Re: [Ppm] Fwd: Next steps for heavy hitters with VDAFs
Brandon Pitman <bran@divviup.org> Mon, 04 March 2024 17:36 UTC
Return-Path: <bran@divviup.org>
X-Original-To: ppm@ietfa.amsl.com
Delivered-To: ppm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72255C151095 for <ppm@ietfa.amsl.com>; Mon, 4 Mar 2024 09:36:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=divviup.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xljc4VQ9Vufu for <ppm@ietfa.amsl.com>; Mon, 4 Mar 2024 09:36:06 -0800 (PST)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 872FDC15106C for <ppm@ietf.org>; Mon, 4 Mar 2024 09:36:06 -0800 (PST)
Received: by mail-pg1-x52d.google.com with SMTP id 41be03b00d2f7-5d8b519e438so4456142a12.1 for <ppm@ietf.org>; Mon, 04 Mar 2024 09:36:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=divviup.org; s=google; t=1709573766; x=1710178566; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=291kxi/L6cHnhY+USkXubBy8VPVhzmAwimGSrp8WkT0=; b=awOVxsLcCwG4utpoT3zKZmPBb1EiP/G6Dh5JC9QTLgI5X5+MsOBFULu2goKcDaxlwR GA8W3BkwUTJPRELNn9ZWnPx90o7AAgqrx5nDtsMWPOZ7VRcAQUCXU87BXu6QIZ9w79qH butjQmc23piaYeYMClQva25uS6RnKPAkhsg1ugqQJEQSRi+vgS5/bkZ1iZL4OFXAaCEk hpatRxxz4cJZdAje+/TytGmx2Rd7wBnZZ0MWy/U7yqJsk7DvwQ19Fz3lCyWrpxFYg++0 icHh7InDtImC1y4DyajIuMzwFMZ8g5h7/H1Vz3vnh+B3fv3aPSUlTpLtM3FlK1P8BOaF JiEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709573766; x=1710178566; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=291kxi/L6cHnhY+USkXubBy8VPVhzmAwimGSrp8WkT0=; b=PgXFiBdKKYZeiqbTEzQTXCABEMZZ+lX52fa4aVHipA7V0GDbHOiv9BJ3JK4HxAOPY7 m4ahI6smt4/VyPCcyktNrQJXcVgx3HLYGMfSW2dI18ZUykFuLGP8Na5Dd/mEx+8tBSR4 2k0Lg0yox+P/0ifraxDevFtlOhb87gr3IICObncjPyI0k6FBAthK7k3qP7Ay3itTtRZs sQofE2ylX7WP1RiRN7u9VcZ5XyMcRR8mugzN5bcp4xbay8XP0t8lXDIzAGRf0OMks4Jj 8b520NT34XBs0Mjw24iaNTfqyw6HExQQOPgTBC2ZiB8PCsMlxPt3PMyPYa1wFIcBzt74 /cog==
X-Gm-Message-State: AOJu0YztuzHatl4ccq+ibojGIEb8RVC5aRHlky0M9eY4xFJ8uK5P5JUM fE71/npjjPclhoVh/mtmc56FIk6dHGQowgO9phNDHM5qobxSf83+OAILYNTiYKK+uwKTmtt5hD5 nA0TLxB+vMXJ9CXpbtrIrFSSEGrljiq+KHeO9kK100slKnzxI5Wo=
X-Google-Smtp-Source: AGHT+IHhAvOcdh1eoOiMAy6SgFHrg7V+Y7/1c2nuEw1yR8Nru2tfl159B3ZuF4ooDQu6iNrPQL3IfkI5WuT2UW7SnUc=
X-Received: by 2002:a17:90a:ae14:b0:29a:6086:a8f8 with SMTP id t20-20020a17090aae1400b0029a6086a8f8mr6916343pjq.16.1709573765934; Mon, 04 Mar 2024 09:36:05 -0800 (PST)
MIME-Version: 1.0
References: <CAG2Zi23iR68MTLnW-onPhfq4rKmeYqgdsE4h_nem2iWFrVLqdw@mail.gmail.com> <CAG2Zi231jVNBvN7vZ6Uz2uTLd7JyS2-hpERUYrkQf1w-KxJtCQ@mail.gmail.com>
In-Reply-To: <CAG2Zi231jVNBvN7vZ6Uz2uTLd7JyS2-hpERUYrkQf1w-KxJtCQ@mail.gmail.com>
From: Brandon Pitman <bran@divviup.org>
Date: Mon, 04 Mar 2024 09:35:55 -0800
Message-ID: <CALbTCT3W=JJFSZBOjs2pwiSnyUEwS4ur8roknRrbQUAf8QQG9w@mail.gmail.com>
To: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>
Cc: ppm <ppm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000954d50612d92928"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ppm/i2hZXAH04UK4aumxwSstS96b_Zg>
Subject: Re: [Ppm] Fwd: Next steps for heavy hitters with VDAFs
X-BeenThere: ppm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Preserving Measurement technologies <ppm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ppm>, <mailto:ppm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ppm/>
List-Post: <mailto:ppm@ietf.org>
List-Help: <mailto:ppm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ppm>, <mailto:ppm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 17:36:10 -0000
As a DAP implementor, I am in favor of simplifying DAP/VDAF as much as possible. With that in mind, I am in favor of removing Poplar1 in favor of Mastic (i.e. any of outcomes #1, #2, or #4 -- I am agnostic on which of these is the better course, but I suppose #2 is likely to require the least amount of editorial work, though it might be useful to maintain one or multiple concrete VDAFs in the VDAF draft itself). I do not see a reason to maintain two VDAFs which solve roughly the same problem if one of them is superior to the other, and I agree that lowered round complexity is a compelling argument for Mastic. If we can conclude that Mastic is practically superior to Poplar1, IMO we should remove Poplar1. Also: > c. If we remove Poplar1, then we could consider restricting the VDAF syntax to 1 round for preparation. I agree; the DAP specification & DAP implementations would be considerably simplified if we were to restrict to 1-round VDAFs. There is quite a bit of state-tracking complexity involved in multi-round VDAF handling which could be dropped entirely in a single-round world. Unless there is a concrete multi-round VDAF providing a great deal of value to the DAP/VDAF ecosystem, I think this would be a very worthwhile change. If restricting VDAF to a single round is considered controversial, another option would be to restrict DAP to single-round VDAFs instead. Thanks, Brandon On Mon, Mar 4, 2024 at 8:14 AM Christopher Patton <cpatton= 40cloudflare.com@dmarc.ietf.org> wrote: > Hi all, I'm cross-posting this message to the CFRG mailing list in the > hopes that folks who would like to implement heavy hitters in DAP will > weigh in. We definitely end to hear from implementers and potential > adopters. > > Thanks, > Chris P. > > ---------- Forwarded message --------- > From: Christopher Patton <cpatton@cloudflare.com> > Date: Mon, Mar 4, 2024 at 8:07 AM > Subject: Next steps for heavy hitters with VDAFs > To: CFRG <cfrg@irtf.org> > > > Hi CFRG, > > I've asked the chairs to spend some time at 119 discussing next steps for > Mastic: > https://datatracker.ietf.org/doc/html/draft-mouris-cfrg-mastic-02 > > The ideal outcome may not be to adopt this draft directly, but to merge it > with the existing VDAF draft (draft-irtf-cfrg-vdaf). Our goal for 119 is > to find consensus on a path forward. > > Last time (118) we presented Mastic, a new VDAF that we pitched as a > drop-in replacement for Poplar1 ( > https://datatracker.ietf.org/meeting/118/materials/slides-118-cfrg-mastic-vdaf). > Since the meeting we have been working on security analysis for Mastic. > The theorems in this paper claim that Mastic's composition of its > primitives (VIDPF, an extension of IDPF from draft-irtf-cfrg-vdaf) and > FLP (from draft-irtf-cfrg-vdaf) into a VDAF is secure. The concrete > parameters of VIDPF and FLP are subject to change as analysis continues, > but the overall composition seems to be sound: > https://eprint.iacr.org/2024/221 > > Mastic is also more efficient in terms of round complexity, is easier to > implement securely, and addresses use cases identified in the PPM WG for > which Poplar1 falls short. Overall, Mastic reflects improvements that have > been made to this paradigm (i.e., function secret sharing for heavy > hitters) since the Poplar paper appeared three years ago ( > https://eprint.iacr.org/2021/017). The only potential advantage of > Poplar1 is that, once we finalize the parameters of VIDPF, it may end up > having a lower bandwidth cost (at most 50% more, I suspect). However, > speaking as an implementer, the lower round complexity of Mastic over > Poplar1 makes it the far better option. > > We (the Mastic designers) would like the CFRG to consider the following > outcomes: > 1. Replace Poplar1 with Mastic in the base VDAF draft (draft-irtf-cfrg > -vdaf). > 2. Adopt the Mastic draft (draft-mourics-cfrg-mastic) and remove Poplar1 > from the base draft. > 3. Adopt the Mastic draft, but keep Poplar1 in the base draft. > 4. Refactor the base draft so that it spells only the VDAF framework, > adopt the Mastic draft, and adopt a new draft for Prio3. Note that there is > one primitive (FLP) that would be shared by both Mastic and Prio3. > > Here are the main considerations we've heard while getting feedback on > this question. > a. Since the PPM WG can't finish its work until the base VDAF draft is > done, we should do everything we can to minimize time to RFC. > b. Recommending two protocols (Poplar1 and Mastic) for the same use case > (heavy hitters) is probably not a good idea, especially if one is clearly > superior to the other. > c. If we remove Poplar1, then we could consider restricting the VDAF > syntax to 1 round for preparation. > d. The base draft should use all features of the VDAF framework. > e. Poplar1 involves an MPC paradigm called "arithmetic sketching" ( > https://eprint.iacr.org/2023/1012) that may be useful for future VDAFs > and thus worth specifying. > > Thanks for your time and we're looking forward to 119, > Chris P. > -- > Ppm mailing list > Ppm@ietf.org > https://www.ietf.org/mailman/listinfo/ppm >
- [Ppm] Fwd: Next steps for heavy hitters with VDAFs Christopher Patton
- Re: [Ppm] Fwd: Next steps for heavy hitters with … Brandon Pitman
- Re: [Ppm] Fwd: Next steps for heavy hitters with … Simon Friedberger
- Re: [Ppm] Fwd: Next steps for heavy hitters with … Syed Suleman Ahmad
- Re: [Ppm] Fwd: Next steps for heavy hitters with … Eric Rescorla
- Re: [Ppm] Fwd: Next steps for heavy hitters with … Christopher Patton
- Re: [Ppm] Next steps for heavy hitters with VDAFs Shan Wang
- Re: [Ppm] Next steps for heavy hitters with VDAFs Christopher Patton
- Re: [Ppm] [CFRG] Next steps for heavy hitters wit… Eric Rescorla
- Re: [Ppm] [CFRG] Next steps for heavy hitters wit… Christopher Patton
- Re: [Ppm] [CFRG] Next steps for heavy hitters wit… Christopher Patton