diff --git a/components/p3a/constellation_helper.cc b/components/p3a/constellation_helper.cc index 6d25e97a670d..70dbd5d8afe7 100644 --- a/components/p3a/constellation_helper.cc +++ b/components/p3a/constellation_helper.cc @@ -27,7 +27,23 @@ namespace p3a { namespace { +// Probability of submitting a true report in the Nebula protocol +// +// This is computed from the differential privacy budget ε = 1.0 as +// +// kNebulaParticipationRate = alpha * (1 - exp(-epsilon)) +// constexpr double kNebulaParticipationRate = 0.105; + +// Probability of submitting a randomized response in the Nebula protocol +// +// This sets the fraction of clients not participating by submitting +// a true report for threshold aggregration which instead submit a +// privacy-enhancing dummy report. It must be sufficiently large to +// provide privacy coverage for the size of the P3A question domain, +// but values significantly less than 1.0 improve bandwidth efficiency +// by reducing the number of reports clients must send which will not +// be aggregated. constexpr double kNebulaScramblingRate = 0.05; bool CheckParticipationAndScrambleForNebula(std::vector* layers) { diff --git a/components/p3a/constellation_helper.h b/components/p3a/constellation_helper.h index aab01984029b..ef884908518b 100644 --- a/components/p3a/constellation_helper.h +++ b/components/p3a/constellation_helper.h @@ -25,7 +25,22 @@ class SharedURLLoaderFactory; namespace p3a { +// Heuristic aggregation threshold used for STAR/Constellation inline constexpr size_t kConstellationDefaultThreshold = 50; + +// Aggregation threshold used for Nebula +// +// This is derived from the differential privacy paramaters +// ε = 1.0 (the privacy budget) and δ = 1.0e-8 (should be +// less than the reciprocal of the number of clients) along +// with a parameter α = 1/6 which adjusts the tradeoff between +// this threshold and the sampling probability. +// +// This aggregation threshold is computed as +// +// kNebulaThreshold = ceil(log(1.0/delta) / Ca) +// where Ca = log(1.0/alpha) - 1.0 / (1.0 + alpha) +// inline constexpr size_t kNebulaThreshold = 20; struct P3AConfig; diff --git a/components/p3a/features.cc b/components/p3a/features.cc index 4ab315aa3fe0..b6b6f2c9c978 100644 --- a/components/p3a/features.cc +++ b/components/p3a/features.cc @@ -9,18 +9,27 @@ namespace p3a { namespace features { +// Report answers to P3A questions encrypted to the STAR/Constellation +// threshold aggregation scheme. BASE_FEATURE(kConstellation, "BraveP3AConstellation", base::FEATURE_ENABLED_BY_DEFAULT); +// Verify Constellation randomness server secure enclave certificate. BASE_FEATURE(kConstellationEnclaveAttestation, "BraveP3AConstellationEnclaveAttestation", base::FEATURE_DISABLED_BY_DEFAULT); +// Disable reporting answers over direct https+json +// for typical (weekly) cadence P3A questions. BASE_FEATURE(kTypicalJSONDeprecation, "BraveP3ATypicalJSONDeprecation", base::FEATURE_DISABLED_BY_DEFAULT); +// Disable reporting answers over direct https+json +// for other (daily or monthly) cadence P3A questions. BASE_FEATURE(kOtherJSONDeprecation, "BraveP3AOtherJSONDeprecation", base::FEATURE_DISABLED_BY_DEFAULT); +// Report P3A responses with "Nebula" differential privacy +// sampling enabled. See https://github.com/brave/brave-browser/issues/35841 BASE_FEATURE(kNebula, "BraveP3ADifferentialSampling", base::FEATURE_DISABLED_BY_DEFAULT); diff --git a/components/p3a/metric_names.h b/components/p3a/metric_names.h index c705486e3ca6..7b90885f4123 100644 --- a/components/p3a/metric_names.h +++ b/components/p3a/metric_names.h @@ -366,6 +366,12 @@ inline constexpr auto kHistogramsWithRefcodeIncluded = }); // List of metrics that should be protected by Nebula. +// +// We intend to apply Nebula to all questions by default, +// subject to verification that it behaves as expected. +// This list tests a small number of questions to confirm +// this, and should be removed or converted to an exception +// list once we're satisfied with the implementation. inline constexpr auto kNebulaOnlyHistograms = base::MakeFixedFlatSet(base::sorted_unique,{ "Brave.AIChat.ChatCount.Nebula",