Ephemeral is a serverless compute service for secure multiparty computation based on Knative, Istio and Kubernetes.
DISCLAIMER: Carbyne Stack Ephemeral is alpha software. The software is not ready for production use. It has neither been developed nor tested for a specific use case. The underlying Secure Multiparty Computation protocols are currently used in a way that is not secure.
Ephemeral is composed of these components:
-
Ephemeral - The Knative user container that enables execution of MPC functions within a Carbyne Stack virtual cloud. Supports MP-SPDZ as the underlying MPC engine (see also Carbyne Stack Ephemeral SPDZ Base Image).
-
Discovery Service - Coordinates the execution of functions across Carbyne Stack virtual cloud providers.
-
Network Controller - Enables communication between MPC engines by configuring Istio to route incoming traffic from remote MPC engines to the Ephemeral Knative pods.
-
Client - A Java client that can be used to invoke Ephemeral functions.
-
Helm Chart - A Helm chart to deploy Ephemeral on a Kubernetes cluster.
Ephemeral (plural ephemerals): Something which lasts for a short period of time.
As of Wikipedia:
Ephemerality (from Greek ephemeros, literally "lasting only one day") is the concept of things being transitory, existing only briefly. Typically, the term ephemeral is used to describe objects found in nature, although it can describe a wide range of things, including human artifacts intentionally made to last for only a temporary period, in order to increase their perceived aesthetic value.
Ephemeral uses the MP-SPDZ library as the underlying MPC engine. That means you write Ephemeral functions using the Python dialect used by MP-SPDZ.
I/O is implemented in Ephemeral using socket functionality provided by MP-SPDZ. A function for adding two secret shared values from and writing the result back to Amphora looks like this:
# Open socket for I/O
listen(10000)
client_socket_id = regint()
acceptclientconnection(client_socket_id, 10000)
# Read all input data at once
v = sint.read_from_socket(client_socket_id, 2)
a = v[0]
b = v[1]
# Compute result
sum = a + b
# Pack result into array and write to socket
resp = Array(1, sint)
resp[0] = sum
sint.write_to_socket(client_socket_id, resp)
Patching of Kubernetes Pods managed by Knative causes dangling old revisions when a new revision is created. While the new revision is activated and traffic is forwarded correctly, the old pods belonging to the previous revision are lying around and must be manually deleted. The following commands must be used:
kubectl get revisions
# Pick up the older revision that must deleted, e.g. <REVISION_NAME>
# And delete it manually.
kubectl delete revision <REVISION_NAME>
Carbyne Stack Ephemeral is open-sourced under the Apache License 2.0. See the LICENSE file for details.
For information on how license obligations for 3rd party OSS dependencies are fulfilled see the README file of the Carbyne Stack repository.
Please see the Carbyne Stack Contributor's Guide.