wangshan / draft-wang-ppm-differential-privacy

Describe DP mechanisms and guarantees on a DAP/VDAF system
Other
0 stars 3 forks source link

User-level DP and other notions of DP that are not DAP-friendly #13

Open tholop opened 1 year ago

tholop commented 1 year ago

Keeping track of something we discussed with @cjpatton: some notions of DP are not achievable with DAP, at least in the current form of the protocol. For instance:

wangshan commented 1 year ago

For the first problem some client side bound could help, for example the proposal of using rate limiting PAT: https://github.com/cpriebe/draft-priebe-ppm-dap-reportauth. But it is indeed to hard to limit same user data form multiple devices. ClientIPs and timestamps can be mitigated by a anonymous proxy like OHTTP, in DAP there is also a time precision field in task config to avoid revealing exact timestamp.