[tor-dev] PrivCount and Prio IRC Meeting

Hi all,

We are meeting to discuss PrivCount and Prio at 2200 UTC on

Tuesday 20 November in #tor-meeting on irc.oftc.net.

We will log the meeting, so that people who can't attend can catch

up later.

Here's some background:

Henry Corrigan-Gibbs recently built a private statistics system
called Prio <https://crypto.stanford.edu/prio/> that is now used for
privately collecting telemetry at Mozilla
<https://hacks.mozilla.org/2018/10/testing-privacy-preserving-telemetry-with-prio/>.
It provides a similar functionality to PrivCount
<https://ohmygodel.com/publications/privcount-ccs2016.pdf> that Tor is
planning to use, and also provides strong robustness against malformed or
malicious reports.

Some questions we'll discuss:

How can we design Tor's statistics to make it easy to:

* defend against corruption attacks, and

* support more complex aggregate statistics.

How does PrivCount in Tor's design handle aggregation

server failures?

Some background:

Here's my quick comparison of Prio and PrivCount in Tor:

* Prio servers can do complex calculations using linear data structures

* PrivCount is limited to additive totals (and histograms)

* Prio servers can defend against corruption attacks using SNIPs

(secret non-interactive proofs)

* PrivCount in Tor has an optional scheme to defend against corruption,

but it requires adding additional noise

* Prio doesn't have differential privacy (yet)

* PrivCount guarantees differential privacy across the entire set of

statistics

* Prio increases security by failing when one server fails

* PrivCount in Tor is robust to server failure, and compensates

for the decreased security by adding more noise

(The PrivCount design used for our research papers was not

robust, and failed whenever any server or client failed.)

Here are our latest specs, notes, and code for PrivCount in Tor:

teor

----------------------------------------------------------------------