Re: [Ppm] [CFRG] Next steps for heavy hitters with VDAFs
Christopher Patton <cpatton@cloudflare.com> Thu, 14 March 2024 19:14 UTC
Return-Path: <cpatton@cloudflare.com>
X-Original-To: ppm@ietfa.amsl.com
Delivered-To: ppm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73D3DC14F5E7 for <ppm@ietfa.amsl.com>; Thu, 14 Mar 2024 12:14:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yeioxK3LqBdz for <ppm@ietfa.amsl.com>; Thu, 14 Mar 2024 12:14:17 -0700 (PDT)
Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 432D4C14F68D for <ppm@ietf.org>; Thu, 14 Mar 2024 12:14:17 -0700 (PDT)
Received: by mail-oi1-x230.google.com with SMTP id 5614622812f47-3bd72353d9fso755998b6e.3 for <ppm@ietf.org>; Thu, 14 Mar 2024 12:14:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1710443656; x=1711048456; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=2aqtGEI4D/wi9VJckDY5GU8U7ABs4Ro6WG44ZDOVc84=; b=ShivFaO0hXQnudaPhHFHNmshjqBgewHNm6hOpwmoZESVG1Dv6kbTvBj2Z9U9zlgEnf mwXfJbzy9B/4L9BsIyTLBazvVVZtjymc6M0eQQ0p0tTbKVjmzvtOUTKCFRfLUnsCKvJ8 xZI+GhghHrPz9FCjnqWMr21NfuwRGN0NK3z8Jzz8Ko7LqIQ076oHzk2W8cS2LROW1iS5 hxRTBWnRgKFcGu2/QpCoMYbN/0rq5Qm7tO2uUOIGtiNqoenyNZkNOGOFSV8/GCPbdGQi woazck/k42q8XuQ0miA/izoxqFCKzggHbUP8URiSCgnIn4quBTf7MAh1C4UG1k1Ms3uZ 170g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710443656; x=1711048456; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2aqtGEI4D/wi9VJckDY5GU8U7ABs4Ro6WG44ZDOVc84=; b=lubn9z9dqTEZepn6rRgueMIhzoU5VVW7Z5XGjYtiKhMm0YRR54vDN6NZfUg7D0qOpM pzstRCJXW+H4SeJrf6yAJKY+dLFU4scsX/izPjQD+ZSkxs+/SNxZLazy/qvlyGac2hc5 ZdFRRBUKvgV2tZqbqP9C+xENzxe/wCzXaUfp+dwGYqxhkfLgf1k+zRn1cOgQHgoCkCh5 iapnCyU7rTkRCHH97Ampo24aTdLrIDQCQV9gPH1H1pBAm+KM06ZD6JPvXSBeT5XEFEBm PN+JxbgHHD3lah5Ngp1WmyPVP9x8bUiGFmS3EBn4ab/Hap/tnvWCJkKLVahdCrq4cjik ToLQ==
X-Forwarded-Encrypted: i=1; AJvYcCX6y7w/hizMSwDEL+P5BG8zeqFpiESdmPIp6DA3Tc7nCaD6YQfkdDdZEU3FpmUVqkdm365EgOhSWLjtIJE=
X-Gm-Message-State: AOJu0YwhgUb8Tw/lsMhVz4FZ7ugbMQOh5V+pPEmIy78s0BSpnpwMc1Zn 0NQa9sxtq4NAcx6calQBupKq/EtzBj9JMYxAmq3Y/zih/6DYG/BvoVRdUsCAJOyzi6ww5jUP3ZQ zxHMzbSVYnADCgSXJi5c5CX6dc4XBrWFMahjCOGfmxyIeuQ2Sq8o=
X-Google-Smtp-Source: AGHT+IFdmhSQNdBQFBZJePCRxxP0ZR5en9GBBDapqbcGDMSoEacTfr2VPnRNCMyKfSEYRCqEdqurYr34vIngGGt+i+s=
X-Received: by 2002:aca:1702:0:b0:3c1:f37e:1ab6 with SMTP id j2-20020aca1702000000b003c1f37e1ab6mr2422054oii.13.1710443655896; Thu, 14 Mar 2024 12:14:15 -0700 (PDT)
MIME-Version: 1.0
References: <CAG2Zi23iR68MTLnW-onPhfq4rKmeYqgdsE4h_nem2iWFrVLqdw@mail.gmail.com> <CAG2Zi231jVNBvN7vZ6Uz2uTLd7JyS2-hpERUYrkQf1w-KxJtCQ@mail.gmail.com> <23E40649-8967-445D-91AC-EAEA4EDFCB40@apple.com> <CAG2Zi23uD_dcGtetFehBVmUPbG5ygr3VAwscfCp5qcWm9+BfHQ@mail.gmail.com> <CABcZeBN=ko0KiOUA2YEzqxbSx63wuaEwLp7UWwNRgJyxFa_wkQ@mail.gmail.com>
In-Reply-To: <CABcZeBN=ko0KiOUA2YEzqxbSx63wuaEwLp7UWwNRgJyxFa_wkQ@mail.gmail.com>
From: Christopher Patton <cpatton@cloudflare.com>
Date: Thu, 14 Mar 2024 12:14:04 -0700
Message-ID: <CAG2Zi20e=B-pXC_qVBC5ubJKYnJnPfaKoaZDE_1G1383SNx9+Q@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Shan Wang <shan_wang@apple.com>, ppm <ppm@ietf.org>, cfrg@irtf.org
Content-Type: multipart/alternative; boundary="00000000000084d5010613a3b261"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ppm/-DBlZI_dBN84af0Gt5iFJBOkvdk>
Subject: Re: [Ppm] [CFRG] Next steps for heavy hitters with VDAFs
X-BeenThere: ppm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Preserving Measurement technologies <ppm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ppm>, <mailto:ppm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ppm/>
List-Post: <mailto:ppm@ietf.org>
List-Help: <mailto:ppm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ppm>, <mailto:ppm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 19:14:21 -0000
Hi folks, I'll be giving and update on Mastic at CFRG on Monday: https://datatracker.ietf.org/meeting/119/materials/slides-119-cfrg-next-steps-for-draft-mouris-cfrg-mastic We'll spend some time discussing this question. Chris P. On Mon, Mar 4, 2024 at 6:58 PM Eric Rescorla <ekr@rtfm.com> wrote: > > > On Mon, Mar 4, 2024 at 5:20 PM Christopher Patton <cpatton= > 40cloudflare.com@dmarc.ietf.org> wrote: > >> Thanks PPM and CFRG, this has been helpful. >> >> So far it seems like there is a plurality in favor of adopting a separate >> draft for Mastic and only consider dropping Poplar1 once we're more certain >> about the trade-offs. It would be nice to hear from anyone who is strongly >> opposed to this plan. >> > > To restate what I think you said, I think it's fine to adopt Mastic. I > would defer a decision on Poplar until after we know more. > > -Ekr > >> >> One concern that's been brought up is the editorial effort required to >> maintain both. Speaking as an editor of both Mastic and Poplar1, I think >> there is likely to be some duplicative effort here: most of the low level >> algorithmic bits these protocols have in common (i.e., IDPF) have been >> stable for some time, but there are also some evolving security >> considerations that apply to both (around safe usage of IDPF). I also >> expect there to be some security considerations that apply to Poplar1, but >> not Mastic. >> >> Chris P. >> >> On Mon, Mar 4, 2024 at 2:33 PM Shan Wang <shan_wang= >> 40apple.com@dmarc.ietf.org> wrote: >> >>> I'm in favour of either >>> 1. Replace Poplar1 with Mastic in the base VDAF draft >>> (draft-irtf-cfrg-vdaf). >>> Or >>> 4. Refactor the base draft so that it spells only the VDAF framework, >>> adopt the Mastic draft, and adopt a new draft for Prio3. >>> >>> If we do 4. The we can cut an individual Poplar RFC too and anyone have >>> implemented Poplar1 can refer to that standard. >>> >>> In my opinion, VDAF should define a common framework. We will have more >>> algorithms in the future and they should be cut as individual drafts that's >>> compatible with VDAF, rather than part of the VDAF text itself. >>> >>> Shan >>> >>> >>> On 4 Mar 2024, at 16:13, Christopher Patton <cpatton= >>> 40cloudflare.com@dmarc.ietf.org> wrote: >>> >>> Hi all, I'm cross-posting this message to the CFRG mailing list in the >>> hopes that folks who would like to implement heavy hitters in DAP will >>> weigh in. We definitely end to hear from implementers and potential >>> adopters. >>> >>> Thanks, >>> Chris P. >>> >>> ---------- Forwarded message --------- >>> From: Christopher Patton <cpatton@cloudflare.com> >>> Date: Mon, Mar 4, 2024 at 8:07 AM >>> Subject: Next steps for heavy hitters with VDAFs >>> To: CFRG <cfrg@irtf.org> >>> >>> >>> Hi CFRG, >>> >>> I've asked the chairs to spend some time at 119 discussing next steps >>> for Mastic: >>> https://datatracker.ietf.org/doc/html/draft-mouris-cfrg-mastic-02 >>> >>> The ideal outcome may not be to adopt this draft directly, but to merge >>> it with the existing VDAF draft (draft-irtf-cfrg-vdaf). Our goal for >>> 119 is to find consensus on a path forward. >>> >>> Last time (118) we presented Mastic, a new VDAF that we pitched as a >>> drop-in replacement for Poplar1 ( >>> https://datatracker.ietf.org/meeting/118/materials/slides-118-cfrg-mastic-vdaf). >>> Since the meeting we have been working on security analysis for Mastic. >>> The theorems in this paper claim that Mastic's composition of its >>> primitives (VIDPF, an extension of IDPF from draft-irtf-cfrg-vdaf) and >>> FLP (from draft-irtf-cfrg-vdaf) into a VDAF is secure. The concrete >>> parameters of VIDPF and FLP are subject to change as analysis continues, >>> but the overall composition seems to be sound: >>> https://eprint.iacr.org/2024/221 >>> >>> Mastic is also more efficient in terms of round complexity, is easier to >>> implement securely, and addresses use cases identified in the PPM WG for >>> which Poplar1 falls short. Overall, Mastic reflects improvements that have >>> been made to this paradigm (i.e., function secret sharing for heavy >>> hitters) since the Poplar paper appeared three years ago ( >>> https://eprint.iacr.org/2021/017). The only potential advantage of >>> Poplar1 is that, once we finalize the parameters of VIDPF, it may end up >>> having a lower bandwidth cost (at most 50% more, I suspect). However, >>> speaking as an implementer, the lower round complexity of Mastic over >>> Poplar1 makes it the far better option. >>> >>> We (the Mastic designers) would like the CFRG to consider the following >>> outcomes: >>> 1. Replace Poplar1 with Mastic in the base VDAF draft (draft-irtf-cfrg >>> -vdaf). >>> 2. Adopt the Mastic draft (draft-mourics-cfrg-mastic) and remove >>> Poplar1 from the base draft. >>> 3. Adopt the Mastic draft, but keep Poplar1 in the base draft. >>> 4. Refactor the base draft so that it spells only the VDAF framework, >>> adopt the Mastic draft, and adopt a new draft for Prio3. Note that there is >>> one primitive (FLP) that would be shared by both Mastic and Prio3. >>> >>> Here are the main considerations we've heard while getting feedback on >>> this question. >>> a. Since the PPM WG can't finish its work until the base VDAF draft is >>> done, we should do everything we can to minimize time to RFC. >>> b. Recommending two protocols (Poplar1 and Mastic) for the same use case >>> (heavy hitters) is probably not a good idea, especially if one is clearly >>> superior to the other. >>> c. If we remove Poplar1, then we could consider restricting the VDAF >>> syntax to 1 round for preparation. >>> d. The base draft should use all features of the VDAF framework. >>> e. Poplar1 involves an MPC paradigm called "arithmetic sketching" ( >>> https://eprint.iacr.org/2023/1012) that may be useful for future VDAFs >>> and thus worth specifying. >>> >>> Thanks for your time and we're looking forward to 119, >>> Chris P. >>> -- >>> Ppm mailing list >>> Ppm@ietf.org >>> https://www.ietf.org/mailman/listinfo/ppm >>> >>> >>> -- >>> Ppm mailing list >>> Ppm@ietf.org >>> https://www.ietf.org/mailman/listinfo/ppm >>> >> _______________________________________________ >> CFRG mailing list >> CFRG@irtf.org >> https://mailman.irtf.org/mailman/listinfo/cfrg >> >
- [Ppm] Fwd: Next steps for heavy hitters with VDAFs Christopher Patton
- Re: [Ppm] Fwd: Next steps for heavy hitters with … Brandon Pitman
- Re: [Ppm] Fwd: Next steps for heavy hitters with … Simon Friedberger
- Re: [Ppm] Fwd: Next steps for heavy hitters with … Syed Suleman Ahmad
- Re: [Ppm] Fwd: Next steps for heavy hitters with … Eric Rescorla
- Re: [Ppm] Fwd: Next steps for heavy hitters with … Christopher Patton
- Re: [Ppm] Next steps for heavy hitters with VDAFs Shan Wang
- Re: [Ppm] Next steps for heavy hitters with VDAFs Christopher Patton
- Re: [Ppm] [CFRG] Next steps for heavy hitters wit… Eric Rescorla
- Re: [Ppm] [CFRG] Next steps for heavy hitters wit… Christopher Patton
- Re: [Ppm] [CFRG] Next steps for heavy hitters wit… Christopher Patton