From 6a210e812772457d9c9113052c793d9399e9994e Mon Sep 17 00:00:00 2001
From: Alex Turner <alexmt@chromium.org>
Date: Wed, 13 Sep 2023 20:20:05 +0000
Subject: [PATCH] Spec: pad the payload with null contributions

Ensures that the payload always has a fixed number of contributions by
adding (0,0) contributions.

See #56 for more discussion.
---
 spec.bs | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/spec.bs b/spec.bs
index 71df7fc..53d8740 100644
--- a/spec.bs
+++ b/spec.bs
@@ -796,16 +796,21 @@ To <dfn>obtain the plaintext payload</dfn> given an [=aggregatable report=]
     |report|, perform the following steps. They return a [=byte sequence=].
 1. Let |payloadData| be a new [=list=].
 1. Let |contributions| be |report|'s [=aggregatable report/contributions=].
-1. If |contributions| [=list/is empty=]:
+1. [=Assert=]: |contributions|' [=list/size=] is not greater than [=maximum
+    report contributions=].
+1. [=iteration/While=] |contributions|' [=list/size=] is less than [=maximum
+    report contributions=]:
     1. Let |nullContribution| be a new {{PAHistogramContribution}} with the
         items:
         : {{PAHistogramContribution/bucket}}
         :: 0
         : {{PAHistogramContribution/value}}
         :: 0
-    1. Set |contributions| to « |nullContribution| ».
+    1. [=list/Append=] |nullContribution| to |contributions|.
 
-    Issue(56): Replace with more generic padding.
+    Note: This padding protects against the number of contributions being leaked
+        through the encrypted payload size, see discussion
+        [below](#protecting-against-leaks-via-payload-size).
 1. [=list/iterate|For each=] |contribution| of |report|'s [=aggregatable report/
     contributions=]:
     1. Let |contributionData| be an [=ordered map=] of the following key/value
@@ -1746,10 +1751,7 @@ count.
 
 The length of the payload could additionally expose some cross-site information,
 namely how many contributions are included. To protect against this, the payload
-will be padded in the future.
-
-Issue(56): Pad the payload to avoid this risk.
-
+is padded to a fixed number of contributions.
 ### Temporary debugging mechanism ### {#temporary-debugging-mechanism}
 
 The <code>{{PrivateAggregation/enableDebugMode()}}</code> method allows for many