ephemeral

module
v0.0.0-...-67689c8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2024 License: Apache-2.0

README

Carbyne Stack Ephemeral Service

codecov Codacy Badge Known Vulnerabilities Conventional Commits pre-commit Contributor Covenant

Ephemeral is a serverless compute service for secure multiparty computation based on Knative, Istio and Kubernetes.

DISCLAIMER: Carbyne Stack Ephemeral is alpha software. The software is not ready for production use. It has neither been developed nor tested for a specific use case. The underlying Secure Multiparty Computation protocols are currently used in a way that is not secure.

Ephemeral is composed of these components:

  • Ephemeral - The Knative user container that enables execution of MPC functions within a Carbyne Stack virtual cloud. Supports MP-SPDZ as the underlying MPC engine (see also Carbyne Stack Ephemeral SPDZ Base Image).

  • Discovery Service - Coordinates the execution of functions across Carbyne Stack virtual cloud providers.

  • Network Controller - Enables communication between MPC engines by configuring Istio to route incoming traffic from remote MPC engines to the Ephemeral Knative pods.

  • Client - A Java client that can be used to invoke Ephemeral functions.

  • Helm Chart - A Helm chart to deploy Ephemeral on a Kubernetes cluster.

Namesake

Ephemeral (plural ephemerals): Something which lasts for a short period of time.

As of Wikipedia:

Ephemerality (from Greek ephemeros, literally "lasting only one day") is the concept of things being transitory, existing only briefly. Typically, the term ephemeral is used to describe objects found in nature, although it can describe a wide range of things, including human artifacts intentionally made to last for only a temporary period, in order to increase their perceived aesthetic value.

Authoring Ephemeral Functions

Ephemeral uses the MP-SPDZ library as the underlying MPC engine. That means you write Ephemeral functions using the Python dialect used by MP-SPDZ.

I/O

I/O is implemented in Ephemeral using socket functionality provided by MP-SPDZ. A function for adding two secret shared values from and writing the result back to Amphora looks like this:

# Open socket for I/O
listen(10000)
client_socket_id = regint()
acceptclientconnection(client_socket_id, 10000)

# Read all input data at once
v = sint.read_from_socket(client_socket_id, 2)
a = v[0]
b = v[1]

# Compute result
sum = a + b

# Pack result into array and write to socket
resp = Array(1, sint)
resp[0] = sum
sint.write_to_socket(client_socket_id, resp)

Known issues

Old Knative revisions must be deleted manually

Patching of Kubernetes Pods managed by Knative causes dangling old revisions when a new revision is created. While the new revision is activated and traffic is forwarded correctly, the old pods belonging to the previous revision are lying around and must be manually deleted. The following commands must be used:

kubectl get revisions
# Pick up the older revision that must deleted, e.g. <REVISION_NAME>
# And delete it manually.
kubectl delete revision <REVISION_NAME>

License

Carbyne Stack Ephemeral is open-sourced under the Apache License 2.0. See the LICENSE file for details.

3rd Party Licenses

For information on how license obligations for 3rd party OSS dependencies are fulfilled see the README file of the Carbyne Stack repository.

Contributing

Please see the Carbyne Stack Contributor's Guide.

Directories

Path Synopsis
cmd
pkg
castor
Package castor implements a client to interact with _Carbyne Stack Castor_ services
Package castor implements a client to interact with _Carbyne Stack Castor_ services
network-controller/apis/mpc/v1alpha1
Package v1alpha1 contains API Schema definitions for the mpc v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=mpc.bosch.com
Package v1alpha1 contains API Schema definitions for the mpc v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=mpc.bosch.com
network-controller/client/clientset/versioned
This package has the automatically generated clientset.
This package has the automatically generated clientset.
network-controller/client/clientset/versioned/fake
This package has the automatically generated fake clientset.
This package has the automatically generated fake clientset.
network-controller/client/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
This package contains the scheme of the automatically generated clientset.
network-controller/client/clientset/versioned/typed/mpc/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
network-controller/client/clientset/versioned/typed/mpc/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
opa

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL