Harvard University homepage
HARVARD.EDU

Announcing OpenDP Library 0.12!

Photo of people socializing at a reception at the Harvard Science and Engineering Complex

The OpenDP team is excited to bring you our latest release, OpenDP Library 0.12!

The OpenDP Library is a modular collection of algorithms for building privacy-preserving applications, with an extensible approach to tracking privacy, and a vetted implementation. It is available as binaries for Python on PyPI, for R on R-universe, for Rust on crates.io, or in source form on GitHub.

This release brings expanded Polars functionality and documentation, an implementation of Private Selection from Private Candidates (PSPC), and updates to privacy measures for improved usability and better compatibility with other DP software. 

Polars Functionality

We’ve updated the (optional) Polars dependency to Python version 1.12.0 and Rust version 0.44.3. 

In this version we have added more ways to privately release grouping keys. In addition to “stable” key release under approximate-DP from OpenDP 0.11, OpenDP now supports “stable” key release under approximate-zCDP and “explicit” key release based on a data-independent key-set.

OpenDP 0.12 also showcases more thorough Polars documentation in the User Guide. This includes a new cast expression, expressions for parsing and manipulating temporal data and expressions for binning and working with categorical data. In addition, OpenDP 0.12 supports a wider range of counting queries, including counts of distinct elements.

OpenDP 0.12 is smarter about reusing margin domain descriptors. For instance, setting an upper bound on the overall dataset size implies an upper bound on the sizes of data partitions. This makes the library more forgiving and flexible in common use cases.

Private Selection from Private Candidates

Thank you to Shlomi Hod (one of our 2024 OpenDP Visiting Fellows!) for contributing an implementation of PSPC. In exchange for a higher privacy loss (typically a factor of two or three), PSPC releases the “best” outcome from repeated evaluations of another mechanism. PSPC is useful when you have a mechanism that could have vastly different utility on different runs.

PSPC is implemented as a combinator that can wrap any pure-DP mechanism. It is available for use from Rust, Python and R, and is accompanied by a proof. More information can be found in the documentation.

Updates to Privacy Measures

We have made a number of updates to our privacy measures to better align and integrate with other differential privacy software and to improve the usability of our software. Updates include:

  • Initial support for Rényi-DP (RDP). This includes an API for making an RDP privacy measure, composition, and the ability to construct RDP curves from Python plugins.
  • Privacy measures can be made to be delta-approximate. For instance, dp.approximate(dp.zero_concentrated_divergence()) denotes approximate-zCDP with fixed delta.
  • SMDCurve has been renamed to PrivacyProfile for clarity.
  • Privacy profiles (a privacy guarantee in terms of an epsilon-delta tradeoff) have been inverted: they now take epsilon as an argument and return delta.
  • Privacy profiles can now be constructed from Python. This enables library plugins to be written that satisfy approximate-DP with varying delta.
  • Privacy measures no longer have a generic argument for distance type. For example, max_divergence(T=float) is now just max_divergence().

Breaking Changes

The most impactful breaking changes are discussed in the updates to privacy measures.

Previously, OpenDP allowed arbitrary functions to be used as postprocessors. Unfortunately this could be abused to build measurements whose postprocessors introduce vulnerabilities. For instance, a post-processor that reads the system time could be used to add timing information to the output of a mechanism. OpenDP now requires “honest-but-curious” to be enabled in order to build postprocessors from Python, and states necessary conditions for valid postprocessors.

Getting the OpenDP Library

Further details can be found in the repository CHANGELOG. We’re excited to have you try this latest update of the OpenDP Library! You can find it on PyPIR-universecrates.io, or GitHub.


We welcome your feedback and participation in the OpenDP Project. To learn more, please visit the OpenDP website or join our Slack workspace.