privfill 0.1.0__tar.gz

privfill-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025-2026 Stephen Meisenbacher
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

privfill-0.1.0/PKG-INFO

@@ -0,0 +1,92 @@
+Metadata-Version: 2.4
+Name: privfill
+Version: 0.1.0
+Summary: LLM-based Differential Privacy mechanisms for sentence-based text rewriting with infilling models.
+Author-email: Stephen Meisenbacher <stephen.meisenbacher@tum.de>
+License: MIT
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pandas
+Requires-Dist: nltk
+Requires-Dist: numpy
+Requires-Dist: tqdm
+Requires-Dist: torch
+Requires-Dist: transformers
+Requires-Dist: mpmath
+Dynamic: license-file
+
+<div align="center">
+
+  # PrivFill
+
+  [![PyPI version](https://img.shields.io/pypi/v/privfill.svg)](https://pypi.org/project/privfill/)
+  [![GitHub stars](https://img.shields.io/github/stars/sjmeis/PrivFill.svg?style=social)](https://github.com/sjmeis/PrivFill/stargazers)
+  [![License](https://img.shields.io/github/license/sjmeis/PrivFill.svg)](https://github.com/sjmeis/PrivFill/blob/main/LICENSE)
+
+</div>
+
+`privfill` is a Python package providing LLM-based local Differential Privacy (DP) mechanisms for text privatization via sentece infilling. It offers easy-to-use wrappers for fine-tuned Hugging Face models.
+This software was originally presented in the NAACL 2025 findings paper: *On the Impact of Noise in Differentially Private Text Rewriting*
+
+## Installation
+
+Install the package locally in editable mode from your project's root directory:
+
+```bash
+pip install privfill
+```
+
+### Core Prerequisites:
+
+- Python $\geq$ 3.9
+- PyTorch (CUDA recommended for faster inference)
+- Transformers & NLTK
+
+## Basic Usage & Model Selection
+Instead of typing Hugging Face repository paths, you can choose from the three built-in models using the `SupportedModels` enum.
+
+```python
+import privfill
+
+# Choose between FLAN_T5_BASE, FLAN_T5_LARGE, and BART_LARGE
+engine = privfill.load_pipeline(privfill.SupportedModels.FLAN_T5_BASE, DP=True)
+
+text = "This is a long private document ... which contains sensitive information and should be privatized,"
+private_text = engine.privatize(text, epsilon=10)
+
+print(private_text)
+```
+
+As described in the paper, we also create an analagous, non-DP variant of `PrivFill`. The usage is very similar:
+
+```python
+engine = privfill.load_pipeline(privfill.SupportedModels.FLAN_T5_BASE, DP=False)
+private_text = engine.privatize(text)
+```
+
+### Available Models
+
+| Enum                 | Hugging Face Repository              | Base Mechanism               |
+|-------------------------------|--------------------------------------|-------------------------|
+| SupportedModels.FLAN_T5_BASE  | sjmeis/flan-t5-base-infill-combined  | DP-Prompt   |
+| SupportedModels.FLAN_T5_LARGE | sjmeis/flan-t5-large-infill-combined | DP-Prompt       |
+| SupportedModels.BART_LARGE    | sjmeis/bart-large-infill-combined    | DP-BART |
+
+## Models ##
+We make our three sentence infilling models public. They can be found at this [link](https://drive.google.com/drive/folders/12m1av9PY1X7S-cwd9y_8nepBPMtVju0C?usp=sharing).
+
+## Comparison Code ##
+We also include the LLMDP class code for `DP-BART` and `DP-Prompt`, as used in the paper.
+
+```python
+X = LLMDP.DPPrompt()
+# or
+X = LLMDP.DPBart()
+
+# then
+X.privatize(text, epsilon)
+```

privfill-0.1.0/README.md

@@ -0,0 +1,71 @@
+<div align="center">
+
+  # PrivFill
+
+  [![PyPI version](https://img.shields.io/pypi/v/privfill.svg)](https://pypi.org/project/privfill/)
+  [![GitHub stars](https://img.shields.io/github/stars/sjmeis/PrivFill.svg?style=social)](https://github.com/sjmeis/PrivFill/stargazers)
+  [![License](https://img.shields.io/github/license/sjmeis/PrivFill.svg)](https://github.com/sjmeis/PrivFill/blob/main/LICENSE)
+
+</div>
+
+`privfill` is a Python package providing LLM-based local Differential Privacy (DP) mechanisms for text privatization via sentece infilling. It offers easy-to-use wrappers for fine-tuned Hugging Face models.
+This software was originally presented in the NAACL 2025 findings paper: *On the Impact of Noise in Differentially Private Text Rewriting*
+
+## Installation
+
+Install the package locally in editable mode from your project's root directory:
+
+```bash
+pip install privfill
+```
+
+### Core Prerequisites:
+
+- Python $\geq$ 3.9
+- PyTorch (CUDA recommended for faster inference)
+- Transformers & NLTK
+
+## Basic Usage & Model Selection
+Instead of typing Hugging Face repository paths, you can choose from the three built-in models using the `SupportedModels` enum.
+
+```python
+import privfill
+
+# Choose between FLAN_T5_BASE, FLAN_T5_LARGE, and BART_LARGE
+engine = privfill.load_pipeline(privfill.SupportedModels.FLAN_T5_BASE, DP=True)
+
+text = "This is a long private document ... which contains sensitive information and should be privatized,"
+private_text = engine.privatize(text, epsilon=10)
+
+print(private_text)
+```
+
+As described in the paper, we also create an analagous, non-DP variant of `PrivFill`. The usage is very similar:
+
+```python
+engine = privfill.load_pipeline(privfill.SupportedModels.FLAN_T5_BASE, DP=False)
+private_text = engine.privatize(text)
+```
+
+### Available Models
+
+| Enum                 | Hugging Face Repository              | Base Mechanism               |
+|-------------------------------|--------------------------------------|-------------------------|
+| SupportedModels.FLAN_T5_BASE  | sjmeis/flan-t5-base-infill-combined  | DP-Prompt   |
+| SupportedModels.FLAN_T5_LARGE | sjmeis/flan-t5-large-infill-combined | DP-Prompt       |
+| SupportedModels.BART_LARGE    | sjmeis/bart-large-infill-combined    | DP-BART |
+
+## Models ##
+We make our three sentence infilling models public. They can be found at this [link](https://drive.google.com/drive/folders/12m1av9PY1X7S-cwd9y_8nepBPMtVju0C?usp=sharing).
+
+## Comparison Code ##
+We also include the LLMDP class code for `DP-BART` and `DP-Prompt`, as used in the paper.
+
+```python
+X = LLMDP.DPPrompt()
+# or
+X = LLMDP.DPBart()
+
+# then
+X.privatize(text, epsilon)
+```

privfill-0.1.0/pyproject.toml

@@ -0,0 +1,29 @@
+[build-system]
+requires = ["setuptools>=61.0.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "privfill"
+version = "0.1.0"
+description = "LLM-based Differential Privacy mechanisms for sentence-based text rewriting with infilling models."
+readme = "README.md"
+authors = [{ name = "Stephen Meisenbacher", email = "stephen.meisenbacher@tum.de" }]
+license = { text = "MIT" }
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+]
+requires-python = ">=3.9"
+dependencies = [
+    "pandas",
+    "nltk",
+    "numpy",
+    "tqdm",
+    "torch",
+    "transformers",
+    "mpmath"
+]
+
+[tool.setuptools.packages.find]
+where = ["src"]

privfill-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

privfill-0.1.0/src/privfill/__init__.py

@@ -0,0 +1,35 @@
+from enum import Enum
+from .main import PrivFill, PrivFillDPBart, PrivFillDP
+
+class SupportedModels(Enum):
+    FLAN_T5_BASE = "sjmeis/flan-t5-base-infill-combined"
+    FLAN_T5_LARGE = "sjmeis/flan-t5-large-infill-combined"
+    BART_LARGE = "sjmeis/bart-large-infill-combined"
+
+def load_pipeline(model_choice: SupportedModels, DP: bool = False, **kwargs):
+    """
+    Loads the appropriate privatization engine based on model choice and DP toggle.
+    
+    Args:
+        model_choice (SupportedModels): The chosen model from the Enum.
+        dp (bool): If True, applies the model's Differential Privacy mechanism.
+                   If False, falls back to the standard PrivFill wrapper.
+    """
+    if not isinstance(model_choice, SupportedModels):
+        raise ValueError(
+            f"Invalid model choice. Please choose an option from privfill.SupportedModels. "
+            f"Available choices: {list(SupportedModels.__members__.keys())}"
+        )
+
+    checkpoint = model_choice.value
+
+    if DP:
+        if model_choice == SupportedModels.BART_LARGE:
+            return PrivFillDPBart(model_checkpoint=checkpoint, **kwargs)
+        else:
+            return PrivFillDP(model_checkpoint=checkpoint, **kwargs)
+    else:
+        return PrivFill(model_checkpoint=checkpoint, **kwargs)
+
+
+__all__ = ["PrivFill", "PrivFillDPBart", "PrivFillDP", "SupportedModels", "load_pipeline"]

privfill-0.1.0/src/privfill/main.py

@@ -0,0 +1,71 @@
+import nltk
+import torch
+from transformers import AutoTokenizer, AutoModelForSeq2SeqLM
+from privfill.mechanisms import DPBart, DPPrompt
+
+class PrivFill:
+    def __init__(self, model_checkpoint, max_new_tokens=32, max_input_length=512, base_model=None):
+        self.device = "cuda" if torch.cuda.is_available() else "cpu"
+        self.model_checkpoint = model_checkpoint
+        self.max_new_tokens = max_new_tokens
+        self.max_input_length = max_input_length
+        self.base_model = base_model
+
+        self.tokenizer = AutoTokenizer.from_pretrained(self.model_checkpoint)
+        self.model = AutoModelForSeq2SeqLM.from_pretrained(self.model_checkpoint).to(self.device)
+
+    def privatize(self, text):
+        sentences = nltk.sent_tokenize(text)
+        replace = []
+        for s in sentences:
+            temp = text.replace(s, "[blank]")
+            inputs = [temp]
+            inputs = self.tokenizer(inputs, max_length=self.max_input_length, truncation=True, return_tensors="pt").input_ids.to(self.device)
+            output = self.model.generate(inputs, min_new_tokens=5, do_sample=True, max_new_tokens=self.max_new_tokens, pad_token_id=50256)
+            decoded_output = self.tokenizer.decode(output[0], skip_special_tokens=True).replace(temp, "")
+            
+            if self.base_model is None:
+                replace.append(decoded_output)
+            else:
+                replace.append(nltk.sent_tokenize(decoded_output.strip())[0])
+        return " ".join(replace)
+    
+
+class PrivFillDPBart:
+    def __init__(self, model_checkpoint, max_new_tokens=32, max_input_length=512):
+        self.device = "cuda" if torch.cuda.is_available() else "cpu"
+        self.model_checkpoint = model_checkpoint
+        self.max_new_tokens = max_new_tokens
+        self.max_input_length = max_input_length
+
+        self.model = DPBart(model=model_checkpoint)
+
+    def privatize(self, text, epsilon):
+        sentences = nltk.sent_tokenize(text)
+        eps = epsilon / len(sentences)
+        inputs = []
+        for s in sentences:
+            temp = text.replace(s, "[blank]")
+            inputs.append(temp)
+        
+        return self.model.privatize_batch(inputs, epsilon=eps)
+    
+
+class PrivFillDP:
+    def __init__(self, model_checkpoint, max_new_tokens=32, max_input_length=512):
+        self.device = "cuda" if torch.cuda.is_available() else "cpu"
+        self.model_checkpoint = model_checkpoint
+        self.max_new_tokens = max_new_tokens
+        self.max_input_length = max_input_length
+
+        self.model = DPPrompt(model_checkpoint=model_checkpoint)
+
+    def privatize(self, text, epsilon):
+        sentences = nltk.sent_tokenize(text)
+        inputs = []
+        for s in sentences:
+            temp = text.replace(s, "[blank]")
+            inputs.append(temp)
+
+        output = self.model.privatize_dp(inputs, epsilon)
+        return " ".join(output)

privfill-0.1.0/src/privfill/mechanisms.py

@@ -0,0 +1,197 @@
+import numpy as np
+import torch
+from torch.utils.data import Dataset
+from transformers import (
+    AutoModelForSeq2SeqLM, 
+    AutoTokenizer, 
+    LogitsProcessor, 
+    LogitsProcessorList, 
+    pipeline,
+    BartTokenizer, 
+    BartModel, 
+    BartForConditionalGeneration
+)
+import mpmath
+from mpmath import mp
+import nltk
+
+try:
+    nltk.data.find('tokenizers/punkt')
+except LookupError:
+    nltk.download('punkt', quiet=True)
+
+class ListDataset(Dataset):
+    def __init__(self, original_list):
+        self.original_list = original_list
+
+    def __len__(self):
+        return len(self.original_list)
+
+    def __getitem__(self, i):
+        return self.original_list[i]
+
+
+class ClipLogitsProcessor(LogitsProcessor):
+    def __init__(self, min=-100, max=100):
+        self.min = min
+        self.max = max
+
+    def __call__(self, input_ids: torch.LongTensor, scores: torch.FloatTensor) -> torch.FloatTensor:
+        return torch.clamp(scores, min=self.min, max=self.max)
+
+
+class DPPrompt:
+    def __init__(self, model_checkpoint="google/flan-t5-large", min_logit=-95, max_logit=8, batch_size=16):
+        self.model_checkpoint = model_checkpoint
+        self.device = "cuda" if torch.cuda.is_available() else "cpu"
+        self.batch_size = batch_size
+
+        self.tokenizer = AutoTokenizer.from_pretrained(self.model_checkpoint)
+        self.model = AutoModelForSeq2SeqLM.from_pretrained(self.model_checkpoint).to(self.device)
+
+        self.min_logit = min_logit
+        self.max_logit = max_logit
+        self.sensitivity = abs(self.max_logit - self.min_logit)
+        self.logits_processor = LogitsProcessorList([ClipLogitsProcessor(self.min_logit, self.max_logit)])
+
+        self.pipe = pipeline("text2text-generation", model=self.model, tokenizer=self.tokenizer, device=0 if self.device == "cuda" else -1, truncation=True)
+        self.pipe.tokenizer.pad_token_id = self.model.config.eos_token_id
+
+    def prompt_template_fn(self, doc):
+        return f"Document : {doc}\nParaphrase of the document :"
+    
+    def privatize(self, text, epsilon=100):
+        temperature = 2 * self.sensitivity / epsilon
+        prompt = self.prompt_template_fn(text)
+        model_inputs = self.tokenizer(prompt, max_length=512, truncation=True, return_tensors="pt").to(self.device)
+        
+        output = self.model.generate(
+            **model_inputs,
+            do_sample=True,
+            top_k=0,
+            top_p=1.0,
+            temperature=temperature,
+            max_new_tokens=len(model_inputs["input_ids"][0]),
+            logits_processor=self.logits_processor
+        )
+        return self.tokenizer.decode(output[0], skip_special_tokens=True)
+    
+    def privatize_dp(self, texts, epsilon=100, max_new_tokens=32):
+        temperature = 2 * self.sensitivity / epsilon
+        prompts = ListDataset(texts)
+        private_texts = []
+        for r in self.pipe(prompts, do_sample=True, top_k=0, top_p=1.0, temperature=temperature, logits_processor=self.logits_processor, max_new_tokens=max_new_tokens, batch_size=self.batch_size):
+            private_texts.append(r[0]["generated_text"])
+        return private_texts
+
+
+class DPBart:
+    def __init__(self, model='facebook/bart-large', num_sigmas=1/2):
+        self.device = "cuda" if torch.cuda.is_available() else "cpu"
+        self.tokenizer = BartTokenizer.from_pretrained(model)
+        self.model = BartModel.from_pretrained(model).to(self.device)
+        self.decoder = BartForConditionalGeneration.from_pretrained(model).to(self.device)
+
+        self.delta = 1e-5
+        self.sigma = 0.2
+        self.num_sigmas = num_sigmas
+        self.c_min = -self.sigma
+        self.c_max = self.num_sigmas * self.sigma
+
+    def clip(self, vector):
+        return torch.clip(vector, self.c_min, self.c_max)
+
+    def calibrateAnalyticGaussianMechanism_precision(self, epsilon, delta, GS, tol=1.e-12):
+        if epsilon <= 1000:
+            mp.dps = 500
+        elif epsilon <= 2500:
+            mp.dps = 1100
+        else:
+            mp.dps = 2200
+
+        def Phi(t):
+            return 0.5 * (1.0 + mpmath.erf(t / mpmath.sqrt(2.0)))
+
+        def caseA(eps, s):
+            return Phi(mpmath.sqrt(eps * s)) - mpmath.exp(eps) * Phi(-mpmath.sqrt(eps * (s + 2.0)))
+
+        def caseB(eps, s):
+            return Phi(-mpmath.sqrt(eps * s)) - mpmath.exp(eps) * Phi(-mpmath.sqrt(eps * (s + 2.0)))
+
+        def doubling_trick(predicate_stop, s_inf, s_sup):
+            while not predicate_stop(s_sup):
+                s_inf = s_sup
+                s_sup = 2.0 * s_inf
+            return s_inf, s_sup
+
+        def binary_search(predicate_stop, predicate_left, s_inf, s_sup):
+            s_mid = s_inf + (s_sup - s_inf) / 2.0
+            while not predicate_stop(s_mid):
+                if predicate_left(s_mid):
+                    s_sup = s_mid
+                else:
+                    s_inf = s_mid
+                s_mid = s_inf + (s_sup - s_inf) / 2.0
+            return s_mid
+
+        delta_thr = caseA(epsilon, 0.0)
+
+        if delta == delta_thr:
+            alpha = 1.0
+        else:
+            if delta > delta_thr:
+                predicate_stop_DT = lambda s: caseA(epsilon, s) >= delta
+                func_s_to_delta = lambda s: caseA(epsilon, s)
+                predicate_left_BS = lambda s: func_s_to_delta(s) > delta
+                func_s_to_alpha = lambda s: mpmath.sqrt(1.0 + s / 2.0) - mpmath.sqrt(s / 2.0)
+            else:
+                predicate_stop_DT = lambda s: caseB(epsilon, s) <= delta
+                func_s_to_delta = lambda s: caseB(epsilon, s)
+                predicate_left_BS = lambda s: func_s_to_delta(s) < delta
+                func_s_to_alpha = lambda s: mpmath.sqrt(1.0 + s / 2.0) + mpmath.sqrt(s / 2.0)
+
+            predicate_stop_BS = lambda s: abs(func_s_to_delta(s) - delta) <= tol
+            s_inf, s_sup = doubling_trick(predicate_stop_DT, 0.0, 1.0)
+            s_final = binary_search(predicate_stop_BS, predicate_left_BS, s_inf, s_sup)
+            alpha = func_s_to_alpha(s_final)
+
+        sigma = alpha * GS / mpmath.sqrt(2.0 * epsilon)
+        return float(sigma)
+    
+    def noise(self, vector, epsilon, delta=1e-5, method="analytic_gaussian"):
+        k = vector.shape[-1]
+        if method == "laplace":
+            sensitivity = 2 * self.sigma * self.num_sigmas * k
+            Z = torch.from_numpy(np.random.laplace(0, sensitivity / epsilon, size=k))
+        elif method == 'gaussian':
+            sensitivity = 2 * self.sigma * self.num_sigmas * np.sqrt(k)
+            scale = np.sqrt((sensitivity**2 / epsilon**2) * 2 * np.log(1.25 / self.delta))
+            Z = torch.from_numpy(np.random.normal(0, scale, size=k))
+        elif method == "analytic_gaussian":
+            sensitivity = 2 * self.sigma * self.num_sigmas * np.sqrt(k)
+            analytic_scale = self.calibrateAnalyticGaussianMechanism_precision(epsilon, self.delta, sensitivity)
+            Z = torch.from_numpy(np.random.normal(0, analytic_scale, size=k))
+        return vector + Z
+
+    def privatize(self, text, epsilon=100, method="analytic_gaussian"):
+        inputs = self.tokenizer(text, max_length=512, truncation=True, return_tensors="pt").to(self.device)
+        num_tokens = len(inputs["input_ids"][0])
+
+        enc_output = self.model.encoder(**inputs)
+        enc_output["last_hidden_state"] = self.noise(self.clip(enc_output["last_hidden_state"].cpu()), epsilon=epsilon, delta=self.delta, method=method).float().to(self.device)
+
+        dec_out = self.decoder.generate(encoder_outputs=enc_output, max_new_tokens=num_tokens)
+        private_text = self.tokenizer.decode(dec_out[0], skip_special_tokens=True)
+        return private_text.strip()
+    
+    def privatize_batch(self, texts, epsilon=100, method="analytic_gaussian"):
+        inputs = self.tokenizer(texts, max_length=512, truncation=True, padding=True, return_tensors="pt").to(self.device)
+        num_tokens = [len(x) for x in inputs["input_ids"]]
+
+        enc_output = self.model.encoder(**inputs)
+        for i, x in enumerate(enc_output["last_hidden_state"].cpu()):
+            enc_output["last_hidden_state"][i] = self.noise(self.clip(x), epsilon=epsilon, delta=self.delta, method=method).float().to(self.device)
+
+        dec_out = self.decoder.generate(encoder_outputs=enc_output, max_new_tokens=max(num_tokens))
+        private_text = [self.tokenizer.decode(x, skip_special_tokens=True).strip() for x in dec_out]
+        return " ".join(private_text)

privfill-0.1.0/src/privfill.egg-info/PKG-INFO

@@ -0,0 +1,92 @@
+Metadata-Version: 2.4
+Name: privfill
+Version: 0.1.0
+Summary: LLM-based Differential Privacy mechanisms for sentence-based text rewriting with infilling models.
+Author-email: Stephen Meisenbacher <stephen.meisenbacher@tum.de>
+License: MIT
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pandas
+Requires-Dist: nltk
+Requires-Dist: numpy
+Requires-Dist: tqdm
+Requires-Dist: torch
+Requires-Dist: transformers
+Requires-Dist: mpmath
+Dynamic: license-file
+
+<div align="center">
+
+  # PrivFill
+
+  [![PyPI version](https://img.shields.io/pypi/v/privfill.svg)](https://pypi.org/project/privfill/)
+  [![GitHub stars](https://img.shields.io/github/stars/sjmeis/PrivFill.svg?style=social)](https://github.com/sjmeis/PrivFill/stargazers)
+  [![License](https://img.shields.io/github/license/sjmeis/PrivFill.svg)](https://github.com/sjmeis/PrivFill/blob/main/LICENSE)
+
+</div>
+
+`privfill` is a Python package providing LLM-based local Differential Privacy (DP) mechanisms for text privatization via sentece infilling. It offers easy-to-use wrappers for fine-tuned Hugging Face models.
+This software was originally presented in the NAACL 2025 findings paper: *On the Impact of Noise in Differentially Private Text Rewriting*
+
+## Installation
+
+Install the package locally in editable mode from your project's root directory:
+
+```bash
+pip install privfill
+```
+
+### Core Prerequisites:
+
+- Python $\geq$ 3.9
+- PyTorch (CUDA recommended for faster inference)
+- Transformers & NLTK
+
+## Basic Usage & Model Selection
+Instead of typing Hugging Face repository paths, you can choose from the three built-in models using the `SupportedModels` enum.
+
+```python
+import privfill
+
+# Choose between FLAN_T5_BASE, FLAN_T5_LARGE, and BART_LARGE
+engine = privfill.load_pipeline(privfill.SupportedModels.FLAN_T5_BASE, DP=True)
+
+text = "This is a long private document ... which contains sensitive information and should be privatized,"
+private_text = engine.privatize(text, epsilon=10)
+
+print(private_text)
+```
+
+As described in the paper, we also create an analagous, non-DP variant of `PrivFill`. The usage is very similar:
+
+```python
+engine = privfill.load_pipeline(privfill.SupportedModels.FLAN_T5_BASE, DP=False)
+private_text = engine.privatize(text)
+```
+
+### Available Models
+
+| Enum                 | Hugging Face Repository              | Base Mechanism               |
+|-------------------------------|--------------------------------------|-------------------------|
+| SupportedModels.FLAN_T5_BASE  | sjmeis/flan-t5-base-infill-combined  | DP-Prompt   |
+| SupportedModels.FLAN_T5_LARGE | sjmeis/flan-t5-large-infill-combined | DP-Prompt       |
+| SupportedModels.BART_LARGE    | sjmeis/bart-large-infill-combined    | DP-BART |
+
+## Models ##
+We make our three sentence infilling models public. They can be found at this [link](https://drive.google.com/drive/folders/12m1av9PY1X7S-cwd9y_8nepBPMtVju0C?usp=sharing).
+
+## Comparison Code ##
+We also include the LLMDP class code for `DP-BART` and `DP-Prompt`, as used in the paper.
+
+```python
+X = LLMDP.DPPrompt()
+# or
+X = LLMDP.DPBart()
+
+# then
+X.privatize(text, epsilon)
+```

privfill-0.1.0/src/privfill.egg-info/SOURCES.txt

@@ -0,0 +1,11 @@
+LICENSE
+README.md
+pyproject.toml
+src/privfill/__init__.py
+src/privfill/main.py
+src/privfill/mechanisms.py
+src/privfill.egg-info/PKG-INFO
+src/privfill.egg-info/SOURCES.txt
+src/privfill.egg-info/dependency_links.txt
+src/privfill.egg-info/requires.txt
+src/privfill.egg-info/top_level.txt

privfill-0.1.0/src/privfill.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

privfill-0.1.0/src/privfill.egg-info/requires.txt

@@ -0,0 +1,7 @@
+pandas
+nltk
+numpy
+tqdm
+torch
+transformers
+mpmath

privfill-0.1.0/src/privfill.egg-info/top_level.txt

@@ -0,0 +1 @@
+privfill