Skip to content

Latest commit

 

History

History
105 lines (53 loc) · 5.28 KB

README.md

File metadata and controls

105 lines (53 loc) · 5.28 KB

(C) 2018 University of Bristol. See License.txt.

The ExternalIO directory contains examples of managing I/O between external client processes and SPDZ parties running SPDZ engines. These instructions assume that SPDZ has been built as per the project readme.

I/O MPC Instructions

Connection Setup

listen(int port_num)

Setup a socket server to listen for client connections. Runs in own thread so once created clients will be able to connect in the background.

port_num - the port number to listen on.

acceptclientconnection(regint client_socket_id, int port_num)

Picks the first available client socket connection. Blocks if none available.

client_socket_id - an identifier used to refer to the client socket.

port_num - the port number identifies the socket server to accept connections on.

Data Exchange

Only the sint methods are documented here, equivalent methods are available for the other data types cfix, cint and regint. See implementation details in types.py.

[sint inputs] sint.read_from_socket(regint client_socket_id, int number_of_inputs)

Read a share of an input from a client, blocking on the client send.

client_socket_id - an identifier used to refer to the client socket.

number_of_inputs - the number of inputs expected

[inputs] - returned list of shares of private input.

sint.write_to_socket(regint client_socket_id, [sint values], int message_type)

Write shares of values including macs to an external client.

client_socket_id - an identifier used to refer to the client socket.

[values] - list of shares of values to send to client.

message_type - optional integer which will be sent in first 4 bytes of message, to indicate message type to client.

See also sint.write_shares_to_socket where macs can be explicitly included or excluded from the message.

[sint inputs] sint.receive_from_client(int number_of_inputs, regint client_socket_id, int message_type)

Receive shares of private inputs from a client, blocking on client send. This is an abstraction which first sends shares of random values to the client and then receives masked input from the client, using the input protocol introduced in Confidential Benchmarking based on Multiparty Computation. Damgard et al.

number_of_inputs - the number of inputs expected

client_socket_id - an identifier used to refer to the client socket.

message_type - optional integer which will be sent in first 4 bytes of message, to indicate message type to client.

[inputs] - returned list of shares of private input.

Securing communications

Two cryptographic protocols have been implemented for use in particular applications and are included here for completeness:

  1. Communication security using a Station to Station key agreement and libsodium Secret Box using a nonce counter for message ordering.
  2. Authenticated Diffie-Hellman without message ordering.

Please note these are NOT required to allow external client I/O. Your mileage may vary, for example in a web setting TLS may be sufficient to secure communications between processes.

client-setup.cpp is a utility which is run to generate the key material for both the external clients and SPDZ parties for both protocols.

MPC instructions

regint.init_secure_socket(regint client_socket_id, [regint] public_signing_key)

STS protocol initiator. Read a client public key for a specified client connection and negotiate a shared key via STS. All subsequent write_socket / read_socket instructions are encrypted / decrypted for replay resistant commsec.

client_socket_id - an identifier used to refer to the client socket.

public_signing_key - client public key supplied as list of 8 32-bit ints.

regint.resp_secure_socket(regint client_socket_id, [regint] public_signing_key)

STS protocol responder. Read a client public key for a specified client connection and negotiate a shared key via STS. All subsequent write_socket / read_socket instructions are encrypted / decrypted for replay resistant commsec.

client_socket_id - an identifier used to refer to the client socket.

public_signing_key - client public key supplied as list of 8 32-bit ints.

[regint public_key] regint.read_client_public_key(regint client_socket_id)

Instruction to read the client public key and run setup for the authenticated Diffie-Hellman encryption. All subsequent write_socket instructions are encrypted. Only the sint.read_from_socket instruction is encrypted.

client_socket_id - an identifier used to refer to the client socket.

public_key - client public key made available to mpc programs as list of 8 32-bit ints.

Working Examples

See bankers-bonus-client.cpp which acts as a client to bankers_bonus.mpc and demonstrates sending input and receiving output with no communications security.

See bankers-bonus-commsec-client.cpp which acts as a client to bankers_bonus_commsec.mpc which runs the same algorithm but includes both the available crypto protocols.

More instructions on how to run these are provided in the *-client files.