PONE-D-20-35748

Statistical privacy preserving message dissemination for peer-to-peer networks

PLOS ONE

Dear Dr. Mödinger,

Thank you for submitting your manuscript to PLOS ONE. After careful consideration, we feel that it has merit but does not fully meet PLOS ONE’s publication criteria as it currently stands. Therefore, we invite you to submit a revised version of the manuscript that addresses the points raised during the review process.

Please submit your revised manuscript by Apr 03 2021 11:59PM. If you will need more time than this to complete your revisions, please reply to this message or contact the journal office at plosone@plos.org. When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.

Please include the following items when submitting your revised manuscript:

• A rebuttal letter that responds to each point raised by the academic editor and reviewer(s). You should upload this letter as a separate file labeled 'Response to Reviewers'.
• A marked-up copy of your manuscript that highlights changes made to the original version. You should upload this as a separate file labeled 'Revised Manuscript with Track Changes'.
• An unmarked version of your revised paper without tracked changes. You should upload this as a separate file labeled 'Manuscript'.

If you would like to make changes to your financial disclosure, please include your updated statement in your cover letter. Guidelines for resubmitting your figure files are available below the reviewer comments at the end of this letter.

If applicable, we recommend that you deposit your laboratory protocols in protocols.io to enhance the reproducibility of your results. Protocols.io assigns your protocol its own identifier (DOI) so that it can be cited independently in the future. For instructions see: http://journals.plos.org/plosone/s/submission-guidelines#loc-laboratory-protocols

We look forward to receiving your revised manuscript.

Kind regards,

Chakchai So-In, Ph.D.

Academic Editor

PLOS ONE

Journal Requirements:

When submitting your revision, we need you to address these additional requirements.

1. Please ensure that your manuscript meets PLOS ONE's style requirements, including those for file naming. The PLOS ONE style templates can be found at

https://journals.plos.org/plosone/s/file?id=wjVg/PLOSOne_formatting_sample_main_body.pdf and

https://journals.plos.org/plosone/s/file?id=ba62/PLOSOne_formatting_sample_title_authors_affiliations.pdf

[Note: HTML markup is below. Please do not edit.]

Reviewers' comments:

Reviewer's Responses to Questions

Comments to the Author

1. Is the manuscript technically sound, and do the data support the conclusions?

The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented.

Reviewer #1: Yes

Reviewer #2: Yes

**********

2. Has the statistical analysis been performed appropriately and rigorously?

Reviewer #1: Yes

Reviewer #2: Yes

**********

3. Have the authors made all data underlying the findings in their manuscript fully available?

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.

Reviewer #1: Yes

Reviewer #2: Yes

**********

4. Is the manuscript presented in an intelligible fashion and written in standard English?

PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here.

Reviewer #1: Yes

Reviewer #2: Yes

**********

5. Review Comments to the Author

Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters)

Reviewer #1: This paper transforms the adaptive diffusion protocol in the reference into a protocol for

peer-to-peer networks. To achieve this, the authors remodel the virtual source passing

probabilities in a more general way, based on the distance distribution of the underlying

network. Further, the paper provides a privacy-friendly solution to solve these equations, while

smoothing out otherwise unachievable states.

In general, the problem investigated in the manuscript is interesting. The paper might be improved by addressing the following issues.

1. Some of the sentences presented is confusing. For example, in the abstract, what does "optimal privacy" and "limited information environment" mean?

2. In introduction, all the references are related to cryptocurrencies. Can you provide other practical practical examples on the possible usage of the proposed protocols considering the title of the paper seems to be applicable to more general networks systems and applications.

3. The introduction part can be more clear. For example, regarding the last sentence on section 2, is it possible to discuss a little bit more on why it is not suitable? Due to what kind of constraints or settings?

4. In section 3.1, can we show a simple motivated example that the originator can be found easily?

5. For section 3.3, it is suggested to make it concise and even remove this.

6. It is suggested to put notations in a list or table for reference to be more clear. Also, some terms are not defined before using them. For example, "v_{p,m}" in Algorithm 3, and "r = H(m)" were not defined.

7. In the algorithms, it might be more clear to put output at the end of the algorithm. So that it is more clear where the algorithm starts.

8. Considering the practical communication networks, what is the impact of transmission failures to the proposed protocol? Also, what about packet loss? Or other constraints in practical networks.

9. Is it possible to quantify the level of privacy with the dependence of other factors in the proposed protocol?

Reviewer #2: This paper discusses the privacy of broadcasts within an unstructured p2p network and proposes a protocol to ensure the anonymity of the source of the broadcast.

My main concern are:

- peer-to-peer networks are also characterized by dynamics with churn and evolution of the topology. For instance, protocols such as Gossip-based Peer Sampling manage to ensure only one connected component, a random topology, and a strong resilience to churn. In this article, the considered topology does not take into account churn and the analysis is performed on a static topology which seems unrealistic for a peer-to-peer network. If the considered dissemination is not affected by churn for some reasons (very fast / instantaneous dissemination), please clarify it.

- I have a problem with this statement (which justifies the use of a k-growing model as proposed): "Peer-to-peer networks are modeled as organically growing graphs". Please support your claim with references. Depending on the underlying overlay construction to manage the network, this claim is not right. If you consider specific networks where this claim is right, please specify.

Other comments:

- The introduction is very short, please extend it to better introduce the context / existing limitations / the main idea of the paper and why it is relevant. The term one-dimensional random-walk is mentioned in the contributions but does not appear in the rest of the paper, please improve the consistency of used terms. Section 6 is not introduced in the roadmap.

- The paper does not analyse the impact of colluding nodes. Simulating a growing rate of colluding nodes and an associated sensitivity analysis could be interesting.

- The architecture of Section 6 is strange, there is no sense to have only one subsection.

- Section 3.4: Adaptive diffusion creates a virtual source token. To better understand, can you quickly explain how this virtual source is created.

- Algorithms should be better explained by using lines as reference.

- Section 4: "a node must only react on messages received via the proper path." Please, clarify what you refer to “proper path”.

- Recent works partly address similar problems, please consider them.

@misc{bellet2020started,

title={Who started this rumor? Quantifying the natural differential privacy guarantees of gossip protocols},

author={Aurélien Bellet and Rachid Guerraoui and Hadrien Hendrikx},

year={2020},

eprint={1902.07138},

archivePrefix={arXiv},

primaryClass={cs.DC}

}

@inproceedings{decouchant:hal-02421820,

TITLE = {{P3LS: Plausible Deniability for Practical Privacy-Preserving Live Streaming}},

AUTHOR = {Decouchant, J{\\'e}r{\\'e}mie and Boutet, Antoine and Yu, Jiangshan and Esteves-Verissimo, Paulo},

URL = {https://hal.inria.fr/hal-02421820},

BOOKTITLE = {{SRDS 2019 - 38th International Symposium on Reliable Distributed Systems}},

ADDRESS = {Lyon, France},

PAGES = {1-10},

YEAR = {2019},

MONTH = Oct,

}

**********

6. PLOS authors have the option to publish the peer review history of their article (what does this mean?). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy.

Reviewer #1: No

Reviewer #2: No

[NOTE: If reviewer comments were submitted as an attachment file, they will be attached to this email and accessible via the submission site. Please log into your account, locate the manuscript record, and check for the action link "View Attachments". If this link does not appear, there are no attachment files.]

While revising your submission, please upload your figure files to the Preflight Analysis and Conversion Engine (PACE) digital diagnostic tool, https://pacev2.apexcovantage.com/. PACE helps ensure that figures meet PLOS requirements. To use PACE, you must first register as a user. Registration is free. Then, login and navigate to the UPLOAD tab, where you will find detailed instructions on how to use the tool. If you encounter any issues or have any questions when using PACE, please email PLOS at figures@plos.org. Please note that Supporting Information files do not need this step.

Statistical privacy-preserving message broadcast for peer-to-peer networks

PONE-D-20-35748R1

Dear Dr. Mödinger,

We’re pleased to inform you that your manuscript has been judged scientifically suitable for publication and will be formally accepted for publication once it meets all outstanding technical requirements.

Within one week, you’ll receive an e-mail detailing the required amendments. When these have been addressed, you’ll receive a formal acceptance letter and your manuscript will be scheduled for publication.

An invoice for payment will follow shortly after the formal acceptance. To ensure an efficient process, please log into Editorial Manager at http://www.editorialmanager.com/pone/, click the 'Update My Information' link at the top of the page, and double check that your user information is up-to-date. If you have any billing related questions, please contact our Author Billing department directly at authorbilling@plos.org.

If your institution or institutions have a press office, please notify them about your upcoming paper to help maximize its impact. If they’ll be preparing press materials, please inform our press team as soon as possible -- no later than 48 hours after receiving the formal acceptance. Your manuscript will remain under strict press embargo until 2 pm Eastern Time on the date of publication. For more information, please contact onepress@plos.org.

Kind regards,

Chakchai So-In, Ph.D.

Academic Editor

PLOS ONE

Additional Editor Comments (optional):

Reviewers' comments:

Reviewer's Responses to Questions

Comments to the Author

1. If the authors have adequately addressed your comments raised in a previous round of review and you feel that this manuscript is now acceptable for publication, you may indicate that here to bypass the “Comments to the Author” section, enter your conflict of interest statement in the “Confidential to Editor” section, and submit your "Accept" recommendation.

Reviewer #1: All comments have been addressed

Reviewer #2: All comments have been addressed

**********

2. Is the manuscript technically sound, and do the data support the conclusions?

The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented.

Reviewer #1: Yes

Reviewer #2: Yes

**********

3. Has the statistical analysis been performed appropriately and rigorously?

Reviewer #1: Yes

Reviewer #2: Yes

**********

4. Have the authors made all data underlying the findings in their manuscript fully available?

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.

Reviewer #1: Yes

Reviewer #2: Yes

**********

5. Is the manuscript presented in an intelligible fashion and written in standard English?

PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here.

Reviewer #1: Yes

Reviewer #2: Yes

**********

6. Review Comments to the Author

Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters)

Reviewer #1: The presentation might be improved further. All other questions are addressed. The reviewer does not have any other questions for this manuscript.

Reviewer #2: Thank you for your revision, you fully answered my comments and clarified raised concerns.

This new version is much better.

**********

7. PLOS authors have the option to publish the peer review history of their article (what does this mean?). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy.

Reviewer #1: No

Reviewer #2: No