Add in-cluster test with DP #3314
Conversation
divergentdave
force-pushed
the
david/dp-in-cluster-test
branch
from
366b02d
to
5244cb0
Compare
divergentdave
force-pushed
the
david/dp-in-cluster-test
branch
from
5244cb0
to
b3da366
Compare
divergentdave
force-pushed
the
david/dp-in-cluster-test
branch
from
b3da366
to
cbc912c
Compare
| // Smoke test: Just confirm that some noise was added. Since epsilon is small, the noise will be | ||
| // large (drawn from Laplace_Z(20) + Laplace_Z(20)), and it is highly unlikely that all 100 | ||
| // noise values will be zero simultaneously. | ||
| assert_ne!(aggregate_result, un_noised_result); |
There was a problem hiding this comment.
Are there any useful bounds on the amount of noise added such that we could check that the actual result is close enough to the non-noised result to be plausibly the result of aggregation + DP noise? "Useful" in this case meaning the condition is unlikely to be satisfied if DP noise is not being added correctly.
There was a problem hiding this comment.
I could check that each coordinate is not in the middle of the field's range (p*1/4 to p*3/4). That'll be more than far enough out that false positives won't be a problem, while still catching errors in secret sharing/unsharding with a probability of 1/2 on each coordinate.
divergentdave
force-pushed
the
david/dp-in-cluster-test
branch
from
f095581
to
31cbe96
Compare
|
This is now passing against staging. https://github.com/divviup/janus-ops/actions/runs/10097504244/job/27922510921 |
This adds an in-cluster integration test exercising aggregator-based differential privacy noise.
This shouldn't be merged until #3302 and divviup/divviup-api#1173 have been deployed.