Loading...
private.me Docs
Get xNoise
PRIVATE.ME · Technical White Paper

xNoise: Differential Privacy on Threshold Shares

XorIDA splits data across parties first, then each party adds calibrated differential privacy noise to their share. No trusted curator needed. Information-theoretic data protection meets mathematical privacy guarantees. Zero npm dependencies.

v0.1.0 108 tests passing 7 source modules 0 npm deps (ε,δ)-DP Dual ESM/CJS
Section 01

Executive Summary

xNoise eliminates the trusted curator problem in differential privacy. Data is first split into K-of-N XorIDA threshold shares across independent parties. Each party then adds calibrated DP noise to their share independently. The aggregate result after reconstruction provides (ε,δ)-differential privacy guarantees without any party ever seeing the raw data.

The standard differential privacy model requires a trusted server that sees all raw data, adds noise to outputs, and never leaks anything. But that server is a single point of failure. Equifax, OPM, Anthem — every major breach was a "trusted curator" that got compromised.

xNoise flips the architecture: XorIDA provides information-theoretic protection of the raw data (no single party sees it), while DP provides mathematical privacy guarantees on the aggregate output (the result itself resists inference attacks). Together: no trusted curator, no raw data exposure, mathematically provable privacy.

Three functions cover 80% of use cases: createPerturbationEngine() initializes a privacy budget tracker. engine.perturbResult() adds Laplace or Gaussian noise to a query result and consumes budget. engine.getBudget() returns epsilon/delta remaining. All noise generation uses crypto.getRandomValues() — no Math.random().

Section 02

Developer Experience

xNoise provides real-time progress tracking and 30+ structured error codes to help developers build reliable, privacy-preserving systems.

Progress Callbacks

All perturbation operations support onProgress callbacks for tracking noise generation, budget validation, and batch operations.

Progress tracking example
const result = await engine.perturbResult(
  { value: 42, context: 'user-count' },
  {
    distribution: 'laplace',
    sensitivity: 1.0,
    epsilon: 1.0
  },
  onProgress: async (event) => {
    switch (event.stage) {
      case 'validating':
        console.log('Checking budget...');
        break;
      case 'generating':
        console.log('Generating noise...');
        break;
      case 'complete':
        console.log(`Remaining: ${event.remaining}ε`);
        break;
    }
  }
);

Structured Error Handling

xNoise uses a Result<T, E> pattern with detailed error structures. Every error includes a machine-readable code, human-readable message, actionable hint, and documentation URL.

Error detail structure
interface ErrorDetail {
  code: string;         // e.g., 'EPSILON_EXHAUSTED'
  message: string;      // Human-readable description
  hint?: string;        // Actionable suggestion
  field?: string;       // Field that caused the error
  docs?: string;        // Documentation URL
}

Error Categories

xNoise organizes 30+ error codes across 6 categories:

Category Example Codes When
Budget EPSILON_EXHAUSTED, DELTA_EXHAUSTED Privacy budget overflow, negative budget
Noise Generation INVALID_DISTRIBUTION, SCALE_NOT_POSITIVE Distribution config validation, RNG failures
Injection VALUE_NOT_FINITE, SENSITIVITY_INVALID Input validation, arithmetic errors
Verification HMAC_MISMATCH, ARITHMETIC_INVALID HMAC integrity checks, perturbation validation
Trust Boundaries TRUST_BREACH, UNAUTHORIZED_CATEGORY Cross-domain access violations
Batch BATCH_PARTIAL_FAILURE, BATCH_EMPTY Batch operations, aggregation errors
Section 03

The Problem

Differential privacy alone adds noise to query results but does not protect data at rest. The standard DP model requires a trusted curator who sees all raw data. The curator IS the single point of failure that DP was supposed to eliminate.

Central DP assumes a trusted server that holds everyone's data, adds noise to outputs, and never leaks the raw data. But that server is a breach target. Equifax, OPM, Anthem — every major data breach was a "trusted curator" that got compromised.

Local DP (where each user adds noise before sending data) avoids the central curator but at a steep accuracy cost. The noise required for meaningful privacy at the individual level degrades aggregate statistics to the point of uselessness for many applications.

Central DP: Trusted Curator Problem

Raw Data All records TRUSTED CURATOR Sees ALL raw data Single point of failure Breach target Add DP Noise Noisy Result CURATOR = THE VULNERABILITY
Section 04

Use Cases

xNoise applies anywhere you need both data-at-rest protection and output privacy guarantees. No trusted curator. No single point of failure.

Census / Survey
Census & Survey Analytics

EU AI Act compliant. Split population data across agencies, add DP noise per agency. Publish statistics without any agency holding complete records.

EU AI Act
Healthcare
Healthcare Analytics

HIPAA + DP. Split patient records across hospitals, compute aggregate health statistics with DP noise. No hospital exposes individual patient data.

HIPAA
Ad Measurement
Privacy-Preserving Ad Measurement

CCPA/GDPR compliant. Split conversion data across measurement providers, add DP noise. Measure campaign effectiveness without user-level tracking.

GDPR
Federated Learning
DP Gradients for FL

Split gradient updates and add DP noise per participant. Protect both individual training data and model convergence signals.

FL
Section 05

Architecture

xNoise operates in two phases. Phase 1: XorIDA splits data across parties (information-theoretic protection). Phase 2: Each party adds calibrated Laplace or Gaussian noise to their share (differential privacy guarantee). The combination provides both data-at-rest security and output privacy.

DATA Input SPLIT XorIDA K-of-N Threshold shares PER-PARTY DP NOISE Laplace / Gaussian Calibrated to sensitivity Independent per party HMAC VERIFY Integrity SHA-256 AGGREGATE DP Result (ε,δ)-private
Key Insight
XorIDA protects the DATA (no party sees raw values). DP protects the RESULT (aggregate output resists inference). Together: no trusted curator, no raw data exposure, mathematically provable privacy.

Noise Distributions

xNoise supports two standard DP noise distributions. Laplace noise for (ε,0)-DP (pure DP), Gaussian noise for (ε,δ)-DP (approximate DP).

Laplace Noise
Pure DP
Scale = sensitivity / ε
(ε,0)-differential privacy
Simpler composition
Count queries, histograms
Gaussian Noise
Approximate DP
σ = sensitivity × sqrt(2ln(1.25/δ)) / ε
(ε,δ)-differential privacy
Better accuracy at high ε
ML gradients, sums

Budget Tracking

The PrivacyBudgetTracker enforces total epsilon and delta limits across all queries. Every perturbation consumes budget. When exhausted, subsequent queries fail with EPSILON_EXHAUSTED or DELTA_EXHAUSTED.

Budget enforcement
const engine = createPerturbationEngine({
  totalEpsilon: 10.0,
  totalDelta: 0.01,
});

// Each query consumes budget
await engine.perturbResult(query1, { epsilon: 2.0, /*...*/ });  // 8.0 remaining
await engine.perturbResult(query2, { epsilon: 5.0, /*...*/ });  // 3.0 remaining
await engine.perturbResult(query3, { epsilon: 4.0, /*...*/ });  // EPSILON_EXHAUSTED

// Check budget before consuming
const check = engine.getBudget();
if (check.epsilonRemaining < 1.0) {
  // Stop querying
}

HMAC Verification

Every XorIDA share can be HMAC-verified before reconstruction. This prevents tampered shares from being aggregated. The verifyComputationIntegrity() function computes HMAC-SHA256 over both shares and compares to the expected tag.

Security Fix
Earlier versions had async/await issues in HMAC verification. Current implementation correctly awaits HMAC-SHA256 computation before reconstruction. Prevents tampered shares from being aggregated.
Section 06

Integration

Three functions cover most use cases. Install from the monorepo, import the engine, perturb results, track budget. Zero npm dependencies.

Quick Start
import { createPerturbationEngine } from '@private.me/xnoise';

// Create engine with privacy budget
const engine = createPerturbationEngine({
  totalEpsilon: 10.0,
  totalDelta: 0.01,
});

// Perturb query results with Laplace or Gaussian noise
const result = await engine.perturbResult(
  { value: 42, context: 'user-count' },
  {
    distribution: 'laplace',  // or 'gaussian'
    sensitivity: 1.0,
    epsilon: 1.0
  }
);

if (result.ok) {
  console.log(`Perturbed: ${result.value.perturbed}`);
  console.log(`Budget remaining: ${engine.getBudget().epsilonRemaining}`);
}

// Batch operations
const batch = await engine.perturbBatch(results, noiseConfig);
// Stops on first error (fails-safe)
Implementation Status
Production-ready — 7 source files, 4 test files, 108 tests (all passing). Complete implementation with Laplace/Gaussian noise generation, privacy budget tracking, and HMAC verification.

Core APIs

createPerturbationEngine(config: BudgetConfig): PerturbationEngine
Creates a new perturbation engine with specified privacy budget. Tracks epsilon and delta consumption across all operations.
engine.perturbResult(query: QueryResult, config: NoiseConfig): Promise<Result<PerturbedResult>>
Perturbs a single query result with calibrated noise. Validates budget before injection. Returns original value, noise, perturbed value, and epsilon/delta cost.
engine.perturbBatch(results: QueryResult[], config: NoiseConfig): Promise<Result<PerturbedResult[]>>
Batch perturbation with single noise configuration. Fails-safe: stops on first budget violation or injection error.
engine.getBudget(): PrivacyBudget
Returns current budget state: epsilon/delta spent and remaining, query count, recent query history.
Section 07

Complete Flow

End-to-end example: split data with XorIDA, add DP noise per party, verify HMAC, reconstruct DP-protected aggregate.

Full workflow
import { createPerturbationEngine, verifyComputationIntegrity } from '@private.me/xnoise';
import { split, reconstruct } from '@private.me/crypto';

// 1. Split data via XorIDA (2-of-3)
const data = new TextEncoder().encode('sensitive records');
const shares = await split(data, 2, 3);

// 2. Each party creates DP engine and perturbs their share
const engine1 = createPerturbationEngine({ totalEpsilon: 5.0, totalDelta: 0.01 });
const engine2 = createPerturbationEngine({ totalEpsilon: 5.0, totalDelta: 0.01 });

const perturbed1 = await engine1.perturbResult(
  { value: shares[0].share[0], context: 'party-1' },
  { distribution: 'laplace', sensitivity: 1.0, epsilon: 1.0 }
);

const perturbed2 = await engine2.perturbResult(
  { value: shares[1].share[0], context: 'party-2' },
  { distribution: 'laplace', sensitivity: 1.0, epsilon: 1.0 }
);

// 3. HMAC verification (prevents tampering)
const hmacKey = new Uint8Array(32);
crypto.getRandomValues(hmacKey);

const verified = await verifyComputationIntegrity({
  share1: shares[0].share,
  share2: shares[1].share,
  hmacKey,
  hmac: /* expected HMAC */
});

if (!verified.ok) {
  throw new Error('HMAC mismatch');
}

// 4. Reconstruct DP-protected aggregate
const reconstructed = await reconstruct([shares[0], shares[1]]);
console.log('DP-protected result:', reconstructed);
XorIDA + DP Composition
XorIDA provides information-theoretic protection of raw data (no party sees it). DP noise provides mathematical privacy guarantees on the aggregate output. The composition is secure: splitting does not weaken DP, and DP noise does not weaken XorIDA.
Section 08

Security Properties

xNoise provides both data-at-rest protection and output privacy guarantees. No trusted curator. No single point of failure.

Property Mechanism Guarantee
Data Protection XorIDA threshold shares ✓ Information-theoretic
Output Privacy Differential privacy ✓ (ε,δ)-DP guarantee
Curator-Free Distributed noise addition ✓ No single trusted party
Composition Per-share noise calibration ✓ Favorable privacy budget
Quantum Resistance GF(2) + information theory ✓ Unconditional security
Integrity HMAC-SHA256 per share ✓ Tamper detection
ε-DP
Privacy guarantee
7 / 4
Source / Test files
108
Passing tests
0
Trusted curators
Section 09

Benchmarks

Noise generation is fast. Budget tracking is constant-time. HMAC verification adds ~1ms per share.

Operation Latency Notes
Laplace noise generation <100µs crypto.getRandomValues() + log transform
Gaussian noise generation <150µs Box-Muller transform, two randoms
Budget validation <10µs O(1) arithmetic check
HMAC-SHA256 (per share) ~1ms Web Crypto API, variable by payload
Batch 100 queries ~10ms Serial processing, fails-safe
Performance Note
Noise generation is not the bottleneck. The limiting factor is XorIDA splitting/reconstruction and HMAC verification. For large datasets, parallelize share processing across parties.
Section 10

Honest Limitations

xNoise is not a silver bullet. Here are the trade-offs you accept when you deploy it.

What xNoise Does NOT Do

  • Not a drop-in DP library. Requires XorIDA splitting infrastructure. You cannot just add DP noise to a central database without splitting first.
  • Budget tracking is not a security guarantee. The engine enforces limits but does not prevent side-channel leakage if you log noisy results elsewhere.
  • No automatic sensitivity calculation. You must manually specify sensitivity for each query. Misconfigured sensitivity breaks the DP guarantee.
  • Not a full DP platform. No query planner, no auto-composition, no privacy accounting dashboard. Just noise generation + budget tracking.
  • HMAC verification is not proof of correctness. HMAC only detects tampering. It does not prove the noise was calibrated correctly.

When NOT to Use xNoise

  • You trust a central server. If you already have a trusted curator, central DP is simpler and more accurate.
  • You need interactive queries with adaptive composition. xNoise does not automatically track composition across multiple query rounds.
  • You need local DP. xNoise assumes data is split across parties BEFORE noise is added. It does not support individual users adding noise to their own data.
  • You need public verifiability. HMAC is symmetric-key verification. For public audit, use xProve with ZK proofs.
Sensitivity Misconfiguration
If you set sensitivity too low, the DP guarantee fails. If you set it too high, accuracy degrades unnecessarily. There is no automatic sensitivity analysis. You are responsible for calculating the correct sensitivity for your query.
Advanced Topics

Implementation Details

Deep dive into error handling, trust boundaries, API surface, and codebase structure. For developers integrating xNoise into production systems.

Advanced 01

Error Hierarchy

xNoise uses a structured Result pattern with detailed error codes. Every error includes a machine-readable code, human-readable message, actionable hint, and documentation URL.

Error Structure

ErrorDetail interface
interface ErrorDetail {
  code: string;         // Machine-readable (e.g., 'EPSILON_EXHAUSTED')
  message: string;      // Human-readable description
  hint?: string;        // Actionable fix suggestion
  field?: string;       // Field that caused the error
  docs?: string;        // Documentation URL
}

Error Categories (30+ codes)

  • Budget Errors — EPSILON_EXHAUSTED, DELTA_EXHAUSTED, BUDGET_NEGATIVE, INVALID_BUDGET_CONFIG
  • Noise Generation — INVALID_DISTRIBUTION, SCALE_NOT_POSITIVE, SIGMA_NOT_POSITIVE, RNG_FAILED
  • Injection Errors — VALUE_NOT_FINITE, SENSITIVITY_INVALID, EPSILON_INVALID, DELTA_INVALID
  • Verification Errors — HMAC_MISMATCH, ARITHMETIC_INVALID, EPSILON_COST_INVALID
  • Trust Boundary Errors — TRUST_BREACH, UNAUTHORIZED_CATEGORY, INVALID_DID
  • Batch Errors — BATCH_PARTIAL_FAILURE, BATCH_EMPTY, BUDGET_INSUFFICIENT_FOR_BATCH
Advanced 02

Trust Boundaries

Trust boundaries enforce data category access control. Three levels: consumer (public data), enterprise (corporate compliance), government (classified/sensitive).

Boundary Types

Category Access Level Example
Consumer Public data only Census statistics, survey results
Enterprise Corporate compliance data HR records, financial reporting
Government Classified / sensitive data Defense, law enforcement, intel
Trust boundary enforcement
import {
  createConsumerBoundary,
  verifyTrustBoundary
} from '@private.me/xnoise';

// Create consumer-only boundary
const boundary = createConsumerBoundary(operatorDid);

// Verify operator is authorized for data category
const allowed = verifyTrustBoundary(
  boundary,
  operatorDid,
  'consumer'  // or 'enterprise' or 'government'
);

if (!allowed.ok) {
  // TRUST_BREACH — operator not authorized
  throw new Error(allowed.error.message);
}
Advanced 03

Full ACI Surface

Complete API reference. All exported functions, types, and interfaces.

Engine Creation

createPerturbationEngine(config: BudgetConfig): PerturbationEngine
Creates a new perturbation engine with specified privacy budget.

Perturbation Operations

engine.perturbResult(query: QueryResult, config: NoiseConfig, onProgress?: ProgressCallback): Promise<Result<PerturbedResult>>
Perturbs a single query result with calibrated noise. Validates budget before injection.
engine.perturbBatch(results: QueryResult[], config: NoiseConfig, onProgress?: ProgressCallback): Promise<Result<PerturbedResult[]>>
Batch perturbation with single noise configuration. Fails-safe: stops on first error.

Budget Management

engine.getBudget(): PrivacyBudget
Returns current budget state: epsilon/delta spent and remaining, query count, recent query history.
tracker.canConsume(epsilon: number, delta: number): Result<void>
Checks if sufficient budget remains without consuming. Returns error if exceeded.
tracker.consume(epsilon: number, delta: number, context: string): Result<BudgetConsumption>
Consumes budget and records query in history. Max 10,000 queries in history (LRU).

Noise Generation

generateNoise(config: NoiseConfig): Promise<Result<NoiseValue>>
Generates Laplace or Gaussian noise using crypto.getRandomValues().
injectNoise(value: number, config: NoiseConfig): Promise<Result<InjectionResult>>
Adds noise to a value. Returns original, noise, and perturbed value.

Verification

verifyComputationIntegrity(params: VerifyParams): Promise<Result<void>>
HMAC-SHA256 verification of XorIDA shares. Prevents tampered shares from reconstruction.
verifyPerturbation(original, noise, perturbed, epsilon, context, boundary?, operatorDid?): Promise<PerturbationVerification>
Complete perturbation verification: arithmetic correctness, epsilon validation, HMAC integrity, trust boundary compliance.

Trust Boundaries

createConsumerBoundary(operatorDid: string): TrustBoundary
Creates a consumer-level trust boundary (public data only).
createEnterpriseBoundary(operatorDid: string): TrustBoundary
Creates an enterprise-level trust boundary (corporate compliance data).
createGovernmentBoundary(operatorDid: string): TrustBoundary
Creates a government-level trust boundary (classified/sensitive data).
verifyTrustBoundary(boundary: TrustBoundary, operatorDid: string, category: DataCategory): Result<void>
Verifies operator is authorized for data category. Returns TRUST_BREACH if unauthorized.
Advanced 04

Error Taxonomy

Complete list of all 30+ error codes with descriptions and hints.

Code Category Description
EPSILON_EXHAUSTED Budget Epsilon budget fully consumed
DELTA_EXHAUSTED Budget Delta budget fully consumed
BUDGET_NEGATIVE Budget Negative epsilon or delta in config
INVALID_BUDGET_CONFIG Budget Malformed budget configuration
INVALID_DISTRIBUTION Noise Distribution must be 'laplace' or 'gaussian'
SCALE_NOT_POSITIVE Noise Laplace scale must be > 0
SIGMA_NOT_POSITIVE Noise Gaussian sigma must be > 0
RNG_FAILED Noise crypto.getRandomValues() failed
VALUE_NOT_FINITE Injection Input value is NaN or Infinity
SENSITIVITY_INVALID Injection Sensitivity must be > 0 and finite
EPSILON_INVALID Injection Epsilon must be > 0 and finite
DELTA_INVALID Injection Delta must be in (0,1)
HMAC_MISMATCH Verification HMAC integrity check failed
ARITHMETIC_INVALID Verification Perturbed ≠ original + noise
EPSILON_COST_INVALID Verification Epsilon cost out of range (0,100]
TRUST_BREACH Trust Operator not authorized for category
UNAUTHORIZED_CATEGORY Trust Data category access denied
INVALID_DID Trust Operator DID malformed
BATCH_PARTIAL_FAILURE Batch Batch stopped after first error
BATCH_EMPTY Batch Empty result array provided
BUDGET_INSUFFICIENT_FOR_BATCH Batch Not enough budget for entire batch
Advanced 05

Codebase Statistics

xNoise is production-ready. 108 tests (all passing), 7 source files, 4 test files, ~1,750 source lines, ~1,470 test lines.

7
Source files
4
Test files
108
Tests passing
~1,750
Source LOC
~1,470
Test LOC
0
npm deps

Module Structure

  • index.ts — Barrel exports, public API surface
  • types.ts — TypeScript interfaces and types
  • errors.ts — Error codes and error detail structures
  • budget.ts — PrivacyBudgetTracker implementation
  • injection.ts — Noise generation (Laplace/Gaussian) + injection
  • perturbation.ts — PerturbationEngine main logic
  • verification.ts — HMAC verification + trust boundaries

Test Coverage

  • budget.test.ts — Budget tracking, consumption, exhaustion
  • injection.test.ts — Noise generation, Laplace/Gaussian distributions
  • perturbation.test.ts — Engine creation, perturbation, batch operations
  • abuse.test.ts — Out-of-range values, negative budgets, invalid configs
VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, perturbed, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL
Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

  • Zero infrastructure setup
  • Automatic updates
  • 99.9% uptime SLA
  • Enterprise SLA available
View Pricing →
📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

  • npm install @private.me/xnoise
  • TypeScript/JavaScript SDK
  • Full source access
  • Enterprise support available
Get Started →
🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

  • Complete data sovereignty
  • Air-gap capable deployment
  • Custom SLA + dedicated support
  • Professional services included
Request Quote →

Enterprise On-Premise Deployment

While xNoise is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

  • Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
  • Air-gapped environments — SCIF, classified networks, offline operations
  • Data residency requirements — EU GDPR, China data laws, government mandates
  • Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →

Other Requirements? Need white-label deployment or custom integration? Contact our enterprise team →