Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add privacy considerations section about decoy values. #155

Merged
merged 6 commits into from
Apr 6, 2024
Merged

Add privacy considerations section about decoy values. #155

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e3128ad
Add privacy considerations section about decoy values.
msporny Mar 24, 2024
6c661b0
Adjust decoy language: holders->subjects.
msporny Mar 30, 2024
aada152
Warn about using too many decoys.
msporny Mar 30, 2024
efa14d9
Discourage decoys, except for bulk updates that reveal group size.
msporny Mar 30, 2024
5878089
Fix grammar around decoy value usage.
msporny Apr 6, 2024
331d95f
Update language to discourage use of decoy values.
msporny Apr 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1164,6 +1164,32 @@ <h3>Content Distribution Networks</h3>
</p>
</section>

<section class="informative">
<h3>Decoy Values</h3>

<p>
[=Issuer=] use of decoy values in status lists has been explored as a mechanism
to increase the privacy of [=subjects=]. While algorithms for employing decoy
values are out of scope for this specification, implementers are advised that
the use of decoy values do not provide privacy gains and can harm privacy in
most cases.
Comment on lines +1171 to +1175
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anything merged to main without review is liable to have lingering issues. Now I gotta make another PR...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#166

</p>
<p>
When status list entry indexes are allocated in a random fashion, which is the
suggested mode of operation for this specification, adding decoys harms privacy
because it reduces the group privacy size by the number of decoys added to the
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is a "group privacy size"? I could find no suitable definition on the web, making it seem likely to have been invented here, where there also seems to be no definition. Once there is a definition I can refer to, I expect this paragraph to need some rephrasing.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pick up in #166

group. A random allocation of indexes inherently hides the true group size,
ensuring that decoys are not necessary.
</p>
<p>
There might be use cases where decoy values provide benefits. Implementers are
cautioned that no such use cases were clearly identified by the group that
created this specification. As a result, the use of decoys is discouraged for
most use cases, as random allocation of status list entry indexes provides
adequate protection.
</p>
</section>

<section class="informative">
<h3>Malicious Issuers and Verifiers</h3>
<p>
Expand Down
Loading