This paper presents Poplar, a new system for solving the private heavy-hitters problem. In this problem, there are many clients and a small set of data-collection servers. Each client holds a private bitstring. The servers want to recover the set of all popular strings, without learning anything else about any client's string. A web-browser vendor, for instance, can use Poplar to figure out which homepages are popular, without learning any user's homepage. We also consider the simpler private subset-histogram problem, in which the servers want to count how many clients hold strings in a particular set without revealing this set to the clients. Poplar uses two data-collection servers and, in a protocol run, each client send sends only a single message to the servers. Poplar protects client privacy against arbitrary misbehavior by one of the servers and our approach requires no public-key cryptography (except for secure channels), nor general-purpose multiparty computation. Instead, we rely on incremental distributed point functions, a new cryptographic tool that allows a client to succinctly secret-share the labels on the nodes of an exponentially large binary tree, provided that the tree has a single non-zero path. Along the way, we develop new general tools for providing malicious security in applications of distributed point functions.

翻译：本文提出Poplar系统，用于解决私有重击者问题。在该问题中，存在大量客户端和少量数据收集服务器，每个客户端持有私有比特串，服务器希望恢复所有流行字符串的集合，同时不泄露任何客户端字符串的其他信息。例如，网页浏览器厂商可利用Poplar确定哪些主页受欢迎，而无需了解任何用户的主页信息。我们还考虑了更简单的私有子集直方图问题，即服务器希望统计持有特定集合中字符串的客户端数量，同时不向客户端泄露该集合。Poplar采用两台数据收集服务器，在协议执行过程中，每个客户端仅向服务器发送单条消息。Poplar在任意一台服务器行为异常时仍能保护客户端隐私，且该方法无需公钥密码学（除安全信道外）或通用多方计算，仅依赖增量分布式点函数这一新型密码学工具。该工具允许客户端简洁地秘密共享指数级二叉树节点上的标签，前提是该树仅存在一条非零路径。此外，我们开发了新的通用工具，用于在分布式点函数应用中实现恶意安全防护。