Thank you. I'll try to digest these. I barely understand the math involved. So I'm pretty sure my "intuition" is wide of the market. I'm very grateful for your efforts to explain, socialize your work.
When I studied cryptographic voting systems, my "aha" moment was realizing the magic sauce is creating hash collisions so that a secure one-way hash can be used to protect voter privacy.
Re-re-reading the differential privacy stuff, this para jumped out:
"The intuition for the 2006 definition of ε-differential privacy is that a person's privacy cannot be compromised by a statistical release if their data are not in the database. Therefore with differential privacy, the goal is to give each individual roughly the same privacy that would result from having their data removed."
Oh. The "differential" part means modeling the difference between data captured and not captured.
I think (hope) this means figuring how much to fuzz the capture data so that hash collisions will match real world fuzzing.
--
Again, I'll continue to try to grok this stuff. Real world (story book style) examples will be very helpful.
Until I do understand, I think it's crucial for crypto and privacy minded people to quantify the assumptions and context involved. When I was working on election integrity (and medical records & guarding patient privacy), all the discussions were just make believe. I did help author a govt report to meant to help quantify the attack surface area for election administration. But I don't think it did much good, nor was it replicable (to new contexts).
When I studied cryptographic voting systems, my "aha" moment was realizing the magic sauce is creating hash collisions so that a secure one-way hash can be used to protect voter privacy.
Re-re-reading the differential privacy stuff, this para jumped out:
https://en.wikipedia.org/wiki/Differential_privacy#ε-differe...
"The intuition for the 2006 definition of ε-differential privacy is that a person's privacy cannot be compromised by a statistical release if their data are not in the database. Therefore with differential privacy, the goal is to give each individual roughly the same privacy that would result from having their data removed."
Oh. The "differential" part means modeling the difference between data captured and not captured.
I think (hope) this means figuring how much to fuzz the capture data so that hash collisions will match real world fuzzing.
--
Again, I'll continue to try to grok this stuff. Real world (story book style) examples will be very helpful.
Until I do understand, I think it's crucial for crypto and privacy minded people to quantify the assumptions and context involved. When I was working on election integrity (and medical records & guarding patient privacy), all the discussions were just make believe. I did help author a govt report to meant to help quantify the attack surface area for election administration. But I don't think it did much good, nor was it replicable (to new contexts).
So bravo. Please keep going.