IETF Logo Mail Archive

Re: [Ppm] Next steps for heavy hitters with VDAFs

Shan Wang <shan_wang@apple.com> Mon, 04 March 2024 22:33 UTC

Return-Path: <shan_wang@apple.com>
X-Original-To: ppm@ietfa.amsl.com
Delivered-To: ppm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79F09C18DB86 for <ppm@ietfa.amsl.com>; Mon, 4 Mar 2024 14:33:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0M3NQiWmKDLi for <ppm@ietfa.amsl.com>; Mon, 4 Mar 2024 14:33:29 -0800 (PST)
Received: from hfd-mx02.apple.com (hfd-mx02.apple.com [17.132.100.1]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E74CC18DBA9 for <ppm@ietf.org>; Mon, 4 Mar 2024 14:33:29 -0800 (PST)
Received: from vb11p01nt-mtap02.apple.com (vb11p01nt-mtap02.apple.com [100.84.70.82]) by am11p01nt-mxp02.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S9U01H05HBI4P00@am11p01nt-mxp02.apple.com> for ppm@ietf.org; Mon, 04 Mar 2024 22:33:28 +0000 (GMT)
X-Proofpoint-ORIG-GUID: ms2n9yRV2G_Top3Y_0xHzCmRd6kW8EJW
X-Proofpoint-GUID: ms2n9yRV2G_Top3Y_0xHzCmRd6kW8EJW
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-04_18,2024-03-04_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 bulkscore=0 suspectscore=0 malwarescore=0 mlxscore=0 spamscore=0 mlxlogscore=999 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2403040176
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=ZzMHZcydq0EDcrHQSkVMIf86cdt5K9k2AG4mDTtEiLE=; b=UadFOwbFW8XxsYNymlemmYkf/OhR38EWBhk9d2dDN9G6tzdohZMo20XU9wrSqR6ljvIk V7H6WKaIGUvvCNjwQ3gjN71pEK/48ZB+54e8IjQU6lSl8ZIXLF9t+AQAAvScWJNkY0QW JozCbvpdGS8h4ULMH5n52yIcYoqHcfcDlxsu5nrL6e4YG3Dx0jlxTRbEfChL/VADZ6Pk yzpji0XSNze5I+XmQM/EiaARTkYE/sH1ON6pkeRRbtbbdpFHatZTvN4mVTrUajUuY+vn CkXjZNJjKJ9tGQEQtnCXPOGzkDhMFpBFx9nyERKQFi5pSTeEvHImpSzmoAOXjlQawxRh nw==
Received: from am11p01nt-mmpp04.apple.com (am11p01nt-mmpp04.apple.com [100.85.69.165]) by vb11p01nt-mtap02.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S9U00JPMHBITC10@vb11p01nt-mtap02.apple.com>; Mon, 04 Mar 2024 22:33:18 +0000 (GMT)
Received: from process_milters-daemon.am11p01nt-mmpp04.apple.com by am11p01nt-mmpp04.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0S9U01T00H0PZ100@am11p01nt-mmpp04.apple.com>; Mon, 04 Mar 2024 22:33:18 +0000 (GMT)
X-Va-A:
X-Va-T-CD: 4d9400d6a1b3ad2a1b95138edef86a27
X-Va-E-CD: 1f11a7ac6ea22a4a065a5d9a7fddb011
X-Va-R-CD: fce8e1046aeec5d5378d8d686f31a17c
X-Va-ID: 9a5d6c78-da39-4634-8ecc-68c34967fea3
X-Va-CD: 0
X-V-A:
X-V-T-CD: 4d9400d6a1b3ad2a1b95138edef86a27
X-V-E-CD: 1f11a7ac6ea22a4a065a5d9a7fddb011
X-V-R-CD: fce8e1046aeec5d5378d8d686f31a17c
X-V-ID: 5ace4f6c-f7bc-4553-8e63-86fbc3066768
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-04_18,2024-03-04_01,2023-05-22_02
Received: from smtpclient.apple ([17.232.74.196]) by am11p01nt-mmpp04.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0S9U01T0OHBCC500@am11p01nt-mmpp04.apple.com>; Mon, 04 Mar 2024 22:33:13 +0000 (GMT)
From: Shan Wang <shan_wang@apple.com>
Message-id: <23E40649-8967-445D-91AC-EAEA4EDFCB40@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_236D7E74-6CF3-4997-8263-7862D6090808"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.200.91.1.1\))
Date: Mon, 04 Mar 2024 22:33:02 +0000
In-reply-to: <CAG2Zi231jVNBvN7vZ6Uz2uTLd7JyS2-hpERUYrkQf1w-KxJtCQ@mail.gmail.com>
Cc: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>
To: ppm <ppm@ietf.org>, cfrg@irtf.org
References: <CAG2Zi23iR68MTLnW-onPhfq4rKmeYqgdsE4h_nem2iWFrVLqdw@mail.gmail.com> <CAG2Zi231jVNBvN7vZ6Uz2uTLd7JyS2-hpERUYrkQf1w-KxJtCQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.200.91.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ppm/_FzqzCxHsPnI7Cx9a4HhpX2mlC4>
Subject: Re: [Ppm] Next steps for heavy hitters with VDAFs
X-BeenThere: ppm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Preserving Measurement technologies <ppm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ppm>, <mailto:ppm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ppm/>
List-Post: <mailto:ppm@ietf.org>
List-Help: <mailto:ppm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ppm>, <mailto:ppm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 22:33:33 -0000

I'm in favour of either
1. Replace Poplar1 with Mastic in the base VDAF draft (draft-irtf-cfrg-vdaf).
Or 
4. Refactor the base draft so that it spells only the VDAF framework, adopt the Mastic draft, and adopt a new draft for Prio3. 

If we do 4. The we can cut an individual Poplar RFC too and anyone have implemented Poplar1 can refer to that standard.

In my opinion, VDAF should define a common framework. We will have more algorithms in the future and they should be cut as individual drafts that's compatible with VDAF, rather than part of the VDAF text itself.

Shan


> On 4 Mar 2024, at 16:13, Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org> wrote:
> 
> Hi all, I'm cross-posting this message to the CFRG mailing list in the hopes that folks who would like to implement heavy hitters in DAP will weigh in. We definitely end to hear from implementers and potential adopters.
> 
> Thanks,
> Chris P.
> 
> ---------- Forwarded message ---------
> From: Christopher Patton <cpatton@cloudflare.com <mailto:cpatton@cloudflare.com>>
> Date: Mon, Mar 4, 2024 at 8:07 AM
> Subject: Next steps for heavy hitters with VDAFs
> To: CFRG <cfrg@irtf.org <mailto:cfrg@irtf.org>>
> 
> 
> Hi CFRG,
> 
> I've asked the chairs to spend some time at 119 discussing next steps for Mastic:
> https://datatracker.ietf.org/doc/html/draft-mouris-cfrg-mastic-02
> 
> The ideal outcome may not be to adopt this draft directly, but to merge it with the existing VDAF draft (draft-irtf-cfrg-vdaf). Our goal for 119 is to find consensus on a path forward.
> 
> Last time (118) we presented Mastic, a new VDAF that we pitched as a drop-in replacement for Poplar1 (https://datatracker.ietf.org/meeting/118/materials/slides-118-cfrg-mastic-vdaf). Since the meeting we have been working on security analysis for Mastic.  The theorems in this paper claim that Mastic's composition of its primitives (VIDPF, an extension of IDPF from draft-irtf-cfrg-vdaf) and FLP (from draft-irtf-cfrg-vdaf) into a VDAF is secure. The concrete parameters of VIDPF and FLP are subject to change as analysis continues, but the overall composition seems to be sound:
> https://eprint.iacr.org/2024/221
> 
> Mastic is also more efficient in terms of round complexity, is easier to implement securely, and addresses use cases identified in the PPM WG for which Poplar1 falls short. Overall, Mastic reflects improvements that have been made to this paradigm (i.e., function secret sharing for heavy hitters) since the Poplar paper appeared three years ago (https://eprint.iacr.org/2021/017). The only potential advantage of Poplar1 is that, once we finalize the parameters of VIDPF, it may end up having a lower bandwidth cost (at most 50% more, I suspect). However, speaking as an implementer, the lower round complexity of Mastic over Poplar1 makes it the far better option.
> 
> We (the Mastic designers) would like the CFRG to consider the following outcomes:
> 1. Replace Poplar1 with Mastic in the base VDAF draft (draft-irtf-cfrg-vdaf).
> 2. Adopt the Mastic draft (draft-mourics-cfrg-mastic) and remove Poplar1 from the base draft.
> 3. Adopt the Mastic draft, but keep Poplar1 in the base draft.
> 4. Refactor the base draft so that it spells only the VDAF framework, adopt the Mastic draft, and adopt a new draft for Prio3. Note that there is one primitive (FLP) that would be shared by both Mastic and Prio3.
> 
> Here are the main considerations we've heard while getting feedback on this question.
> a. Since the PPM WG can't finish its work until the base VDAF draft is done, we should do everything we can to minimize time to RFC.
> b. Recommending two protocols (Poplar1 and Mastic) for the same use case (heavy hitters) is probably not a good idea, especially if one is clearly superior to the other.
> c. If we remove Poplar1, then we could consider restricting the VDAF syntax to 1 round for preparation.
> d. The base draft should use all features of the VDAF framework.
> e. Poplar1 involves an MPC paradigm called "arithmetic sketching" (https://eprint.iacr.org/2023/1012) that may be useful for future VDAFs and thus worth specifying.
> 
> Thanks for your time and we're looking forward to 119,
> Chris P.
> -- 
> Ppm mailing list
> Ppm@ietf.org
> https://www.ietf.org/mailman/listinfo/ppm

v2.23.0 | Report a Bug | By Email