datasynth-fingerprint 5.36.0

Privacy-preserving synthetic data fingerprinting for DataSynth
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293

//! Privacy audit trail models.

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};

/// Privacy audit trail documenting all privacy decisions.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PrivacyAudit {
    /// Total epsilon budget allowed.
    pub epsilon_budget: f64,

    /// Total epsilon spent.
    pub total_epsilon_spent: f64,

    /// K-anonymity threshold used.
    pub k_anonymity: u32,

    /// All privacy actions taken.
    pub actions: Vec<PrivacyAction>,

    /// Summary of privacy measures by category.
    pub summary: PrivacySummary,

    /// Timestamp of audit creation.
    pub created_at: DateTime<Utc>,

    /// Warnings generated during privacy processing.
    #[serde(default, skip_serializing_if = "Vec::is_empty")]
    pub warnings: Vec<PrivacyWarning>,

    /// The composition method used for budget accounting (e.g., "naive", "renyi_dp", "zcdp").
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub composition_method: Option<String>,

    /// The optimal Renyi DP alpha order (only set when using RDP composition).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub rdp_alpha_effective: Option<f64>,
}

impl PrivacyAudit {
    /// Create a new privacy audit.
    pub fn new(epsilon_budget: f64, k_anonymity: u32) -> Self {
        Self {
            epsilon_budget,
            total_epsilon_spent: 0.0,
            k_anonymity,
            actions: Vec::new(),
            summary: PrivacySummary::default(),
            created_at: Utc::now(),
            warnings: Vec::new(),
            composition_method: None,
            rdp_alpha_effective: None,
        }
    }

    /// Record a privacy action.
    pub fn record_action(&mut self, action: PrivacyAction) {
        if let Some(epsilon) = action.epsilon_spent {
            self.total_epsilon_spent += epsilon;
        }

        // Update summary
        match action.action_type {
            PrivacyActionType::LaplaceNoise => self.summary.noise_additions += 1,
            PrivacyActionType::Suppression => self.summary.suppressions += 1,
            PrivacyActionType::Generalization => self.summary.generalizations += 1,
            PrivacyActionType::Winsorization => self.summary.winsorizations += 1,
            PrivacyActionType::Binning => self.summary.binnings += 1,
            PrivacyActionType::Rounding => self.summary.roundings += 1,
        }

        self.actions.push(action);
    }

    /// Check if privacy budget is exhausted.
    pub fn is_budget_exhausted(&self) -> bool {
        self.total_epsilon_spent >= self.epsilon_budget
    }

    /// Get remaining epsilon budget.
    pub fn remaining_budget(&self) -> f64 {
        (self.epsilon_budget - self.total_epsilon_spent).max(0.0)
    }

    /// Add a warning.
    pub fn add_warning(&mut self, warning: PrivacyWarning) {
        self.warnings.push(warning);
    }
}

/// A single privacy action taken during extraction.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PrivacyAction {
    /// Type of privacy action.
    pub action_type: PrivacyActionType,

    /// Target of the action (table.column or statistic name).
    pub target: String,

    /// Description of what was done.
    pub description: String,

    /// Epsilon spent for this action (if DP).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub epsilon_spent: Option<f64>,

    /// Original value (for auditing, may be redacted).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub original_value: Option<String>,

    /// Resulting value after action.
    #[serde(skip_serializing_if = "Option::is_none")]
    pub resulting_value: Option<String>,

    /// Reason for the action.
    pub reason: String,

    /// Timestamp of the action.
    pub timestamp: DateTime<Utc>,
}

impl PrivacyAction {
    /// Create a new privacy action.
    pub fn new(
        action_type: PrivacyActionType,
        target: impl Into<String>,
        description: impl Into<String>,
        reason: impl Into<String>,
    ) -> Self {
        Self {
            action_type,
            target: target.into(),
            description: description.into(),
            epsilon_spent: None,
            original_value: None,
            resulting_value: None,
            reason: reason.into(),
            timestamp: Utc::now(),
        }
    }

    /// Add epsilon spent.
    pub fn with_epsilon(mut self, epsilon: f64) -> Self {
        self.epsilon_spent = Some(epsilon);
        self
    }

    /// Add original and resulting values.
    pub fn with_values(
        mut self,
        original: impl Into<String>,
        resulting: impl Into<String>,
    ) -> Self {
        self.original_value = Some(original.into());
        self.resulting_value = Some(resulting.into());
        self
    }
}

/// Types of privacy actions.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum PrivacyActionType {
    /// Added Laplace noise (differential privacy).
    LaplaceNoise,
    /// Suppressed value (k-anonymity).
    Suppression,
    /// Generalized value (e.g., exact age -> age range).
    Generalization,
    /// Winsorized outliers.
    Winsorization,
    /// Binned continuous values.
    Binning,
    /// Rounded value.
    Rounding,
}

impl std::fmt::Display for PrivacyActionType {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::LaplaceNoise => write!(f, "Laplace Noise"),
            Self::Suppression => write!(f, "Suppression"),
            Self::Generalization => write!(f, "Generalization"),
            Self::Winsorization => write!(f, "Winsorization"),
            Self::Binning => write!(f, "Binning"),
            Self::Rounding => write!(f, "Rounding"),
        }
    }
}

/// Summary of privacy measures applied.
#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct PrivacySummary {
    /// Number of noise additions.
    pub noise_additions: u64,

    /// Number of value suppressions.
    pub suppressions: u64,

    /// Number of generalizations.
    pub generalizations: u64,

    /// Number of winsorizations.
    pub winsorizations: u64,

    /// Number of binnings.
    pub binnings: u64,

    /// Number of roundings.
    pub roundings: u64,

    /// Total columns processed.
    pub columns_processed: u64,

    /// Columns with privacy modifications.
    pub columns_modified: u64,

    /// Categorical values suppressed.
    pub categorical_values_suppressed: u64,

    /// Rows potentially affected.
    pub rows_affected: u64,
}

impl PrivacySummary {
    /// Get total privacy actions.
    pub fn total_actions(&self) -> u64 {
        self.noise_additions
            + self.suppressions
            + self.generalizations
            + self.winsorizations
            + self.binnings
            + self.roundings
    }
}

/// Privacy warning generated during processing.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PrivacyWarning {
    /// Warning level.
    pub level: WarningLevel,

    /// Warning message.
    pub message: String,

    /// Target of the warning.
    pub target: Option<String>,

    /// Recommendation.
    pub recommendation: Option<String>,

    /// Timestamp.
    pub timestamp: DateTime<Utc>,
}

impl PrivacyWarning {
    /// Create a new warning.
    pub fn new(level: WarningLevel, message: impl Into<String>) -> Self {
        Self {
            level,
            message: message.into(),
            target: None,
            recommendation: None,
            timestamp: Utc::now(),
        }
    }

    /// Add target.
    pub fn with_target(mut self, target: impl Into<String>) -> Self {
        self.target = Some(target.into());
        self
    }

    /// Add recommendation.
    pub fn with_recommendation(mut self, recommendation: impl Into<String>) -> Self {
        self.recommendation = Some(recommendation.into());
        self
    }
}

/// Warning level.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum WarningLevel {
    /// Informational warning.
    Info,
    /// Warning that may affect utility.
    Warning,
    /// Serious warning that may affect privacy or utility significantly.
    Serious,
    /// Critical warning - action may be needed.
    Critical,
}