Martin Pál

icon indicating a website link https://research.google/people/author20/ icon indicating an email [email protected]

icon company @Google icon location Zurich icon location Working on Google Chrome https://privacysandbox.com/

Results 7 comments of Martin Pál

Details on Attestation in TEE Aggregator

Hi Erik, Thank you for the detailed post. We are working on providing more information. For now, I'll just say that per our recent [update](https://developer.chrome.com/docs/privacy-sandbox/attribution-reporting/summary-reports/#aggregation-service), our initial implementation will support...

Details on Attestation in TEE Aggregator

Yes, this is AWS Nitro. FYI, we have just published instructions, scripts and binaries needed for running the aggregation service (both locally in untrusted mode and in the cloud in...

Query keys aggregate in the aggregation service

Thank you Charlie for responding, and thank you Alois for the question. Agree that a feature like this seems like a win in usability and utility, with no apparent downside...

When rounding source_registration_time, would adtech want to specify the timezone

Just to be clear: the reason we're porposing to round the timestamp to a day boundary is to limit the amount of entropy revealed. If you accept the premise that...

Who will act as coordinators for the aggregation service? What are appropriate criteria for selecting coordinators and ensuring coordinators are trustworthy?

Hi Erik, thank you for your thoughtful comments. On your Option 1, I see a benefit to keeping a separation between the party that holds the key and the party...

Who will act as coordinators for the aggregation service? What are appropriate criteria for selecting coordinators and ensuring coordinators are trustworthy?

Agreed. As you describe, a configuration with two or more Coordinators each holding a part of the key would be resilient to a single Coordinator attack.

Knowing the source site in the aggregation API / aggregate queries need key discovery mechanism

FWIW, to me, (3) also seems the easiest choice from the API designer's perspective. It would be up to the adtech to encode the domain/URL/whatever they need using one or...