Skip to content

Carbyne Stack serverless compute service for secure multiparty computation

License

Notifications You must be signed in to change notification settings

carbynestack/ephemeral

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Carbyne Stack Ephemeral Service

codecov Codacy Badge Known Vulnerabilities Conventional Commits pre-commit Contributor Covenant

Ephemeral is a serverless compute service for secure multiparty computation based on Knative, Istio and Kubernetes.

DISCLAIMER: Carbyne Stack Ephemeral is alpha software. The software is not ready for production use. It has neither been developed nor tested for a specific use case. The underlying Secure Multiparty Computation protocols are currently used in a way that is not secure.

Ephemeral is composed of these components:

  • Ephemeral - The Knative user container that enables execution of MPC functions within a Carbyne Stack virtual cloud. Supports MP-SPDZ as the underlying MPC engine (see also Carbyne Stack Ephemeral SPDZ Base Image).

  • Discovery Service - Coordinates the execution of functions across Carbyne Stack virtual cloud providers.

  • Network Controller - Enables communication between MPC engines by configuring Istio to route incoming traffic from remote MPC engines to the Ephemeral Knative pods.

  • Client - A Java client that can be used to invoke Ephemeral functions.

  • Helm Chart - A Helm chart to deploy Ephemeral on a Kubernetes cluster.

Namesake

Ephemeral (plural ephemerals): Something which lasts for a short period of time.

As of Wikipedia:

Ephemerality (from Greek ephemeros, literally "lasting only one day") is the concept of things being transitory, existing only briefly. Typically, the term ephemeral is used to describe objects found in nature, although it can describe a wide range of things, including human artifacts intentionally made to last for only a temporary period, in order to increase their perceived aesthetic value.

Authoring Ephemeral Functions

Ephemeral uses the MP-SPDZ library as the underlying MPC engine. That means you write Ephemeral functions using the Python dialect used by MP-SPDZ.

I/O

I/O is implemented in Ephemeral using socket functionality provided by MP-SPDZ. A function for adding two secret shared values from and writing the result back to Amphora looks like this:

# Open socket for I/O
listen(10000)
client_socket_id = regint()
acceptclientconnection(client_socket_id, 10000)

# Read all input data at once
v = sint.read_from_socket(client_socket_id, 2)
a = v[0]
b = v[1]

# Compute result
sum = a + b

# Pack result into array and write to socket
resp = Array(1, sint)
resp[0] = sum
sint.write_to_socket(client_socket_id, resp)

Known issues

Old Knative revisions must be deleted manually

Patching of Kubernetes Pods managed by Knative causes dangling old revisions when a new revision is created. While the new revision is activated and traffic is forwarded correctly, the old pods belonging to the previous revision are lying around and must be manually deleted. The following commands must be used:

kubectl get revisions
# Pick up the older revision that must deleted, e.g. <REVISION_NAME>
# And delete it manually.
kubectl delete revision <REVISION_NAME>

License

Carbyne Stack Ephemeral is open-sourced under the Apache License 2.0. See the LICENSE file for details.

3rd Party Licenses

For information on how license obligations for 3rd party OSS dependencies are fulfilled see the README file of the Carbyne Stack repository.

Contributing

Please see the Carbyne Stack Contributor's Guide.

About

Carbyne Stack serverless compute service for secure multiparty computation

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

 
 
 

Languages