer’s call() method takes a mask argument, its default value will be set to the mask generated for inputs by the previous layer (if input did come from a layer that generated a corresponding mask, i.e. if it came from a Keras layer with masking support).

Returns

A tensor or list/tuple of tensors.

class secretflow.security.privacy.mechanism.tensorflow.layers.GaussianEmbeddingDP(*args, **kwargs)

Bases: EmbeddingDP

Embedding differential privacy perturbation using gaussian noise

Methods:

__init__(noise_multiplier, batch_size, ...)	param epnoise_multipliers Epsilon for pure DP.
call(inputs)	Add gaussion dp on embedding.
privacy_spent_rdp(step[, orders])	Get accountant using RDP.
privacy_spent_gdp(step, sampling_type)	Get accountant using GDP.

__init__(noise_multiplier: float, batch_size: int, num_samples: int, l2_norm_clip: float = 1.0, delta: Optional[float] = None, is_secure_generator: bool = False) → None

Parameters

• epnoise_multipliers – Epsilon for pure DP.

• batch_size – Batch size.

• num_samples – Number of all samples.

• l2_norm_clip – The clipping norm to apply to the embedding.

• is_secure_generator – whether use the secure generator to generate noise.

call(inputs)

Add gaussion dp on embedding.

Parameters

inputs – Embedding.

privacy_spent_rdp(step: int, orders: Optional[List] = None)

Get accountant using RDP.

Parameters

• step – The current step of model training or prediction.

• orders – An array (or a scalar) of RDP orders.

privacy_spent_gdp(step: int, sampling_type: str)

Get accountant using GDP.

Parameters

• step – The current step of model training or prediction.

• sampling_type – Sampling type, which must be “poisson” or “uniform”.

class secretflow.security.privacy.mechanism.tensorflow.layers.LabelDP(eps: float)

Bases: object

Label differential privacy perturbation

Methods:

__init__(eps)	param eps epsilon for pure DP.
privacy_spent()

__init__(eps: float) → None

Parameters

eps – epsilon for pure DP.

privacy_spent()

secretflow.security.privacy.mechanism.tensorflow.mechanism_fl module

Classes:

GaussianModelDP(noise_multiplier, num_clients)

global model differential privacy perturbation using gaussian noise

class secretflow.security.privacy.mechanism.tensorflow.mechanism_fl.GaussianModelDP(noise_multiplier: float, num_clients: int, num_updates: Optional[int] = None, l2_norm_clip: float = 1.0, delta: Optional[float] = None, is_secure_generator: bool = False, is_clip_each_layer: bool = False)

Bases: object

global model differential privacy perturbation using gaussian noise

Methods:

__init__(noise_multiplier, num_clients[, ...])	param epnoise_multipliers Epsilon for pure DP.
privacy_spent_rdp(step[, orders])	Get accountant using RDP.

__init__(noise_multiplier: float, num_clients: int, num_updates: Optional[int] = None, l2_norm_clip: float = 1.0, delta: Optional[float] = None, is_secure_generator: bool = False, is_clip_each_layer: bool = False) → None

Parameters

• epnoise_multipliers – Epsilon for pure DP.

• num_clients – Number of all clients.

• num_updates – Number of Clients that participate in the update.

• l2_norm_clip – The clipping norm to apply to the parameters or gradients.

• is_secure_generator – whether use the secure generator to generate noise.

• is_clip_prelayer – The 2norm of each layer is dynamically assigned.

privacy_spent_rdp(step: int, orders: Optional[List] = None)

Get accountant using RDP.

Parameters

• step – The dp current step of model training or prediction.

• orders – An array (or a scalar) of RDP orders.

Module contents