github/concrete
1
1
Fork 0
mirror of https://github.com/zama-ai/concrete.git synced 2026-02-18 08:31:31 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
34ffd6f97ab7c6cc91aedd59a96adbbb0a119dc2
concrete/compilers/concrete-compiler/compiler/lib/Common/Keysets.cpp
Alexandre Péré e8ef48ffd8 feat(compiler): introduce concrete-protocol 
This commit:
 + Adds support for a protocol which enables inter-op between concrete,
   tfhe-rs and potentially other contributors to the fhe ecosystem.
 + Gets rid of hand-made serialization in the compiler, and
   client/server libs.
 + Refactors client/server libs to allow more pre/post processing of
   circuit inputs/outputs.

The protocol is supported by a definition in the shape of a capnp file,
which defines different types of objects among which:
 + ProgramInfo object, which is a precise description of a set of fhe
   circuit coming from the same compilation (understand function type
   information), and the associated key set.
 + *Key objects, which represent secret/public keys used to
   encrypt/execute fhe circuits.
 + Value object, which represent values that can be transferred between
   client and server to support calls to fhe circuits.

The hand-rolled serialization that was previously used is completely
dropped in favor of capnp in the whole codebase.

The client/server libs, are refactored to introduce a modular design for
pre-post processing. Reading the ProgramInfo file associated with a
compilation, the client and server libs assemble a pipeline of
transformers (functions) for pre and post processing of values coming in
and out of a circuit. This design properly decouples various aspects of
the processing, and allows these capabilities to be safely extended.

In practice this commit includes the following:
 + Defines the specification in a concreteprotocol package
 + Integrate the compilation of this package as a compiler dependency
   via cmake
 + Modify the compiler to use the Encodings objects defined in the
   protocol
 + Modify the compiler to emit ProgramInfo files as compilation
   artifact, and gets rid of the bloated ClientParameters.
 + Introduces a new Common library containing the functionalities shared
   between the compiler and the client/server libs.
 + Introduces a functional pre-post processing pipeline to this common
   library
 + Modify the client/server libs to support loading ProgramInfo objects,
   and calling circuits using Value messages.
 + Drops support of JIT.
 + Drops support of C-api.
 + Drops support of Rust bindings.

Co-authored-by: Nikita Frolov <nf@mkmks.org>
2023-11-09 17:09:04 +01:00

392 lines
14 KiB
C++
Raw Blame History

// Part of the Concrete Compiler Project, under the BSD3 License with Zama
// Exceptions. See
// https://github.com/zama-ai/concrete-compiler-internal/blob/main/LICENSE.txt
// for license information.
#include "concretelang/Common/Keysets.h"
#include "capnp/message.h"
#include "concrete-cpu.h"
#include "concrete-protocol.capnp.h"
#include "concretelang/Common/Csprng.h"
#include "concretelang/Common/Error.h"
#include "concretelang/Common/Keys.h"
#include "kj/common.h"
#include "kj/io.h"
#include "llvm/ADT/ScopeExit.h"
#include "llvm/Support/FileSystem.h"
#include "llvm/Support/Path.h"
#include <errno.h>
#include <fcntl.h>
#include <iostream>
#include <stdlib.h>
#include <string>
#include <unistd.h>
#include <utime.h>
using concretelang::csprng::ConcreteCSPRNG;
using concretelang::error::Result;
using concretelang::error::StringError;
using concretelang::keys::LweBootstrapKey;
using concretelang::keys::LweKeyswitchKey;
using concretelang::keys::LweSecretKey;
using concretelang::keys::PackingKeyswitchKey;
/// The default reading limit of capnp must be increased for large keys.
const capnp::ReaderOptions KEY_READER_OPTS =
capnp::ReaderOptions{7000000000, 64};
namespace concretelang {
namespace keysets {
ClientKeyset
ClientKeyset::fromProto(const Message<concreteprotocol::ClientKeyset> &proto) {
auto output = ClientKeyset();
for (auto skProto : proto.asReader().getLweSecretKeys()) {
output.lweSecretKeys.push_back(LweSecretKey::fromProto(skProto));
}
return output;
}
Message<concreteprotocol::ClientKeyset> ClientKeyset::toProto() const {
auto output = Message<concreteprotocol::ClientKeyset>();
output.asBuilder().initLweSecretKeys(lweSecretKeys.size());
for (size_t i = 0; i < lweSecretKeys.size(); i++) {
output.asBuilder().getLweSecretKeys().setWithCaveats(
i, lweSecretKeys[i].toProto().asReader());
}
return output;
}
ServerKeyset
ServerKeyset::fromProto(const Message<concreteprotocol::ServerKeyset> &proto) {
auto output = ServerKeyset();
for (auto bskProto : proto.asReader().getLweBootstrapKeys()) {
output.lweBootstrapKeys.push_back(LweBootstrapKey::fromProto(bskProto));
}
for (auto kskProto : proto.asReader().getLweKeyswitchKeys()) {
output.lweKeyswitchKeys.push_back(LweKeyswitchKey::fromProto(kskProto));
}
for (auto pkskProto : proto.asReader().getPackingKeyswitchKeys()) {
output.packingKeyswitchKeys.push_back(
PackingKeyswitchKey::fromProto(pkskProto));
}
return output;
}
Message<concreteprotocol::ServerKeyset> ServerKeyset::toProto() const {
auto output = Message<concreteprotocol::ServerKeyset>();
output.asBuilder().initLweBootstrapKeys(lweBootstrapKeys.size());
for (size_t i = 0; i < lweBootstrapKeys.size(); i++) {
output.asBuilder().getLweBootstrapKeys().setWithCaveats(
i, lweBootstrapKeys[i].toProto().asReader());
}
output.asBuilder().initLweKeyswitchKeys(lweKeyswitchKeys.size());
for (size_t i = 0; i < lweKeyswitchKeys.size(); i++) {
output.asBuilder().getLweKeyswitchKeys().setWithCaveats(
i, lweKeyswitchKeys[i].toProto().asReader());
}
output.asBuilder().initPackingKeyswitchKeys(packingKeyswitchKeys.size());
for (size_t i = 0; i < packingKeyswitchKeys.size(); i++) {
output.asBuilder().getPackingKeyswitchKeys().setWithCaveats(
i, packingKeyswitchKeys[i].toProto().asReader());
}
return output;
}
Keyset::Keyset(const Message<concreteprotocol::KeysetInfo> &info,
CSPRNG &csprng) {
for (auto keyInfo : info.asReader().getLweSecretKeys()) {
client.lweSecretKeys.push_back(LweSecretKey(keyInfo, csprng));
}
for (auto keyInfo : info.asReader().getLweBootstrapKeys()) {
server.lweBootstrapKeys.push_back(
LweBootstrapKey(keyInfo, client.lweSecretKeys[keyInfo.getInputId()],
client.lweSecretKeys[keyInfo.getOutputId()], csprng));
}
for (auto keyInfo : info.asReader().getLweKeyswitchKeys()) {
server.lweKeyswitchKeys.push_back(
LweKeyswitchKey(keyInfo, client.lweSecretKeys[keyInfo.getInputId()],
client.lweSecretKeys[keyInfo.getOutputId()], csprng));
}
for (auto keyInfo : info.asReader().getPackingKeyswitchKeys()) {
server.packingKeyswitchKeys.push_back(PackingKeyswitchKey(
keyInfo, client.lweSecretKeys[keyInfo.getInputId()],
client.lweSecretKeys[keyInfo.getOutputId()], csprng));
}
}
Keyset Keyset::fromProto(const Message<concreteprotocol::Keyset> &proto) {
auto server = ServerKeyset::fromProto(proto.asReader().getServer());
auto client = ClientKeyset::fromProto(proto.asReader().getClient());
return {server, client};
}
Message<concreteprotocol::Keyset> Keyset::toProto() const {
auto output = Message<concreteprotocol::Keyset>();
auto serverProto = server.toProto();
auto clientProto = client.toProto();
output.asBuilder().setServer(serverProto.asReader());
output.asBuilder().setClient(clientProto.asReader());
return output;
}
template <typename ProtoKey>
Result<Message<ProtoKey>> loadKeyProto(std::string path) {
std::ifstream in((std::string)path, std::ofstream::binary);
if (in.fail()) {
return StringError("Cannot load key at path " + (std::string)path +
" Error: " + strerror(errno));
}
Message<ProtoKey> keyBlob;
OUTCOME_TRYV(keyBlob.readBinaryFromIstream(in, KEY_READER_OPTS));
return keyBlob;
}
template <typename ProtoKey, typename Key>
Result<Key> loadKey(std::string path) {
Message<ProtoKey> proto;
OUTCOME_TRY(auto keyProto, loadKeyProto<ProtoKey>(path));
return Key::fromProto(keyProto);
}
template <typename ProtoKey>
Result<void> saveKeyProto(Message<ProtoKey> keyProto, std::string path) {
std::ofstream out((std::string)path, std::ofstream::binary);
if (out.fail()) {
return StringError("Cannot save key at path: " + (std::string)path +
" Error: " + strerror(errno));
}
OUTCOME_TRYV(keyProto.writeBinaryToOstream(out));
return outcome::success();
}
template <typename ProtoKey, typename Key>
Result<void> saveKey(Key key, std::string path) {
#ifdef CONCRETELANG_GENERATE_UNSECURE_SECRET_KEYS
getApproval();
#endif
auto proto = key.toProto();
OUTCOME_TRYV(saveKeyProto<ProtoKey>(std::move(proto), path));
return outcome::success();
}
Result<Keyset>
loadKeysFromFiles(const Message<concreteprotocol::KeysetInfo> &keysetInfo,
uint64_t seed_msb, uint64_t seed_lsb,
std::string folderPath) {
#ifdef CONCRETELANG_GENERATE_UNSECURE_SECRET_KEYS
getApproval();
#endif
// Mark the folder as recently use.
// e.g. so the CI can do some cleanup of unused keys.
utime(folderPath.c_str(), nullptr);
std::vector<LweSecretKey> secretKeys;
std::vector<LweBootstrapKey> bootstrapKeys;
std::vector<LweKeyswitchKey> keyswitchKeys;
std::vector<PackingKeyswitchKey> packingKeyswitchKeys;
// Load secret keys
for (auto keyInfo : keysetInfo.asReader().getLweSecretKeys()) {
// TODO - Check parameters?
// auto param = secretKeyParam.second;
llvm::SmallString<0> path(folderPath);
llvm::sys::path::append(path,
"secretKey_" + std::to_string(keyInfo.getId()));
OUTCOME_TRY(auto key, loadKey<concreteprotocol::LweSecretKey, LweSecretKey>(
(std::string)path));
secretKeys.push_back(key);
}
// Load bootstrap keys
for (auto keyInfo : keysetInfo.asReader().getLweBootstrapKeys()) {
// TODO - Check parameters?
// auto param = p.value();
llvm::SmallString<0> path(folderPath);
llvm::sys::path::append(path, "pbsKey_" + std::to_string(keyInfo.getId()));
OUTCOME_TRY(auto key,
loadKey<concreteprotocol::LweBootstrapKey, LweBootstrapKey>(
(std::string)path));
bootstrapKeys.push_back(key);
}
// Load keyswitch keys
for (auto keyInfo : keysetInfo.asReader().getLweKeyswitchKeys()) {
// TODO - Check parameters?
// auto param = p.value();
llvm::SmallString<0> path(folderPath);
llvm::sys::path::append(path, "ksKey_" + std::to_string(keyInfo.getId()));
OUTCOME_TRY(auto key,
loadKey<concreteprotocol::LweKeyswitchKey, LweKeyswitchKey>(
(std::string)path));
keyswitchKeys.push_back(key);
}
// Load packing keyswitch keys
for (auto keyInfo : keysetInfo.asReader().getPackingKeyswitchKeys()) {
// TODO - Check parameters?
// auto param = p.value();
llvm::SmallString<0> path(folderPath);
llvm::sys::path::append(path, "pksKey_" + std::to_string(keyInfo.getId()));
OUTCOME_TRY(
auto key,
loadKey<concreteprotocol::PackingKeyswitchKey, PackingKeyswitchKey>(
(std::string)path));
packingKeyswitchKeys.push_back(key);
}
ClientKeyset clientKeyset = ClientKeyset{secretKeys};
ServerKeyset serverKeyset =
ServerKeyset{bootstrapKeys, keyswitchKeys, packingKeyswitchKeys};
Keyset keyset = Keyset{serverKeyset, clientKeyset};
return keyset;
}
Result<void> saveKeys(Keyset &keyset, llvm::SmallString<0> &folderPath) {
#ifdef CONCRETELANG_GENERATE_UNSECURE_SECRET_KEYS
getApproval();
#endif
llvm::SmallString<0> folderIncompletePath = folderPath;
folderIncompletePath.append(".incomplete");
auto err = llvm::sys::fs::create_directories(folderIncompletePath);
if (err) {
return StringError("Cannot create directory \"")
<< std::string(folderIncompletePath) << "\": " << err.message();
}
auto clientKeyset = keyset.client;
auto serverKeyset = keyset.server;
// Save LWE secret keys
for (auto key : clientKeyset.lweSecretKeys) {
llvm::SmallString<0> path = folderIncompletePath;
llvm::sys::path::append(
path, "secretKey_" + std::to_string(key.getInfo().asReader().getId()));
OUTCOME_TRYV(saveKey<concreteprotocol::LweSecretKey, LweSecretKey>(
key, path.c_str()));
}
// Save bootstrap keys
for (auto key : serverKeyset.lweBootstrapKeys) {
llvm::SmallString<0> path = folderIncompletePath;
llvm::sys::path::append(
path, "pbsKey_" + std::to_string(key.getInfo().asReader().getId()));
OUTCOME_TRYV(saveKey<concreteprotocol::LweBootstrapKey, LweBootstrapKey>(
key, path.c_str()));
}
// Save keyswitch keys
for (auto key : serverKeyset.lweKeyswitchKeys) {
llvm::SmallString<0> path = folderIncompletePath;
llvm::sys::path::append(
path, "ksKey_" + std::to_string(key.getInfo().asReader().getId()));
OUTCOME_TRYV(saveKey<concreteprotocol::LweKeyswitchKey, LweKeyswitchKey>(
key, path.c_str()));
}
// Save packing keyswitch keys
for (auto key : serverKeyset.packingKeyswitchKeys) {
llvm::SmallString<0> path = folderIncompletePath;
llvm::sys::path::append(
path, "pksKey_" + std::to_string(key.getInfo().asReader().getId()));
OUTCOME_TRYV(
saveKey<concreteprotocol::PackingKeyswitchKey, PackingKeyswitchKey>(
key, path.c_str()));
}
err = llvm::sys::fs::rename(folderIncompletePath, folderPath);
if (err) {
llvm::sys::fs::remove_directories(folderIncompletePath);
}
if (!llvm::sys::fs::exists(folderPath)) {
return StringError("Cannot save directory \"")
<< std::string(folderPath) << "\"";
}
return outcome::success();
}
KeysetCache::KeysetCache(std::string backingDirectoryPath) {
// check key;
this->backingDirectoryPath = backingDirectoryPath;
}
Result<Keyset>
KeysetCache::getKeyset(const Message<concreteprotocol::KeysetInfo> &keysetInfo,
uint64_t seed_msb, uint64_t seed_lsb) {
std::string hashString = keysetInfo.asReader().toString().flatten().cStr() +
std::to_string(seed_msb) + std::to_string(seed_lsb);
size_t hash = std::hash<std::string>{}(hashString);
#ifdef CONCRETELANG_GENERATE_UNSECURE_SECRET_KEYS
getApproval();
#endif
llvm::SmallString<0> folderPath =
llvm::SmallString<0>(this->backingDirectoryPath);
llvm::sys::path::append(folderPath, std::to_string(hash));
// Creating a lock for concurrent generation
llvm::SmallString<0> lockPath(folderPath);
lockPath.append("lock");
int FD_lock;
llvm::sys::fs::create_directories(llvm::sys::path::parent_path(lockPath));
// Open or create the lock file
auto err = llvm::sys::fs::openFile(
lockPath, FD_lock, llvm::sys::fs::CreationDisposition::CD_OpenAlways,
llvm::sys::fs::FileAccess::FA_Write, llvm::sys::fs::OpenFlags::OF_None);
if (err) {
// parent does not exists OR right issue (creation or write)
return StringError("Cannot access \"")
<< std::string(lockPath) << "\": " << err.message();
}
// The lock is released when the function returns.
// => any intermediate state in the function is not visible to others.
auto unlockAtReturn = llvm::make_scope_exit([&]() {
llvm::sys::fs::closeFile(FD_lock);
llvm::sys::fs::unlockFile(FD_lock);
llvm::sys::fs::remove(lockPath);
});
llvm::sys::fs::lockFile(FD_lock);
if (llvm::sys::fs::exists(folderPath)) {
// Once it has been generated by another process (or was already here)
auto keys = loadKeysFromFiles(keysetInfo, seed_msb, seed_lsb,
std::string(folderPath));
if (keys.has_value()) {
return keys;
} else {
std::cerr << std::string(keys.error().mesg) << "\n";
std::cerr << "Invalid KeySetCache entry " << std::string(folderPath)
<< "\n";
llvm::sys::fs::remove_directories(folderPath);
// Then we can continue as it didn't exist
}
}
std::cerr << "KeySetCache: miss, regenerating " << std::string(folderPath)
<< "\n";
__uint128_t seed = seed_msb;
seed <<= 64;
seed += seed_lsb;
auto csprng = ConcreteCSPRNG(seed);
Keyset keyset = Keyset(keysetInfo, csprng);
OUTCOME_TRYV(saveKeys(keyset, folderPath));
return std::move(keyset);
}
} // namespace keysets
} // namespace concretelang
Reference in New Issue View Git Blame Copy Permalink