IAB TechLab is proud to announce the first official version of the PAIR protocol. PAIR is a cryptographic protocol that enables audience activation while maintaining privacy. At a high level, advertisers and publishers encrypt activation data using a shared key and their own private keys. This process is meant to be enabled by Data Clean Rooms (DCR) which are fast becoming more and more private by design.
Originally developed by Google, PAIR was donated to TechLab to make it a truly open protocol that any DSP, Advertiser, Publisher, and DCR can implement. This new version adds a few key features including minimizing the number of keys that must be managed and enabling the advertiser and publisher to use two separate DCRs.
How it Works
Utilizing the novel cryptographic technique known as commutative encryption, this technique allows matching users from the publisher and advertiser without revealing the original underlying personal information.
First, the advertiser and publisher encrypt their own data sets using a key shared among them and then again with their own private key. They then exchange the double encrypted data sets with each other. Then the advertiser encrypts the data that was already encrypted by the publisher again, this is known as the triple encrypted ID or PAIR ID. Then the advertiser and publisher share the triple encrypted data sets with each other.
The advertiser decrypts one layer of the triple encrypted data sets using their private key making it a double encrypted data set. On the other side, the publisher decrypts one layer of the triple encrypted data using their own private key making it also a double encrypted data set which can now be used for matching against the double encrypted data set the advertiser holds.
For activation, the advertiser shares the double encrypted data set with their DSP. During a bid request, the publisher can lookup the double encrypted entry from the encrypted data set they hold by their user’s raw information. In order to return a targeted bid, the DSP can see if the double encrypted entry passed by the publisher matches any double encrypted entry the advertiser shared with them.
This process is facilitated by the publisher’s and advertiser’s clean room. Each respective clean room manages the complexity of managing the cryptographic keys and encrypting the data sets. Optionally, advertisers and publishers can manage their own keys and encrypt their own data sets.
No raw data is ever shared between parties. DSPs are able to activate audiences with only encrypted data.
More Resources
The PAIR protocol document describes in more detail how the protocol works. Additionally, core contributors have written reference implementations and tooling using Python and Java. The Python version can be installed in your project using “pip install pairid” on your terminal.
PAIR is the latest release coming from TechLab’s Addressability & Privacy Enhancing Technology Working Group.
Other relevant recent releases include Data Clean Rooms Guidance and Recommended Practices and PAIR’s sister protocol AdMAP which uses encryption techniques but for measurement.
We urge interested parties to join and participate in the working group to help design and shape the future of Data Clean Rooms.
Miguel Morales
Director, Addressability & PETs
IAB Tech Lab