[tor-dev] PrivCount and Prio IRC Meeting
teor
teor at riseup.net
Tue Nov 20 00:19:22 UTC 2018
Hi all,
We are meeting to discuss PrivCount and Prio at 2200 UTC on
Tuesday 20 November in #tor-meeting on irc.oftc.net.
We will log the meeting, so that people who can't attend can catch
up later.
Here's some background:
Henry Corrigan-Gibbs recently built a private statistics system
called Prio <https://crypto.stanford.edu/prio/> that is now used for
privately collecting telemetry at Mozilla
<https://hacks.mozilla.org/2018/10/testing-privacy-preserving-telemetry-with-prio/>.
It provides a similar functionality to PrivCount
<https://ohmygodel.com/publications/privcount-ccs2016.pdf> that Tor is
planning to use, and also provides strong robustness against malformed or
malicious reports.
Some questions we'll discuss:
How can we design Tor's statistics to make it easy to:
* defend against corruption attacks, and
* support more complex aggregate statistics.
How does PrivCount in Tor's design handle aggregation
server failures?
Some background:
Here's my quick comparison of Prio and PrivCount in Tor:
* Prio servers can do complex calculations using linear data structures
* PrivCount is limited to additive totals (and histograms)
* Prio servers can defend against corruption attacks using SNIPs
(secret non-interactive proofs)
* PrivCount in Tor has an optional scheme to defend against corruption,
but it requires adding additional noise
* Prio doesn't have differential privacy (yet)
* PrivCount guarantees differential privacy across the entire set of
statistics
* Prio increases security by failing when one server fails
* PrivCount in Tor is robust to server failure, and compensates
for the decreased security by adding more noise
(The PrivCount design used for our research papers was not
robust, and failed whenever any server or client failed.)
Here are our latest specs, notes, and code for PrivCount in Tor:
https://gitweb.torproject.org/torspec.git/tree/proposals/288-privcount-with-shamir.txt
https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/PrivCount
https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/PrivCountTechnical
https://github.com/nmathewson/privcount_shamir
T
--
teor
----------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20181120/f9a8a905/attachment.html>
More information about the tor-dev
mailing list