-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DP: Bound contribution from a single client #210
Comments
Given that clients don't want to break their own privacy, how is this different from the Sybil attacks discussed in #211 ? |
The measures that prevent spoiling of results are incomplete without some protection against these attacks. This isn't a privacy issue as much as it is a correctness one. So maybe strike my original comments about DP protections. |
We do acknowledge already the possibility of a Sybil attack resulting in a "poisoned" aggregate result: https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap-07#section-7.2 @martinthomson does this text cover the attack? Do you think we should do more than acknowledge the attack? For a general approach to mitigating Sybil attacks see https://github.com/cpriebe/draft-priebe-ppm-dap-reportauth |
I think that what you have there in S7.2 is OK. Like in the paper you cite, I don't think that you can put meaningful protections in place for Sybil attacks. That's not to say that some cases can't benefit from protections, so maybe an informative note about some potential approaches would be how to strike the balance. |
We already have a section about Sybil attacks and how they can be mitigated. DP is suggested, but of course this only applies to privacy. This PR clarifies this: #579 |
Seeing @chris-wood present on this made it clear that there are no mechanisms that might prevent a single client from contributing to aggregates multiple times. This is problematic for the application of DP, as the contribution of any client needs to be bounded in order to place a finite bound on the DP noise.
There is currently a fixation on having fixed-sized duration for tasks and batch limits, but neither of these help.
The text was updated successfully, but these errors were encountered: