Paper 2023/437

Interoperable Private Attribution: A Distributed Attribution and Aggregation Protocol

Benjamin Case, Meta
Richa Jain, Meta
Alex Koshelev, Meta
Andy Leiserson, Mozilla
Daniel Masny, Meta
Thurston Sandberg, Meta
Ben Savage, Meta
Erik Taubeneck, Meta
Martin Thomson, Mozilla
Taiki Yamaguchi, Meta

Measuring people’s interactions that span multiple websites can provide unique insight that enables better products and improves people’s experiences, but directly observing people’s individual journeys creates privacy risks that conflict with the newly emerging privacy model for the web. We propose a protocol that uses the combination of multi-party computation and differential privacy that enables the processing of peoples’ data such that only aggregate measurements are revealed, strictly limiting the information leakage about individual people. Our primary application of this protocol is measuring, in aggregate, the effectiveness of digital advertising without enabling cross-site tracking of individuals. In this paper we formalize our protocol, Interoperable Private Attribution (IPA), and analyze its security. IPA is proposed in the W3C’s Private Advertising Technology Community Group (PATCG) [8]. We have implemented our protocol in the malicious honest majority MPC setting for three parties where network costs dominate compute costs. For processing a query with 1M records it uses around 18GB of network which at \$0.08 per GB leads to a network cost of \$1.44.

Note: minor edits

Available format(s)
Cryptographic protocols
Publication info
Honest Majority MPCDelegated MPCAggregationAds MeasurementDP
Contact author(s)
bmcase @ meta com
richaj @ meta com
koshelev @ meta com
aleiserson @ mozilla com
daniel masny @ rub de
btsavage @ meta com
eriktaubeneck @ meta com
mt @ mozilla com
Taiki @ meta com
2023-04-07: last of 2 revisions
2023-03-26: received
See all versions
Short URL
No rights reserved


      author = {Benjamin Case and Richa Jain and Alex Koshelev and Andy Leiserson and Daniel Masny and Thurston Sandberg and Ben Savage and Erik Taubeneck and Martin Thomson and Taiki Yamaguchi},
      title = {Interoperable Private Attribution: A Distributed Attribution and Aggregation Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2023/437},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.