[Ppm] A new cryptographic primitive for streaming PPM applications
Xiangfu Song <bintasong@gmail.com> Tue, 23 December 2025 07:58 UTC
Return-Path: <bintasong@gmail.com>
X-Original-To: ppm@mail2.ietf.org
Delivered-To: ppm@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D5B559E37A6F for <ppm@mail2.ietf.org>; Mon, 22 Dec 2025 23:58:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id je0g_PY8B428 for <ppm@mail2.ietf.org>; Mon, 22 Dec 2025 23:58:28 -0800 (PST)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4DB019E37A68 for <ppm@ietf.org>; Mon, 22 Dec 2025 23:58:28 -0800 (PST)
Received: by mail-lj1-x22b.google.com with SMTP id 38308e7fff4ca-37bb8bef4cdso46372631fa.3 for <ppm@ietf.org>; Mon, 22 Dec 2025 23:58:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766476701; x=1767081501; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=TAmjXJveg6VrnLvRy2yfzN0GQtzPRoF9M6jGn+3Csio=; b=f6r4Ccf3XuS2JoXn/VlvLHXqZ7RE0Kl3f/IRmEYt1k/6UHZLfPPSR4LjJqn2GJa9HH B9NlFV/jH3HNe9IOUWeX4YOlLrfO4HlDI7h74cbMmLPCF758/lB/Y00kogg8Ol3RTWYp cRLk3ek8nr01Niqo2DsBco2ys/Toe0+hC/pnWzYAD5fWLwM7zQby4fmltpgak/hm1YVr v+Nx8p8opGA8g15CD2/JKD6CSfC1j0QTiQ+wbV0HgtCnri/mCcqI/3WX9jXXCuJsiI5b 5EE1P17CHjQKhcgbF9dGYrQ7aSh0jgdKea9ptFPVpo94FxCI0jkrS3hdVuF9l4XlEf5K CbtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766476701; x=1767081501; h=cc:to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=TAmjXJveg6VrnLvRy2yfzN0GQtzPRoF9M6jGn+3Csio=; b=JictLzciwWOYcOqVVK66q7kSug1WiHj40MMTPkPmPdz/HwXGYvadm3L4RAwsMBEADh xeoF4Bfquj6ULYcukphVoc871uYey4+3o8G3RmYqrvausV4vTRzk+0yxtHX55FLjs7mP hscOVriTcxdM/P87SQ5jmmsBQPffvEOWZ00BF8iaBJSpgQyaS5xZxeZP9ute4/iYdmO1 MIR38PZx9DXdoKG4NVqIFBL3GYpOoTW4YjrTXI60gcBOrxe883so+7XisZP23Do5ZuJ4 ikiu2DDYzGg62qfuXl9nDqKxRmyRX9p1bTl3vbNiQ9JjbWTwjMEQ1Ji9Br7gRJ/xdfB0 1g3g==
X-Gm-Message-State: AOJu0Yynx4aEYkfQ6TDGifoadh/lGvoC22LdWpt6fM+mOi9ZIq6BueBP fkGsJIBvSG3KDdP7EpkgtkguhBObk4SdTuNmp40F2St7DwWdowEfGaMdN4Y1CSAPHU50CRl8Pzq OP2gVXQM4ZX8BPFaNlzQ62H5VlnRhTV/b7A==
X-Gm-Gg: AY/fxX7nxqrtkq6zNEzH9xJ8zg1DMKIR91LR5lDFGtUXkxFY5IK8Hp7w44NvQuMIZp7 xbncmzy0RKQ+aS680bnRHqgcA3VmR3P2DmCdc8PRpQ+2KFi8HuhaPGuwM9Ji86575eWa5k/Vk4L uO18EBx12DCsyS7R09aLHsqfVpys2Efg+LUGHarXG2CLJZat8OxphbPpuO+endxPZpbucKYf4px sdU6qoVj0WEpB2EghmOJKi2AMK4jLhXrDRw5HE8xRhPDQyQ/qfNfjsXqOe7TW0yLEjG+OLgC5ra WGN4aA==
X-Google-Smtp-Source: AGHT+IEtEN2ReIt9pjHzHKqBCOKOnac1uaBU6X0iAHjzhDx7w4LDj6y9M+gdVPGHRQgnkqyXOjrgXhqX0iuLMQ9JHO4=
X-Received: by 2002:a2e:a986:0:b0:37f:af92:1c03 with SMTP id 38308e7fff4ca-381215ad097mr42576941fa.12.1766476700211; Mon, 22 Dec 2025 23:58:20 -0800 (PST)
MIME-Version: 1.0
From: Xiangfu Song <bintasong@gmail.com>
Date: Tue, 23 Dec 2025 15:58:08 +0800
X-Gm-Features: AQt7F2oAbl8S0VlZyHyPKyNgqAHXg0znJCK1ltJFD4XmLpPne3uuvv8abNEwjdQ
Message-ID: <CA+NVhYep9USVLsdBNBCJre0=MamUnQmRkN+LyL7=TFyw-zcTWw@mail.gmail.com>
To: ppm@ietf.org
Content-Type: multipart/alternative; boundary="000000000000385ef3064699e877"
Message-ID-Hash: 6N22K3CUWWOCGL5TMVL4WHKEX5VKTU43
X-Message-ID-Hash: 6N22K3CUWWOCGL5TMVL4WHKEX5VKTU43
X-MailFrom: bintasong@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Jianli Bai <baijianli0812@gmail.com>, Ye Dong <dongye@nus.edu.sg>, Yijian Liu <liuyijian@iie.ac.cn>, Yu Zhang <zhangyu1999@iie.ac.cn>, Xianhui Lu <luxianhui@iie.ac.cn>, "Zhang Tianwei (Asst Prof)" <tianwei.zhang@ntu.edu.sg>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Ppm] A new cryptographic primitive for streaming PPM applications
List-Id: Privacy Preserving Measurement technologies <ppm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ppm/Un2qRujhYHdTKen_1ijZtHbS2AA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ppm>
List-Help: <mailto:ppm-request@ietf.org?subject=help>
List-Owner: <mailto:ppm-owner@ietf.org>
List-Post: <mailto:ppm@ietf.org>
List-Subscribe: <mailto:ppm-join@ietf.org>
List-Unsubscribe: <mailto:ppm-leave@ietf.org>
Hi PPM, We (Xiangfu Song, Jianli Bai, Ye Dong, Yijian Liu, Yu Zhang, Xianhui Lu, Tianwei Zhang) would like to introduce our new work, streaming function secret sharing and its applications, which may be related to the ongoing PPM standardization. We understand that function secret sharing (FSS), such as distributed point function (DPF), serves as one of the underlying techniques in PPM. Commonly, a clients use FSS to encode its data as a function, shares the function using a pair of FSS keys, and distributes the FSS keys between two servers. After collecting keys from clients, the servers can compute aggregation using these keys. This is a common paradigm for applications such as Popular [1] and Mastic [2]. In short, FSS provides a mechanism to secret-share a function $f$ between the servers and allows the servers to non-interactively share $f(x)$ for any public $x$. This paradigm supports many useful applications as considered by PPM. Streaming Function Secret Sharing (SFSS) is a variant of FSS in the streaming setting, where messages are continuously sent, and secure computation tasks are repeatedly performed over incoming messages. SFSS allows a client to perform a *one-time* setup by distributing a pair of SFSS keys between the servers. Later, the client can send only a single ciphertext $c_j$ message, encrypting a streaming message $m_j$ in round $j$. By applying the SFSS keys over $c_j$ and any public $x$, the servers can share $f(x)*m_j$ non-interactively. We note that SFSS supports many streaming messages after a one-time key setup. Namely, the SFSS keys are *reusable* across many streaming messages. We find that SFSS would save significant communication for certain applications in the streaming setting because each SFSS streaming ciphertext is of constant size after the one-time SFSS key setup, while the FSS-based approach requires sending a fresh pair of keys for each message. For example, SFSS can extend the weighted/attribute-based aggregation in Mastic [2] to the streaming setting. We have more results on SFSS constructions and applications in our paper at https://eprint.iacr.org/2025/2304. We are looking forward to comments and feedback, and wish you a happy holiday. Best regards, Xiangfu Song Nanyang Technological University, Singapore. [1] Boneh, Dan, et al. "Lightweight techniques for private heavy hitters." 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 2021. [2] Mouris, Dimitris, et al. "Mastic: Private weighted heavy-hitters and attribute-based metrics." Proceedings on Privacy Enhancing Technologies (2025).
- [Ppm] A new cryptographic primitive for streaming… Xiangfu Song