[tor-bugs] #23147 [Core Tor/Tor]: prop280: Merge privcount-in-tor data collector backend implementation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 6 00:43:57 UTC 2017
#23147: prop280: Merge privcount-in-tor data collector backend implementation
--------------------------+------------------------------------
Reporter: nickm | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: SponsorQ
--------------------------+------------------------------------
Comment (by teor):
Replying to [comment:2 teor]:
> T2. `sample_unit_gaussian()` can't use both `r * sin(theta)` and `r *
cos(theta)` unless they are independent samples. And I'm not sure if they
are.
In order to guarantee differential privacy, we need to:
* sample at the scale of the noise (not unit scale)
* add the noise to the signal
* round the noisy signal
This is the "snapping" mitigation from "On Significance of the Least
Significant Bits For Differential Privacy" by Ilya Mironov
https://pdfs.semanticscholar.org/2f2b/7a0d5000a31f7f0713a3d20919f9703c9876.pdf
I think we're ok here, because the results are the same as the ones we'd
get by snapping.
But if there's a transform that takes stddev and yields more precision, we
should probably use it (rather than just multiplying `stddev * r *
sin(theta)`).
See also https://trac.torproject.org/projects/tor/ticket/23061#comment:33
for the output values from this function (if it used
crypto_rand_double()).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23147#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list