Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add checks that prefix counts are consistent across multiple VDAF executions #332

Merged
merged 41 commits into from
May 13, 2024
Merged

Add checks that prefix counts are consistent across multiple VDAF executions #332

merged 41 commits into from
May 13, 2024

Conversation

schoppmp
Copy link
Collaborator

@schoppmp schoppmp commented Mar 7, 2024
edited
Loading

Fixes #316

@schoppmp schoppmp marked this pull request as draft March 7, 2024 14:41
@schoppmp schoppmp mentioned this pull request Mar 7, 2024
Closed
@schoppmp schoppmp requested a review from cjpatton March 7, 2024 14:43
@cjpatton cjpatton mentioned this pull request Mar 7, 2024
Closed
cjpatton
cjpatton reviewed Mar 7, 2024
View reviewed changes
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
@cjpatton cjpatton marked this pull request as ready for review April 3, 2024 22:08
@cjpatton cjpatton marked this pull request as draft April 3, 2024 22:08
cjpatton
cjpatton reviewed Apr 3, 2024
View reviewed changes
Copy link
Collaborator

@cjpatton cjpatton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks to be on the right track, modulo our conversation today about compatibility with DP. I think the only thing that would change is enforcing count consistency, in which case we would take some version of this PR no matter what the outcome is.

I'd suggest implementing in the reference code so that we can unit test is_valid() and make sure the changes to the rest of the construction still pass our current tests. If you like you can leave out the count checks.

draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
schoppmp and others added 6 commits April 18, 2024 14:38
@schoppmp @cjpatton
Update draft-irtf-cfrg-vdaf.md
184451f 
Co-authored-by: Christopher Patton <cpatton@cloudflare.com>
@schoppmp @cjpatton
Update draft-irtf-cfrg-vdaf.md
e5fed24 
Co-authored-by: Christopher Patton <cpatton@cloudflare.com>
@schoppmp @cjpatton
Update draft-irtf-cfrg-vdaf.md
7dcb804 
Co-authored-by: Christopher Patton <cpatton@cloudflare.com>
@schoppmp
Restrict is_valid to testing prefixes are connected and levels are in…
be3e2d2 
…creasing
@schoppmp
Fix PoC
bc8b428
@schoppmp
Fix PoC
5280b62
@schoppmp
Copy link
Collaborator Author

Following the discussion in this doc, it seems clear that differential privacy is required to implement heavy hitters privately. For now, this PR only ensures that the tree is traversed correctly (i.e., not on arbitrary leaves; see mitigation 1 here).

The details of how to add differential privacy to a heavy hitters protocol based on Poplar should be specified in the higher-level protocol, as VDAF doesn't have any syntax for DP (like privacy parameters). There are also different ways to implement DP here, so this is not something we want to restrict in VDAF.

divergentdave
divergentdave reviewed Apr 24, 2024
View reviewed changes
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
poc/vdaf_poplar1.py Outdated Show resolved Hide resolved
@cjpatton cjpatton marked this pull request as ready for review April 24, 2024 20:29
cjpatton
cjpatton approved these changes Apr 24, 2024
View reviewed changes
poc/vdaf_poplar1.py Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Show resolved Hide resolved
divergentdave
divergentdave reviewed May 7, 2024
View reviewed changes
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
poc/vdaf_poplar1.py Outdated Show resolved Hide resolved
poc/vdaf_poplar1.py Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
poc/vdaf_poplar1.py Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
schoppmp and others added 6 commits May 7, 2024 15:53
@schoppmp @divergentdave
Update draft-irtf-cfrg-vdaf.md
f1b7455 
Co-authored-by: David Cook <dcook@divviup.org>
@schoppmp @divergentdave
Update draft-irtf-cfrg-vdaf.md
faf7de4 
Co-authored-by: David Cook <dcook@divviup.org>
@schoppmp @divergentdave
Update poc/vdaf_poplar1.py
25f47fd 
Co-authored-by: David Cook <dcook@divviup.org>
@schoppmp @divergentdave
Update poc/vdaf_poplar1.py
07b234f 
Co-authored-by: David Cook <dcook@divviup.org>
@schoppmp @divergentdave
Update poc/vdaf_poplar1.py
b537eef 
Co-authored-by: David Cook <dcook@divviup.org>
@schoppmp
Fix privacy considerations
f9a3d0e
@cjpatton cjpatton self-requested a review May 8, 2024 15:58
cjpatton
cjpatton approved these changes May 9, 2024
View reviewed changes
Copy link
Collaborator

@cjpatton cjpatton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, though I think we could increase test coverage a bit.

draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
poc/tests/test_vdaf_poplar1.py Outdated Show resolved Hide resolved
@schoppmp @cjpatton
Update draft-irtf-cfrg-vdaf.md
a401cca 
Co-authored-by: Christopher Patton <cpatton@cloudflare.com>
@cjpatton cjpatton mentioned this pull request May 13, 2024
Merged
divergentdave
divergentdave approved these changes May 13, 2024
View reviewed changes
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
draft-irtf-cfrg-vdaf.md Outdated Show resolved Hide resolved
schoppmp and others added 2 commits May 13, 2024 17:17
@schoppmp @divergentdave
Update draft-irtf-cfrg-vdaf.md
43913bf 
Co-authored-by: David Cook <dcook@divviup.org>
@schoppmp @divergentdave
Update draft-irtf-cfrg-vdaf.md
e8ed23f 
Co-authored-by: David Cook <dcook@divviup.org>
@schoppmp schoppmp merged commit a593fd4 into main May 13, 2024
6 checks passed
@divergentdave divergentdave deleted the schoppmp/issue-316 branch July 2, 2024 21:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tgeoghegan tgeoghegan tgeoghegan left review comments

@cjpatton cjpatton cjpatton approved these changes

@divergentdave divergentdave divergentdave approved these changes

Assignees
No one assigned
Labels
draft-09 security consideration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Clarify that Poplar-like protocols may leak sensitive information if the collector misbehaves
4 participants
@schoppmp @divergentdave @cjpatton @tgeoghegan