divergentdave
commented
1 month ago Beyond better handling of negative wraparound, other differential privacy policies may require debiasing of aggregate results. For example, the randomized response mechanism and the binomial mechanism both require different forms of debiasing. Thus, I think it would make sense to pass the full DP configuration to the collector, and then interpret that in order to do the right thing, rather than have a dedicated negative wraparound configuration flag.
When aggregators add noise to aggregate shares for differential privacy, this can result in very large numbers in the aggregate result currently, if the noise causes a wraparound. We can address this by mapping to [-p/2, 0) instead of [p/2, p). (for example) This could be done as a post-processing step, but I think it would be more convenient if
janus_collectorhandled it, because the Prio3 instance, and thus the prime modulus, is at hand already. The downside of this change is that applications not using DP would have their aggregate results wrap around with half as many measurements as before, so we may want to make this configurable.