Skip to content

Commit

Permalink
implement shares decryption (#204)
Browse files Browse the repository at this point in the history
* implement shares decryption

* Ability to decrypt shares + tests

* Ability to decrypt shares + tests

* tests for shares encrpytion and decryption

* tests for shares encrpytion and decryption

* deploy values for staging

* cleanup

* address pr comments

* Better error handling + PR comments

* PR comments

* fix merge changes

* fmt and clippy changes

* steps towards getting the results from s3

* misc

* decryption + tests

* format, test isolation

* wip

* wip

* cleanup build errors, refactors of various kinds

* fmt

* clippy

* update public key bucket name

* build debug dockerfile

* fix issue with fetching public key

* correct region for client sqs

* fix build

* fix build

* deploy from branch

* typo in image name

* client fix + helpers

* fix incorrect bucket region

* proper region pass

* fixes

* fmt, clippy

* fmt

* cleanup

* better errors

* fixed share type + print decrypted share string

* deploy

* fixdeploy

* deploy

* fix structures shares

* deplo

* proper sha

* fix test

* fmt, clippy

* fixes

* fixes

* deploy

* Update common-values-gpu-iris-mpc.yaml

* Update common-values-gpu-iris-mpc.yaml

---------

Co-authored-by: wojciechsromek <[email protected]>
Co-authored-by: wojciechsromek <[email protected]>
  • Loading branch information
3 people authored Aug 21, 2024
1 parent 7485951 commit 5b3e2c3
Show file tree
Hide file tree
Showing 30 changed files with 939 additions and 178 deletions.
1 change: 1 addition & 0 deletions .env.mpc1.dist
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ SMPC__PARTY_ID=0
SMPC__REQUESTS_QUEUE_URL=https://sqs.eu-north-1.amazonaws.com/654654380399/mpc1.fifo
SMPC__RESULTS_TOPIC_ARN=arn:aws:sns:eu-north-1:654654380399:mpc-results-topic
SMPC__PROCESSING_TIMEOUT_SECS=60
SMPC__PUBLIC_KEY_BASE_URL=https://d24uxaabh702ht.cloudfront.net

# These can be either ARNs or IDs, in production multi account setup they are ARNs
SMPC__KMS_KEY_ARNS='["077788e2-9eeb-4044-859b-34496cfd500b", "896353dc-5ea5-42d4-9e4e-f65dd8169dee", "42bb01f5-8380-48b4-b1f1-929463a587fb"]'
Expand Down
1 change: 1 addition & 0 deletions .env.mpc2.dist
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ SMPC__PARTY_ID=1
SMPC__REQUESTS_QUEUE_URL=https://sqs.eu-north-1.amazonaws.com/654654380399/mpc2.fifo
SMPC__RESULTS_TOPIC_ARN=arn:aws:sns:eu-north-1:654654380399:mpc-results-topic
SMPC__PROCESSING_TIMEOUT_SECS=60
SMPC__PUBLIC_KEY_BASE_URL=https://d24uxaabh702ht.cloudfront.net

# These can be either ARNs or IDs, in production multi account setup they are ARNs
SMPC__KMS_KEY_ARNS='["077788e2-9eeb-4044-859b-34496cfd500b", "896353dc-5ea5-42d4-9e4e-f65dd8169dee", "42bb01f5-8380-48b4-b1f1-929463a587fb"]'
Expand Down
1 change: 1 addition & 0 deletions .env.mpc3.dist
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ SMPC__PARTY_ID=2
SMPC__REQUESTS_QUEUE_URL=https://sqs.eu-north-1.amazonaws.com/654654380399/mpc3.fifo
SMPC__RESULTS_TOPIC_ARN=arn:aws:sns:eu-north-1:654654380399:mpc-results-topic
SMPC__PROCESSING_TIMEOUT_SECS=60
SMPC__PUBLIC_KEY_BASE_URL=https://d24uxaabh702ht.cloudfront.net

# These can be either ARNs or IDs, in production multi account setup they are ARNs
SMPC__KMS_KEY_ARNS='["077788e2-9eeb-4044-859b-34496cfd500b", "896353dc-5ea5-42d4-9e4e-f65dd8169dee", "42bb01f5-8380-48b4-b1f1-929463a587fb"]'
Expand Down
58 changes: 58 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ tracing = "0.1.40"
tracing-subscriber = { version = "0.3.15", features = ["env-filter"] }
rand = "0.8"
rayon = "1.5.1"
reqwest = { version = "0.12", features = ["blocking"] }
reqwest = { version = "0.12", features = ["blocking", "json"] }
static_assertions = "1.1"
telemetry-batteries = { git = "https://github.com/worldcoin/telemetry-batteries.git", rev = "802a4f39f358e077b11c8429b4c65f3e45b85959" }
tokio = { version = "1.39", features = ["full", "rt-multi-thread"] }
Expand Down
36 changes: 36 additions & 0 deletions Dockerfile.debug
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
FROM --platform=linux/amd64 ubuntu:22.04
ENV DEBIAN_FRONTEND=noninteractive

WORKDIR /app

RUN apt-get update && apt-get install -y \
curl \
build-essential \
libssl-dev \
texinfo \
libcap2-bin \
pkg-config \
git \
devscripts \
debhelper \
ca-certificates \
wget

RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
ENV PATH "/root/.cargo/bin:${PATH}"
ENV RUSTUP_HOME "/root/.rustup"
ENV CARGO_HOME "/root/.cargo"
RUN rustup toolchain install nightly-2024-07-10
RUN rustup default nightly-2024-07-10
RUN rustup component add cargo
RUN cargo install cargo-build-deps && cargo install cargo-edit

COPY . .

RUN apt-get update && apt-get install -y pkg-config wget libssl-dev ca-certificates \
&& rm -rf /var/lib/apt/lists/*

RUN wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.1-1_all.deb \
&& dpkg -i cuda-keyring_1.1-1_all.deb \
&& apt-get update \
&& apt-get install -y cuda-toolkit-12-2 libnccl2=2.22.3-1+cuda12.2 libnccl-dev=2.22.3-1+cuda12.2
10 changes: 10 additions & 0 deletions deploy/README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
# GPU Iris MPC Deployment in current stage

The application right now has issues with DB loading. To run the app it is necessary to truncate tables in the dbs in all 3 parties.

To do so, please deploy the pod in `/deploy/db-cleaner-helper-pod.yaml` in every party and run the following command putting appropriate DB URL and party id in it beforehand:

```bash
apt update && apt install -y postgresql-client && psql -H <DB_URL> -c 'SET search_path TO "SMPC_stage_{0,1,2}"; TRUNCATE irises, results, sync;'
```

# Application Upgrade Documentation

This document provides a step-by-step guide on how to upgrade the application deployed using ArgoCD. The application configuration is located in the `deploy/stage/mpc1-stage`, `deploy/stage/mpc2-stage`, and `deploy/stage/mpc3-stage` directories. Each directory contains a `values-gpu-iris-mpc.yaml` file, which includes the deployment configuration for the respective clusters: `mpc1-stage`, `mpc2-stage`, and `mpc3-stage`, and common value file placed in `deploy/stage/values-common-gpu-iris-mpc.yaml`
Expand Down
16 changes: 7 additions & 9 deletions temp.yaml → deploy/db-cleaner-helper-pod.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
kind: Pod
metadata:
name: gpu-iris-mpc
name: db-cleaner
namespace: gpu-iris-mpc
spec:
hostNetwork: true
Expand All @@ -16,17 +16,15 @@ spec:
securityContext:
runAsUser: 0
containers:
- name: gpu-iris-mpc
image: ghcr.io/worldcoin/gpu-iris-mpc-debug:2b1a5adf8aebc6a0917f591ec2cc364d5ea5d346
- name: db-cleaner
image: ghcr.io/worldcoin/gpu-iris-mpc-debug:34b305f6e9acafe9043636fb32fc11870615f34e
imagePullPolicy: Always
command: [ "/bin/bash" ]
args: [ "-c", "while true; do ping localhost; sleep 60; done" ]
resources:
limits:
nvidia.com/gpu: 1
vpc.amazonaws.com/efa: 1
cpu: 1
memory: 1Gi
requests:
nvidia.com/gpu: 1
vpc.amazonaws.com/efa: 1
ports:
- containerPort: 3000
cpu: 1
memory: 1Gi
29 changes: 29 additions & 0 deletions deploy/orb-stage-helper-pod.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: v1
kind: Pod
metadata:
name: smpcv2-signup-service-helper
namespace: signup-service
spec:
serviceAccountName: signup-service-worker # Add this line
imagePullSecrets:
- name: github-secret
nodeSelector:
kubernetes.io/arch: amd64
containers:
- name: smpcv2-signup-service-helper
image: ghcr.io/worldcoin/gpu-iris-mpc-debug:0510757a9d076c206d9a42eedca639787c44a0a8
securityContext:
runAsUser: 0
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault # or Localhost if you have a local profile
imagePullPolicy: Always
command: [ "/bin/bash" ]
args: [ "-c", "while true; do ping localhost; sleep 60; done" ]
resources:
limits:
cpu: 4
memory: 4Gi
requests:
cpu: 4
memory: 4Gi
2 changes: 1 addition & 1 deletion deploy/stage/common-values-gpu-iris-mpc.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
image: "ghcr.io/worldcoin/gpu-iris-mpc:debug-pop-1768-v2"
image: "ghcr.io/worldcoin/gpu-iris-mpc:v0.3.0-alpha"

environment: stage
replicaCount: 1
Expand Down
4 changes: 2 additions & 2 deletions deploy/stage/mpc1-stage/values-gpu-iris-mpc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,5 +62,5 @@ env:
- name: SMPC__PARTY_ID
value: "0"

- name: SMPC__PUBLIC_KEY_BUCKET_NAME
value: "wf-smpcv2-stage-public-keys"
- name: SMPC__PUBLIC_KEY_BASE_URL
value: "https://d24uxaabh702ht.cloudfront.net"
4 changes: 2 additions & 2 deletions deploy/stage/mpc2-stage/values-gpu-iris-mpc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,5 +62,5 @@ env:
- name: SMPC__PARTY_ID
value: "1"

- name: SMPC__PUBLIC_KEY_BUCKET_NAME
value: "wf-smpcv2-stage-public-keys"
- name: SMPC__PUBLIC_KEY_BASE_URL
value: "https://d24uxaabh702ht.cloudfront.net"
4 changes: 2 additions & 2 deletions deploy/stage/mpc3-stage/values-gpu-iris-mpc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,5 +62,5 @@ env:
- name: SMPC__PARTY_ID
value: "2"

- name: SMPC__PUBLIC_KEY_BUCKET_NAME
value: "wf-smpcv2-stage-public-keys"
- name: SMPC__PUBLIC_KEY_BASE_URL
value: "https://d24uxaabh702ht.cloudfront.net"
4 changes: 3 additions & 1 deletion iris-mpc-common/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@ config = "0.14.0"
tokio.workspace = true
tracing.workspace = true
tracing-subscriber.workspace = true
reqwest.workspace = true

reqwest = { workspace = true, features = ["blocking", "json"] }
sodiumoxide = "0.2.7"
hmac = "0.12"
http = "1.1.0"
Expand All @@ -36,6 +36,8 @@ sha2 = "0.10"
time = { version = "^0.3.6", features = ["formatting", "macros"] }
url = "2"
hex.workspace = true
zeroize = "1.8.1"
wiremock = "0.6.1"

[dev-dependencies]
float_eq = "1"
Expand Down
7 changes: 5 additions & 2 deletions iris-mpc-common/src/bin/key_manager.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ use rand::{rngs::StdRng, Rng, SeedableRng};
use reqwest::Client;
use sodiumoxide::crypto::box_::{curve25519xsalsa20poly1305, PublicKey, SecretKey, Seed};

const PUBLIC_KEY_S3_BUCKET_NAME: &str = "wf-mpc-vpc-stage-public-smpcv2-keys";
const PUBLIC_KEY_S3_BUCKET_NAME: &str = "wf-smpcv2-stage-public-keys";
const PUBLIC_KEY_S3_KEY_NAME_PREFIX: &str = "public-key";
const REGION: &str = "eu-north-1";

Expand Down Expand Up @@ -318,6 +318,9 @@ mod test {
let server_iris_code_plaintext =
sealedbox::open(&ciphertext, &server_public_key, &server_private_key).unwrap();

assert!(client_iris_code_plaintext.as_bytes() == server_iris_code_plaintext.as_slice());
assert_eq!(
client_iris_code_plaintext.as_bytes(),
server_iris_code_plaintext.as_slice()
);
}
}
7 changes: 5 additions & 2 deletions iris-mpc-common/src/config/mod.rs
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
pub mod json_wrapper;

use crate::config::json_wrapper::JsonStrWrapper;
use clap::Parser;
use serde::{Deserialize, Serialize};
use std::fmt;

pub mod json_wrapper;

#[derive(Debug, Parser)]
pub struct Opt {
#[structopt(long)]
Expand Down Expand Up @@ -45,6 +45,9 @@ pub struct Config {

#[serde(default = "default_processing_timeout_secs")]
pub processing_timeout_secs: u64,

#[serde(default)]
pub public_key_base_url: String,
}

fn default_processing_timeout_secs() -> u64 {
Expand Down
Loading

0 comments on commit 5b3e2c3

Please sign in to comment.