README
¶
Publisher Advertiser Identity Reconciliation (PAIR)
Overview
Publisher Advertiser Identity Reconciliation (PAIR) [1] is a privacy-centric protocol that leverages commutative encryptions like the Diffie-Hellman PSI to reconcile the first party identitfiers of the publisher and the advertiser, and allows a secure programmatic activation for the advertiser following a PAIR match.
This package provides a reference implementation of core utility functions required to run the PAIR protocol.
Protocol
The PAIR protocol in the dual clean room scenario involves two clean room operators, one responsible for the publisher and the other for the advertiser. The protocol consists of the following steps:
Key generation and management
- the publisher clean room operator Pub and the advertiser clean room operator Adv agree on a hashing function (SHA256) and a preset elliptic curve (Curve25519).
- Pub generates a random hash salt s, and a private key (scalar) p, and rotates them periodically. s is rotated every 30 days, and p is rotated every 180 days.
- Adv generates a private key (scalar) a, and rotates it every 180 days.
offline matching
- Pub shares the hash salt s with Adv.
- Pub hashes each identifier xi ∈ X from his input audience list X and encrypts the hashed identifiers using p to obtain Ep(Hs(xi)), which is also known as the Publisher ID.
- Adv hashes each identifier yi ∈ Y from his input audience list Y and encrypts the hashed identifiers using a to obtain Ea(Hs(yi)), which is also known as the Advertiser ID.
- Pub and Adv exchange the Publisher IDs and Advertiser IDs respectively.
- Pub encrypts the Advertiser IDs using p to obtain Ep(Ea(Hs(yi))), the doubly encrypted and hashed identifier is known as the PAIR ID.
- Adv encrypts the Publisher IDs using a to obtain Ea(Ep(Hs(xi))), which is known as the PAIR ID.
- Pub and Adv exchange the PAIR IDs respectively.
- Pub intersects the PAIR IDs to obtain the match rate, and output a table containing his un-encrypted identitifiers xi and its Publisher ID counter part Ep(Hs(xi)).
- Adv intersects the PAIR IDs to obtain the match rate, and the intersected PAIR IDs. Adv decrypts the PAIR IDs using a to obtain the intersected Publisher IDs Ep(Hs(yi)).
online activation
- Adv sends the intersected Publisher IDs to his Demand Side Platform (DSP) for activation.
- Pub keeps the mapping of his identifier xi and the Publisher ID Ep(Hs(xi)).
- When a user visits the publisher's website, the publisher looks up the Publisher ID of the visitor and prepares an OpenRTB bid request containing the Publisher ID to his Sell Side Platform (SSP).
- The SSP sends the bid request to the DSP.
- The DSP looks up the Publisher ID in the list of intersected Publisher ID sent by Adv and decides the outcome of the bid request.
References
[1] TBD.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidPAIRMode = errors.New("invalid PAIR mode") ErrInvalidSaltSize = errors.New("invalid hash salt size") )
Functions ¶
Types ¶
type PAIRMode ¶
type PAIRMode uint8
const ( // PAIRSHA256Ristretto255 is PAIR with SHA256 as hash function and Ristretto255 as the group. PAIRSHA256Ristretto255 PAIRMode = 0x01 )
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey represents a PAIR private key.
func (*PrivateKey) Decrypt ¶
func (pk *PrivateKey) Decrypt(ciphertext []byte) ([]byte, error)
Decrypt undoes the encryption using the private key once, and returns the element of the group.
Source Files