Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implementing differential privacy for the bounded-norm vector type #440

Open
MxmUrw opened this issue Feb 1, 2023 · 1 comment
Open

Comments

@MxmUrw
Copy link
Contributor

MxmUrw commented Feb 1, 2023

We are now at the point where we would like to add differential privacy to our bounded-norm fixed-point vector type. As was pointed out to us, there has been some discussion about the best way to integrate dp with VDAF / DAP here and here.

Have there been any further developments with regards to dp since those two issues?

It looks like the simplest way to achieve our version of DP (each of the aggregators adds a pre-configured amount of noise to the aggregate share) would be by doing the following:

  • Extend the Prio3 Type trait to require an additional function add_noise(&self, aggregate_share: Vec<Field>) -> Vec<Field>.
  • Call this function in the Aggregator::aggregate() implementation for Prio3 on the resulting aggregate share.
  • In the implementation of add_noise for our vector type, do add the (discrete gaussian) noise as required by our encoding.
  • Add a default implementation for add_noise() that is the identity function, so other prio types do not need to be changed.

This approach seems to be the most straight-forward to us, but it possibly disregards the proposed solutions in the above-mentioned threads. We would like to discuss about how best to align our efforts with the future specification of dp in VDAF (if such a thing is indeed going to be specified).

@MxmUrw
Copy link
Contributor Author

MxmUrw commented Feb 6, 2023

UPDATE: It looks like the proposed solution above is not enough if we want to use janus as aggregator; the Aggregator::aggregate() function is not used in janus, its functionality is (re-)implemented in aggregator/accumulator.rs.

As it currently stands, we need to use a custom fork of both janus and prio to get dp working for our type. We do have a working (and hacky) prototype which does what we want, but are posed with the following question:

Is the implementation of differential privacy in prio types already up for discussion? Or should we continue to develop on our fork(s) on a works-for-us basis?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant