Changes between Version 4 and Version 5 of org/meetings/2018Rome/Notes/PrivCountInTor


Ignore:
Timestamp:
Mar 18, 2018, 1:37:11 PM (10 months ago)
Author:
arma
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2018Rome/Notes/PrivCountInTor

    v4 v5  
    3838Discussion topics:
    3939
    40 * Malicious input from a relay can mess up the outputted answer,
    41 but can't mess up the privacy properties of the protocol. One way to solve
    42 the malicious input concern is to split relays up into groups, and then
    43 you need a malicious relay in each group. We do plan to do this multiple
    44 randomized groups design. We'll need shared randomness for this step. So
    45 we will need to coordinate the timing of privcount phases to use the SRV
    46 that the consensus provides. Needs more design work.
     40* Malicious input from a relay can mess up the outputted answer, but can't mess up the privacy properties of the protocol. One way to solve the malicious input concern is to split relays up into groups, and then you need a malicious relay in each group. We do plan to do this multiple randomized groups design. We'll need shared randomness for this step. So we will need to coordinate the timing of privcount phases to use the SRV that the consensus provides. Needs more design work.
    4741
    48 * What analysis would be useful for the metrics team to do, now, to
    49 help privcount become what it should be?
     42* What analysis would be useful for the metrics team to do, now, to help privcount become what it should be?
    5043Examples:
    5144  * how often flags change in a 24 hour period
     
    5346    properties for each partition
    5447
    55 * What kind of metrics data would this system be useful for? Not all
    56 metrics needs fit into what privcount can do ("add integers, subtract
    57 integers, and that's it").
     48* What kind of metrics data would this system be useful for? Not all metrics needs fit into what privcount can do ("add integers, subtract integers, and that's it").
    5849
    59 * Nowadays there are not-too-terrible libraries that do full MPC. It is
    60 not totally ridiculous to imagine using full MPC (to compute any function
    61 we want) at some point in the future.
     50* Nowadays there are not-too-terrible libraries that do full MPC. It is not totally ridiculous to imagine using full MPC (to compute any function we want) at some point in the future.
    6251
    63 (The protocol has versioning in it, so if we want to update the protocol to
    64 something smarter later, we can do so.)
     52(The protocol has versioning in it, so if we want to update the protocol to something smarter later, we can do so.)
    6553
    66 * So we plan to evaluate all of the statistics we do right now, and move
    67 some of those to Privcount? Yes.
    68 Actually we should choose among three options: (a) keep as is,
    69 (b) move to Privcount, or (c) drop because it's too scary to keep.
     54* So we plan to evaluate all of the statistics we do right now, and move some of those to Privcount? Yes.
     55Actually we should choose among three options: (a) keep as is, (b) move to Privcount, or (c) drop because it's too scary to keep.
    7056
    71 For example of current stats that we will want to either move or
    72 drop: exit statistics, split up by ports.
     57For example of current stats that we will want to either move or drop: exit statistics, split up by ports.
    7358
    74 A stat Nick wants: learn how many protocolwarnings lines (of each type)
    75 happen at each relay, to get a global picture of trends in protocol
    76 violations.
     59A stat Nick wants: learn how many protocolwarnings lines (of each type) happen at each relay, to get a global picture of trends in protocol violations.
    7760
    7861== Data Flow ==