-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/12/14 14:31, A. Johnson wrote: >> Can you be more explicit with regard to privacy guarantees of the >> obfuscation schema that is currently implemented: 1) binning, >> 2) add Laplace noise, 3) no second binning. > > I’ll discuss this in terms of attacks on the stats of the number > of HS descriptors. > > Binning: Suppose an adversary knows that the number of HS > descriptors stays constant over a week. He knows when all > descriptors are being published except for one. By binning he won’t > know when that one is published unless the number of other > descriptors exactly fills a bin. > > Laplace noise: To provide cover in the case that all other > descriptors exactly fill a bin, we add some noise so that > sometimes an adjacent bin is reported instead, or (less likely) a > bin two distant, etc. Then the adversary can’t immediately know > whether an unknown descriptor is indeed published in any given > period. However, he can eventually figure this out by making enough > observations and looking at the resulting empirical distribution. > But it’s better than not protecting it at all.
Sounds good. George, maybe these explanations should go into the proposal, too. >> If you think 3) should be changed, can you explain why that >> leads to better privacy guarantees? > > I don’t think that 3 should be changed, but if you removed it, it > wouldn't affect the privacy argument. > >> I can see how the Laplace distribution doesn't add much noise to >> the second case. And your suggestion is to change the second >> delta_f to 8? > > Yes. Great. Changed the second delta_f to 8 in the code, and I think George will change it in the proposal. Thanks! All the best, Karsten -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJUia4mAAoJEJd5OEYhk8hImnYIAJD/TLsTRhL5UGYEMBoOnq+X gcOzVhrEg+fTHm1a6YSHPn0iPZvTDmg3w97XXl/IZg5L4Y84AAcHeuT6EXkmATT5 V52w5A1fdzOQ4Ef3f6wL0ZNPPG3qsFdv+nNRiiOuI1ASb0+5ML7hdU033up8l1zB 7CocU5rgACy2a6DMHPn4wPmXjlCPYcQ3ZUr/1xts63vxfQFes/D2ynUVEk6I/IUO YVz62WBg857RXWn8eIsdCF6TkRAJetyiIijPe5+Gs8r7XT+btINg7mS9SDynBWOB ee34vz/VqeczrAZZwq+yNTjENbsJCtyM5U8zHAiYarGnACmAYy50nnofhPjQ1/I= =3F1E -----END PGP SIGNATURE----- _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
