这是indexloc提供的服务,不要输入任何密码
Skip to content

Consider removing the type from k-anonymity checks #999

@martinthomson

Description

@martinthomson

According to the current explainer, clients submit k-anonymity requests (both Query and Join) as a tuple that comprises the type of thing that is being checked and the object that is being hashed.

A reason to keep types separate is so that different parameters can be applied to each request. Specifically values for set size ($k$), update period ($p$), lifetime ($w$), and privacy expenditure ($\varepsilon$). However, the documentation I can find only includes a single set of parameters.

A single profile would allow requests for different types of things to be made at the same time. Importantly, it would make it harder to distinguish between a requests that is merely refreshing the status of ads for future auctions or asking whether a report can be sent.

The easiest way to manage this is to simply move the type ($t$) from the outer container into the hashed object. This would also reduce the width of the server interface.

The effect of this is a reduction in the effective number of bits of collision resistance, but for the hashes we're talking about (256 bits of output) and the number of types in use (a handful), that reduction is meaningless.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions