forked from private-attribution/ipa
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add hybrid_protocol function, unimplemented (private-attribution#1375)
* add hybrid_protocol function, unimplemented * remove traitbounds for now, add them back as needed * update hybrid protocol comment * add comment about copy pasted BreakdownKey trait
- Loading branch information
1 parent
57e2c63
commit 631bfc3
Showing
2 changed files
with
127 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,79 @@ | ||
pub(crate) mod step; | ||
|
||
use crate::{ | ||
error::Error, | ||
ff::{ | ||
boolean_array::{BooleanArray, BA5, BA8}, | ||
U128Conversions, | ||
}, | ||
helpers::query::DpMechanism, | ||
protocol::{ | ||
context::{ShardedContext, UpgradableContext}, | ||
ipa_prf::{oprf_padding::PaddingParameters, shuffle::Shuffle}, | ||
}, | ||
report::hybrid::IndistinguishableHybridReport, | ||
secret_sharing::replicated::semi_honest::AdditiveShare as Replicated, | ||
}; | ||
|
||
// In theory, we could support (runtime-configured breakdown count) ≤ (compile-time breakdown count) | ||
// ≤ 2^|bk|, with all three values distinct, but at present, there is no runtime configuration and | ||
// the latter two must be equal. The implementation of `move_single_value_to_bucket` does support a | ||
// runtime-specified count via the `breakdown_count` parameter, and implements a runtime check of | ||
// its value. | ||
// | ||
// It would usually be more appropriate to make `MAX_BREAKDOWNS` an associated constant rather than | ||
// a const parameter. However, we want to use it to enforce a correct pairing of the `BK` type | ||
// parameter and the `B` const parameter, and specifying a constraint like | ||
// `BreakdownKey<MAX_BREAKDOWNS = B>` on an associated constant is not currently supported. (Nor is | ||
// supplying an associated constant `<BK as BreakdownKey>::MAX_BREAKDOWNS` as the value of a const | ||
// parameter.) Structured the way we have it, it probably doesn't make sense to use the | ||
// `BreakdownKey` trait in places where the `B` const parameter is not already available. | ||
// | ||
// These could be imported from src/protocl/ipa_prf/mod.rs | ||
// however we've copy/pasted them here with the intention of deleting that file [TODO] | ||
pub trait BreakdownKey<const MAX_BREAKDOWNS: usize>: BooleanArray + U128Conversions {} | ||
impl BreakdownKey<32> for BA5 {} | ||
impl BreakdownKey<256> for BA8 {} | ||
|
||
/// The Hybrid Protocol | ||
/// | ||
/// This protocol takes in a [`Vec<IndistinguishableHybridReport<BK, V>>`] | ||
/// and aggregates it into a summary report. `HybridReport`s are either | ||
/// impressions or conversion. The protocol joins these based on their matchkeys, | ||
/// sums the values from conversions grouped by the breakdown key on impressions. | ||
/// To accomplish this, hte protocol performs the follwoing steps | ||
/// 1. Generates a random number of "dummy records" (needed to mask the information that will | ||
/// be revealed in step 4, and thereby provide a differential privacy guarantee on | ||
/// that information leakage) | ||
/// 2. Shuffles the input | ||
/// 3. Computes an OPRF of these elliptic curve points and reveals this "pseudonym" | ||
/// 4. Groups together rows with the same OPRF and sums both the breakdown keys and values. | ||
/// 5. Generates a random number of "dummy records" (needed to mask the information that will | ||
/// be revealed in step 7) | ||
/// 6. Shuffles the input | ||
/// 7. Reveals breakdown keys | ||
/// 8. Sums the values by breakdown keys | ||
/// 9. Adds random noise to the total value for each breakdown key (to provide a | ||
/// differential privacy guarantee) | ||
/// | ||
/// # Errors | ||
/// Propagates errors from config issues or while running the protocol | ||
/// # Panics | ||
/// Propagates errors from config issues or while running the protocol | ||
pub async fn hybrid_protocol<'ctx, C, BK, V, HV, const SS_BITS: usize, const B: usize>( | ||
_ctx: C, | ||
input_rows: Vec<IndistinguishableHybridReport<BK, V>>, | ||
_dp_params: DpMechanism, | ||
_dp_padding_params: PaddingParameters, | ||
) -> Result<Vec<Replicated<HV>>, Error> | ||
where | ||
C: UpgradableContext + 'ctx + Shuffle + ShardedContext, | ||
BK: BreakdownKey<B>, | ||
V: BooleanArray + U128Conversions, | ||
HV: BooleanArray + U128Conversions, | ||
{ | ||
if input_rows.is_empty() { | ||
return Ok(vec![Replicated::ZERO; B]); | ||
} | ||
unimplemented!("protocol::hybrid::hybrid_protocol is not fully implemented") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters