[tor-dev] Proposal 288: Privacy-Preserving Statistics with Privcount in Tor (Shamir version)

[teor]

Hi Aaron,

> On 15 Dec 2017, at 01:54, Aaron Johnson <aaron.m.johnson at nrl.navy.mil> wrote:
> 
> in Prio, servers use a generic secure multi-party computation (MPC) protocol to compute the circuits. If Tor is going to do that, why not just run a generic MPC protocol over all of the inputs? Doing so would allow Tor statistics aggregations to be robust to inputs that are likely “incorrect” given the values of the other inputs (see “robust statistics” for a wide variety of useful such computations, including for example median, trimmed mean, least trimmed squares, maximum likelihood estimation). Applying MPC over all inputs would only require implementing the “offline” phase of the computation (e.g. producing the “multiplication triples”, which are supplied by the client in Prio). There are reasonably efficient protocols for doing so, including SDPZ and TinyOT [1].

If I understand you correctly, you are saying that we can add
a secure multiparty computation to the Tally Reporters without
changes on the Data Collectors?

Great!

Then let's proceed with the Data Collector implementation as
specified in this proposal. We can decide how we detect
outliers when we specify the Tally Reporter implementation.

T