Privacy Preserving Measurement (ppm) Internet Drafts

 Distributed Aggregation Protocol for Privacy Preserving Measurement
 Date: 03/02/2025
 Authors: Tim Geoghegan, Christopher Patton, Brandon Pitman, Eric Rescorla, Christopher Wood
 Working Group: Privacy Preserving Measurement (ppm)
There are many situations in which it is desirable to take measurements of data which people consider sensitive. In these cases, the entity taking the measurement is usually not interested in people's individual responses but rather in aggregated data. Conventional methods require collecting individual responses and then aggregating them, thus representing a threat to user privacy and rendering many such measurements difficult and impractical. This document describes a multi-party distributed aggregation protocol (DAP) for privacy preserving measurement (PPM) which can be used to collect aggregate data without revealing any individual user's data.
 Task Binding and In-Band Provisioning for DAP
 Date: 02/11/2024
 Authors: Shan Wang, Christopher Patton
 Working Group: Privacy Preserving Measurement (ppm)
An extension for the Distributed Aggregation Protocol (DAP) is specified that cryptographically binds the parameters of a task to the task's execution. In particular, when a client includes this extension with its report, the servers will only aggregate the report if all parties agree on the task parameters. This document also specifies an optional mechanism for in-band task provisioning that builds on the report extension.


Skip to main content

Privacy Preserving Measurement (ppm)

WG Name Privacy Preserving Measurement
Acronym ppm
Area Security Area (sec)
State Active
Charter charter-ietf-ppm-01 Approved
Document dependencies
Additional resources Zulip stream
Personnel Chairs Benjamin M. Schwartz, Sam Weiler
Area Director Deb Cooley
Mailing list Address
To subscribe
Chat Room address

Charter for Working Group

There are many situations in which it is desirable to take measurements of data which people consider sensitive. For instance, a browser company might want to measure web sites that do not render properly without learning which users visit those sites, or a public health authority might want to measure exposure to some disease without learning the identities of those exposed. In these cases, the entity taking the measurement is not interested in people's individual responses but rather in aggregated data (e.g., how many users had errors on site X). Conventional methods require collecting individual measurements in plaintext and then aggregating them, thus representing a threat to user privacy and rendering many such measurements difficult and impractical.

New cryptographic techniques address this gap through a variety of approaches, all of which aim to ensure that the server (or multiple, non-colluding servers) can compute the aggregated value without learning the value of individual measurements. The Privacy Preserving Measurement (PPM) work will standardize protocols for deployment of these techniques on the Internet. This will include mechanisms for:

  • Client submission of individual measurements, potentially along with proofs of validity

  • Verification of validity proofs by the server(s), if sent by client

  • Computation of aggregate values by the server(s) and reporting of results to the entity taking the measurement

A successful PPM system assumes that clients and servers are configured with each other's identities and details of the types of measurements to be taken. This is assumed to happen out of band and will not be standardized in this WG.

The WG will deliver one or more protocols which can accommodate multiple PPM algorithms. The initial deliverables will support the calculation of simple predefined statistical aggregates such as averages, as well as calculations of the values that most frequently appear in individual measurements. The PPM protocols will use cryptographic algorithms and protocols defined by the CFRG to enable privacy-preserving properties. The protocol will be designed to limit abuse by both client and server, including exposure of individual user measurements and denial of service attacks on the measurement system. The resulting document(s) shall consider deployment contexts, and clearly describe abuse cases and remaining attacks which are not prevented or mitigated by the protocol(s).

The starting point for PPM WG discussions shall be draft-gpew-priv-ppm.


Date Milestone Associated documents
Dec 2023 Submit PPM protocol to IESG for publication draft-ietf-ppm-dap