<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"><span></span></div><div dir="ltr"><meta http-equiv="content-type" content="text/html; charset=utf-8">Hi all,<div><br></div><div>We are meeting to discuss PrivCount and Prio at 2200 UTC on</div><div>Tuesday 20 November in #tor-meeting on <a href="http://irc.oftc.net">irc.oftc.net</a>.</div><div><br></div><div>We will log the meeting, so that people who can't attend can catch</div><div>up later.</div><div><br></div><div>Here's some background:</div><div><div><br></div><div><span style="background-color: rgba(255, 255, 255, 0);">Henry Corrigan-Gibbs recently built a private statistics system<br>called Prio <<a href="https://crypto.stanford.edu/prio/" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="8">https://crypto.stanford.edu/prio/</a>> that is now used for<br>privately collecting telemetry at Mozilla<br><<a href="https://hacks.mozilla.org/2018/10/testing-privacy-preserving-telemetry-with-prio/" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="9">https://hacks.mozilla.org/2018/10/testing-privacy-preserving-telemetry-with-prio/</a>>.<br> It provides a similar functionality to PrivCount<br><<a href="https://ohmygodel.com/publications/privcount-ccs2016.pdf" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="10">https://ohmygodel.com/publications/privcount-ccs2016.pdf</a>> that Tor is<br>planning to use, and also provides strong robustness against malformed or<br>malicious reports.</span></div><div><br></div><div><br></div><div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">Some questions we'll discuss:<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);"><br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">How can we design Tor's statistics to make it easy to:</span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">* defend against corruption attacks, and</span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">* support more complex aggregate statistics.</span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);"><br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">How does PrivCount in Tor's design handle aggregation</span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">server failures?</span></font></div><span style="background-color: rgba(255, 255, 255, 0);"><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><span style="background-color: rgba(255, 255, 255, 0);">Some background:</span></div><br></span><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">Here's my quick comparison of Prio and PrivCount in Tor:<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">* Prio servers can do complex calculations using linear data structures<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">* PrivCount is limited to additive totals (and histograms)<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);"><br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">* Prio servers can defend against corruption attacks using SNIPs</span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">  (secret non-interactive proofs)</span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">* PrivCount in Tor has an optional scheme to defend against corruption,</span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">  but it </span></font><span style="background-color: rgba(255, 255, 255, 0);">requires adding additional noise</span></div><span style="background-color: rgba(255, 255, 255, 0);"><br></span><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">* Prio doesn't have differential privacy (yet)<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">* PrivCount guarantees differential privacy across the entire set of<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">  statistics<br></span></font></div><span style="background-color: rgba(255, 255, 255, 0);"><br></span><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">* Prio increases security by failing when one server fails<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">* PrivCount in Tor is robust to server failure, and compensates<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">  for the decreased security by adding more noise<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">  (The PrivCount design used for our research papers was not<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">   robust, and failed whenever any server or client failed.)<br></span></font></div><span style="background-color: rgba(255, 255, 255, 0);"><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><br></span><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);">Here are our latest specs, notes, and code for PrivCount in Tor:<br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);"><a href="https://gitweb.torproject.org/torspec.git/tree/proposals/288-privcount-with-shamir.txt" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="1">https://gitweb.torproject.org/torspec.git/tree/proposals/288-privcount-with-shamir.txt</a><br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);"><a href="https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/PrivCount" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="2">https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/PrivCount</a><br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);"><a href="https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/PrivCountTechnical" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="3">https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/PrivCountTechnical</a><br></span></font></div><div><font color="#000000"><span style="caret-color: rgb(0, 0, 0); background-color: rgba(255, 255, 255, 0);"><a href="https://github.com/nmathewson/privcount_shamir" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="4">https://github.com/nmathewson/privcount_shamir</a><br></span></font></div><div><br></div><div><div id="AppleMailSignature" dir="ltr"><span style="background-color: rgba(255, 255, 255, 0);">T</span><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><span style="background-color: rgba(255, 255, 255, 0);">-- </span></div><div><span style="background-color: rgba(255, 255, 255, 0);">teor</span></div><div><span style="background-color: rgba(255, 255, 255, 0);">----------------------------------------------------------------------</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div></div></div></div></div></div></body></html>