IETF Logo Mail Archive

[Ppm] Fwd: Next steps for heavy hitters with VDAFs

Christopher Patton <cpatton@cloudflare.com> Mon, 04 March 2024 16:14 UTC

Return-Path: <cpatton@cloudflare.com>
X-Original-To: ppm@ietfa.amsl.com
Delivered-To: ppm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81672C14CE33 for <ppm@ietfa.amsl.com>; Mon, 4 Mar 2024 08:14:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OexREkyFyRJ8 for <ppm@ietfa.amsl.com>; Mon, 4 Mar 2024 08:13:57 -0800 (PST)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E63E4C151986 for <ppm@ietf.org>; Mon, 4 Mar 2024 08:13:55 -0800 (PST)
Received: by mail-qt1-x831.google.com with SMTP id d75a77b69052e-42a029c8e76so37071981cf.2 for <ppm@ietf.org>; Mon, 04 Mar 2024 08:13:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1709568835; x=1710173635; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=W7p4kiC3qRuxbrY387iWuucGdE1hnVAhPbJrUNZvck8=; b=Lc0LM/enetYuN3n6QBZCQI5THS8oGXPhPwiAO2RLU5XpMn3xALl8tkO5s2zPthXLlv 2SO1iV2yCuFXg8Akgsf+6+k1OPEdYWOylyAw0r51fryRl7Q1VpBpg3XTIOi0mUNnkaBZ dNzqR+YM/dRBp5mwu/yWTBcyT7xh80wQf0EIxsEgvSpmya8Lu5MEM8zNdXSOfcrBMN91 ueCryGOzowGj2yEfR8rISVTQmdp1NWsqg6s6I0iL7zk7VhK39uVAzoae2E8Xz2j3mu46 hgJCDjPmRf/PaoHmUsmwhZTRyhzNttKOQHcpHw+iahkEnvS+NcW4zfwYaJMyKtlrINQK EhlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709568835; x=1710173635; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=W7p4kiC3qRuxbrY387iWuucGdE1hnVAhPbJrUNZvck8=; b=Y3jnIOq0n4dhBA/HzRwE5Id8kYCRqkB1l3wwmUCJaKCfzM0NclT/1kV5ovgMQzFirL zLEpw8lsAHZFYvpzH2GPoGymofJRjZIHw0MunZjUgKv256En8BWtreMxEmP+VA+8uw3e rHBAStgg0CfA+FlEraRC9LyfG1/iIsvCGa2eJXAngsWKLbZKG27KKkTbwqK7/uX7krka X4iTA/9lXgerg9f9Teg/HcBZPVHw6NQ/ig6oPB2oRcw2XSJvlb2hTwKCYhnV/SXUnGqa H2BcPtGEOxni8UpVwswxVpEFIH2kCoLo/kAyxaadkvxMsFaCFDiaMs4S0hIVsnfkZihb RaOA==
X-Gm-Message-State: AOJu0Yw7jZMBkxu8ajA4kNLzpdBGADr5pFxQpSZH2T+SX12uOwczp/aO ZopbUBHnCeezCWCiX79dL2irPW+B8l8kFS9pkrcb5p8M+BHpsGDUFeX9gMh0ukasn8zwRl0mI+z k8uvOXPmhvGXUW0mE01Phgbx4wvbdmycGZcD2mSjtbBuoCbCK
X-Google-Smtp-Source: AGHT+IGDfz8IL50zN+hHtthh5r4q6eHiHh8n0U9A1tnV9TyP4hwj0+8ZhYZzGlhY4/F1LfFY0tsK+/p+jfCGaFRDiYo=
X-Received: by 2002:ac8:7f03:0:b0:42e:bbdf:bcb0 with SMTP id f3-20020ac87f03000000b0042ebbdfbcb0mr11120942qtk.46.1709568834834; Mon, 04 Mar 2024 08:13:54 -0800 (PST)
MIME-Version: 1.0
References: <CAG2Zi23iR68MTLnW-onPhfq4rKmeYqgdsE4h_nem2iWFrVLqdw@mail.gmail.com>
In-Reply-To: <CAG2Zi23iR68MTLnW-onPhfq4rKmeYqgdsE4h_nem2iWFrVLqdw@mail.gmail.com>
From: Christopher Patton <cpatton@cloudflare.com>
Date: Mon, 04 Mar 2024 08:13:44 -0800
Message-ID: <CAG2Zi231jVNBvN7vZ6Uz2uTLd7JyS2-hpERUYrkQf1w-KxJtCQ@mail.gmail.com>
To: ppm <ppm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001eb1da0612d80389"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ppm/0qi3w7MagMNPDObHE4bj9HREb14>
Subject: [Ppm] Fwd: Next steps for heavy hitters with VDAFs
X-BeenThere: ppm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Preserving Measurement technologies <ppm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ppm>, <mailto:ppm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ppm/>
List-Post: <mailto:ppm@ietf.org>
List-Help: <mailto:ppm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ppm>, <mailto:ppm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 16:14:01 -0000

Hi all, I'm cross-posting this message to the CFRG mailing list in the
hopes that folks who would like to implement heavy hitters in DAP will
weigh in. We definitely end to hear from implementers and potential
adopters.

Thanks,
Chris P.

---------- Forwarded message ---------
From: Christopher Patton <cpatton@cloudflare.com>
Date: Mon, Mar 4, 2024 at 8:07 AM
Subject: Next steps for heavy hitters with VDAFs
To: CFRG <cfrg@irtf.org>


Hi CFRG,

I've asked the chairs to spend some time at 119 discussing next steps for
Mastic:
https://datatracker.ietf.org/doc/html/draft-mouris-cfrg-mastic-02

The ideal outcome may not be to adopt this draft directly, but to merge it
with the existing VDAF draft (draft-irtf-cfrg-vdaf). Our goal for 119 is to
find consensus on a path forward.

Last time (118) we presented Mastic, a new VDAF that we pitched as a
drop-in replacement for Poplar1 (
https://datatracker.ietf.org/meeting/118/materials/slides-118-cfrg-mastic-vdaf).
Since the meeting we have been working on security analysis for Mastic.
The theorems in this paper claim that Mastic's composition of its
primitives (VIDPF, an extension of IDPF from draft-irtf-cfrg-vdaf) and FLP
(from draft-irtf-cfrg-vdaf) into a VDAF is secure. The concrete parameters
of VIDPF and FLP are subject to change as analysis continues, but the
overall composition seems to be sound:
https://eprint.iacr.org/2024/221

Mastic is also more efficient in terms of round complexity, is easier to
implement securely, and addresses use cases identified in the PPM WG for
which Poplar1 falls short. Overall, Mastic reflects improvements that have
been made to this paradigm (i.e., function secret sharing for heavy
hitters) since the Poplar paper appeared three years ago (
https://eprint.iacr.org/2021/017). The only potential advantage of Poplar1
is that, once we finalize the parameters of VIDPF, it may end up having a
lower bandwidth cost (at most 50% more, I suspect). However, speaking as an
implementer, the lower round complexity of Mastic over Poplar1 makes it the
far better option.

We (the Mastic designers) would like the CFRG to consider the following
outcomes:
1. Replace Poplar1 with Mastic in the base VDAF draft (draft-irtf-cfrg
-vdaf).
2. Adopt the Mastic draft (draft-mourics-cfrg-mastic) and remove Poplar1
from the base draft.
3. Adopt the Mastic draft, but keep Poplar1 in the base draft.
4. Refactor the base draft so that it spells only the VDAF framework, adopt
the Mastic draft, and adopt a new draft for Prio3. Note that there is one
primitive (FLP) that would be shared by both Mastic and Prio3.

Here are the main considerations we've heard while getting feedback on this
question.
a. Since the PPM WG can't finish its work until the base VDAF draft is
done, we should do everything we can to minimize time to RFC.
b. Recommending two protocols (Poplar1 and Mastic) for the same use case
(heavy hitters) is probably not a good idea, especially if one is clearly
superior to the other.
c. If we remove Poplar1, then we could consider restricting the VDAF syntax
to 1 round for preparation.
d. The base draft should use all features of the VDAF framework.
e. Poplar1 involves an MPC paradigm called "arithmetic sketching" (
https://eprint.iacr.org/2023/1012) that may be useful for future VDAFs and
thus worth specifying.

Thanks for your time and we're looking forward to 119,
Chris P.

v2.23.0 | Report a Bug | By Email