IETF Logo Mail Archive

Re: [Ppm] Next steps for heavy hitters with VDAFs

Christopher Patton <cpatton@cloudflare.com> Tue, 05 March 2024 01:20 UTC

Return-Path: <cpatton@cloudflare.com>
X-Original-To: ppm@ietfa.amsl.com
Delivered-To: ppm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B42FC1C4DBF for <ppm@ietfa.amsl.com>; Mon, 4 Mar 2024 17:20:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QzZYm9OgK43Y for <ppm@ietfa.amsl.com>; Mon, 4 Mar 2024 17:20:21 -0800 (PST)
Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08354C18DBAB for <ppm@ietf.org>; Mon, 4 Mar 2024 17:20:20 -0800 (PST)
Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-607c5679842so51620277b3.2 for <ppm@ietf.org>; Mon, 04 Mar 2024 17:20:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1709601620; x=1710206420; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Wt/NxgRs31/paDtjUUdw4jKKHWyHvUlVoSa9IcBcN54=; b=O/FdIdeG/HJUwrIthdxXzqjoFi92h/eT4XFZYbYeKrFNY6H+fDK9j8rQ6997aj+Ycd h07Lb7Lo49/ewx91DXwg2ozxyMHzsT/ACIpChr7EQ1+v16kWpA3Ss9a0g/NzLwjcJXSl tPPt9N4qh29mXAB82xpPFgV6qVFBzq5Jm9ITWp2q5M2q86TKANWuQIlH26wDin9zXG/Z rYuPwbPr9pm+Q0InPE2jFlwdQObZBAqZiCZ4RCUxktpMAeGI4g3Xh3YSeoWaBVD4n8gw 7hUFUBhH12J2S4RdM/BcRAHGvbGG6SH7RPtgHD9QCMpfIUsC5jVKmiQkRvWbDc0RVIE2 M9CQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709601620; x=1710206420; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Wt/NxgRs31/paDtjUUdw4jKKHWyHvUlVoSa9IcBcN54=; b=SsCp4G5GSTjFtfAFTqHsvrnGZANF5eSCJKuYEGIgiU6aF0jIC83dVqc+mTWCqBj10R t8LGukzAFM8ulrDbe4WQtBWSm/Kzi0Od4PsRdPwElQ3fILJ0ERTF1gFJm/W/P1ktzkW+ nB4mSjVPzsraHxqOA+3D0zjmUScu13XOnCgbmrPmIO5hJYOiXiY2dZ9lTdZ/nNJ/2zr5 Yk1td9iqYnqaUd08NRYwZhhYd6U0U3NSKSqa1gHTX+RHK8wcubaTe8YAlkZkh3RCz6F4 bq5LqUz/IIPAiIhfvMi4kJFP8BRF+dgyveY+fdiyzS/SuEnE59uKzEwvUCLk/WUnlo3n k8ZQ==
X-Gm-Message-State: AOJu0YxrB3Vtss//kSgvunp0vF0w7L0upRmE3NzxbnJBDpV11Bqb7DvB SdNXc5vJEC3+T/cCOHvFlEaiUbWrCGeET3XYgJ5Ps8I9er75T4oQJWdeAyiaVr97rDe2mDb1rVo bFCCby4C5runL7Cn/yLF4jIsVP2Kil8F1u7YenQ==
X-Google-Smtp-Source: AGHT+IH5bn3ba1kx7LOnzKrJ8ue61CF4hPMZcnTZYd4JnK8XVwFHHjsj9ypj4EOS3NWOhG1vl+spW+2wj69VGHOMpQo=
X-Received: by 2002:a0d:d746:0:b0:609:82fc:7ad3 with SMTP id z67-20020a0dd746000000b0060982fc7ad3mr10652172ywd.13.1709601619759; Mon, 04 Mar 2024 17:20:19 -0800 (PST)
MIME-Version: 1.0
References: <CAG2Zi23iR68MTLnW-onPhfq4rKmeYqgdsE4h_nem2iWFrVLqdw@mail.gmail.com> <CAG2Zi231jVNBvN7vZ6Uz2uTLd7JyS2-hpERUYrkQf1w-KxJtCQ@mail.gmail.com> <23E40649-8967-445D-91AC-EAEA4EDFCB40@apple.com>
In-Reply-To: <23E40649-8967-445D-91AC-EAEA4EDFCB40@apple.com>
From: Christopher Patton <cpatton@cloudflare.com>
Date: Mon, 04 Mar 2024 17:20:01 -0800
Message-ID: <CAG2Zi23uD_dcGtetFehBVmUPbG5ygr3VAwscfCp5qcWm9+BfHQ@mail.gmail.com>
To: Shan Wang <shan_wang=40apple.com@dmarc.ietf.org>
Cc: ppm <ppm@ietf.org>, cfrg@irtf.org
Content-Type: multipart/alternative; boundary="0000000000004166d80612dfa5f7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ppm/9m5r9ZEVI4CC1JaGSIUU5CAmS3Q>
Subject: Re: [Ppm] Next steps for heavy hitters with VDAFs
X-BeenThere: ppm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Preserving Measurement technologies <ppm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ppm>, <mailto:ppm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ppm/>
List-Post: <mailto:ppm@ietf.org>
List-Help: <mailto:ppm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ppm>, <mailto:ppm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 01:20:25 -0000

Thanks PPM and CFRG, this has been helpful.

So far it seems like there is a plurality in favor of adopting a separate
draft for Mastic and only consider dropping Poplar1 once we're more certain
about the trade-offs. It would be nice to hear from anyone who is strongly
opposed to this plan.

One concern that's been brought up is the editorial effort required to
maintain both. Speaking as an editor of both Mastic and Poplar1, I think
there is likely to be some duplicative effort here: most of the low level
algorithmic bits these protocols have in common (i.e., IDPF) have been
stable for some time, but there are also some evolving security
considerations that apply to both (around safe usage of IDPF). I also
expect there to be some security considerations that apply to Poplar1, but
not Mastic.

Chris P.

On Mon, Mar 4, 2024 at 2:33 PM Shan Wang <shan_wang=
40apple.com@dmarc.ietf.org> wrote:

> I'm in favour of either
> 1. Replace Poplar1 with Mastic in the base VDAF draft
> (draft-irtf-cfrg-vdaf).
> Or
> 4. Refactor the base draft so that it spells only the VDAF framework,
> adopt the Mastic draft, and adopt a new draft for Prio3.
>
> If we do 4. The we can cut an individual Poplar RFC too and anyone have
> implemented Poplar1 can refer to that standard.
>
> In my opinion, VDAF should define a common framework. We will have more
> algorithms in the future and they should be cut as individual drafts that's
> compatible with VDAF, rather than part of the VDAF text itself.
>
> Shan
>
>
> On 4 Mar 2024, at 16:13, Christopher Patton <cpatton=
> 40cloudflare.com@dmarc.ietf.org> wrote:
>
> Hi all, I'm cross-posting this message to the CFRG mailing list in the
> hopes that folks who would like to implement heavy hitters in DAP will
> weigh in. We definitely end to hear from implementers and potential
> adopters.
>
> Thanks,
> Chris P.
>
> ---------- Forwarded message ---------
> From: Christopher Patton <cpatton@cloudflare.com>
> Date: Mon, Mar 4, 2024 at 8:07 AM
> Subject: Next steps for heavy hitters with VDAFs
> To: CFRG <cfrg@irtf.org>
>
>
> Hi CFRG,
>
> I've asked the chairs to spend some time at 119 discussing next steps for
> Mastic:
> https://datatracker.ietf.org/doc/html/draft-mouris-cfrg-mastic-02
>
> The ideal outcome may not be to adopt this draft directly, but to merge it
> with the existing VDAF draft (draft-irtf-cfrg-vdaf). Our goal for 119 is
> to find consensus on a path forward.
>
> Last time (118) we presented Mastic, a new VDAF that we pitched as a
> drop-in replacement for Poplar1 (
> https://datatracker.ietf.org/meeting/118/materials/slides-118-cfrg-mastic-vdaf).
> Since the meeting we have been working on security analysis for Mastic.
> The theorems in this paper claim that Mastic's composition of its
> primitives (VIDPF, an extension of IDPF from draft-irtf-cfrg-vdaf) and
> FLP (from draft-irtf-cfrg-vdaf) into a VDAF is secure. The concrete
> parameters of VIDPF and FLP are subject to change as analysis continues,
> but the overall composition seems to be sound:
> https://eprint.iacr.org/2024/221
>
> Mastic is also more efficient in terms of round complexity, is easier to
> implement securely, and addresses use cases identified in the PPM WG for
> which Poplar1 falls short. Overall, Mastic reflects improvements that have
> been made to this paradigm (i.e., function secret sharing for heavy
> hitters) since the Poplar paper appeared three years ago (
> https://eprint.iacr.org/2021/017). The only potential advantage of
> Poplar1 is that, once we finalize the parameters of VIDPF, it may end up
> having a lower bandwidth cost (at most 50% more, I suspect). However,
> speaking as an implementer, the lower round complexity of Mastic over
> Poplar1 makes it the far better option.
>
> We (the Mastic designers) would like the CFRG to consider the following
> outcomes:
> 1. Replace Poplar1 with Mastic in the base VDAF draft (draft-irtf-cfrg
> -vdaf).
> 2. Adopt the Mastic draft (draft-mourics-cfrg-mastic) and remove Poplar1
> from the base draft.
> 3. Adopt the Mastic draft, but keep Poplar1 in the base draft.
> 4. Refactor the base draft so that it spells only the VDAF framework,
> adopt the Mastic draft, and adopt a new draft for Prio3. Note that there is
> one primitive (FLP) that would be shared by both Mastic and Prio3.
>
> Here are the main considerations we've heard while getting feedback on
> this question.
> a. Since the PPM WG can't finish its work until the base VDAF draft is
> done, we should do everything we can to minimize time to RFC.
> b. Recommending two protocols (Poplar1 and Mastic) for the same use case
> (heavy hitters) is probably not a good idea, especially if one is clearly
> superior to the other.
> c. If we remove Poplar1, then we could consider restricting the VDAF
> syntax to 1 round for preparation.
> d. The base draft should use all features of the VDAF framework.
> e. Poplar1 involves an MPC paradigm called "arithmetic sketching" (
> https://eprint.iacr.org/2023/1012) that may be useful for future VDAFs
> and thus worth specifying.
>
> Thanks for your time and we're looking forward to 119,
> Chris P.
> --
> Ppm mailing list
> Ppm@ietf.org
> https://www.ietf.org/mailman/listinfo/ppm
>
>
> --
> Ppm mailing list
> Ppm@ietf.org
> https://www.ietf.org/mailman/listinfo/ppm
>

v2.23.0 | Report a Bug | By Email