requires https://github.com/carbynestack/ephemeral/pull/14

Updates to MP-SPDZ v0.2.8

corresponding cli part https://github.com/carbynestack/cli/pull/19

This is a test for fetching tuples from Castor (see #6) It kind of requires the Latest Version of Castor (the changes in Reservation handling carbynestack/castor#29) -> Otherwise it would at times have errors with relaying the reservation to the castor slave -> With the current Castor Master, the error was gone ^^

This PR is not ready for production in any way but is rather intended as a first step for further work ^^
--> Deliberatly not signed-off

• It contains quite a lot of TODO comments
• It also hardcodes some values

How this works:

• Before starting the MP-SPDZ execution, it will create Named Pipes/FIFOs
  (using the unix package, so on windows this would not work, though I don't think that's a show-stopper)
• Will start 1 Gothread per TupleType and MP-SPDZ VM Thread (currently only tested with 1 thread!)
  • Each thread will write to 1 pipe
  • Starting with the MP-SPDZ Header
  • Then fetching X tuples at a time from castor and writing them
  • Until the context is closed

Does NOT really do any proper error handling or logging (latter is just printlns instead of the logger)

Open questions:

1. Should the Prime/Mac value files be written to by ephemeral, or should they remain part of the base-image?
2. Where do we get information about how many threads are needed for the computation?
3. Which Tuple types are currently supported by CarbyneStack? Castor knows about GFP and GF2N tuples.

Example with Millionaires Problem: Logs from apollo for this single computation can be found here (not inlined since they are quite big ^^) https://gist.github.com/kindlich/82ee7b34207a0efb025fb51b4d29e4e9

Before

java -jar cache/cli/cs.jar --config-file cache/cli/config.json castor get-telemetry 1
Initializing ExecutorService
bit_gfp
        available:      99640
        consumption/s:  0

inputmask_gfp
        available:      299999
        consumption/s:  0

inversetuple_gfp
        available:      99540
        consumption/s:  0

multiplicationtriple_gfp
        available:      99360
        consumption/s:  0

interval: 60000

Run like normal (in my case with a helper-script)

./scripts/execute-ephemeral.sh ../carbyne/mpc-evaluation/mp-spdz/Programs/Source/cb-billionaires.mpc -i $SECRET_A -i $SECRET_A 
d76d967c-da5d-4090-bd03-cb5fa560cf97

After

Initializing ExecutorService
bit_gfp
        available:      99280
        consumption/s:  0

inputmask_gfp
        available:      299999
        consumption/s:  0

inversetuple_gfp
        available:      99540
        consumption/s:  0

multiplicationtriple_gfp
        available:      99210
        consumption/s:  0

interval: 60000

this change is using the existing /secret-shares-endpoint in amphora

requires:

• https://github.com/carbynestack/ephemeral/pull/14
• https://github.com/carbynestack/ephemeral/pull/15

corresponding cli update https://github.com/carbynestack/cli/pull/18

The ephemeral client uses Java Parallel Streams (JPS) to interact with the virtual cloud providers (VCPs). By default JPS allocates n threads on a n core machine. As the HTTP calls are blocking, this results in a timeout on a system with less cores than the number of VCPs as the distributed execution in the backend will only kick-off after all VCPs have received an invocation request.

To use more than 2 players, it's required to create new crypto-material with given number of players e.g. for 3 players. This also means that the base-image of ephemeral needs to be rebuild including the new crypto-material!

The helm chart is using 2 players as a default, so the current deployment stays with 2 players.

requires https://github.com/carbynestack/ephemeral/pull/19

To perform secure computations, Ephemeral has to fetch tuples from Castor, which are then consumed throughout the execution of the MPC program. However, Ephemeral is currently deployed with pre-generated tuples as streaming tuples from Castor to Ephemeral is not yet available. To increase security throughout the computation:

• Ephemeral must use the Castor API to fetch tuples and stream them into the MPC program execution
• Pre-generated tuples should be removed from the Ephemeral Docker Image

• remove vendor directory
• introduce go.mod / go.sum

Co-authored-by: Petra Scherer [email protected] Co-authored-by: Timo Klenk [email protected] Signed-off-by: Johannes Graf [email protected]

In #15, the MP-SPDZ Version is changed to v0.2.8 which introduces TLS-secured communication between MP-SPDZ Clients (=ephemeral) and the MP-SPDZ Process.

The way the PR adds this is really rudimentary and insecure (e.g. the option InsecureSkipVerify is set to bypass certificate validation).

	tlsConfig := &tls.Config{
		Certificates:       []tls.Certificate{cert},
		InsecureSkipVerify: true,
	}

We will need to think about some points regarding the TLS connection:

• Who will create certificates (and re-created them when expired)?
  Types of connections
  • Ephemeral <-> MP-SPDZ Process (for transmitting secret shares/results)
  • Cross-Cloud MP-SPDZ instances (for computation)
• Will we continue using self-signed certificates or have a way to provide certifactes signed by CAs?
• Can we provide certificate using e.g. K8s Secrets instead of baking them into the base-image (do some parts of our infrastructure like Istio/Knative already provide some functionality for this here?)

Required since Helm 3.7.0 broke former version 0.2.0. This was resolved with appany/helm-oci-chart-releaser#4

Signed-off-by: Sebastian Becker [email protected]

The apiextensions.k8s.io/v1beta1 API version of CustomResourceDefinition is no longer served as of v1.22.

Migrate manifests and API clients to use the apiextensions.k8s.io/v1 API version, available since v1.16.

Signed-off-by: Veselin Vlasakiev [email protected]

When Player 0 connects as client to the MP-SPDZ process, it will receive the Prime number from MP-SPDZ.

If Ephemeral knew the expected prime we could check for configuration mismatches (e.g. if the wrong base-image was used)

See comments from this PR: https://github.com/carbynestack/ephemeral/pull/15#discussion_r844660968

The issue is about the test "[When] a single player sends 2 messages in a row, [It] doesn't create the second network" -> In there the test for originally 2 players sent 2 "Player 1 Ready" messages and expected a "PlayerReady" response.

In #14 this is/was extended to send N times a "Player 1 Ready" message when N players are used. In any case, we were not sure about whether this test is flawed or not, hence this issue.

Let's have another look at that test and fix it if necessary. -> Should N times Player1 Ready lead to "[All] PlayersReady"? -> We only want to test that sending multiple messages does not create a second network, is there another way than waiting for a playersReady event here?

Those questions also came up in the PR, see links below: https://github.com/carbynestack/ephemeral/pull/14#discussion_r840373453 https://github.com/carbynestack/ephemeral/pull/14#discussion_r839315519

It looks like, Ephemeral currently supports only a single output object for MPC programs.

https://github.com/carbynestack/ephemeral/blob/70795c1e688fdffef3761431c341f1302f0105b0/pkg/ephemeral/io/feeder.go#L140-L160

That seems limiting in many scenarios.