OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "components/rappor/rappor_metric.h" | |
6 | |
7 #include "base/logging.h" | |
8 | |
9 namespace rappor { | |
10 | |
11 RapporMetric::RapporMetric(const std::string& metric_name, | |
12 const RapporParameters& parameters, | |
13 int32_t cohort) | |
14 : metric_name_(metric_name), | |
15 parameters_(parameters), | |
16 bloom_(parameters.bloom_filter_size_bytes, | |
17 parameters.bloom_filter_hash_function_count, | |
18 cohort * parameters.bloom_filter_hash_function_count) { | |
Ilya Sherman
2014/02/13 01:39:03
Is it useful/desirable to DCHECK that this compute
Steven Holte
2014/02/13 05:11:12
Changed "BloomFilterTest.HugeFilter" test to use a
| |
19 DCHECK_GE(cohort, 0); | |
Ilya Sherman
2014/02/13 01:39:03
nit: De-indent by two spaces.
Steven Holte
2014/02/13 05:11:12
Done.
| |
20 } | |
21 | |
22 RapporMetric::~RapporMetric() {} | |
23 | |
24 void RapporMetric::AddSample(const std::string& str) { bloom_.AddString(str); } | |
25 | |
26 ByteVector RapporMetric::GetReport(const std::string& secret) const { | |
27 // Generate a deterministically random mask of fake data using the | |
28 // client's secret key + real data as a seed. The inclusion of the secret | |
29 // in the seed avoids correlations between real and fake data. | |
30 // The seed isn't a human-readable string. | |
31 std::string personalization_string = metric_name_ + | |
32 std::string(bytes().begin(), bytes().end()); | |
Ilya Sherman
2014/02/13 01:39:03
IMPORTANT: Hmm, it doesn't seem safe to re-interpr
Steven Holte
2014/02/13 05:11:12
std::string is not null terminated.
| |
33 HmacByteVectorGenerator hmac_generator(bytes().size(), secret, | |
34 personalization_string); | |
35 const ByteVector fake_mask = | |
36 hmac_generator.GetWeightedRandomByteVector(parameters().fake_prob); | |
37 ByteVector fake_ones = | |
Ilya Sherman
2014/02/13 01:39:03
nit: I think "fake_bytes" might be a clearer name
Steven Holte
2014/02/13 05:11:12
That seems like it might imply that the bits are m
Ilya Sherman
2014/02/13 23:23:08
fake_bits, then?
Steven Holte
2014/02/14 02:53:28
Done.
| |
38 hmac_generator.GetWeightedRandomByteVector(parameters().fake_one_prob); | |
39 | |
40 // Redact most of the real data by replacing it with the fake data, hiding | |
41 // and limiting the amount of information an individual client reports on. | |
42 const ByteVector* fake_and_redacted_bits = | |
43 ByteVectorMerge(fake_mask, bytes(), &fake_ones); | |
44 | |
45 // Generate biased coin flips for each bit. | |
46 ByteVectorGenerator coin_generator(bytes().size()); | |
47 const ByteVector zero_coins = | |
48 coin_generator.GetWeightedRandomByteVector(parameters().zero_coin_prob); | |
49 ByteVector one_coins = | |
50 coin_generator.GetWeightedRandomByteVector(parameters().one_coin_prob); | |
51 | |
52 // Create a randomized response report on the fake and redacted data, sending | |
53 // the outcome of flipping a zero coin for the zero bits in that data, and of | |
54 // flipping a one coin for the one bits in that data, as the final report. | |
55 return *ByteVectorMerge(*fake_and_redacted_bits, zero_coins, &one_coins); | |
56 } | |
57 | |
58 } // namespace rappor | |
OLD | NEW |