@@ -1162,46 +1162,25 @@ <h3>Content Distribution Networks</h3>
11621162 < h3 > Decoy Values</ h3 >
11631163
11641164 < p >
1165- [=Issuer=] use of decoy values in status lists has been explored as
1166- a mechanism to increase the privacy of [=subjects=] by further hiding both
1167- the size of the group associated with a status list and when values in the
1168- list change. While algorithms for employing decoy values are out of scope for
1169- this specification, implementers are advised to heed the guidance in this
1170- section when considering the use of decoy values.
1165+ [=Issuer=] use of decoy values in status lists has been explored as a mechanism
1166+ to increase the privacy of [=subjects=]. While algorithms for employing decoy
1167+ values are out of scope for this specification, implementers are advised that
1168+ the use of decoy values do not provide privacy gains and can harm privacy in
1169+ most cases.
11711170 </ p >
11721171 < p >
1173- Decoys might help privacy in some cases, but harm privacy in others. For
1174- example, if status list entry indexes are allocated in a random fashion,
1175- adding decoys harms privacy because it reduces the group privacy size by the
1176- number of decoys added to the group. A random allocation of indexes inherently
1177- hides the true group size, ensuring that decoys are not necessary unless a bulk
1178- operation, such as setting every credential in a list to the same status
1179- (such as "revoked"), could reveal the true size of the group to an adversary
1180- that also knew that the bulk update was to be applied to all non-decoy indexes.```
1172+ When status list entry indexes are allocated in a random fashion, which is the
1173+ suggested mode of operation for this specification, adding decoys harms privacy
1174+ because it reduces the group privacy size by the number of decoys added to the
1175+ group. A random allocation of indexes inherently hides the true group size,
1176+ ensuring that decoys are not necessary.
11811177 </ p >
11821178 < p >
1183- If decoys are used, the proper number of decoys to use is a function of
1184- at least the desired group privacy size, the randomness of the
1185- distribution of entries in the set, and whether entities watching the list
1186- can determine which entries are real and which are decoys as they change
1187- through time. These variables often change based on the use case and
1188- implementers are encouraged to carefully evaluate whether decoys would
1189- help or harm privacy for their particular deployment scenario.
1190- </ p >
1191- < p >
1192- When using decoy values, it is important to ensure that the decoys
1193- behave like real entries in the group. For example, if a decoy is used for
1194- revocation, it would be strange to flip the decoy value to "unrevoked" when that
1195- is not how the revocation values associated with real entries
1196- behave. Similarly, changing the decoy values at times and to values that do not
1197- mimic the behavior of real entries can allow the real entries to be separated
1198- from the decoy entries through statistical analysis.
1199- </ p >
1200- < p >
1201- The use of decoys is discouraged for most use cases, as random allocation
1202- of status list entry indexes provides adequate protection.
1203- Decoy are only to be considered in deployments where bulk
1204- operations that would reveal the group size can be performed on a status list.
1179+ There might be use cases where decoy values provide benefits. Implementers are
1180+ cautioned that no such use cases were clearly identified by the group that
1181+ created this specification. As a result, the use of decoys is discouraged for
1182+ most use cases, as random allocation of status list entry indexes provides
1183+ adequate protection.
12051184 </ p >
12061185 </ section >
12071186
0 commit comments