From 0265c86b74c728059eb19f99adfc77983b5bb20e Mon Sep 17 00:00:00 2001 From: Erik Taubeneck Date: Thu, 24 Oct 2024 11:51:05 -0700 Subject: [PATCH 1/4] fix errors when building bikeshed --- api.bs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/api.bs b/api.bs index 9c5b4a9..47b1f2e 100644 --- a/api.bs +++ b/api.bs @@ -328,7 +328,7 @@ At [=conversion=] time, a [=conversion report=] is created. A conversion report is an encrypted histogram contribution that includes information from any [=impressions=] that the browser previously stored. -The measureConversion method accepts a simple query that is used +The measureConversion() method accepts a simple query that is used to tell the browser how to construct a [=conversion report=]. That includes a simple query that selects from the [=impressions=] that the browser has stored, @@ -514,7 +514,7 @@ The arguments to saveImpression() are as fo 1. If the private attribution API is enabled, save the impression to the [=impression store=]. -

saveImpression +

saveImpression() does not return a status indicating whether the impression was recorded. This minimizes the ability to detect when the Private Attribution API is [[#opt-out|disabled]. @@ -612,7 +612,7 @@ The arguments to measureConversion() are as

The maximum [=conversion value=] across all contributions included in the aggregation. Together with epsilon, this is used to calibrate the distribution of random noise that - will be added to the outcome. It is also used to determine the amount of [=privacy budget=] + will be added to the outcome. It is also used to determine the amount of [=privacy budget=] to expend on this [=conversion report=].
lookbackDays
@@ -623,8 +623,8 @@ The arguments to measureConversion() are as
A list of impression sites. Only [=impressions=] recorded where the top-level site is on this list are eligible to match this [=conversion=].
intermediarySites
- A list of sites which called the saveImpression() API. - Only [=impressions=] recorded by scripts originating from one of the intermediary sites + A list of sites which called the saveImpression() API. + Only [=impressions=] recorded by scripts originating from one of the intermediary sites are eligible to match this [=conversion=].
@@ -1241,7 +1241,7 @@ Strategies to prevent leakage include: * Fully validating all API inputs, even when the API is disabled. * Avoiding conditional logic. For example, - measureConversion + measureConversion() should always go through the full process of constructing a conversion report, even when the conversion value to be reported is zero. @@ -1253,7 +1253,7 @@ Although not part of the web platform, security of aggregation services is quite important to the overall security of the Private Attribution mechanism. [=Conversion reports=] -produced by measureConversion +produced by measureConversion() are encrypted to cryptographic key(s) of the aggregation service. Thus, much of the potential for disclosure of the information contained in these reports @@ -1388,7 +1388,7 @@ by the site receiving the conversion report. The Private Attribution API is available even in third-party contexts. In particular, a third-party iframe -may call saveImpression. +may call saveImpression(). Note, however, that the impression is recorded with the [=site=] of the top-level navigation context, not the [=origin=] of the iframe. From 8a464ce890163698e55fb16d0f109f6a58f9f060 Mon Sep 17 00:00:00 2001 From: Erik Taubeneck Date: Fri, 25 Oct 2024 09:32:42 -0700 Subject: [PATCH 2/4] Update README.md link to account for org move (#49) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5745f3c..ed96049 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ It is called attribution because it seeks to attribute value from an outcome (like someone buying stuff) to advertisements. -This repository contains [a specification](https://private-attribution.github.io/api) +This repository contains [a specification](https://patcg.github.io/ppa-api/) that describes an API that would be presented by a browser to websites. The specification contains all of the details. There is no explainer. From f199e2cbf22eb4fd907d1693b5aeb801b2bbe5de Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Thu, 31 Oct 2024 12:12:18 +1100 Subject: [PATCH 3/4] First cut of DAP/Prio integration I'm struggling with this one. Though this took long enough because bikeshed is annoying for a neophyte, it feels like this requires more detail. However, for a first cut, I think that this is enough. --- api.bs | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 118 insertions(+), 2 deletions(-) diff --git a/api.bs b/api.bs index 47b1f2e..cf653eb 100644 --- a/api.bs +++ b/api.bs @@ -868,12 +868,78 @@ if the user has opted out of collection of diagnostic data. An aggregation service takes multiple pieces of attribution information and produces an aggregate metric. -Each browser will have different requirements for aggregation. +User agent implementation will have different requirements for aggregation. +However, the aggregation process has some common elements. + +Firstly, user agents will need to be configured with, +or otherwise obtain, +information about the aggregation service. +This includes the aggregation methods that are supported +and any configuration that is required. + +Each aggregation method needs to define +how a histogram is: + +* prepared for aggregation, +* encrypted, +* annotated with any necessary metadata, and +* submitted to the aggregation service for aggregation. + +The aggregation method also needs to define +how the aggregated result is obtained by a site. ## Multi-Party Computation Aggregation ## {#mpc} -TODO +An aggregator that uses Multi-Party Computation (MPC) +comprises two or more independent services +that cooperate to compute a predefined function. + +The basic guarantee provided by MPC +is that only the defined outputs of a function, +plus well-defined leakage, +is revealed to any entity. +These guarantees hold only to the extent that +a subset of the entities that participate are honest. + +### Prio and DAP ### {#prio} + +The "prio3" aggregation method +uses Prio [[PRIO]] +and the Distributed Aggregation Protocol (DAP) [[DAP]]. +Specifically, this aggregation method uses +the Prio3L1BoundSum instantiation [[PRIO-L1]] +of the Prio3 Verifiable Distributed Aggregation Function (VDAF) [[VDAF]]. + +DAP and the Prio3L1BoundSum instantiation define how a report is prepared, +encrypted, and submitted for aggregation. +DAP also defines how an aggregate is obtained +and what configuration is necessary +for a user agent to obtain about the aggregation service. + +Extensions to DAP [[DAP-EXT]] are necessary: + +* [[DAP-EXT#name-late-task-binding|Late task binding]] + improves the ability of a site to collect reports + and aggregate them as needed. + +* [[DAP-EXT#name-requester-website-identity|Website identity]] + is critical to ensure + that differential privacy protections are effective. + This prevents a malicious actor + that is able to correlate user identity across multiple sites + from exceeding the sensitivity bounds for that user + by aggregating reports from multiple sites together. + +* [[DAP-EXT#name-privacy-budget-consumption|Privacy budget consumption]] + ensures that the aggregator does not aggregate reports + that received less privacy budget + than the aggregation task was configured with. + +User agents need to include all of these extensions in reports +that they generate. + + ## Trusted Execution Environments ## {#tee} @@ -1422,6 +1488,27 @@ spec:infra; type:dfn; text:user agent "href": "https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4430334", "date": "2024-03-14" }, + "dap": { + "authors": [ + "Tim Geoghegan", + "Christopher Patton", + "Brandon Pitman", + "Eric Rescorla", + "Christopher A. Wood" + ], + "date": "2024-10-10", + "href": "https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap-12", + "title": "Distributed Aggregation Protocol for Privacy Preserving Measurement", + "publisher": "IETF" + }, + "dap-ext": { + "authors": [ + "Martin Thomson" + ], + "title": "Distributed Aggregation Protocol (DAP) Extensions for Improved Application of Differential Privacy", + "date": "2024-10-18", + "href": "https://datatracker.ietf.org/doc/draft-thomson-ppm-dap-dp-ext/" + }, "dp": { "authors": [ "Cynthia Dwork", @@ -1488,6 +1575,35 @@ spec:infra; type:dfn; text:user agent "href": "https://arxiv.org/abs/2405.16719", "title": "Cookie Monster: Efficient On-device Budgeting for Differentially-Private Ad-Measurement Systems", "publisher": "SOSP'24" + }, + "prio": { + "authors": [ + "Henry Corrigan-Gibbs", + "Dan Boneh" + ], + "title": "Prio: Private, Robust, and Scalable Computation of Aggregate Statistics", + "date": "2017-03-14", + "href": "https://crypto.stanford.edu/prio/paper.pdf" + }, + "prio-l1": { + "authors": [ + "Martin Thomson", + "David Cook" + ], + "title": "A Prio Instantiation for Vector Sums with an L1 Norm Bound on Contributions", + "date": "2024-10-21", + "href": "https://datatracker.ietf.org/doc/draft-thomson-ppm-l1-bound-sum/" + }, + "vdaf": { + "authors": [ + "Richard L. Barnes", + "David Cook", + "Christopher Patton", + "Phillipp Schoppmann" + ], + "title": "Verifiable Distributed Aggregation Functions", + "date": "2024-10-04", + "href": "https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/" } } From 18ca3599a95db8954740204c69ebe4e3acf34f6c Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Fri, 29 Nov 2024 11:57:52 +1100 Subject: [PATCH 4/4] typos Co-authored-by: Andy Leiserson --- api.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api.bs b/api.bs index cf653eb..e57a2c9 100644 --- a/api.bs +++ b/api.bs @@ -868,7 +868,7 @@ if the user has opted out of collection of diagnostic data. An aggregation service takes multiple pieces of attribution information and produces an aggregate metric. -User agent implementation will have different requirements for aggregation. +User agent implementations will have different requirements for aggregation. However, the aggregation process has some common elements. Firstly, user agents will need to be configured with, @@ -917,7 +917,7 @@ DAP also defines how an aggregate is obtained and what configuration is necessary for a user agent to obtain about the aggregation service. -Extensions to DAP [[DAP-EXT]] are necessary: +Several extensions to DAP [[DAP-EXT]] are necessary for this application: * [[DAP-EXT#name-late-task-binding|Late task binding]] improves the ability of a site to collect reports