Hi,
Am Donnerstag, den 28.09.2017, 11:48 -0400 schrieb Aaron Johnson:
Hello,
This appears to be a sketch of Shamir secret sharing, which will be just one tool used in the PrivCount system. For example, it is missing how relays (aka Data Collectors) maintain counters, how aggregators (aka Share Keepers) aggregate counters, and how secret sharing is used among those entities to provide fault tolerance for the aggregation process.
=> Yeap, this stuff is still missing and belongs to this big bunch of TODOs which were in the proposal. I skipped some of this points since I would need some help with this. Additionally, I'm not complettely sure which PrivCount specific topics have to be the content of this proposal and which topics belong to a rewritten 280-privcount-in-tor.txt proposal.
The grammar and writing style need improvement. They are at a level that makes the proposal hard to understand at times.
=> Thank you for this feedback. My English is not the best. I work on this problem.
There are many important missing details even in the secret sharing component:
- How is p determined?
- How is N determined?
- Who plays the roles of the SK, SHs, and SR? How do these relate to the parties in PrivCount?
Some minor notes I kept before it became clearer that higher-level comments would be more useful:
- Sec. 1: Description of secret sharing is incorrect. Strict subsets of shares in a simple additive secret-sharing scheme do not leak information.
=> I corrected this terrible content mistake! I'm sorry! It's not super pretty ... but better like before.
- Sec. 1: Variable capitalization (e.g. K vs. k, N vs. n) should be consistent.
=> Corrected.
- Sec. 3.2: I could not understand what notation was being introduced through a, b, c, and d.
=> Oh, is this really so confusing(?). For the moment I didn't change it since I'm not sure how I can write it in a better way. => Still TODO.
- Sec. 3.2: SUM and PRODUCT variable notation is inconsistent ("i=" missing from PRODUCT).
=> Corrected.
- Sec. 3.2: "Secret Keeper (SK)" has an unfortunate collision with the acronym for Share Keeper, which is a different role in the PrivCount paper.
=> I will rename the parties since I it can be confusing.
- Sec. 4, Step 2: The prime need not be random. It can be fixed and public.
- Sec. 4, Step 3: Specify how the coefficients are determined.
Best, Aaron
Bye and thank you for your feedback, Carolin