MPC management framework automating a secure network setup among participants of multiparty computation in the outsourced setting.
We offer a comprehensive framework instantiating a proposed set of protocols for participant registration (i.e., client or server), Kerberos-like authentication, and MPC job orchestration. This framework suits the need of organizations that wants to set up their MPC system while temporarily incorporating computation power from other stakeholders or third parties.
Some of the dependencies require build tools installed in the system. This can be done as follows:
Debian-based systems:
sudo apt update
sudo apt install build-essential
RHEL-based systems:
sudo yum groupinstall "Development Tools"
Required Microsoft Visual C++ 14.0 or greater. Get it with "Microsoft C++ Build Tools" (When using Python3.9)
- msgpack
- cerberus
- pyDH
- pycryptodome
- ed25519
- scrypt
- twisted
Install the above python dependencies using pip
(or pip3
depending on your system). For instance, to install msgpack
use
pip3 install msgpack
Notes:
- During the installation of
ed25519
you may get an error related to#include "Python.h"
. In such case, install the python3 header files depending on your system as follows.
Debian-based systems:
sudo apt-get install python3-dev
RHEL-based systems:
sudo yum install python3-devel
- During the installation of
scrypt
you may get an error related to#include <openssl/aes.h>
. In such case, installopenssl
depending on your linux system as follows.
Debian-based systems:
sudo apt-get install libssl-dev
RHEL-based systems:
sudo yum install openssl-devel
or for OS X with brew:
$ brew install openssl
$ export CFLAGS="-I$(brew --prefix openssl)/include $CFLAGS"
$ export LDFLAGS="-L$(brew --prefix openssl)/lib $LDFLAGS"
Note: Tested with python version as low as 3.5.
Run the MPC management server and participant programs as a Python module. Navigate to the project's base directory, then type:
python3 -m mpcframework.tmanager
python3 -m mpcframework.mpcs
python3 -m mpcframework.client
First, run the MPC management server.
When trying to run a participant (MPC server or client) for the first time, or when trying to run a non-existent participant by specifying the participant Id, the program will prompt you to register a new identity:
python3 -m mpcframework.mpcs 4
» no information found for this mpc server id. register new mpcs? [yes]:
To proceed with the registration, type yes
or press ENTER to confirm the default. Otherwise type n
to exit.
In the case of a non-existing client, it will provide the user with an application command prompt. To register, type register
and press ENTER, otherwise type exit
.
python3 -m mpcframework.client 5
could not find stored credentials
> register
If the client is registered as a consumer client, the program will provide another command prompt after a successful registration and subsequent authentication. Otherwise, as a data source client, the program will wait for commands from the MPC management server.
To register a client as a (data) consumer client, prior to running the program, go to the file ./mpcframework/network/client/client_registration_protocol.py
and change the value of the variable iotype
from input
to output
, meaning that this client should receive the output of a secure computation.
Once there are enough MPC servers, at least one source client and at least one consumer client authenticated with the MPC management server, the system is ready to receive requests for a secure computation from a consumer client.
To run and authenticate a client with the MPC management server, simply run it indicating their id
number as a parameter. When there is just one MPC server or client registered in a host, the id
can be omitted.
On the consumer client console, type register
and press ENTER.
analytics001> runmpc
This will trigger the automated MPC network setup. You can see the outcome of the execution on the MPC management server's console.
Note that this program sets up the MPC network between MPC servers and clients. The actual MPC protocol execution would require adding the corresponding MPC protocol to the MPC servers and integrating it with the MpcControlProtocol
class.
The following configurations need to be considered when deploying the MPC management framework on different hosts:
The MPC management server and the MPC servers open TCP ports to accept connection requests from other nodes. The corresponding allow rules need to be added to the firewalls as required.
The following TCP ports are used by default:
- Registration server port: 1250
- Management server port: 1251
Configuration found in ./mpcframework/tmnetwork/
, files regs_protocol.py
and mgmt_protocol.py
- TCP port for data input: 1270
- TCP port for reporting results: 1260
Configuration found in ./mpcframework/network/mpcs/mpc_control_protocol.py
The only server IP address participants need to know is the MPC management server IP, which also carries out the participant registration. The IP address specification is done in files located in the folder ./mpcframework/network/
as follows:
-
To contact the registration server, replace
'localhost'
for the corresponding MPC management server IP in line 13 ofnetwork_protocol_base.py
-
To contact the MPC management server for the automated setup and other functionalities, replace
'localhost'
by the corresponding MPC management server IP address in line 15 ofauthentication_protocol.py