README
¶
Homomorphic Encryption Library for Secure Data Processing
A high-level library for homomorphic encryption, designed to simplify secure data processing and exchange between organizations. Built on top of Lattigo v2, this library provides an easy-to-use interface for deploying secure servers and clients, performing computations on encrypted data, and ensuring data confidentiality.
📚 Table of Contents
- 🎯 Motivation
- 🔍 Existing Solutions
- 🎯 Library Purpose
- 🔐 Implemented Encryption Schemes
- 💼 Use Cases
- ⚙️ How It Works
- 🚀 Quick Start
- 📜 License
🎯 Motivation
Organizations often possess valuable datasets that require significant resources to gather. Sharing these datasets can foster mutually beneficial collaborations, but direct data exchange poses several challenges:
- 🔒 Data Security: Not all data is safe to share, as it may contain sensitive information that could compromise confidentiality or organizational interests.
- ⚡ Computation Overhead: Requesting computations from data owners can be inefficient, as it consumes their computational resources and may require disclosing proprietary algorithms.
Solution: This library leverages homomorphic encryption to enable secure data processing. Clients can perform computations on encrypted data without decryption, ensuring data confidentiality and protecting intellectual property.
🔍 Existing Solutions
While several libraries exist for homomorphic encryption (e.g., Lattigo for Go), they often have a steep learning curve and require additional effort to:
- Write custom wrappers for their functions.
- Configure HTTPS servers and implement logic for encrypted data exchange.
Advantage: This library provides a streamlined solution with:
- Pre-configured HTTPS servers.
- Ready-to-use functions for encryption, decryption, and mathematical operations.
- High-level operations like variance and covariance calculations.
🎯 Library Purpose
This library is designed to:
- Lower the entry barrier for developers working with homomorphic encryption.
- Provide tools for:
- Deploying pre-configured HTTPS servers.
- Performing mathematical operations on encrypted data.
- Exchanging encrypted data between clients and servers.
🔐 Implemented Encryption Schemes
The library supports two homomorphic encryption schemes:
| Scheme | Purpose |
|---|---|
| CKKS | Approximate computations on real numbers (floating-point). |
| BFV | Exact computations on integers. |
💼 Use Cases
This library is ideal for scenarios where:
- Data must remain confidential during processing.
- Clients need to perform computations on encrypted data without accessing raw data.
Examples:
- 📊 CKKS: Machine learning on encrypted data, encrypted signal processing.
- 💰 BFV: Financial calculations(like auctions, bidding, tax calculations etc.), secure voting systems.
⚙️ How It Works
The interaction between the client and server follows these steps:
- Server Setup: The server listens for incoming HTTPS connections.
- Client Request: The client requests encryption parameters and keys from the server.
- Data Processing: The client performs computations on encrypted data.
- Result Submission: The client sends the encrypted results to the server.
- Decryption: The server decrypts the results and sends them back to the client.
- Final Output: The client receives the decrypted computation results.
🚀 Quick Start
Check Server setup guide and Client setup guide
📜 License
This project is licensed under the MIT License. See the LICENSE file for details.
🌟 Star this repo if you find it useful! 🌟
Documentation
¶
Index ¶
- Variables
- func DecryptBFV(data []byte) (int64, error)
- func DecryptCKKS(data []byte) (float64, error)
- func EncryptBFV(data int64) ([]byte, error)
- func EncryptCKKS(data float64) ([]byte, error)
- func GenEvalKeyBfv(maxDegree int) rlwe.EvaluationKey
- func GenEvalKeyCkks(maxDegree int) rlwe.EvaluationKey
- func GenerateAndSetAndSaveKeys(keysFileLocation string, method Method)
- func GetBFVParamsFromServer(serverURL string) (bfv.Parameters, error)
- func GetCKKSParamsFromServer(serverURL string) (ckks.Parameters, error)
- func LoadAndSetKeys(keysFileLocation string, method Method)
- func LoadOrGenerateKeys(keysFileLocation string, method Method)
- func OpenConnection(info DBConnectionInfo) (*sql.DB, error)
- func SendComputationResultToServerBfv(url string, encryptedResult []byte) (int64, error)
- func SendComputationResultToServerCkks(url string, encryptedResult []byte) (float64, error)
- func SetEvalKeysByMethod(method Method)
- func SetupClient(ckksParams ckks.Parameters, bfvParams bfv.Parameters, ...)
- func SetupServer(ckksKeysFileLocation string, bfvKeysFileLocation string)
- func StartSecureServer(port string, certFile string, keyFile string)
- type BfvEvalKeysResult
- type CkksEvalKeysResult
- type DBConnectionInfo
- type DecryptedResultResponseFloat
- type DecryptedResultResponseInt
- type EvalKeys
- type KeyPair
- type Method
Constants ¶
This section is empty.
Variables ¶
var ( CkksKeys KeyPair BfvKeys KeyPair EvalKeysCkks EvalKeys EvalKeysBfv EvalKeys )
var BfvParams bfv.Parameters
var CkksParams ckks.Parameters
var ( HttpsServer = &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: false}, }, } )
HttpsServer Basic https server configuration
Functions ¶
func DecryptBFV ¶
DecryptBFV Decrypts data encrypted with BVF algorithm into an int64
func DecryptCKKS ¶
DecryptCKKS Decrypts data encrypted with CKKS algorithm into a float64
func EncryptBFV ¶
EncryptBFV Encrypts float64 data into []byte using BVF algorithm
func EncryptCKKS ¶
EncryptCKKS Encrypts float64 data into []byte using CKKS algorithm
func GenEvalKeyBfv ¶
func GenEvalKeyBfv(maxDegree int) rlwe.EvaluationKey
func GenEvalKeyCkks ¶
func GenEvalKeyCkks(maxDegree int) rlwe.EvaluationKey
func GenerateAndSetAndSaveKeys ¶
GenerateAndSetAndSaveKeys Generates new KeyPair and saves it to keysFileLocation json file
func GetBFVParamsFromServer ¶
func GetBFVParamsFromServer(serverURL string) (bfv.Parameters, error)
GetBFVParamsFromServer Retrieve BFV parameters from server
func GetCKKSParamsFromServer ¶
func GetCKKSParamsFromServer(serverURL string) (ckks.Parameters, error)
GetCKKSParamsFromServer Retrieve CKKS parameters from server
func LoadAndSetKeys ¶
LoadAndSetKeys Loads KeyPair from keysFileLocation json file
func LoadOrGenerateKeys ¶
LoadOrGenerateKeys checks if keys file exists and if it does - loads it If it doesn't - generates a new keys file for specified method
func OpenConnection ¶
func OpenConnection(info DBConnectionInfo) (*sql.DB, error)
OpenConnection Opens connection to a designated database
func SendComputationResultToServerBfv ¶
SendComputationResultToServerBfv Send BFV computation results to server and get a decrypted result
func SendComputationResultToServerCkks ¶
SendComputationResultToServerCkks Send CKKS computation results to server and get a decrypted result
func SetEvalKeysByMethod ¶
func SetEvalKeysByMethod(method Method)
func SetupClient ¶
func SetupClient(ckksParams ckks.Parameters, bfvParams bfv.Parameters, ckksEvalKey rlwe.EvaluationKey, bfvEvalKey rlwe.EvaluationKey)
SetupClient Sets up CkksParams on client side and creates an Evaluator using newly set up CkksParams. Evaluation key is skipped for now
func SetupServer ¶
SetupServer Loads secret and public keys from file or generates new keys and saves them to file if such location doesn't exist. Sets up CkksParams on server side
func StartSecureServer ¶
StartSecureServer Start HTTPS server. Port must be passed as is, without ':'
Types ¶
type BfvEvalKeysResult ¶
type BfvEvalKeysResult struct {
EvalKeys string `json:"bfv_eval_keys"`
}
type CkksEvalKeysResult ¶
type CkksEvalKeysResult struct {
EvalKeys string `json:"ckks_eval_keys"`
}
type DBConnectionInfo ¶
DBConnectionInfo Struct containing all the info needed to connect to a database
func NewDBConnectionInfo ¶
func NewDBConnectionInfo(host string, port int, user string, password string, dbname string) DBConnectionInfo
NewDBConnectionInfo Creates new DBConnectionInfo struct
type DecryptedResultResponseFloat ¶
type DecryptedResultResponseFloat struct {
DecryptedResult float64 `json:"decrypted_result"`
}
type DecryptedResultResponseInt ¶
type DecryptedResultResponseInt struct {
DecryptedResult int64 `json:"decrypted_result"`
}
type EvalKeys ¶
type EvalKeys struct {
EvalKey1 rlwe.EvaluationKey
}
EvalKeys Struct containing rlwe.EvaluationKey for sending it to client
func GetBfvEvalKeysFromServer ¶
GetCKKSParamsFromServer Retrieve BFV EvalKeys from server
func GetCkksEvalKeysFromServer ¶
GetCKKSParamsFromServer Retrieve CKKS EvalKeys from server
type KeyPair ¶
KeyPair Struct containing rlwe.SecretKey and rlwe.PublicKey
func GenKeysCKKS ¶
func GenKeysCKKS() KeyPair
GenKeysCKKS Generates new KeyPair of ckks keys, returns Sk and Pk KeyPair
Source Files
Directories