On Tue 2018-02-13 13:19:16+0000 Andrew wrote:
On behalf of the RSSAC Caucus Work Party on Harmonization of Anonymization Procedures for Data Collecting, please find Harmonizing the Anonymization of Queries to the Root v1 attached.
Please send your comments and/or additions to the list by February 27th, 2018.
[ speaking for myself, not speaking for my employer] I don't think that the shared secret idea will fly, for the the reason outlined in the document. One idea I had would be to use a new random key for each 'chunk' of data (a day?). That random key could be encrypted using the public key of the operator when randomization happens. The operator could then share specific chunks of data with trusted partners and share the random keys for those chunks. Exposure of those keys would only affect those chunks. This would limit correlation of data between chunks, which reduces privacy implications. I like the non-collision and prefix preserving properties of the cryptopan method. -- Robert Story <http://www.isi.edu/~rstory> USC Information Sciences Institute <http://www.isi.edu/>