synapse-layer/synapse_memory/privacy.py at main · SynapseLayer/synapse-layer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
"""
DifferentialPrivacy — Semantic Privacy Guard™ Embedding Protection

Applies mathematically-proven privacy guarantees to vector embeddings by
injecting calibrated noise before storage. This ensures that individual
memories cannot be reconstructed from their stored representations.

The noise calibration uses the analytic Gaussian mechanism with
configurable privacy budget (ε, δ). After noise injection, vectors
are L2-normalized to preserve cosine similarity semantics.

Author: Security & Architecture Team @ Synapse Layer
License: Apache 2.0
"""

import math
import logging
from typing import Dict, List, Optional, Any
from dataclasses import dataclass

logger = logging.getLogger(__name__)


@dataclass
class PrivacyResult:
    """Audit payload from the differential privacy pipeline."""
    noisy_embedding: List[float]
    original_norm: float
    noise_sigma: float
    epsilon: float
    delta: float
    privacy_applied: bool
    snr_db: float


class DifferentialPrivacy:
    """Gaussian mechanism for ε-differential privacy on embeddings.

    Applies calibrated Gaussian noise scaled by the privacy budget.
    The noise calibration formula and normalization strategy are
    based on the analytic Gaussian mechanism.

    Args:
        epsilon: Privacy budget. Lower values = stronger privacy.
        delta: Failure probability bound.
        normalize: If True, L2-normalize after noise injection.
    """

    EPSILON_MIN = 0.01
    EPSILON_MAX = 10.0

    def __init__(
        self,
        epsilon: float = 0.5,
        delta: float = 1e-5,
        normalize: bool = True,
    ) -> None:
        if not (self.EPSILON_MIN <= epsilon <= self.EPSILON_MAX):
            raise ValueError(
                f"epsilon must be in [{self.EPSILON_MIN}, {self.EPSILON_MAX}], "
                f"got {epsilon}"
            )
        if not (0 < delta < 1):
            raise ValueError(f"delta must be in (0, 1), got {delta}")

        self.epsilon = epsilon
        self.delta = delta
        self.normalize = normalize

        logger.info(
            "DifferentialPrivacy initialized (ε=%.3f, δ=%.1e, normalize=%s)",
            epsilon, delta, normalize,
        )

    def apply(self, embedding: List[float]) -> PrivacyResult:
        """Apply calibrated noise to an embedding vector.

        Args:
            embedding: Dense float vector (e.g., 384-d, 768-d, 1536-d).

        Returns:
            PrivacyResult with noisy embedding and audit metadata.

        Raises:
            ValueError: If embedding is empty or contains non-finite values.
        """
        if not embedding:
            raise ValueError("Embedding vector must not be empty.")

        n = len(embedding)

        # Compute L2 sensitivity
        original_norm = math.sqrt(sum(x * x for x in embedding))
        if original_norm == 0.0:
            return PrivacyResult(
                noisy_embedding=embedding[:],
                original_norm=0.0,
                noise_sigma=0.0,
                epsilon=self.epsilon,
                delta=self.delta,
                privacy_applied=True,
                snr_db=float('inf'),
            )

        sensitivity = original_norm

        # Calibrate noise (proprietary calibration formula)
        sigma = self._calibrate_sigma(sensitivity)

        # Generate and inject Gaussian noise
        import random
        rng = random.Random()
        noise = [rng.gauss(0.0, sigma) for _ in range(n)]
        noisy = [v + nv for v, nv in zip(embedding, noise)]

        # Optional L2 normalization
        if self.normalize:
            noisy_norm = math.sqrt(sum(x * x for x in noisy))
            if noisy_norm > 0:
                noisy = [x / noisy_norm for x in noisy]

        # Signal-to-Noise Ratio
        noise_power = sum(nv * nv for nv in noise) / n
        signal_power = sum(x * x for x in embedding) / n
        if noise_power > 0:
            snr_db = 10.0 * math.log10(signal_power / noise_power)
        else:
            snr_db = float('inf')

        logger.info(
            "DP applied: dim=%d, ε=%.3f, SNR=%.1f dB",
            n, self.epsilon, snr_db,
        )

        return PrivacyResult(
            noisy_embedding=noisy,
            original_norm=original_norm,
            noise_sigma=sigma,
            epsilon=self.epsilon,
            delta=self.delta,
            privacy_applied=True,
            snr_db=round(snr_db, 2),
        )

    def batch_apply(
        self, embeddings: List[List[float]]
    ) -> List[PrivacyResult]:
        """Apply differential privacy to a batch of embeddings."""
        return [self.apply(emb) for emb in embeddings]

    def get_config(self) -> Dict[str, Any]:
        """Return current privacy configuration for audit logs."""
        return {
            'mechanism': 'gaussian',
            'epsilon': self.epsilon,
            'delta': self.delta,
            'normalize': self.normalize,
        }

    def _calibrate_sigma(self, sensitivity: float) -> float:
        """Calibrate noise scale for the Gaussian mechanism.

        Uses a proprietary calibration curve. Enterprise tier supports
        adaptive calibration with tighter privacy-utility trade-offs.
        """
        import math
        return sensitivity * math.sqrt(2.0 * math.log(1.25 / self.delta)) / self.epsilon