RAPPOR implementation

components/rappor/rappor_metric.cc

Index: components/rappor/rappor_metric.cc
diff --git a/components/rappor/rappor_metric.cc b/components/rappor/rappor_metric.cc
new file mode 100644
index 0000000000000000000000000000000000000000..427a2527d4b068be55b4bed2524e2f445c0c0bfe
--- /dev/null
+++ b/components/rappor/rappor_metric.cc
@@ -0,0 +1,60 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/rappor/rappor_metric.h"
+
+#include "base/logging.h"
+
+namespace rappor {
+
+RapporMetric::RapporMetric(const std::string& metric_name,
+                           const RapporParameters& parameters,
+                           int32_t cohort)
+    : metric_name_(metric_name),
+      parameters_(parameters),
+      bloom_(parameters.bloom_filter_size_bytes,
+             parameters.bloom_filter_hash_function_count,
+             cohort * parameters.bloom_filter_hash_function_count) {
+    DCHECK_GE(cohort, 0);
+}
+
+RapporMetric::~RapporMetric() {}
+
+void RapporMetric::AddSample(const std::string& str) { bloom_.AddString(str); }
+
+ByteVector RapporMetric::GetReport(const std::string& secret) const {
+  // Start with the real bloom filter data.
+  const ByteVector real_bits(bytes());

[Alexei Svitkine (slow), 2014/02/05 18:07:01]

I don't think this is necessary. You're making a copy of |bytes()| but keeping
it constant.

Just replace real_bits with bytes() throughout below.

[Steven Holte, 2014/02/05 22:44:37]

Done.

+
+  // Generate a deterministically random mask of fake data using the
+  // client's secret key + real data as a seed.

[Alexei Svitkine (slow), 2014/02/05 18:07:01]

I'd explicitly mention that it's intended that the result is not human readable
but actually just raw bytes - even if some components of it (e.g. metric_name_)
are.

[Steven Holte, 2014/02/05 22:44:37]

Expanded this comment a bit.

+  std::string seed = secret + metric_name_ +
+      std::string(real_bits.begin(), real_bits.end());

[Alexei Svitkine (slow), 2014/02/05 18:07:01]

Are we really sure that seeding the HMAC with the real data doesn't leak
information out? (Maybe a question for Ulfar).

[ulfar, 2014/02/05 18:32:47]

Yup, HMAC is a PRF (pseudo-random function), according to the strong Crypto
definition thereof.  So, because we're adding the secret as well, we can be sure
that the output value here isn't correlated with the real data.

+  HmacByteVectorGenerator hmac_generator(real_bits.size(), seed);
+  const ByteVector fake_mask =
+      hmac_generator.GetWeightedRandomByteVector(parameters()->fake_prob);
+  ByteVector fake_ones =
+      hmac_generator.GetWeightedRandomByteVector(parameters()->fake_one_prob);
+
+  // Redact most of the real data by replacing it with the fake data, hiding
+  // and limiting the amount of information an individual client reports on.
+  const ByteVector* redacted_bits =
+      ByteVectorMerge(fake_mask, real_bits, &fake_ones);
+
+  // Generate biased coin flips for each bit.
+  ByteVectorGenerator coin_generator(real_bits.size());
+  const ByteVector zero_coins =
+      coin_generator.GetWeightedRandomByteVector(parameters()->zero_coin_prob);
+  ByteVector one_coins =
+      coin_generator.GetWeightedRandomByteVector(parameters()->one_coin_prob);
+
+  // Use the redacted data to select which coin type is used for each bit in
+  // the final report.
+  const ByteVector* output =
+      ByteVectorMerge(*redacted_bits, zero_coins, &one_coins);

[Alexei Svitkine (slow), 2014/02/05 18:07:01]

Nit: Return directly.

[Steven Holte, 2014/02/05 22:44:37]

Done.

+
+  return *output;
+}
+
+}  // namespace rappor