Index: components/rappor/rappor_metric.cc |
diff --git a/components/rappor/rappor_metric.cc b/components/rappor/rappor_metric.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..b3ca841862823ecc92cfb95b5f3b7fc4fc7f9a9c |
--- /dev/null |
+++ b/components/rappor/rappor_metric.cc |
@@ -0,0 +1,56 @@ |
+// Copyright 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "components/rappor/rappor_metric.h" |
+ |
+#include "base/logging.h" |
+ |
+namespace rappor { |
+ |
+RapporMetric::RapporMetric(const std::string& metric_name, |
+ const RapporParameters& parameters, |
+ int32_t cohort) |
+ : metric_name_(metric_name), |
+ parameters_(parameters), |
+ bloom_(parameters.bloom_filter_size_bytes, |
+ parameters.bloom_filter_hash_function_count, |
+ cohort * parameters.bloom_filter_hash_function_count) { |
+ DCHECK_GE(cohort, 0); |
+} |
+ |
+RapporMetric::~RapporMetric() {} |
+ |
+void RapporMetric::AddSample(const std::string& str) { bloom_.AddString(str); } |
+ |
+ByteVector RapporMetric::GetReport(const std::string& secret) const { |
+ // Generate a deterministically random mask of fake data using the |
+ // client's secret key + real data as a seed. The inclusion of the secret |
+ // in the seed prevents fake data from being correlated with real data. |
ulfar
2014/02/07 20:19:02
// in the seed avoids correlations between the rea
Steven Holte
2014/02/07 21:08:16
Done.
|
+ // The seed isn't a human-readable string. |
+ std::string seed = secret + metric_name_ + |
+ std::string(bytes().begin(), bytes().end()); |
+ HmacByteVectorGenerator hmac_generator(bytes().size(), seed); |
+ const ByteVector fake_mask = |
+ hmac_generator.GetWeightedRandomByteVector(parameters().fake_prob); |
+ ByteVector fake_ones = |
+ hmac_generator.GetWeightedRandomByteVector(parameters().fake_one_prob); |
+ |
+ // Redact most of the real data by replacing it with the fake data, hiding |
+ // and limiting the amount of information an individual client reports on. |
+ const ByteVector* redacted_bits = |
ulfar
2014/02/07 20:19:02
better name would be fake_and_redacted_bits
Steven Holte
2014/02/07 21:08:16
Done.
|
+ ByteVectorMerge(fake_mask, bytes(), &fake_ones); |
+ |
+ // Generate biased coin flips for each bit. |
+ ByteVectorGenerator coin_generator(bytes().size()); |
+ const ByteVector zero_coins = |
+ coin_generator.GetWeightedRandomByteVector(parameters().zero_coin_prob); |
+ ByteVector one_coins = |
+ coin_generator.GetWeightedRandomByteVector(parameters().one_coin_prob); |
+ |
+ // Use the redacted data to select which coin type is used for each bit in |
+ // the final report. |
+ return *ByteVectorMerge(*redacted_bits, zero_coins, &one_coins); |
ulfar
2014/02/07 20:19:02
A better comment would be
// Create a randomized
Steven Holte
2014/02/07 21:08:16
Done.
|
+} |
+ |
+} // namespace rappor |