RAPPOR: Privacy-Preserving Reporting Algorithms

Перейти к файлу

Alessio Placitelli ed69c7020c Add context to README		2017-09-11 19:09:27 +02:00
analysis/R	Clean repo	2017-08-01 14:50:22 +02:00
bin	Migrate non-Android users off //third_party/java/android_libs/guava_jdk5.	2016-03-07 16:48:53 -08:00
client	Multiprocess in RAPPOR, and write data needed to generate plot to a csv file	2017-08-09 15:17:53 +02:00
doc	Merge branch 'split' of github.com:google/rappor into split	2014-11-13 14:33:09 -08:00
gh-pages	Delete test	2016-02-10 15:07:00 -08:00
tests	Create methods gen-values and analysis in regtest.sh	2017-08-30 11:44:07 +02:00
.gitignore	Clean repo	2017-08-01 14:50:22 +02:00
LICENSE	Initial import.	2014-10-17 16:17:57 -07:00
README.md	Add context to README	2017-09-11 19:09:27 +02:00
build.sh	Python simulator running on Mac	2017-06-29 11:09:45 -07:00
calculate_epsilon.py	Clean repo	2017-08-01 14:50:22 +02:00
demo.sh	Add num of instances for a simulation and set a shared true value file between simulations	2017-07-04 18:21:31 +02:00
docs.sh	Add subfunctions to docs.sh	2016-02-09 11:20:39 -08:00
exec.sh	change hmac with hmac-drbg to allow bloom filters with size greater than 32 bits	2017-07-18 11:47:08 +02:00
regtest.sh	Create methods gen-values and analysis in regtest.sh	2017-08-30 11:44:07 +02:00
setup.sh	Python simulator running on Mac	2017-06-29 11:09:45 -07:00
test.sh	Re add tests/gen_counts_test.R	2016-02-10 13:38:20 -08:00
util.sh	Migrate non-Android users off //third_party/java/android_libs/guava_jdk5.	2016-03-07 16:48:53 -08:00

README.md

RAPPOR

Context - This is a research prototype was modified as part of an internship project. See the Mozilla Governance thread for context. The differences between this fork and upstream are described in bug 1379189 and bug 1391664.

RAPPOR is a novel privacy technology that allows inferring statistics about populations while preserving the privacy of individual users.

This repository contains simulation and analysis code in Python and R.

For a detailed description of the algorithms, see the paper and links below.

Feel free to send feedback to rappor-discuss@googlegroups.com.

Running the Demo

Although the Python and R libraries should be portable to any platform, our end-to-end demo has only been tested on Linux.

If you don't have a Linux box handy, you can view the generated output.

To setup your enviroment there are some packages and R dependencies. There is a setup script to install them: $ ./setup.sh Then to build the native components run: $ ./build.sh This compiles and tests the fastrand C extension module for Python, which speeds up the simulation.

Finally to run the demo run: $ ./demo.sh

The demo strings together the Python and R code. It:

Generates simulated input data with different distributions
Runs it through the RAPPOR privacy-preserving reporting mechanisms
Analyzes and plots the aggregated reports against the true input

The output is written to _tmp/regtest/results.html, and can be opened with a browser.

Dependencies

R analysis (analysis/R):

Demo dependencies (demo.sh):

These are necessary if you want to test changes to the code.

R libraries
- ggplot2
- optparse
bash shell / coreutils: to run tests

Python client (client/python):

None. You should be able to just import the rappor.py file.

Platform:

R: tested on R 3.0.
Python: tested on Python 2.7.
OS: the shell script tests have been tested on Linux, but may work on Mac/Cygwin. The R and Python code should work on any OS.

Development

To run tests:

$ ./test.sh

This currently runs Python unit tests, lints Python source files, and runs R unit tests.

API

rappor.py is a tiny standalone Python file, and you can easily copy it into a Python program.

NOTE: Its interface is subject to change. We are in the demo stage now, but if there's demand, we will document and publish the interface.

The R interface is also subject to change.

The fastrand C module is optional. It's likely only useful for simulation of thousands of clients. It doesn't use cryptographically strong randomness, and thus should not be used in production.

Directory Structure

analysis/
  R/                 # R code for analysis
bin/                 # Command line tools for analysis.
client/              # Client libraries
  python/            # Python client library
    rappor.py
    ...
doc/                 # Documentation
tests/               # Tools for regression tests
  compare_dist.R     # Test helper for single variable analysis
  gen_true_values.R  # Generate test input
  make_summary.py    # Generate an HTML report for the regtest
  rappor_sim.py      # RAPPOR client simulation
  regtest_spec.py    # Specification of test cases
  ...
build.sh             # Build scripts (docs, C extension, etc.)
demo.sh              # Quick demonstration
docs.sh              # Generate docs form the markdown in doc/
gh-pages/            # Where generated docs go. (A subtree of the branch gh-pages)
regtest.sh           # End-to-end regression tests, including client
                     #  libraries and analysis
setup.sh             # Install dependencies (for MacOS)
test.sh              # Test runner

Documentation

RAPPOR Data Flow

Publications

Links

Google Blog Post about RAPPOR
RAPPOR implementation in Chrome
- This is a production quality C++ implementation, but it's somewhat tied to Chrome, and doesn't support all privacy parameters (e.g. only a few values of p and q). On the other hand, the code in this repo is not yet production quality, but supports experimentation with different parameters and data sets. Of course, anyone is free to implement RAPPOR independently as well.
Mailing list: rappor-discuss@googlegroups.com