+
+ Total processing = Per request Overhead + (#candidate ads) * (scoreAds time per ad) [vCPU-seconds] Throughput Per vCPU = 1 / (Total processing) [requests / vCPU-second] vCPUs needed = Total required throughput / Throughput Per vCPU [vCPUs] |
+
Processing latency = Overhead + (#candidate ads) * (scoreAds time per ad) / #workers [vCPU-seconds] |
+
+ Total processing = Overhead + (#IGs) * (generateBid time per IG) [ vCPU-seconds] Throughput Per vCPU = 1 / (Total processing) [requests / vCPU-second] vCPUs needed = Total required throughput / Throughput Per vCPU [vCPUs] |
+
Processing latency = Overhead + (#candidate ads) * (scoreAds time per ad) / #workers [vCPU-seconds] |
+
+ 
+ | Reporting support with Bidding and Auction services | +Timeline | +
| Win reporting for Single Seller Auctions | +LAUNCHED | +
| Win reporting for Device Orchestrated Multi Seller Auctions. | +LAUNCHED | +
| Win reporting for Server Orchestrated Multi Seller Auctions. | +Jan 2025 | +
| Private Aggregation API | +June 2025 | +
Argument |
+ JSON Object subfield |
+ Description |
+
auctionConfig |
+ auctionSignals |
+ Contextual signals passed from seller's ad service to the SellerFrontEnd service in SelectAdRequest.AuctionConfig |
+
| + | signalsForWinner |
+ Contextual signals passed from seller's ad service to the SellerFrontEnd service in SelectAdRequest.AuctionConfig |
+
sellerReportingSignals |
+ interestGroupOwner |
+ DSP / buyer domain. | +
| + | renderURL |
+ Ad render URL of winning bid. | +
| + | bid |
+ Value of bid that scored highest. | +
| + | desirability |
+ Score of winning bid. + Note: Winning bid refers to the bid with the highest score. |
+
| + | highestScoringOtherBid |
+ This is the value of a bid with the second highest score in the auction. This value represents eCPM (effective cost per thousand impressions), valued in US dollars. + Note: +
|
+
| + | topWindowHostName |
+ This is the host name of the publisher. | +
Argument |
+JSON Object Subfield |
+Description |
+
auctionSignals |
++ | Contextual signals passed from the seller's ad service to the
+SellerFrontEnd service in SelectAdRequest.AuctionConfig. |
+
signalsForWinner |
+ + | Signals returned by seller's ReportResult() function execution. |
+
perBuyerSignals |
+ + | Contextual signals passed from the seller's ad service to the SellerFrontEnd service in SelectAdRequest.AuctionConfig. This is the buyer signals for the winning buyer. |
+
buyerReportingSignals |
+ seller |
+ Seller's origin. This will be passed to the Auction service from the SellerFrontEnd service. | +
| + | adCost |
+ An optional field returned by generateBid(), rounded to fit into a floating point number with an 8 bit mantissa and 8 bit exponent for reporting. |
+
| + | interestGroupName |
+ The name of the interest group corresponding to the highest scoring bid. | +
| + | madeHighestScoringOtherBid |
+ This is set to true if the winning buyer was the only buyer that made bids with the second highest score. | +
| + | recency |
+ Duration of time (in minutes) from when this device joined this interest group until now. This is passed by the client. | +
| + | modelingSignals |
+ Sent as an output from the generateBid() function. This is expected to be a single integer value. |
+
| + | joinCount |
+ The number of times the given device has joined the same interest group in the last 30 days, while the interest group has been continuously stored. | +
+
+### Rationale for the design choices
+
+#### Why is the reporting URL generation done on the server?
+
+The inputs to the reporting functions include large signals such as:
+
+- Auction config
+- Per-buyer signals
+
+The response payload will significantly increase (potentially by 30kb or more)
+if reporting URL generation is performed on the client, leading to an increase
+in the cost and latency. Server-generated reporting URLs are lightweight and
+don't affect the response payload size.
+
+#### Why is the buyer's reportWin function executed on the seller's auction
+server?
+
+The reporting function execution can happen only after the ads are scored and
+the winner is determined. The `reportWin()` function call depends on an output of
+the `reportResult()` function called `signalsForWinner()`. If `reportWin()` needs to
+be executed on the buyer's Bidding service, an RPC from the SellerFrontEnd
+service to BuyerFrontEnd service is needed to fetch the URLs. This adds
+significant latency on the critical response path (>50ms) and additional network
+costs to both buyer and seller.
+
+### BuyerReportingId
+buyerReportingId is one of the interest group attributes which is input to reportWin via buyerReportingSignals. If set, the interestGroupName in buyerReportingSignals will not be set. The buyerReportingId is expected to be returned in the response from generateBid for every bid. This value is not obtained from the device due to [payload optimization][17].
+
+GenerateBid() API changes
+
+```
+generateBid(interestGroup, auctionSignals, perBuyerSignals,
+ trustedBiddingSignals, browserSignals, directFromSellerSignals) {
+ ...
+ return {'adCost': …,
+ 'bid': …,
+ 'bidCurrency': …,
+ 'render': …,
+ 'adComponents': [...],
+ 'allowComponentAuction': …,
+ 'modelingSignals': …,
+ 'buyerReportingId': “...”};
+}
+
+```
+
+
+### API changes
+
+The reporting URLs and beacon URL map for both the seller and the buyer are sent
+to the client in a [`SelectAdResponse`][9].
+
+These URLs are [CBOR-encoded][12] and encrypted before sending the
+response from the SellerFrontEnd service.
+
+```
+Message AdScore {
+...
+// The reporting URLs registered during the execution of reportResult() and
+// reportWin().
+WinReportingUrls win_reporting_urls = 10;
+...
+std::string buyer_reporting_id = 19;
+}
+
+message WinReportingUrls {
+
+message ReportingUrls {
+// The url to be pinged for reporting win to the buyer or seller.
+string reporting_url = 1;
+// The map of (interactionKey, URI).
+map
+ 
+ | Reporting support with Bidding and Auction services + | +Timeline + | +
| Win reporting for single seller auctions + | +LAUNCHED + | +
| Win reporting for device-orchestrated multi seller auctions. + | +Beta 2 + | +
| Win reporting for server-orchestrated multi seller auctions. + | +Beta 2 + | +
| Private Aggregation API + | +Scale Testing + | +
+
+
+The inputs to each reportResult and reportWin function are expected to be different for each of them:
+
+
+| Input Signals + | +Provided to
+ +Top Level Seller’s reportResult + |
+ Provided to
+ +Component Seller’s reportResult + |
+ Provided to Component Buyer’s reportWin + | +
| Auction Signals + | +Yes
+ +(Top Level auction config) + |
+ Yes \ +(Component level auction config) + | +Yes \ +(Component level auction config) + | +
| topWindowHostname + | +Yes + | +Yes + | +Yes + | +
| topLevelSeller + | +Yes + | +Yes + | +Yes + | +
| componentSeller + | +Yes + | +Yes + | +Yes + | +
| interestGroupOwner + | +Yes + | +Yes + | +Yes + | +
| renderURL + | +Yes + | +Yes + | +Yes + | +
| bid + | +Yes
+ +(modified bid) + |
+ Yes \ +(buyer bid) + | +Yes \ +(buyer bid) + | +
| desirability + | +Yes
+ +(Top level score) + |
+ Yes
+ +(Component level score) + |
+ No + | +
| topLevelSellerSignals + | +No + | +No + | +No + | +
| modifiedBid + | +No + | +Yes + | +No + | +
| highestScoringOtherBid + | +No + | +Yes + | +Yes + | +
| madeHighestScoringOtherBid + | +No + | +No + | +Yes + | +
| adCost + | +No + | +No + | +Yes + | +
| interestGroupName + | +No + | +No + | +Yes
+ +(may be included if the tuple of interest group owner, name, bidding script URL, ad creative URL, and ad creative size were jointly k-anonymous once B&A supports K-anonymity). + |
+
| seller + | +No + | +No + | +Yes + | +
| joinCount + | +No + | +No + | +Yes + | +
| recency + | +No + | +No + | +Yes + | +
| modelingSignals + | +No + | +No + | +Yes + | +
| signalsForWinner + | +No + | +No + | +Yes + | +
| perBuyerSignals + | +No + | +No + | +Yes + | +
+
+This dependency may not be necessary and adtechs have not provided requirements for [supporting this](https://github.com/WICG/turtledove/issues/821). This dependency is removed for reporting URL generation in Bidding and Auction Services and the topLevelSellerSignals will not be passed to the component seller’s reportResult.
+
+The reporting URLs for the component auctions will be generated immediately after the component auction for both component level seller and buyer. The win reporting urls for the seller and buyer from the component auction are passed to the top level auction in the response from SFE for both [device orchestrated](https://github.com/privacysandbox/fledge-docs/blob/main/bidding_auction_services_multi_seller_auctions.md#device-orchestrated-component-auctions) and [server orchestrated](https://github.com/privacysandbox/fledge-docs/blob/main/bidding_auction_services_multi_seller_auctions.md#server-orchestrated-component-auctions) component auctions.
+
+
+##### Device-orchestrated component auctions
+
+The top-level seller will receive the reporting urls for all the component sellers and winning buyers in the response from the component auctions. After the top level auction, the browser will run the top-level seller’s reportResult(). All the reporting urls will finally be pinged after the ad has rendered.
+
+
+
+
+###### API changes:
+
+For component auctions, the reporting urls will be populated in [component\_seller\_reporting\_urls](https://github.com/privacysandbox/bidding-auction-servers/blob/b27547a55f20021eb91e1e61b0d2175b4aee02ea/api/bidding_auction_servers.proto#L1173) instead of the [top\_level\_seller\_reporting\_urls](https://github.com/privacysandbox/bidding-auction-servers/blob/b27547a55f20021eb91e1e61b0d2175b4aee02ea/api/bidding_auction_servers.proto#L1178)
+
+##### Server-orchestrated component auctions
+
+The top-level seller will receive reporting urls for the component seller and winning buyer in the response from the component auctions. After the final top level auction in the top level seller's TEE based Auction service, the top level seller can run the reportResult() to generate a reporting url and return all the urls back to the client. The client will get the reporting urls for all the sellers and winning buyers and the top level seller in [AuctionResult](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L208) ciphertext in the response.
+
+
+
+
+###### API changes:
+
+For component auctions, the reporting urls will be populated in [component\_seller\_reporting\_urls](https://github.com/privacysandbox/bidding-auction-servers/blob/b27547a55f20021eb91e1e61b0d2175b4aee02ea/api/bidding_auction_servers.proto#L1173) ScoreAdsResponse instead of the [top\_level\_seller\_reporting\_urls](https://github.com/privacysandbox/bidding-auction-servers/blob/b27547a55f20021eb91e1e61b0d2175b4aee02ea/api/bidding_auction_servers.proto#L1178)
+
+For top-level auctions, the reporting urls will be populated in [top\_level\_seller\_reporting\_urls](https://github.com/privacysandbox/bidding-auction-servers/blob/b27547a55f20021eb91e1e61b0d2175b4aee02ea/api/bidding_auction_servers.proto#L1178)
+
+_Note: If the [top\_level\_seller field](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L434) in the AuctionConfig of SelectAdRequest is set, it will be considered a component auction. This field will be set by the component seller's ad server,based on an agreement with the top-level seller._
+
+Once the ad has been rendered on the client, all the reporting urls will be pinged. The clients will perform a check for [enrollment](https://github.com/privacysandbox/attestation/blob/main/how-to-enroll.md)_ _and [attestation](https://github.com/privacysandbox/attestation/blob/main/README.md#core-privacy-attestations). There will be additional validation to ensure that the reporting url domain matches the domain of the AdTech on Android.
diff --git a/bidding_auction_services_api.md b/bidding_auction_services_api.md
index c1776a3..90a23f7 100644
--- a/bidding_auction_services_api.md
+++ b/bidding_auction_services_api.md
@@ -1,972 +1,2268 @@
-# Bidding and Auction Services API
+**Authors:** | API + | +Alpha testing + | +Beta testing + | +Scale testing + | +
| Protected Audience
+ +(web browser on desktop and Android) + |
+ July 2023 onwards
+ +Available + |
+
|
+ Jan 2025
+ +Production experiment ramp:
|
+
| Protected Audience (Android) + | +Available + | +April 2024 onwards + | +Jan 2025 + | +
| Protected App Signals (Android) + | +Available + | +September 2024 onwards + | +Jan 2025 + | +
| Timeline + | +Common server side features + | +Protected Audience for web browser on desktop and Android + | +Protected Audience and Protected App Signals (PAS) on Android Apps + | +
| July 2023 + | +
|
+
|
+
|
+
| November 2023 + | +
|
+
|
+ + | +
| January 2024 + | ++ | ++ | +
|
+
| March 2024 + | +
|
+
|
+ + | +
| April 2024 + | ++ | +
|
+
|
+
| July 2024 + | ++ | ++ | +
|
+
| August 2024 + | +
|
+
|
+ + | +
| September 2024 + | ++ | ++ | +
|
+
| October 2024 + | +
|
+ + | ++ | +
| November 2024 + | +
|
+
|
+ + | +
| Jan 2025 + | +
|
+
|
+
|
+
| March 2025 + | ++ | +
|
+ |
| April 2025 + | ++ | +
|
+ + | +
| June 2025 + | +
|
+
|
+
|
+
| September 2025 + | +
+
|
+ + | +
|
+
| October 2025 and beyond + | +
|
+
|
+
|
+
AdWithBids.
+
+
+### Advertiser and Publisher Setup
+
+
+
+
+Advertiser and DSP Setup:
+
+
+
+* Advertisers operate their business in some currency, say “JPY”.
+* Advertisers set information used for bidding (maybe a bid and a budget, for example) on each Interest Group/Custom Audience (IG/CA) in its own currency, say “JPY”. Advertisers must communicate with its buyer to do this.
+* Buyer operates in some other currency, let’s say “EUR”.
+ * Buyer ensures that the IG/CA has a currency tag in its key-value server lookup keys, so that it can lookup real-time conversion rates from the currency of the IG/CA’s bidding information (JPY here) to its own bidding currency (EUR here).
+* Buyer pushes the IGs/CAs to a device.
+
+Separately, Publisher and Seller Setup:
+
+
+
+* Publisher operates its business in some currency, say “USD”
+* Publishers communicate this to the Seller’s Ad Server (SAS) through some channel. SAS chooses then to run the auction in “USD”.
+
+
+### Buyer Flow
+
+
+
+
+
+
+* Seller's code in client (browser, Android) makes ad requests to Seller Ad Server.
+* Seller Ad server adds to the AuctionConfig its own currency, each buyer’s expected currency, and real-time conversion rates, in this case from EUR to USD.
+* The Seller’s Seller Front-End server (SFE) sends a request for bids to each buyer’s Buyer Front-End server (BFE).
+* BFE performs the Key-Value lookup for each IG/CA. IG/CAs which have a currency tag in their keys can use this to fetch a conversion rate.
+ * The Key-Value server response, in addition to a conversion rate (JPY to EUR here), can include any information relevant to bidding for the IG/CA, in JPY, since the buyer’s script will have access to a conversion rate.
+* The IG/CAs and the bidding signals both are passed into the Buyer’s `generateBid()` UDF (user defined function). This UDF needs to be able to handle the information in JPY and a conversion rate. It must return a bid in the buyer’s specified currency (EUR here).
+* This process takes place for each buyer. The results are sent back to the SFE, which then executes currency checking.
+ * Bids which have a currency which does not match the buyer\_currency are rejected.
+
+
+### Seller Flow
+
+
+
+
+
+
+* Seller Front-End (SFE) looks up each AdWithBid’s scoring signals from Seller Key-Value server, this is totally unchanged.
+* SFE makes the ScoreAdsRequest to the Auction server, containing AdWithBids (in EUR), and the seller\_signals, which contain a real-time conversion rate (set by the SAS) (from EUR to USD in this case).
+* The Seller’s `scoreAd()` needs to accept AdWithBids in the buyer’s specified bidding currency (EUR here) and the conversion rate from buyer currency to seller currency (EUR to USD here) in seller\_signals.
+ * `scoreAd()` should also set an `incomingBidInSellerCurrency` on each bid, if applicable, to aid reporting; in this case this would be multiplying each `AdWithBid`’s `buyer_bid` by the EUR->USD conversion rate.
+ * In case of a component auction, `scoreAd()` must return bids in the seller\_currency (USD here).
+* The Seller’s `reportResult()` script now gets the original bid and original currency alongside all of the information it currently gets
+ * The Buyer’s `reportWin()` gets this same new information
+* In case of component auction, the Auction server checks each `AdScore`’s bid currency against the seller\_currency.
+* The result is returned to the Seller Ad Server.
+
+
+## Interest Groups / Custom Audiences
+
+DSPs may wish to bid in one currency (say, EUR) but store values to be used for bidding in another currency, say JPY. DSPs may put `'JPY'` in the `trustedBiddingSignalsKeys` and retrieve a conversion rate from the buyer KV server.
+
+
+## AuctionConfig
+
+Sellers may set the following new fields in the `AuctionConfig`:
+
+
+
+* Their own currency in `AuctionConfig.seller_currency`
+* Each participating DSP’s currency in `AuctionConfig.per_buyer_config.buyer_currency`
+
+Sellers may set a conversion rate from each buyer’s currency to their own (seller) currency in `sellerSignals` (which already exists in the `AuctionConfig`). These fields are optional and have no defaults. These fields must contain three uppercase letters; SFE will reject requests with invalid currency fields. [Currency checking behavior is specified below](#currency-checking).
+
+
+## generateBid()
+
+`generateBid()` has always included the `bidCurrency` field in the response.
+
+This is to be used to specify the currency of the bid.
+
+
+## Metrics
+
+B&A will use the existing bid rejection metric, kAuctionBidRejectedCount, when an `AdWithBid` or `AdScore` is rejected for currency mismatch.
+
+[kAuctionBidRejectedCount is partitioned by kSellerRejectReasons](https://github.com/WICG/turtledove/blob/main/FLEDGE_extended_PA_reporting.md#reporting-api-informal-specification). B&A will add two new rejection reasons to the list:
+
+
+| Enum value + | +Rejection Reason + | +Use + | +
8
+ |
+ BidFromGenBidFailedCurrencyCheck
+ |
+ Tracks AdWithBids rejected in the SFE for mismatch with the buyer_currency.
+ |
+
9
+ |
+ BidFromScoreAdFailedCurrencyCheck
+ |
+ Tracks AdScores with modified bids rejected in the auction service for mismatch with the seller_currency.
+ |
+
bidMetadata (the fifth argument to scoreAd(), formerly called deviceSignals in B&A & browserSignals on Chrome) now passes the bid’s currency in the field "bidCurrency".
+
+For all auctions, `scoreAd()` now includes a new field in the response, `incomingBidInSellerCurrency`. For component auctions, the field `bidCurrency` is also to be used.
+
+
+
+* `incomingBidInSellerCurrency`: (optional) Provides a conversion of a bid in a multi-currency auction to the seller's own currency. See below.
+* `bid` (already extant; the modified bid for component auctions)
+* `bidCurrency`: Currency of the modified bid above (therefore for component auctions only too).
+
+
+#### `incomingBidInSellerCurrency`
+
+
+
+* If `sellerCurrency` is set, `scoreAd()` for an auction is responsible for converting bids not already in `sellerCurrency` to `sellerCurrency`, via the `incomingBidInSellerCurrency` field of its return value. A bid already explicitly in the seller's currency cannot be changed by `incomingBidInSellerCurrency` (passing an identical value is a no-op; **passing a different one rejects the bid**).
+* If neither the original bid is explicitly in `sellerCurrency` nor an `incomingBidInSellerCurrency` is specified, a value of 0 is used as the converted value.
+
+
+### Component Auctions
+
+
+
+* If no modified bid is specified on the `AdScore` from `scoreAd()`, the original `AdWithBid`’s `bid` and `bid_currency` are set on the `AdScore`.
+* If the `seller_currency` is specified, then the currency of the `AdScore` (if specified, and whether from `scoreAd()` or not) is checked against it. AdScores will be rejected for mismatch.
+
+
+#### Metrics
+
+For each `AdScore` rejected for failing to match the `seller_currency`, [kAuctionBidRejectedCount](https://source.corp.google.com/h/team/android-privacy-sandbox-remarketing/fledge/servers/bidding-auction-server/+/main:services/common/metric/server_definition.h;l=197;drc=fd1abfdac744124967378137d336ad65f034251a) is incremented and the rejection reason set to `BidFromScoreAdFailedCurrencyCheck`.
+
+
+## Reporting
+
+
+##### Win Reporting
+
+The following fields have have been added to the `buyer/sellerReportingMetadata` parameter of `reportResult()` and `reportWin()`:
+
+
+
+* `bidCurrency`, denoting the currency of the `bid` field already present.
+* `highestScoringOtherBidCurrency`, denoting the currency of the `highestScoringOtherBid` already present.
+
+These will be populated according to the this [table](https://github.com/WICG/turtledove/blob/main/FLEDGE.md#53-currencies-in-reporting) in the FLEDGE explainer:
+
+To summarize this table:
+
+
+
+* For both `reportResult/Win()`, and regardless of whether `sellerCurrency` is set, the `bid` reported is the original value from `buyer_bid`, and the `bidCurrency` is the currency from `AdWithBidMetadata.bid_currency`.
+* For both `reportResult/Win()`:
+ * When the `sellerCurrency` is not set, `highestScoringOtherBid` is the original value from `buyer_bid` and `highestScoringOtherBidCurrency` will be set to`'???'`
+ * When `sellerCurrency` is set, `highestScoringOtherBid` is the converted value from `incomingBidInSellerCurrency` and `highestScoringOtherBidCurrency` is `sellerCurrency`
+
+
+##### Debug Reporting
+
+`forDebuggingOnly` functionality is expanded to include the following three fields:
+
+
+
+* `"${winningBidCurrency}"` is the currency tag of the winning bid.
+* `"${highestScoringOtherBidCurrency}"` is the currency tag of `highestScoringOtherBid`.
+* `"${topLevelWinningBidCurrency}"` is the currency tag of `highestScoringOtherBid`.
+
+These, as well as `winningBid`, `highestScoringOtherBid`, and `topLevelWinningBid` will be filled out according to this table (https://github.com/WICG/turtledove/blob/main/FLEDGE.md#53-currencies-in-reporting). To summarize:
+
+
+
+* When `sellerCurrency` is unset:
+ * The bids are all original values from `buyer_bid`.
+ * The currencies are all `'???'`.
+* When `sellerCurrency` is set:
+ * The bids are all converted values from `incomingBidInSellerCurrency`.
+ * The currencies are all `sellerCurrency`.
+ * For component auctions, `topLevelWinningBidCurrency` is the `sellerCurrency` of the top-level auction.
+
+
+## AuctionResult
+
+AuctionResult is unchanged for single-seller auctions. For multi-seller auctions, the bid for the `scoreAd()` result will always be passed back, in the `bid` field. When specified, its currency will go in the new field `bid_currency`.
+
+
+## Server-Orchestrated Multi-Seller Auctions
+
+
+### API Updates
+
+B&A has added a new field to the `AuctionConfig` called `per_component_seller_config`, which is analogous to `perBuyerConfig`. It maps each component seller to a configuration object. The config has one field, `expected_component_seller_currency`, a string containing a currency code, representing the currency in which the top-level-seller expects the component seller to deliver `AuctionResult`s.
+
+The name of the seller in the map must match what the component seller sends back in its `AuctionResult.auction_params.component_seller`.
+
+The top-level-seller is expected to agree upon expected currencies from each of its component sellers beforehand, and this communication is out-of-band from B&A’s perspective. This matches the way that sellers already communicate expected currencies with buyers.
+
+
+#### Validation
+
+The expected component seller currency field is optional and is validated by the same rule which governs `seller_currency` and `buyer_currency`.
+
+
+### Currency Checking
+
+As `AuctionResult`s carry bid currencies, each `AuctionResult`’s bid currency is checked against the top-level seller’s specified `expected_currency` for its component seller. [This check operates based on the same rules as the AdWithBid currency checking described above](#currency-checking).
+
+However, when an AuctionResult is rejected for currency mismatch, no metric is logged; a client-visible error is instead recorded.
+
+
+### Checking `incomingBidInSellerCurrency`
+
+If the incoming `AuctionResult` (from the component seller) has a bid currency, and this bid currency matches the top-level seller’s seller currency, then if the top level seller’s scoreAd() outputs an `incomingBidInSellerCurrency`, it must equal the `AuctionResult.bid`. Otherwise the bid will be rejected.
+
+[This check operates based on the same rules as the AdScore incomingBidInSellerCurrency checking described above](#incomingbidinsellercurrency).
+
+
+### Github issues
+
+Adtechs can file issues and feature requests on [Github](https://github.com/WICG/protected-auction-services-discussion).
+
+
+## Related publications
+
+Refer to related publications on [Github](https://github.com/privacysandbox/protected-auction-services-docs).
+
+[0]: https://github.com/akundla-google
+
diff --git a/bidding_auction_services_chaffing.md b/bidding_auction_services_chaffing.md
new file mode 100644
index 0000000..e50c74b
--- /dev/null
+++ b/bidding_auction_services_chaffing.md
@@ -0,0 +1,311 @@
+# Bidding and Auction Services: Chaffing Design
+**Author:** [buyer_input](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L72) for buyers that have interest groups stored on the client. Note that the seller can also specify a set of buyers to be included in encrypted B&A payload (refer [payload optimization)](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding-auction-services-payload-optimization.md#payload-optimization-guide-for-sellers--ssps).
+2. The Seller Ad Service sends [SelectAdRequest](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L544) to B&A (Seller Frontend service), The SelectAdRequest includes encrypted B&A payload and AuctionConfig. \
+ \
+In the [AuctionConfig](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L722) field, the seller's ad service can provide a [list of buyers](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L569) that may participate in the auction.
+3. The Seller Frontend Service (SFE) processes the request and determines the subset of buyers (each of whom are running Buyer Frontend Services (BFE)) to invoke based on the intersection of the following:
+ 1. The [buyer_input](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L72) in the ProtectedAuctionInput generated by the client
+ 2. The [buyer_list](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L569) suggested by the Seller Ad Service
+ 3. Partner buyer domains configured in the SFE’s runtime config.
+
+For an overview of the B&A architecture, see the B&A high level design diagram [here](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#high-level-design).
+
+Without chaffing, a malicious actor (be it an SSP acting in bad faith or a network snooper) could monitor an SFE’s network traffic and easily correlate which buyers are invoked for a given SelectAd request. The data in the `buyer_input` is considered highly sensitive information because it represents the user’s interests, thus it must be protected.
+
+To mitigate this threat, the SFE will send out additional chaff requests. If a network snooper were to observe the outgoing network traffic of the SFE, they would now see an additional `n` outgoing network requests that are indiscernible from the ‘real’ requests. However, buyers will be able to differentiate chaff and ‘real’ requests using a field in the plaintext request. Using this, buyers will know to not spend server resources processing a chaff request, and malicious actors are unable to learn the buyers specified in the client’s ciphertext.
+
+
+## Design
+
+There are a few different problems to solve for a proper chaffing implementation on B&A:
+
+
+
+1. [Seller side] Determine a set of buyers to send chaff requests to
+2. [Seller side] Generate chaff requests
+3. [Buyer side] Process chaff requests in a manner similar to real requests
+4. [Buyer side] Generate chaff responses
+
+Chaffing will be implemented in two phases:
+
+
+
+* Phase 1 will focus on basic security measures by getting an initial chaffing implementation in place on B&A, and that is launched in 2024.
+* Phase 2 will revisit some of the solutions from Phase 1 and implement solutions with proper anti-abuse mitigations necessary to make chaffing a more secure solution. Phase 2 is planned to launch in early 2025.
+
+
+## Phase 1
+
+
+### Ensuring determinism
+
+Imagine a chaffing solution where the SFE randomly chooses a set of buyers to send chaff requests to. If a client’s ciphertext is run through the SFE 1000 times, a malicious actor can see which buyers are invoked each of the 1000 times, effectively sidestepping chaffing. To prevent this, determinism is introduced in the system by seeding server side random number generators (RNGs).
+
+The system will seed RNGs with the [generation_id](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L49), a UUID that is generated and stored by clients within the protected auction ciphertext. Unlike the auction config, the protected auction ciphertext is encrypted by the client and cannot be read by the Seller Ad Service. The ciphertext is an OHTTP encapsulated payload that is encrypted using a public key vended by the coordinators, and only attested Protected Auction Servers running within a TEE are given the private keys. Therefore, it is guaranteed that the Seller Ad Service can never view or decipher any of the contents of the ciphertext. The plaintext value for this field will also not be returned to adtechs client side when running an ad auction.
+
+The [generation_id](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L49) is propagated from the SFE to the BFE today ([1](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L49), [2](https://github.com/privacysandbox/data-plane-shared-libraries/blob/main/src/logger/logger.proto#L52)), so it can be used throughout the system where deterministic behavior is needed.
+
+
+### [SFE] Calculate how many chaff requests to send
+
+Where
+
+
+
+* participating_buyers is the set of buyers who will receive non-chaff requests (i.e. the buyers in the intersection of a) the client ciphertext, b) `buyer_list` in the `auction_config`, and c) the SFE’s runtime config)
+* `buyers_in_sfe_runtime_config` is the [set of partner buyers that the seller's SFE is configured to communicate with](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/production/deploy/gcp/terraform/environment/demo/seller/seller.tf#L66)
+* `buyers_in_auction_config` is the [list of buyers passed into the SelectAd request](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L569)
+
+the SFE will use the following bounds for the number of chaff requests to send:
+
+
+
+* If `participating_buyers` == 0, the bounds will be:
+ * [2, `|(buyers_in_sfe_runtime_config ∩ buyers_in_auction_config) - participating_buyers|`].
+* If `participating_buyers` >= 1, the bounds will be:
+ * [1, `|(buyers_in_sfe_runtime_config ∩ buyers_in_auction_config) - participating_buyers|`].
+
+The SFE will choose a random number between these bounds and will always send at least 1 chaff request. The minimum number of requests (real and chaff) the SFE will send is always 2; it must be a non-static lower bound for the number of chaff requests to send. If the lower bound was static, the system would leak information for the case where the SFE sends 0 real requests and the ‘static lower bound’ number of requests. The malicious actor would then know the buyers in the ciphertext have no overlap with `|buyers_in_sfe_runtime_config| ∩ |buyers_in_auction_config|`.
+
+Please read below for the cost implications of this solution.
+
+
+### [SFE] Identify chaff request candidates
+
+As mentioned above, chaff request candidates are buyers in the intersection of:
+
+
+
+1. Buyers the SFE is configured to send GetBids requests to.
+2. Buyers in the `buyer_list` in the `auction_config`.
+3. Buyers not in the protected auction ciphertext sent by the client (because the SFE will send real requests to these buyers if possible).
+
+
+
+
+
+**Chaffing in B&A**
+
+Given those chaff request candidates, the SFE selects candidates by:
+
+
+
+1. Taking the hash of the [generation ID](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L49) and use it to seed a random number generator (RNG)
+2. Getting the list of buyers chaff requests can be sent to.
+3. Shuffling the list, and send chaff requests to the first `n` buyers in the list where `n` is the number of chaff requests it will send.
+
+
+### [SFE] Generate chaff requests
+
+The SFE will set the [is_chaff](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L262) field in the GetBids request so the BFE can differentiate the request from real traffic. All other fields will be empty, so the chaff request will be padded to make them seem similarly sized to a ‘real’ request.
+
+
+#### Request format
+
+The format of the [request_ciphertext](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L1040-L1041) field in the GenerateBidsRequest proto will change to accommodate for chaffing. Today, the payloads only consist of the [GenerateBidsRawRequest](https://github.com/privacysandbox/bidding-auction-servers/blob/e40a4fccdce168379189ab7b6b87b55b1e3f736d/api/bidding_auction_servers.proto#L945) proto bytestrings. Going forward, the format will be as follows:
+
+
+
+* 1 byte for request metadata:
+ * 4 bits for the version number (e.g. 16 possible values) \
+Version number represents the request format, in case the request format needs to be changed in the future.
+ * 4 bits for the compression algorithm, if any, used (e.g. 16 different values)
+* 4 bytes for the payload size
+* X bytes for the `GetBidsRawRequest` payload
+* Y bytes of padding
+
+| +BFE Request Format + | +||||
| 1 byte + | +4 bytes + | +X bytes + | +Y bytes + | +|
| Version
+ +number + |
+ Compression
+ +algorithm + |
+ Payload
+ +size + |
+ GetBidsRequest
+ +Payload + |
+ Padding + | +
| 4 bits + | +4 bits + | ++ | +||
| BFE Response Format + | +||||
| 1 byte + | +4 bytes + | +X bytes + | +Y bytes + | +|
| Version
+ +number + |
+ Compression
+ +algorithm + |
+ Payload
+ +size + |
+ GetBidsRequest
+ +Payload + |
+ Padding + | +
| 4 bits + | +4 bits + | ++ | +||
+ 
+ Task |
+ Command |
+
Local service: List grpc endpoints |
+ grpcurl -plaintext localhost: |
+
Local service: Send query |
+ grpcurl -plaintext -d '@' localhost: |
+
GCP service: List grpc endpoints |
+ grpcurl dns:/// |
+
GCP service: Send query |
+ grpcurl -d '@' dns:/// |
+
| Number of ads per ad request | +Target RPS per instance | +Size of `trustedScoringSignals` per ad | +Total memory required for a SellerFrontEnd instance | +
| A | +R | +S | +~ A * R * S | +
| Number of ads per ad request | +Target RPS per instance | +p95 latency of `scoreAd()` and reporting executions | +Total vCPUs required in an Auction instance | +
| A | +R | +L (ms) | +~ A * R * L / 1000 + + (Total scoring and reporting executions per second) * + (latency for each scoring execution) + + Note: Reporting urls are generated in Auction service after all scoring executions. + The latency overhead is very small. Refer [here][116] for more details. + |
| Number of Interest Groups per buyer per ad request | +Target RPS per instance | +Size of `trustedBiddingSignals` per Interest Group | +Total memory required for a BuyerFrontEnd instance (M) | +
| I | +R | +S | +~ I * R * S | +
| Number of Interest Groups per buyer per ad request | +Target RPS per instance | +p95 latency of a `generateBid()` execution | +Total vCPUs required in a Bidding instance | +
| I | +R | +L (ms) | +~ I * R * L / 1000 + + (Total `generateBid()` executions per second * latency for each + `generateBid()` execution) + |
+ [AuctionConfig](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L305) and [type of client](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L191). Seller's ad service can forward the device metadata to SFE if available, refer [here](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#metadata-forwarding) for more information about metadata forwarding.
+
+3. [SellerFrontEnd (SFE) service]
+ * Upon receiving a [SelectAdRequest](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L304) from the [seller's ad service](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#sellers-ad-service), [SFE](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#sellerfrontend-service) decrypts and decompresses ProtectedAuctionInput ciphertext that includes Protected App Signals data. SelectAdRequest payload also includes seller's [AuctionConfig](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L305).
+ * SFE parses the buyer list from buyer_list[[3](https://github.com/privacysandbox/bidding-auction-servers/blob/06bf6ed1bd98916d1a9b6887518936655b4d537b/api/bidding_auction_servers.proto#L326-L329)] provided by the seller in [AuctionConfig](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L305) and checks for intersection with the buyer domains configured on the server as part of the BUYER_SERVER_HOSTS config [[4](https://github.com/privacysandbox/bidding-auction-servers/blob/06bf6ed1bd98916d1a9b6887518936655b4d537b/production/deploy/gcp/terraform/environment/demo/seller/seller.tf#L62)].
+ * SFE sends GetBidsRequest[[5](https://github.com/privacysandbox/bidding-auction-servers/blob/06bf6ed1bd98916d1a9b6887518936655b4d537b/api/bidding_auction_servers.proto#L493-L495C9)] to the Buyer Frontend (BFE) service of each buyer to collect ads / bids from the shortlisted buyers.
+ * GetBidsRequest includes buyer inputs for Protected App Signals and Protected Audience, buyer signals (contextual signals) and other required data.
+ * If [device metadata](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#metadata-forwarding) is available, SFE would also [add the metadata in GetBids gRPC request](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#metadata-forwarded-by-sellerfrontend-service) to BFE.
+
+4. [BuyerFrontEnd (BFE) service]
+ * Each buyer’s BFE checks for the presence of ProtectedAppSignalsBuyerInput[[6](https://github.com/privacysandbox/bidding-auction-servers/blob/06bf6ed1bd98916d1a9b6887518936655b4d537b/api/bidding_auction_servers.proto#L541-L542)] in GetBidsRequest. If present, BFE will send a GenerateProtectedAppSignalsBidsRequest[[7](https://github.com/privacysandbox/bidding-auction-servers/blob/06bf6ed1bd98916d1a9b6887518936655b4d537b/api/bidding_auction_servers.proto#L771-L772)] to the bidding service. GenerateProtectedAppSignalsBidsRequest includes buyer inputs, buyer (contextual) signals and other required data.
+ * _Note: If buyer input for ProtectedAudience is present in GetBidsRequest, then bid generation [flow](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#flow) for Protected Audience is executed in parallel._
+
+5. [Bidding service]
+Bidding Service performs the following in sequence to retrieve a Protected App Signals ad and corresponding bid:
+
+ * Prepares the data required for retrieving ads from buyer’s Ad Retrieval service. This is achieved by calling into buyer provided prepareDataForAdRetrieval [UDF](#preparedataforadretrieval-udf).
+ * Calls buyer's [Ad Retrieval service][3] to fetch top k-ads and associated metadata (optionally including trusted bidding signals).
+The ad retrieval request payload includes data from the previous step as well as buyer signals required for bidding and [device metadata](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#metadata-forwarding) if available.
+ * _Note: Device metadata is passed in as part of the request payload to ad retrieval service._
+ * Feeds the ads and metadata to the buyer provided generateBid [UDF](#generatebid-udf) to get a single Protected App Signals ad with bid.
+ * Returns this ad and corresponding bid to BFE.
+
+7. [BFE]
+ * BFE handles GenerateProtectedAppSignalsBidsResponse and returns the ad and bid to the seller’s SFE service.
+ If Protected Audience ads are also participating in the auction then BFE waits for bids for both Protected Audience and Protected App Signals
+ ads before returning all the ads and bids to SFE.
+
+8. [SFE]
+ * SFE waits for all the buyer bids, collects scoring signals from seller’s KV service for all the render URLs in the bids received from BFEs
+ and sends these ads and bids along with the scoring signals to the auction service.
+
+10. [Auction service]
+ * Auction [service](#auction-service) scores all the ads / bids and chooses a winner.
+ * _Note:_
+ * _Both Protected Audience and Protected App Signals bids are scored in this single auction._
+ * _Each bid is scored in isolation._
+ * Seller and buyer's reporting urls and registered beacons are also generated in the auction service once a winning ad / bid is selected. Refer [here](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_event_level_reporting.md) for more information.
+ * Auction service returns information about winning ad / bid and reporting urls back to SFE.
+
+9. [SFE]
+ * SFE sends back the encrypted [AuctionResult](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L208) in SelectAdResponse to the seller's ad service.
+This response can contain a winner or can contain a chaff (e.g. if no buyers ended up participating in the auction or if no buyers generated a bid for candidate ads).
+
+10. [Seller's ad service]
+ * Seller's ad service includes the [AuctionResult](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L208) ciphertext in ad response to the client.
+This payload is decrypted by the seller on the device.
+
+12. [Android client]
+ * The encrypted response is decrypted. If there is no chaff ad is rendered on the app.
+ * Adtech's reporting endpoints are pinged from the client.
+
+### Auction With Contextual Ads
+
+Following is an overview of Protected App Signals architecture with B&A with
+contextual ads participating in the auction.
+
+
+ [AuctionConfig](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L305) and[ type of client](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L191). Seller's ad service can forward the device metadata to SFE if available, refer [here](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#metadata-forwarding) for more information about metadata forwarding.
+3. [SellerFrontEnd (SFE) service]
+ * Upon receiving a [SelectAdRequest](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L304) from the[ seller's ad service](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#sellers-ad-service), [SFE](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#sellerfrontend-service) decrypts and decompresses ProtectedAuctionInput ciphertext that includes Protected App Signals data. SelectAdRequest payload also includes seller's [AuctionConfig](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L305).
+ * Then SFE parses the buyer list from buyer_list[[3](https://github.com/privacysandbox/bidding-auction-servers/blob/06bf6ed1bd98916d1a9b6887518936655b4d537b/api/bidding_auction_servers.proto#L326-L329)] provided by the seller in [AuctionConfig](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L305) and checks for intersection with the buyer domains configured on the server as part of the BUYER_SERVER_HOSTS config [[4](https://github.com/privacysandbox/bidding-auction-servers/blob/06bf6ed1bd98916d1a9b6887518936655b4d537b/production/deploy/gcp/terraform/environment/demo/seller/seller.tf#L62)].
+ * SFE sends GetBidsRequest[[5](https://github.com/privacysandbox/bidding-auction-servers/blob/06bf6ed1bd98916d1a9b6887518936655b4d537b/api/bidding_auction_servers.proto#L493-L495C9)] to the Buyer Frontend (BFE) service of each buyer to collect ads / bids from the shortlisted buyers.
+ * GetBidsRequest includes buyer inputs for Protected App Signals and Protected Audience, buyer signals (contextual signals) and other required data. If [device metadata](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#metadata-forwarding) is available, SFE would also[ add the metadata in GetBids gRPC request](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#metadata-forwarded-by-sellerfrontend-service) to BFE.
+4. [BuyerFrontEnd (BFE) service]
+ * Each buyer’s BFE checks for the presence of ProtectedAppSignalsBuyerInput[[6](https://github.com/privacysandbox/bidding-auction-servers/blob/06bf6ed1bd98916d1a9b6887518936655b4d537b/api/bidding_auction_servers.proto#L541-L542)] in GetBidsRequest. If present, BFE will send a GenerateProtectedAppSignalsBidsRequest[[7](https://github.com/privacysandbox/bidding-auction-servers/blob/06bf6ed1bd98916d1a9b6887518936655b4d537b/api/bidding_auction_servers.proto#L771-L772)] to the bidding service. GenerateProtectedAppSignalsBidsRequest includes buyer inputs (which [includes](https://github.com/privacysandbox/bidding-auction-servers/blob/64cf212087572e4f0c1eac56083e49489d85e06a/api/bidding_auction_servers.proto#L612) contextual ad render ids), buyer (contextual) signals and other required data.
+ * Note: If buyer input for ProtectedAudience is present in GetBidsRequest, then bid generation [flow](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#flow) for Protected Audience is executed in parallel.
+5. [Bidding service]
+ * Bidding service calls into a TEE based Key-Value service to fetch real time signals.
+ * These real time signals are then fed to the buyer provided generateBid [UDF](#generatebid-udf) to get a single Protected App Signals ad with bid which is then returned to BFE.
+6. [Buyer Frontend (BFE) Service]
+ * BFE handles GenerateProtectedAppSignalsBidsResponse and returns the ad and bid to the seller’s SFE service. If Protected Audience ads are also participating in the auction then BFE waits for bids for both Protected Audience and Protected App Signals ads before returning all the ads and bids to SFE.
+7. [Seller Frontend (SFE) Service] SFE waits for all the buyer bids, collects scoring signals from seller’s KV service for all the render URLs in the bids received from BFEs and sends these ads and bids along with the scoring signals to the auction service.
+8. [Auction service]
+ * Auction service [scores](#auction-service) all the ads / bids and chooses a winner.
+ * Note: Both Protected Audience and Protected App Signals bids are scored in this single auction.
+ * Each bid is scored in isolation.
+ * Seller and buyer's reporting urls and registered beacons are also generated in the auction service once a winning ad / bid is selected. Refer [here](https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_event_level_reporting.md) for more information.
+ * Auction service returns information about winning ad / bid and reporting urls back to SFE.
+9. [Seller Frontend (SFE) Service]
+ * SFE sends back the encrypted [AuctionResult](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L208) in SelectAdResponse to the Seller's Ad Service. This response can contain a winner or can contain a chaff (e.g. if no buyers ended up participating in the auction or if no buyers generated a bid for candidate ads).
+10. Seller's ad service includes the [AuctionResult](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L208) ciphertext in ad response to the client. This payload is decrypted by the seller on the device.
+11. The ad is rendered and then adtech's reporting endpoints are pinged from the client.
+
+
+### API Updates
+
+The following sections provide the detailed design of the Protected App Signals flow with Bidding and Auction services.
+
+
+#### [Android API](https://developer.android.com/design-for-safety/privacy-sandbox/protected-app-signals#curate-protected)
+
+To support Protected App Signals, the seller's SDK on Android will send ad requests to the seller's ad service, where the request payload would include additional data in encrypted [ProtectedAuctionInput](https://github.com/privacysandbox/bidding-auction-servers/blob/b222e359f09de60f0994090f7a57aa796e927345/api/bidding_auction_servers.proto#L53-L58) (which is a [new](#new-protectedauctioninput-message) message type). The Protected App Signals are treated as an opaque byte string by B&A. Refer [here](https://developer.android.com/design-for-safety/privacy-sandbox/protected-app-signals#curate-protected) for more details about Protected App Signals curation.
+
+
+#### Bidding and Auction services API
+
+Following sections go over the updates to the B&A API required to support Protected App Signals ad targeting.
+
+
+##### SelectAd API Updates
+
+###### [New]` ProtectedAuctionInput` Message
+
+B&A supports `ProtectedAudienceInput` proto message to get the encrypted protected audience data in `SelectAdRequest`. This` ProtectedAudienceInput `message has now been deprecated.
+
+```protobuf
+message ProtectedAudienceInput {
+ option deprecated = true;
+
+ // ...
+}
+```
+
+With Protected App Signals ad targeting use-case, we generalize the `ProtectedAudienceInput` message by introducing `ProtectedAuctionInput`.
+
+ProtectedAuctionInput message will be a superset that includes Protected App Signals as well as the Protected Audience data sent from the device. Android will migrate to support `ProtectedAuctionInput `from` ProtectedAudienceInput`. Seller's ad service must depend on the `ProtectedAuctionInput `message going forward.
+
+```protobuf
+// ProtectedAuctionInput is generated and encrypted by the client,
+// passed through the untrusted Seller service, and decrypted by the
+// SellerFrontEnd service.
+// It is the wrapper for all of BuyerInput and other information required
+// for the Protected Audience auction.
+message ProtectedAuctionInput {
+ // Input per buyer.
+ // The key in the map corresponds to IGOwner (Interest Group Owner) that
+ // is the Buyer / DSP. This string that can identify a
+ // buyer participating in the auction. The value corresponds to plaintext
+ // BuyerInput ingested by the buyer for bidding.
+ map
+ | Feature type
+ +(Defined in the schema) + |
+ Feature type in collection
+ +(Defined in the schema) + |
+ Parameters
+ +(Defined in the schema) + |
+ Corresponding value in Json + | +Wire representation + | +|
histogram-feature-type with size = 2
+ |
+ unsigned-int-feature-type
+ |
+ size = 3
+ |
+ 5
+ |
+ 101
+ |
+ |
signed-int-feature-type
+ |
+ size = 4
+ |
+ -3
+ |
+ 1101
+ |
+ ||
boolean-feature-type
+ |
+ + | ++ | +false
+ |
+ 0
+ |
+ |
bucket-feature-type
+ |
+ boolean-feature-type
+ |
+ size = 4, allow-multiple = true,
+ nullable = true
+ |
+ [true, false, true, false]
+ |
+ 01011
+ |
+ |
boolean-feature-type
+ |
+ + | +
+ nullable = true
+ |
+ null
+ |
+ 00
+ |
+ |
+
+#### Wire format for temporaryUnlimitedEgressPayload:
+
+Wire format of the feature values + padding would be:
+
+
+
+Wire format of the feature values + padding + header would be:
+
+
+
+#### Wire format for egressPayload:
+
+Wire format of the feature values + padding would be:
+
+
+
+Wire format of the feature values + padding + header would be:
+
+
+
+## Addendum: Workaround for implementing nullability before official support
+
+While nullability will not be supported immediately upon the release of egress vector support, AdTechs can write their schemas in such a way that the serialized representation of the egress vector is identical before and after nullability is supported.
+
+Recall that a null value for a type is indicated by adding a signaling bit to the least-significant bit of the serialized representation. AdTechs can simply add a `boolean-feature-type` before each value which they intend to make nullable, and set it to indicate whether the following value is null: 0 (for null) or 1 (for non-null).
+
+Because this approach is identical to the way nullability support will be implemented, it allows AdTechs to write de-serialziation code now. Upon the release of nullability support, AdTechs will remove the boolean nullability flags and mark the values to which they correspond as nullable in the schema, and update their code for building the egress vector accordingly.
+
+Consider the example schema from above, modified to show nullability flags in bold before nullability support:
+
+| Feature type
+ +(Defined in the schema) + |
+ Feature type in collection
+ +(Defined in the schema) + |
+ Parameters
+ +(Defined in the schema) + |
+ Corresponding value in Json + | +Wire representation + | +|
histogram-feature-type with size = 2
+ |
+ unsigned-int-feature-type
+ |
+ size = 3
+ |
+ 5
+ |
+ 101
+ |
+ |
signed-int-feature-type
+ |
+ size = 4
+ |
+ -3
+ |
+ 1101
+ |
+ ||
boolean-feature-type
+ |
+ + | ++ | +false
+ |
+ 0
+ |
+ |
boolean-feature-type
+ |
+ + | ++ | +true
+ |
+ 1
+ |
+ |
bucket-feature-type
+ |
+ boolean-feature-type
+ |
+ size = 4, allow-multiple = true
+ |
+ [true, false, true, false]
+ |
+ 0101
+ |
+ |
boolean-feature-type
+ |
+ + | ++ | +false
+ |
+ 0
+ |
+ |
boolean-feature-type
+ |
+ + | ++ | +false
+ |
+ 0
+ |
+ |
Coordinator |
+ Operator of coordinator services. Each coordinator deploys and operates the necessary components (Type-1 or Type-2) to support ad tech workloads. |
+
Coordinator pair |
+ An operated pair of coordinator services (Type-1, Type-2) in the same public cloud. |
+
Ad tech |
+ A company that provides services to deliver and measure ads. In this explainer it is used to describe the entity running a Privacy Sandbox trusted service workload compiled from open source code and interacting with Coordinator Services. |
+
Attestation |
+ A mechanism to authenticate software identity, usually with cryptographic hashes or signatures. In this explainer, attestation matches the code running in the coordinator-operated key-generation service or adtech-operated workload service with open source code. Note: this is not the Privacy Sandbox Enrollment Attestation. |
+
Trusted execution environment (TEE) |
+ A secure, private, and isolated execution context. The TEE's contents are protected from observation and tampering by unauthorized parties, including the root user. The requirements for supported public TEE implementations can be found here. |
+
Multi-party key generation and distribution service (MPKGDS) |
+ Formerly known as Key Management System (KMS).
|
+
Aggregatable Report Accounting |
+ A distributed ledger that tracks and limits the number of times a given aggregatable report sharedID can be processed to generate noised summary reports. The number of times allowed is referred to as the "budget" for the given sharedID. The aggregatable report accounting budget is maintained in both Type-1 and Type-2 coordinator deployments. |
+
Cloud KMS |
+ Key Management Service offered by a public cloud provider as a managed service for hardware or software backed symmetric and asymmetric encryption keys |
+
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ [deploy_and_benchmark](https://github.com/privacysandbox/protected-auction-key-value-service/blob/main/tools/benchmarking/deploy_and_benchmark) tool will deploy one or multiple terraform configurations one by one and run benchmarks against the deployed server.
+
+The tool takes multiple input parameters, such as
+
+
+
+* A file with sets of Terraform variables to override
+* Directory with snapshot files or delta files with key value mutations of type `Update`
+* List of number of keys (`n`) to include from a snapshot file
+* (Optionally) a directory with UDFs to upload and benchmark against
+
+Given these input parameters, the benchmarking tool completes the following steps for each combination of parameters
+
+
+
+* Deploy with the given set of terraform variable overrides
+* Generate requests with `n` keys from the given snapshot file
+* Run benchmarks
+* Collect results in a CSV
+
+The output CSV file contains metadata on each benchmark iteration and the RPS that can then be analyzed by the user.
+
+_Note: The tool does _not_ upload key-value delta/snapshot files. Please ensure those are already loaded into the blob storage bucket that the server will be reading from. Similarly, the tool will not be performing continuous data generation or upload key value delta files while the server is already running. This will need to be handled by a separate pipeline._
+
+
+### Reference
+
+For requirements and detailed usage of the tool, please refer to the [README](https://github.com/privacysandbox/protected-auction-key-value-service/blob/main/tools/benchmarking/README.md). The tool includes more flags than are outlined in this document.
+
+
+### Choosing input parameters
+
+In its simplest form, the tool can be used to iterate through a set of deployments that override the instance only.
+
+However, there are many other factors besides instance size that affect the server’s RPS, such as
+
+
+
+* Request payload size
+* Key size and value size
+* Whether it is sharded
+* CPU usage of UDFs
+* Data loading
+
+The tool is designed to allow iterating through some of these parameters, such as request payload and deployment variables . The benchmarking results can inform decisions around different deployment models, dataset configurations, payloads, and more.
+
+
+### A note on runtime and benchmark durations
+
+The tool’s runtime depends on the number of combinations of input parameters it needs to iterate through and can increase significantly just by adding more combinations of input parameters.
+
+By default, the benchmarking tool uses a duration of 60 seconds for each iteration of a benchmark. Short benchmark iterations can be useful for initial testing with multiple variables, for instance to measure RPS across different datasets and request payloads.
+
+To accurately reflect production environments, it is recommended to increase the benchmark durations to several hours once the variables have been narrowed down. These benchmarks should run parallel to a data update pipeline that mimics a production environment in terms of payload, data update size, and frequency.
+
+
+## Tutorial
+
+This is a step-by-step example of how to use the tool with some parameters. The example goes through generating sample data that is loaded into the server at startup, setting input parameters for the script, and looking at the output.
+
+This example assumes that the dataset and the UDFs are fixed. The request payload may contain anywhere from 10 to 100 keys. Since the dataset is small, sharding will not be considered.
+
+It is mostly interested in which instance size to choose.
+
+
+### Completing prerequisites
+
+Follow the [requirements](https://github.com/privacysandbox/protected-auction-key-value-service/blob/main/tools/benchmarking/README.md#requirements) for running the tool. Start from the workspace root.
+
+
+#### Generating data and uploading data to be loaded into KV server
+
+Data that is loaded into the K/V server needs to be generated separately. More info in [data loading guides](https://github.com/privacysandbox/protected-auction-key-value-service/tree/main/docs/data_loading).
+
+Some initial data should be loaded into the data storage bucket before the server is deployed to make sure the lookup calls are not retrieving nonexistent data.
+
+Generate a delta file and upload it to the cloud storage bucket the server will be pulling data from.
+
+
+```
+builders/tools/bazel-debian build tools/benchmarking/example/kv_data:generate_100_delta
+
+KV_DELTA=bazel-bin/tools/benchmarking/example/kv_data/DELTA_1000000000000004
+
+// If uploading to AWS.
+// AWS_S3_BUCKET should match the terraform's s3_delta_file_bucket_name
+// Ex: AWS_S3_BUCKET=s3://my-delta-file-bucket
+aws s3 cp $KV_DELTA $AWS_S3_BUCKET
+
+// If uploading to GCP
+// GCLOUD_STORAGE_BUCKET should match the terraform's data_bucket_id
+// Ex: GCLOUD_STORAGE_BUCKET=gs://my-delta-file-bucket
+gcloud storage cp $KV_DELTA $GCLOUD_STORAGE_BUCKET
+```
+
+
+When the server starts, it will load the data from the storage bucket. This initial data loading process will not affect the server’s RPS, since it should be completed before the server is ready to serve requests.
+
+This tutorial will not cover continuous data loading while the server is up. However, data loading does affect RPS. For a more comprehensive benchmarking test, it is recommended to update/load data as the server is running. The frequency and duration of data loading should be shorter than each benchmark iteration. For instance, if the benchmark duration is 1 hour, data loading intervals could be 20 minutes.
+
+
+#### Generating data for requests
+
+As part of the benchmark, the tool sends requests to the server. The requests are generated using keys from snapshot files or delta files with key value mutations of type `Update`. The tool will iterate through each delta/snapshot file in a given directory, generate one request for each, and perform benchmark iteration for each request.
+
+The previously generated delta files from this tutorial include only `Update` key value mutations and can be used for request generation.
+
+
+```
+mkdir example_kv_delta
+SNAPSHOT_DIR=example_kv_delta
+cp $KV_DELTA $SNAPSHOT_DIR
+```
+
+
+
+#### Writing and generating UDFs
+
+Custom UDFs should be generated and uploaded in advance. See the [guide for generating UDFs](https://github.com/privacysandbox/protected-auction-key-value-service/blob/main/docs/generating_udf_files.md).
+
+The provided [example UDF](https://github.com/privacysandbox/protected-auction-key-value-service/blob/main/tools/benchmarking/example/udf_code/benchmark_udf.js) is a passthrough JavaScript UDF that calls the lookup function on the input data.
+
+
+```
+builders/tools/bazel-debian run //tools/benchmarking/example/udf_code:benchmark_udf_js_delta
+
+UDF_DELTA=dist/deltas/DELTA_2000000000000001
+
+// If uploading to AWS
+aws s3 cp $UDF_DELTA $AWS_S3_BUCKET
+
+// If uploading to GCP
+gcloud storage cp $UDF_DELTA $GCLOUD_STORAGE_BUCKET
+```
+
+
+This is an optional step. If no custom UDF is uploaded, the server will use the [default UDF](https://github.com/privacysandbox/protected-auction-key-value-service/blob/main/public/udf/constants.h).
+
+
+### Running the tool
+
+Once the data is generated and uploaded, the input parameters for the tool can be defined.
+
+Deployment related arguments are as follows:
+
+
+```
+# Set the cloud provider
+CLOUD_PROVIDER="aws"
+CLOUD_PROVIDER="gcp"
+
+# Set the terraform files the tools will use to deploy the server
+TF_VAR_FILE=/path/to/my.tfvars.json
+TF_BACKEND_CONFIG=/path/to/my.backend.conf
+
+# Set the URL of the server for the environment that will be deployed
+# The URL will be shown as the output of the `terraform apply` command
+SERVER_URL="https://demo.my-example.com"
+
+# Mininum amount of seconds to wait after terraform apply before checking
+# server health. Sometimes terraform apply finishes, but an existing (old)
+# server may still be online for a bit.
+MINIMUM_SERVER_WAIT_SECS=300
+```
+
+
+You will need to iterate through different instance sizes, so create a file with terraform variables that should be overridden. Each line in the file is considered one set of terraform variable overrides and will be used for one deployment.
+
+For instance, for AWS, we may want to iterate through these instance types:
+
+
+```
+instance_type=c5.4xlarge,enclave_cpu_count=12,enclave_memory_mib=24576,num_shards=1,udf_num_workers=12,instance_ami_id=ami-0c3ea8d5ff3ef70d2
+instance_type=c5.12xlarge,enclave_cpu_count=36,enclave_memory_mib=73728,num_shards=1,udf_num_workers=36,instance_ami_id=ami-0c3ea8d5ff3ef70d2
+instance_type=m5.4xlarge,enclave_cpu_count=12,enclave_memory_mib=49152,num_shards=1,udf_num_workers=12,instance_ami_id=ami-0c3ea8d5ff3ef70d2
+instance_type=m5.12xlarge,enclave_cpu_count=36,enclave_memory_mib=147456,num_shards=1,udf_num_workers=36,instance_ami_id=ami-0c3ea8d5ff3ef70d2
+```
+
+
+On GCP, the file may look like this:
+
+
+```
+machine_type=n2d-standard-4,num_shards=1,udf_num_workers=4
+machine_type=n2d-standard-8,num_shards=1,udf_num_workers=8
+machine_type=n2d-standard-32,num_shards=1,udf_num_workers=32
+
+machine_type=c2d-standard-4,num_shards=1,udf_num_workers=4
+machine_type=n2d-standard-8,num_shards=1,udf_num_workers=8
+machine_type=n2d-standard-32,num_shards=1,udf_num_workers=32
+```
+
+
+Save the file:
+
+
+```
+TF_OVERRIDES=${PWD}/path/to/tf_overrides.txt
+```
+
+
+Set the number of keys to choose to include in each benchmark iteration’s request. In this case, the tool will create two requests for the given snapshot file (in `$SNAPSHOT_DIR`)" one request with 10 keys, one request with 100.
+
+
+```
+NUMBER_OF_LOOKUP_KEYS_LIST="10 100"
+```
+
+
+Finally, choose where the summary CSV should be written:
+
+
+```
+OUTPUT=${PWD}/example_benchmarking_results.csv
+```
+
+
+Run the tool:
+
+
+```
+./tools/benchmarking/deploy_and_benchmark \
+--cloud-provider ${CLOUD_PROVIDER} \
+--server-url ${SERVER_URL} \
+--tf-var-file ${TF_VAR_FILE} \
+--tf-backend-config ${TF_BACKEND_CONFIG} \
+--snapshot-dir ${SNAPSHOT_DIR} \
+--tf-overrides ${TF_OVERRIDES} \
+--ghz-tags "${GHZ_TAGS}" \
+--minimum-server-wait-secs "${MINIMUM_SERVER_WAIT_SECS}" \
+--csv-output ${OUTPUT}
+
+```
+
+
+
+### Example output
+
+The output is a CSV file with one row per benchmark iteration. It includes the terraform variables that were overridden for the iteration, the files that were used to generate keys for the benchmark iteration’s request, and other metadata. The **rps** column contains the number of requests per second and can be used to determine which instance size to choose.
+
+
+ | Characteristics + | +Description + | +Note + | +
| Language supported + | +Javascript, WASM + | +WASM support is limited to “inline WASM” initially, where the WASM code must be invoked by a piece of javascript driver code, i.e., the UDF entrypoint must still be in javascript. + | +
| Number of UDF implementations + | +One fixed code snippet can be loaded at a time. To override a code snippet, upload a UDF configuration. + | ++ | +
| Engine + | +Chrome V8 + | ++ | +
| Timeout + | +1 second + | +Currently not configurable, but will be in future iterations. + | +
| Visibility + | +Private + | +Code is only known to the service operator. The code is not part of the attestation process in the trust model that requires open sourcing. Privacy constraints of the code execution are upheld by the runtime environment. + | +
[TELEMETRY_CONFIG](https://github.com/privacysandbox/bidding-auction-servers/blob/b2cfda5f00bcfa5afe92ef178a367797d0707e80/production/deploy/gcp/terraform/environment/demo/seller/seller.tf#L87) is a flag in terraform configuration, used for all metric configuration. The content is expected to be a TextProto conforming to [TelemetryConfig](https://github.com/privacysandbox/bidding-auction-servers/blob/release-1.2/services/common/telemetry/config.proto).
+
+
+### Configuring the metric collection mode
+
+Metrics can be collected in different modes, based on the kind of [build](https://github.com/privacysandbox/bidding-auction-servers/blob/release-1.2/BUILD#L110) that is running. The build could either be `prod` or `non_prod`. The metrics collected for a `prod` build essentially default to the `PROD` metric collected behavior, i.e sensitive metrics will have noise added before exiting the TEE.
+
+For a `non_prod` build, the `mode` parameter defines how you want to collect the metrics. The following table defines this behavior in detail.
+
+| Mode | Build | Behavior |
+|:-----------------------:|:-------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------------------------------------:|
+| OFF | non_prod and prod | No metrics are collected |
+| PROD | non_prod and prod | Sensitive metrics are noised |
+| EXPERIMENT | Only works on non_prod builds. Behavior is the same as PROD on a prod build. | Sensitive metrics are not noised |
+| COMPARE | Only works on non_prod builds. Behavior is the same as PROD on a prod build. | Sensitive metrics are duplicated, with one set being noised, and the other being non-noised. Both are released for comparison purposes. |
+
+
+#### Examples
+
+With the following config, privacy sensitive metrics will have noise added.
+
+
+```
+mode: PROD
+```
+
+
+With the following config, no noise will be added to any metrics on `non_prod` builds. On `prod` build, the mode will behave like `PROD` mode, and privacy sensitive metrics will have noise added.
+
+
+```
+mode: EXPERIMENT
+```
+
+
+See [TelemetryConfig proto definition](https://github.com/privacysandbox/bidding-auction-servers/blob/release-1.2/services/common/telemetry/config.proto) for details.
+
+
+### configuring-collected-metrics
+
+To configure the set of metrics to monitor, use the [TelemetryConfig::metric](https://github.com/privacysandbox/bidding-auction-servers/blob/release-1.2/services/common/telemetry/config.proto#L44) field.
+
+
+#### Example
+
+
+```
+mode: PROD
+metric { name: "m_0" }
+metric { name: "m_1" }
+```
+
+
+In the above example, only metrics names `m_0` and `m_1` will be exported.
+
+The configured metrics can include metrics where noise will be added, or non-sensitive metrics where noise will not be added. The privacy budget will be split evenly across only the metrics where noise will be added.
+
+If the configured metrics are empty, i.e. no metrics are configured, then all metrics, including all privacy sensitive and non-sensitive metrics are collected.
+
+
+### configuring-export-interval
+
+Export intervals for metrics with and without noise can be configured separately. The metrics without noise are aggregated purely for performance reasons, whereas the ones with noise can achieve a better signal to noise ratio with aggregation. Thus, we have separate configurations for each.
+
+`metric_export_interval_ms` configures the export interval of non-noised metrics. The default value is 60,000ms (1 min).
+
+`dp_export_interval_ms` configures the export interval of noised metric. The default value is 300,000ms (5 min).
+
+> **Note:** After adjusting "export_interval_ms", dashboard granularity (interval) should be adjusted >= this to avoid showing saw teeth pattern.
+
+#### Example
+
+
+```
+mode: PROD
+metric_export_interval_ms: 100000
+dp_export_interval_ms: 100000
+```
+
+
+For further information, see the [opentelemetry.io page](https://opentelemetry.io/docs/specs/otel/metrics/data-model/#metric-points).
+
+
+### noise-related-configuration
+
+We expose several knobs to tune the noise configurations so an ad tech can most optimally use the overall privacy budget. Below are the noising parameters that ad tech can configure for each Privacy Impacting metric.
+
+
+#### max_partitions_contributed
+
+Default value: 1
+
+The maximum number of partitions to be reported per request, higher value results in more noise added.
+
+Example:
+
+This metric has buyer as partition, by configuring `max_partitions_contributed` to 2, the metric will record at most 2 buyer's data for each sfe request.
+```
+metric { name: \"sfe.initiated_request.to_bfe.count\" max_partitions_contributed: 2 }
+```
+
+[code link](https://github.com/privacysandbox/data-plane-shared-libraries/blob/main/src/telemetry/flag/config.proto#L63)
+
+#### lower_bound, upper_bound
+
+Value is set based on ad tech’s observation on the metric, which range should cover most raw data, larger range results in more noise added.
+
+Example:
+
+
+```
+metric { name: \"m_0\" lower_bound: 1 upper_bound: 2 }
+```
+
+[code link](https://github.com/privacysandbox/data-plane-shared-libraries/blob/main/src/telemetry/flag/config.proto#L66)
+
+#### privacy_budget_weight
+
+Default value: 1
+
+All Privacy Impacting metrics split total privacy budget based on their weight.
+
+i.e.
+`privacy_budget = total_budget * privacy_budget_weight / total_weight`
+
+Example:
+
+
+```
+metric { name: \"m_0\" privacy_budget_weight: 2 }
+```
+
+[code link](https://github.com/privacysandbox/data-plane-shared-libraries/blob/main/src/telemetry/flag/config.proto#L72)
+
+#### drop_noisy_values_probability
+
+Default value: 0.0
+
+The probability that noised metric value will be turned to 0. Setting this to a higher value ensures that the more noise will be turned to 0, but also means that more actual data may also be turned to 0. Setting this to 1 means all values will be turned to 0 (eliminating all noise, but also eliminating all actual data). This value should be set within an open range of (0.0,1.0).
+
+Example:
+
+
+```
+metric { name: \"m_0\" drop_noisy_values_probability: 0.99 }
+```
+
+
+The rationale behind the approach is that the added noise has a high probability of having a small value and a low probability of having a large value, while real data with large value should be always exported. In this example, the drop_noisy_values_probability parameter 0.99 will remove any data with value no larger than 99% of noise, which could include both noise and actual data.
+
+[code link](https://github.com/privacysandbox/data-plane-shared-libraries/blob/main/src/telemetry/flag/config.proto#L75)
+
+## Understanding metric noise
+
+
+### Privacy non-sensitive metrics
+
+Metrics such as request count (UpDownCounter), request duration(Histogram), CPU usage(Gauge) which are non-sensitive are always exported without noise. Metrics that do not have noise added are exported with the suffix Raw, as highlighted in the figure below.
+
+
+
+**Figure 8.** raw metric
+
+
+### Privacy sensitive metrics
+
+
+#### Noise
+
+As described earlier, a total privacy budget is split evenly among the privacy sensitive metrics. These metrics define a lower and upper bound of their value. The measured value is first clamped within these bounds. Laplace noise is then applied based on the bounds and available privacy budget.
+
+The privacy budget split weight and the bounds for metrics will be configurable in a future release.
+
+
+#### Example In Prod
+
+In `prod` server, noise will be added to Privacy sensitive metrics and exported every `dp_export_interval_ms` (see [Export interval](#configuring-export-interval)). The metrics with noise added have the suffix “Noised” added, as shown in the figure below.
+
+
+
+**Figure 9**. noised metric
+
+
+#### Compare mode (only works in non_prod builds)
+
+To understand the impact of noise, servers running a `non_prod` build can be deployed with `TELEMETRY_CONFIG`:
+
+
+```
+mode: COMPARE
+```
+
+
+This will output metrics with and without noise as shown in the figure below. This enables their comparison side by side.
+
+
+
+
+**Figure 10.** compare noised and raw metric
+
+
+## Improving signal-to-noise ratio
+
+There are tunable parameters and techniques that can be used to increase the signal to noise ratio when exporting metrics with noise.
+
+
+### Higher QPS
+
+A higher level of queries-per-second (QPS) enables more events to be aggregated per unit time. Since the noise added depends only on the metric bounds and privacy budget, it is independent of how many events are aggregated into the same batch. Increasing the number of events per batch will thus increase the signal to noise ratio and provide a more accurate measurement.
+
+
+### Adjust export intervals
+
+Similar to a higher QPS, a larger `dp_export_interval_ms` will cause more events in each export batch, thus increasing the signal to noise ratio. This improved accuracy comes at the cost of having less frequent updates.
+
+[configuring-export-interval](#configuring-export-interval)
+
+
+### Monitoring Subsets of Metrics
+
+The privacy budget is shared among all privacy-sensitive metrics. Thus, monitoring fewer sensitive metrics means each of them gets a larger portion of the total privacy budget. This results in lesser noise and more accurate measurements.
+
+[configuring-collected-metrics](#configuring-collected-metrics)
+
+
+### Configure noise parameters
+
+The noise parameters give a lot of flexibility to fine-tune noising to the specific ad tech requirement. Ad tech can collect data about their actual monitoring ranges and use these parameters to optimize the noise.
+
+[noise-related-configuration](#noise-related-configuration)
diff --git a/production_operation.md b/production_operation.md
new file mode 100644
index 0000000..b74735e
--- /dev/null
+++ b/production_operation.md
@@ -0,0 +1,71 @@
+# Production operation
+
+In this explainer, we’ll review the features available in the Protected Audience services and define the key components for production readiness, so that these services are operable at the desired reliability rate.
+
+Our goal is to build a set of mitigations and plans so that when outages happen, they can be gracefully and quickly addressed, rather than trying to prevent outages or build “perfect” servers outright.
+
+
+## Design principles
+
+These pillars are presented in alphabetical order, rather than order of importance.
+
+
+### Change management
+
+_We’ll offer management tools to address service outages, which typically occur when there’s a system change._
+
+
+
+* Permissions and roles: to control who can make changes and when.
+* Server release process: this covers how a new release candidate is created and how the candidate is tested to certify that it’s ready and has no regressions. Also, the ability to run "canary" jobs to test out a new release at a small scale before it goes to full production and understand how rollbacks will work.
+* Lifecycle management: releases will not be supported forever, and so we need to work out what commitments there will be and how old releases will be deprecated. This includes the handling of breaking versus non-breaking changes.
+
+
+### Developer experience
+
+_We’ll create a positive experience for developers by responding to open issues and offering a well-built service with the ability to contribute code._
+
+
+
+* Repository structure: the open source repositories for the servers should be consistent and integrated with tooling. For example, for code indexing and search, continuous integration, continuous build, etc.
+* Community contribution policies: these should be consistent between servers, especially where they share shared repositories for common components.
+* Debugging tools: these are especially tricky to build for Protected Audience services because of the deliberate limitations of what the servers expose about their running state. We plan to publish separate explainers (e.g. [Debugging protected audience API services][1]) on this topic.
+
+
+### Incident management
+
+_We’ll offer playbooks for service operators and define emergency procedures_
+
+
+
+* Support structures: when there is an outage, how can server operators report it for triage and remediation?
+* Playbooks: for server operators there should be a well defined set of common alerts and how/when to mitigate them.
+* Pre-planned mitigations: a set of responses that are expected to be useful. For example, to roll back to a previous server version or to restore corrupt data.
+
+
+### Reliability
+
+_We’ll create a system that meets reliability requirements._
+
+
+
+* Reliability ranges: the server operators are responsible for deciding the reliability targets that they’re aiming for, e.g. uptime. The servers should be able to meet a range of different reliabilities; this is important because often extremely high reliability comes with significant costs.
+* Monitoring and alerting: the ability to detect when servers fail, or stray from reliability targets, is necessary. Without this server operators can’t tell if the servers are performing correctly. See [Monitoring protected audience API services][2] for details.
+* Risk management: past outages will be tracked and documented together with changes that come out of them. This both to track system health over time and to make sure that known bugs are corrected.
+* Graceful degradation: when servers are overwhelmed they should be able to shed traffic in a predictable way (while also alerting operators that they’re in this state, as above).
+* Scale testing: it’s useful to know where the limits of the servers are. For example, how much traffic can one single instance handle before it’s overwhelmed?
+
+
+### Resources
+
+_We’ll provide information as to what resources the server will use and how best to set it up to use them efficiently._
+
+
+
+* Sensible default deployment configurations: to make sure that common mistakes are avoided.
+* Ongoing benchmarking: to prevent performance regressions.
+* Cost prediction: to estimate the Cloud costs required to run certain workloads.
+
+
+[1]: https://github.com/privacysandbox/fledge-docs/blob/main/debugging_protected_audience_api_services.md
+[2]: https://github.com/privacysandbox/fledge-docs/blob/main/monitoring_protected_audience_api_services.md
diff --git a/protected_app_signals_cost.md b/protected_app_signals_cost.md
new file mode 100644
index 0000000..79a02d4
--- /dev/null
+++ b/protected_app_signals_cost.md
@@ -0,0 +1,168 @@
+PAS Cost Estimate Explainer
+
+**Authors:**
+| Auction type + | +Auction strategy + | +Platforms + | +Is mixed mode recommended? + | +
| Single-seller auctions + | ++ | +Web browser on desktop and Android + | +Yes + | +
| + | +Android app + | +No
+ +Reason: higher latency for auctions on Android apps + |
+ |
| Multi-seller auctions + | +Device-orchestrated component auctions + | +Web browser on desktop and Android + | ++ | +
| Server-orchestrated component auctions + | +Android app
+ +Web browser on desktop and Android + |
+ No
+ +Reason: On-device auctions are not feasible + |
+ |
| Waterfall and hybrid mediation + | +Android app + | +No + | +
| Bidding & Auction version + | +Key Value version + | +
| not supported prior to 4.0 + | +not supported prior to 0.17.1 + | +
| [4.0-4.1] + | +0.17.1 + | +
| >=4.2 + | +>=1.0 + | +