Some questions we'll discuss:
How can we design Tor's statistics to make it easy to:
* defend against corruption attacks, and
* support more complex aggregate statistics.
How does PrivCount in Tor's design handle aggregation
server failures?
Some background:
Here's my quick comparison of Prio and PrivCount in Tor:
* Prio servers can do complex calculations using linear data structures
* PrivCount is limited to additive totals (and histograms)
* Prio servers can defend against corruption attacks using SNIPs
(secret non-interactive proofs)
* PrivCount in Tor has an optional scheme to defend against corruption,
but it requires adding additional noise
* Prio doesn't have differential privacy (yet)
* PrivCount guarantees differential privacy across the entire set of
statistics
* Prio increases security by failing when one server fails
* PrivCount in Tor is robust to server failure, and compensates
for the decreased security by adding more noise
(The PrivCount design used for our research papers was not
robust, and failed whenever any server or client failed.)
Here are our latest specs, notes, and code for PrivCount in Tor:
T
--
teor
----------------------------------------------------------------------