github/MP-SPDZ
1
1
Fork 0
mirror of https://github.com/data61/MP-SPDZ.git synced 2026-01-09 13:37:58 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
MP-SPDZ/CHANGELOG.md
Marcel Keller bf7f8f4b65 Expected communication cost in compiler.
2025-12-24 13:47:42 +11:00

451 lines
17 KiB
Markdown
Raw Permalink Blame History

The changelog explains changes pulled through from the private development repository. Bug fixes and small enhancements are committed between releases and not documented here.
## 0.4.2 (Dec 24, 2025)
- Expected communication cost in compiler
- Semi-honest option of Rep4
- Reduced communication for preprocessing in Dealer protocol
- Option of choosing SoftSpoken parameter at run-time
- BERT functionality (@hiddely)
- Recommended reading list in documentation
## 0.4.1 (May 30, 2025)
- Add protocols with function-dependent preprocessing (https://eprint.iacr.org/2025/919)
- Parallelize shuffling (@vincent-ehrmanntraut)
- More efficient probabilistic truncation in Rep3
- More efficient binary to arithmetic conversion for one bit in Rep3
- Backend optimizations benefitting the most efficient protocols like Rep3
- Allow regint registers as argument in exported functions
- More efficient dot product for GF(2^n)
- File persistance for GF(2^n)
- Output of binary secrets
- SHA256
- Improved navigation by providing links to relevant papers (`./compile.py --papers`) and outputting which code is executed (`./<protocol>-party.x --code-locations`)
- Fixed security bug: remove MAC key in case of failure
## 0.4.0 (November 21, 2024)
- Functionality to call high-level code from C++
- Matrix triples from file for all appropriate protocols
- Exit with message on errors instead of uncaught exceptions
- Reduce memory usage for binary memory
- Optimized cint-regint conversion in Dealer protocol
- Fixed security bug: missing MAC check in probabilistic truncation
## 0.3.9 (July 9, 2024)
- Inference with non-sequential PyTorch networks
- SHA-3 for any input length (@hiddely)
- Improved client facilities
- Shuffling with malicious security for SPDZ-wise protocols by [Asharov et al.](https://ia.cr/2022/1595)
- More reusable bytecode via in-thread calling facility
- Recursive functions without return values
- Fewer rounds for parallel matrix multiplications (@vincent-ehrmanntraut)
- Optimized usage of SoftSpokenOT in semi-honest protocols
- More integrity checks on storage in MAC-based protocols
- Use C++17
- Use glibc 2.18 for the binaries
- Fixed security bugs: remotely caused buffer overflows (#1382)
- Fixed security bug: Missing randomization before revealing to client
- Fixed security bug: Bias in Rep3 secure shuffling
## 0.3.8 (December 14, 2023)
- Functionality for multiple nodes per party
- Functionality to use disk space for high-level data structures
- True division is always fixed-point division (similar to Python 3)
- Compiler option to optimize for specific protocol
- Cleartext permutation
- Faster compilation and lower bytecode size
- Functionality to output secret shares from high-level code
- Run-time command-line arguments accessible from high-level code
- Client connection setup specifies cleartext domain
- Compile-time parameter for connection timeout
- Prevent connections from timing out (@ParallelogramPal)
- More ECDSA examples
- More flexible multiplication instruction
- Dot product instruction supports several operations at once
- Example-based virtual machine explanation
## 0.3.7 (August 14, 2023)
- Path Oblivious Heap (@tskovlund)
- Adjust batch and bucket size to program
- Direct communication available in more protocols
- Option for seed in fake preprocessing (@strieflin)
- Lower memory usage due to improved register allocation
- New instructions to speed up CISC compilation
- Protocol implementation example
- Fixed security bug: missing MAC checks in multi-threaded programs
- Fixed security bug: race condition in MAC check
- Fixed security bug: missing shuffling check in PS mod 2^k and Brain
- Fixed security bug: insufficient drowning in pairwise protocols
## 0.3.6 (May 9, 2023)
- More extensive benchmarking outputs
- Replace MPIR by GMP
- Secure reading of edaBits from files
- Semi-honest client communication
- Back-propagation for average pooling
- Parallelized convolution
- Probabilistic truncation as in ABY3
- More balanced communication in Shamir secret sharing
- Avoid unnecessary communication in Dealer protocol
- Linear solver using Cholesky decomposition
- Accept .py files for compilation
- Fixed security bug: proper accounting for random elements
## 0.3.5 (Feb 16, 2023)
- Easier-to-use machine learning interface
- Integrated compilation-execution facility
- Import/export sequential models and parameters from/to PyTorch
- Binary-format input files
- Less aggressive round optimization for faster compilation by default
- Multithreading with client interface
- Functionality to protect order of specific memory accesses
- Oblivious transfer works again on older (pre-2011) x86 CPUs
- clang is used by default
## 0.3.4 (Nov 9, 2022)
- Decision tree learning
- Optimized oblivious shuffle in Rep3
- Optimized daBit generation in Rep3 and semi-honest HE-based 2PC
- Optimized element-vector AND in SemiBin
- Optimized input protocol in Shamir-based protocols
- Square-root ORAM (@Quitlox)
- Improved ORAM in binary circuits
- UTF-8 outputs
## 0.3.3 (Aug 25, 2022)
- Use SoftSpokenOT to avoid unclear security of KOS OT extension candidate
- Fix security bug in MAC check when using multithreading
- Fix security bug to prevent selective failure attack by checking earlier
- Fix security bug in Mama: insufficient sacrifice.
- Inverse permutation (@Quitlox)
- Easier direct compilation (@eriktaubeneck)
- Generally allow element-vector operations
- Increase maximum register size to 2^54
- Client example in Python
- Uniform base OTs across platforms
- Multithreaded base OT computation
- Faster random bit generation in two-player Semi(2k)
## 0.3.2 (May 27, 2022)
- Secure shuffling
- O(n log n) radix sorting
- Documented BGV encryption interface
- Optimized matrix multiplication in dealer protocol
- Fixed security bug in homomorphic encryption parameter generation
- Fixed security bug in Temi matrix multiplication
## 0.3.1 (Apr 19, 2022)
- Protocol in dealer model
- Command-line option for security parameter
- Fixed security bug in SPDZ2k (see Section 3.4 of [the updated paper](https://eprint.iacr.org/2018/482))
- Ability to run high-level (Python) code from C++
- More memory capacity due to 64-bit addressing
- Homomorphic encryption for more fields of characteristic two
- Docker container
## 0.3.0 (Feb 17, 2022)
- Semi-honest computation based on threshold semi-homomorphic encryption
- Batch normalization backward propagation
- AlexNet for CIFAR-10
- Specific private output protocols
- Semi-honest additive secret sharing without communication
- Sending of personal values
- Allow overwriting of persistence files
- Protocol signature in persistence files
## 0.2.9 (Jan 11, 2022)
- Disassembler
- Run-time parameter for probabilistic truncation error
- Probabilistic truncation for some protocols computing modulo a prime
- Simplified C++ interface
- Comparison as in [ACCO](https://dl.acm.org/doi/10.1145/3474123.3486757)
- More general scalar-vector multiplication
- Complete memory support for clear bits
- Extended clear bit functionality with Yao's garbled circuits
- Allow preprocessing information to be supplied via named pipes
- In-place operations for containers
## 0.2.8 (Nov 4, 2021)
- Tested on Apple laptop with ARM chip
- Restore trusted client interface
- Directly accessible softmax function
- Signature in preprocessing files to reduce confusing errors
- Improved error messages for connection issues
- Documentation of low-level share types and protocol pairs
## 0.2.7 (Sep 17, 2021)
- Optimized matrix multiplication in Hemi
- Improved client communication
- Private integer division as per [Veugen and Abspoel](https://doi.org/10.2478/popets-2021-0073)
- Compiler option to translate some Python control flow instructions
to run-time instructions
- Functionality to break out of run-time loops
- Run-time range check of data structure accesses
- Improved documentation of network infrastructure
## 0.2.6 (Aug 6, 2021)
- [ATLAS](https://eprint.iacr.org/2021/833)
- Keras-like interface
- Iterative linear solution approximation
- Binary output
- HighGear/LowGear key generation for wider range of parameters by default
- Dabit generation for smaller primes and malicious security
- More consistent type model
- Improved local computation
- Optimized GF(2^8) for CCD
- NTL only needed for computation with GF(2^40)
- Virtual machines suggest compile-time optimizations
- Improved documentation of types
## 0.2.5 (Jul 2, 2021)
- Training of convolutional neural networks
- Bit decomposition using edaBits
- Ability to force MAC checks from high-level code
- Ability to close client connection from high-level code
- Binary operators for comparison results
- Faster compilation for emulation
- More documentation
- Fixed bug in dense layer back-propagation
- Fixed security bug: insufficient LowGear secret key randomness
- Fixed security bug: skewed random bit generation
## 0.2.4 (Apr 19, 2021)
- ARM support
- Base OTs optionally without SimpleOT/AVX
- Use OpenSSL instead of Crypto++ for elliptic curves
- Post-sacrifice binary computation with replicated secret sharing similar
to [Araki et al.](https://www.ieee-security.org/TC/SP2017/papers/96.pdf)
- More flexible multithreading
## 0.2.3 (Feb 23, 2021)
- Distributed key generation for homomorphic encryption with active security similar to [Rotaru et al.](https://eprint.iacr.org/2019/1300)
- Homomorphic encryption parameters more similar to SCALE-MAMBA
- Fixed security bug: all-zero secret keys in homomorphic encryption
- Fixed security bug: missing check in binary Rep4
- Fixed security bug: insufficient "blaming" (covert security) in CowGear and ChaiGear due to low default security parameter
## 0.2.2 (Jan 21, 2021)
- Infrastructure for random element generation
- Programs generating as much preprocessing data as required by a particular high-level program
- Smaller binaries
- Cleaning up code
- Removing unused virtual machine instructions
- Fixed security bug: wrong MAC check in SPDZ2k input tuple generation
## 0.2.1 (Dec 11, 2020)
- Virtual machines automatically use the modulus used during compilation
- Non-linear computation modulo a prime without large gap in bit length
- Fewer communication rounds in several protocols
## 0.2.0 (Oct 28, 2020)
- Rep4: honest-majority four-party computation with malicious security
- SY/SPDZ-wise: honest-majority computation with malicious security based on replicated or Shamir secret sharing
- Training with a sequence of dense layers
- Training and inference for multi-class classification
- Local share conversion for semi-honest protocols based on additive secret sharing modulo a power of two
- edaBit generation based on local share conversion
- Optimize exponentiation with local share conversion
- Optimize Shamir pseudo-random secret sharing using a hyper-invertible matrix
- Mathematical functions (exponentiation, logarithm, square root, and trigonometric functions) with binary circuits
- Direct construction of fixed-point values from any type, breaking `sfix(x)` where `x` is the integer representation of a fixed-point number. Use `sfix._new(x)` instead.
- Optimized dot product for `sfix`
- Matrix multiplication via operator overloading uses VM-optimized multiplication.
- Fake preprocessing for daBits and edaBits
- Fixed security bug: insufficient randomness in SemiBin random bit generation.
- Fixed security bug: insufficient randomization of FKOS15 inputs.
- Fixed security bug in binary computation with SPDZ(2k).
## 0.1.9 (Aug 24, 2020)
- Streamline inputs to binary circuits
- Improved private output
- Emulator for arithmetic circuits
- Efficient dot product with Shamir's secret sharing
- Lower memory usage for TensorFlow inference
- This version breaks bytecode compatibility.
## 0.1.8 (June 15, 2020)
- Half-gate garbling
- Native 2D convolution
- Inference with some TensorFlow graphs
- MASCOT with several MACs to increase security
## 0.1.7 (May 8, 2020)
- Possibility of using global keyword in loops instead of MemValue
- IEEE754 floating-point functionality using Bristol Fashion circuits
## 0.1.6 (Apr 2, 2020)
- Bristol Fashion circuits
- Semi-honest computation with somewhat homomorphic encryption
- Use SSL for client connections
- Client facilities for all arithmetic protocols
## 0.1.5 (Mar 20, 2020)
- Faster conversion between arithmetic and binary secret sharing using [extended daBits](https://eprint.iacr.org/2020/338)
- Optimized daBits
- Optimized logistic regression
- Faster compilation of repetitive code (compiler option `-C`)
- ChaiGear: [HighGear](https://eprint.iacr.org/2017/1230) with covert key generation
- [TopGear](https://eprint.iacr.org/2019/035) zero-knowledge proofs
- Binary computation based on Shamir secret sharing
- Fixed security bug: Prove correctness of ciphertexts in input tuple generation
- Fixed security bug: Missing check in MASCOT bit generation and various binary computations
## 0.1.4 (Dec 23, 2019)
- Mixed circuit computation with secret sharing
- Binary computation for dishonest majority using secret sharing as in [FKOS15](https://eprint.iacr.org/2015/901)
- Fixed security bug: insufficient OT correlation check in SPDZ2k
- This version breaks bytecode compatibility.
## 0.1.3 (Nov 21, 2019)
- Python 3
- Semi-honest computation based on semi-homomorphic encryption
- Access to player information in high-level language
## 0.1.2 (Oct 11, 2019)
- Machine learning capabilities used for [MobileNets inference](https://eprint.iacr.org/2019/131) and the iDASH submission
- Binary computation for dishonest majority using secret sharing
- Mathematical functions from [SCALE-MAMBA](https://github.com/KULeuven-COSIC/SCALE-MAMBA)
- Fixed security bug: CowGear would reuse triples.
## 0.1.1 (Aug 6, 2019)
- ECDSA
- Loop unrolling with budget as in [HyCC](https://thomaschneider.de/papers/BDKKS18.pdf)
- Malicious replicated secret sharing for binary circuits
- New variants of malicious replicated secret over rings in [Use your Brain!](https://eprint.iacr.org/2019/164)
- MASCOT for any prime larger than 2^64
- Private fixed- and floating-point inputs
## 0.1.0 (Jun 7, 2019)
- CowGear protocol (LowGear with covert security)
- Protocols that sacrifice after than before
- More protocols for replicated secret sharing over rings
- Fixed security bug: Some protocols with supposed malicious security wouldn't check players' inputs when generating random bits.
## 0.0.9 (Apr 30, 2019)
- Complete BMR for all GF(2^n) protocols
- [Use your Brain!](https://eprint.iacr.org/2019/164)
- Semi/Semi2k for semi-honest OT-based computation
- Branching on revealed values in garbled circuits
- Fixed security bug: Potentially revealing too much information when opening linear combinations of private inputs in MASCOT and SPDZ2k with more than two parties
## 0.0.8 (Mar 28, 2019)
- SPDZ2k
- Integration of MASCOT and SPDZ2k preprocessing
- Integer division
## 0.0.7 (Feb 14, 2019)
- Simplified installation on macOS
- Optimized matrix multiplication
- Data type for quantization
## 0.0.6 (Jan 5, 2019)
- Shamir secret sharing
## 0.0.5 (Nov 5, 2018)
- More three-party replicated secret sharing
- Encrypted communication for replicated secret sharing
## 0.0.4 (Oct 11, 2018)
- Added BMR, Yao's garbled circuits, and semi-honest 3-party replicated secret sharing for arithmetic and binary circuits.
- Use inline assembly instead of MPIR for arithmetic modulo primes up length up to 128 bit.
- Added a secure multiplication instruction to the instruction set in order to accommodate protocols that don't use Beaver randomization.
## 0.0.3 (Mar 2, 2018)
- Added offline phases based on homomorphic encryption, used in the [SPDZ-2 paper](https://eprint.iacr.org/2012/642) and the [Overdrive paper](https://eprint.iacr.org/2017/1230).
- On macOS, the minimum requirement is now Sierra.
- Compilation with LLVM/clang is now possible (tested with 3.8).
## 0.0.2 (Sep 13, 2017)
### Support sockets based external client input and output to a SPDZ MPC program.
See the [ExternalIO directory](./ExternalIO/README.md) for more details and examples.
Note that [libsodium](https://download.libsodium.org/doc/) is now a dependency on the SPDZ build.
Added compiler instructions:
* LISTEN
* ACCEPTCLIENTCONNECTION
* CONNECTIPV4
* WRITESOCKETSHARE
* WRITESOCKETINT
Removed instructions:
* OPENSOCKET
* CLOSESOCKET
Modified instructions:
* READSOCKETC
* READSOCKETS
* READSOCKETINT
* WRITESOCKETC
* WRITESOCKETS
Support secure external client input and output with new instructions:
* READCLIENTPUBLICKEY
* INITSECURESOCKET
* RESPSECURESOCKET
### Read/Write secret shares to disk to support persistence in a SPDZ MPC program.
Added compiler instructions:
* READFILESHARE
* WRITEFILESHARE
### Other instructions
Added compiler instructions:
* DIGESTC - Clear truncated hash computation
* PRINTINT - Print register value
## 0.0.1 (Sep 2, 2016)
### Initial Release
* See `README.md` and `tutorial.md`.
Reference in New Issue View Git Blame Copy Permalink