components/rappor/reports.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "components/rappor/reports.h"
   6
   7 #include "base/logging.h"
   8 #include "base/rand_util.h"
   9 #include "components/rappor/byte_vector_utils.h"
  10 #include "components/rappor/rappor_parameters.h"
  11
  12 namespace rappor {
  13
  14 namespace internal {
  15
  16 ByteVector GenerateReport(const std::string& secret,
  17                           const RapporParameters& parameters,
  18                           const ByteVector& value) {
  19   // Generate a deterministically random mask of fake data using the
  20   // client's secret key + real data as a seed.  The inclusion of the secret
  21   // in the seed avoids correlations between real and fake data.
  22   // The seed isn't a human-readable string.
  23   const std::string personalization_string =
  24       std::string(value.begin(), value.end());
  25   HmacByteVectorGenerator hmac_generator(value.size(), secret,
  26                                          personalization_string);
  27   const ByteVector fake_mask =
  28       hmac_generator.GetWeightedRandomByteVector(parameters.fake_prob);
  29   ByteVector fake_bits =
  30       hmac_generator.GetWeightedRandomByteVector(parameters.fake_one_prob);
  31
  32   // Redact most of the real data by replacing it with the fake data, hiding
  33   // and limiting the amount of information an individual client reports on.
  34   const ByteVector* fake_and_redacted_bits =
  35       ByteVectorMerge(fake_mask, value, &fake_bits);
  36
  37   // Generate biased coin flips for each bit.
  38   ByteVectorGenerator coin_generator(value.size());
  39   const ByteVector zero_coins =
  40       coin_generator.GetWeightedRandomByteVector(parameters.zero_coin_prob);
  41   ByteVector one_coins =
  42       coin_generator.GetWeightedRandomByteVector(parameters.one_coin_prob);
  43
  44   // Create a randomized response report on the fake and redacted data, sending
  45   // the outcome of flipping a zero coin for the zero bits in that data, and of
  46   // flipping a one coin for the one bits in that data, as the final report.
  47   return *ByteVectorMerge(*fake_and_redacted_bits, zero_coins, &one_coins);
  48 }
  49
  50 }  // namespace internal
  51
  52 }  // namespace rappor