- From: Erik Taubeneck via GitHub <sysbot+gh@w3.org>
- Date: Thu, 28 Apr 2022 02:21:08 +0000
- To: public-patcg@w3.org
In the documentation, we originally proposed providing `match_key_provider` as an argument in the `generateSourceEvent` and `generateTriggerEvent` functions. However, this is vulnerable to the attack to describe @csharrison.
@martinthomson's suggestion of committing to a set `{match_key_provider_1, ...}` would be for every site. Then, when calling `generateSourceEvent` or `generateTriggerEvent`, all of the match keys that site had committed to would be included. (We'd want to be able to cap this to some reasonable number `N`.)
Later, in the privacy budget management step, we'd assure that both:
1. Every individual match key can only contribute up to `L1` to the aggregation.
2. Every individual match key provided has the consumed amount deduced from their privacy budget.
I believe this should allow for properly preventing the attack you describe, without needing to scale the noise by a factor of `N`.
--
GitHub Notification of comment by eriktaubeneck
Please view or discuss this issue at https://github.com/patcg/private-measurement/issues/9#issuecomment-1111669066 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 28 April 2022 02:21:09 UTC