Chromium Code Reviews Chromium Code Reviews
Issue 49753002:
RAPPOR implementation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "components/rappor/rappor_metric.h" | |
| 6 | |
| 7 #include "base/logging.h" | |
| 8 | |
| 9 namespace rappor { | |
| 10 | |
| 11 RapporMetric::RapporMetric(const std::string& metric_name, | |
| 12 const RapporParameters& parameters, | |
| 13 int32_t cohort) | |
| 14 : metric_name_(metric_name), | |
| 15 parameters_(parameters), | |
| 16 bloom_(parameters.bloom_filter_size_bytes, | |
| 17 parameters.bloom_filter_hash_function_count, | |
| 18 cohort * parameters.bloom_filter_hash_function_count) { | |
| 19 DCHECK_GE(cohort, 0); | |
| 20 } | |
| 21 | |
| 22 RapporMetric::~RapporMetric() {} | |
| 23 | |
| 24 void RapporMetric::AddSample(const std::string& str) { bloom_.AddString(str); } | |
| 25 | |
| 26 ByteVector RapporMetric::GetReport(const std::string& secret) const { | |
| 27 // Start with the real bloom filter data. | |
| 28 const ByteVector real_bits(bytes()); | |
|
Alexei Svitkine (slow)
2014/02/05 18:07:01
I don't think this is necessary. You're making a c
Steven Holte
2014/02/05 22:44:37
Done.
| |
| 29 | |
| 30 // Generate a deterministically random mask of fake data using the | |
| 31 // client's secret key + real data as a seed. | |
|
Alexei Svitkine (slow)
2014/02/05 18:07:01
I'd explicitly mention that it's intended that the
Steven Holte
2014/02/05 22:44:37
Expanded this comment a bit.
| |
| 32 std::string seed = secret + metric_name_ + | |
| 33 std::string(real_bits.begin(), real_bits.end()); | |
|
Alexei Svitkine (slow)
2014/02/05 18:07:01
Are we really sure that seeding the HMAC with the
ulfar
2014/02/05 18:32:47
Yup, HMAC is a PRF (pseudo-random function), accor
| |
| 34 HmacByteVectorGenerator hmac_generator(real_bits.size(), seed); | |
| 35 const ByteVector fake_mask = | |
| 36 hmac_generator.GetWeightedRandomByteVector(parameters()->fake_prob); | |
| 37 ByteVector fake_ones = | |
| 38 hmac_generator.GetWeightedRandomByteVector(parameters()->fake_one_prob); | |
| 39 | |
| 40 // Redact most of the real data by replacing it with the fake data, hiding | |
| 41 // and limiting the amount of information an individual client reports on. | |
| 42 const ByteVector* redacted_bits = | |
| 43 ByteVectorMerge(fake_mask, real_bits, &fake_ones); | |
| 44 | |
| 45 // Generate biased coin flips for each bit. | |
| 46 ByteVectorGenerator coin_generator(real_bits.size()); | |
| 47 const ByteVector zero_coins = | |
| 48 coin_generator.GetWeightedRandomByteVector(parameters()->zero_coin_prob); | |
| 49 ByteVector one_coins = | |
| 50 coin_generator.GetWeightedRandomByteVector(parameters()->one_coin_prob); | |
| 51 | |
| 52 // Use the redacted data to select which coin type is used for each bit in | |
| 53 // the final report. | |
| 54 const ByteVector* output = | |
| 55 ByteVectorMerge(*redacted_bits, zero_coins, &one_coins); | |
|
Alexei Svitkine (slow)
2014/02/05 18:07:01
Nit: Return directly.
Steven Holte
2014/02/05 22:44:37
Done.
| |
| 56 | |
| 57 return *output; | |
| 58 } | |
| 59 | |
| 60 } // namespace rappor | |
| OLD | NEW |
