Changes between Version 8 and Version 9 of org/meetings/2018MexicoCity/Notes/PrivCountTechnical


Ignore:
Timestamp:
Oct 8, 2018, 4:34:23 AM (5 months ago)
Author:
teor
Comment:

Explain the other paper

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2018MexicoCity/Notes/PrivCountTechnical

    v8 v9  
    5353    - Need to re-implement sampling from a Gaussian distribution
    5454    - Use discrete Gaussian distribution, lattice-based cryptography implementations should have this, e.g. implementation of BV (Brakerski and Vaikuntanathan)
    55       - one alternative: [https://arxiv.org/abs/1303.6257 Sampling exactly from the normal distribution]
     55      - one alternative: [https://arxiv.org/abs/1303.6257 Sampling exactly from the normal distribution]
     56        - [http://exrandom.sourceforge.net/ Project page], [https://sourceforge.net/projects/exrandom/files/distrib/ tarballs], also implemented in MPFR as mpfr_nrandom
     57        - Algorithm D outputs Gaussian-distributed integers with standard deviation σ, using approximately (1/0.715)log,,2,,σ uniformly random bits per sample
     58        - Since our Gaussians will be scaled along with our counters, we will be sampling Gaussians with σ between 2^15^ and 2^60^, using approximately 21-84 bits per sample
     59        - This method sets the low bits of the Gaussian directly from the uniformly random input bits, much like [https://gitweb.torproject.org/torspec.git/tree/proposals/288-privcount-with-shamir.txt#n452 Appendix C of the PrivCount shamir spec]
    5660      - another alternative: [https://eprint.iacr.org/2013/383.pdf Lattice Signatures and Bimodal Gaussians]
    5761        - [http://bliss.di.ens.fr/ Original source code], [https://wiki.strongswan.org/projects/strongswan/wiki/BLISS production-grade C implementation]