[tor-bugs] #23147 [Core Tor/Tor]: prop280: Merge privcount-in-tor data collector backend implementation

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 6 00:43:57 UTC 2017


#23147: prop280: Merge privcount-in-tor data collector backend implementation
--------------------------+------------------------------------
 Reporter:  nickm         |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:  SponsorQ
--------------------------+------------------------------------

Comment (by teor):

 Replying to [comment:2 teor]:
 > T2. `sample_unit_gaussian()` can't use both `r * sin(theta)` and `r *
 cos(theta)` unless they are independent samples. And I'm not sure if they
 are.

 In order to guarantee differential privacy, we need to:
 * sample at the scale of the noise (not unit scale)
 * add the noise to the signal
 * round the noisy signal

 This is the "snapping" mitigation from "On Significance of the Least
 Significant Bits For Differential Privacy" by Ilya Mironov
 ‚Äčhttps://pdfs.semanticscholar.org/2f2b/7a0d5000a31f7f0713a3d20919f9703c9876.pdf

 I think we're ok here, because the results are the same as the ones we'd
 get by snapping.

 But if there's a transform that takes stddev and yields more precision, we
 should probably use it (rather than just multiplying `stddev * r *
 sin(theta)`).

 See also https://trac.torproject.org/projects/tor/ticket/23061#comment:33
 for the output values from this function (if it used
 crypto_rand_double()).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23147#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list