viff
view NEWS @ 1575:cfb8e1485006
Updated email address.
| author | Thomas P Jakobsen <tpj@cs.au.dk> |
|---|---|
| date | Wed Dec 15 13:00:00 2010 +0100 (17 months ago) |
| parents | 703b9f17b4ac |
| children |
line source
1 NEWS file for VIFF
2 ==================
4 This file summarizes the changes between each release. Many more
5 details can be found in the commit messages:
7 http://hg.viff.dk/viff/log/
9 The issue numbers referenced below refer to the online issue tracker,
10 please refer to it for details on the issues:
12 http://tracker.viff.dk/
14 Version 1.0, released on 2009-12-14
15 -----------------------------------
17 We are happy to declare that we have reached VIFF version 1.0. The
18 current code is useful, flexible and unlikely to change radically. The
19 largest changes since 0.7.1 are summarized below.
21 The central class named Runtime was renamed to PassiveRuntime. All
22 runtime classes now uses the common method names input and output for
23 providing data to and retrieving data from the computation. A
24 multiparty version of AES was added: it allows parties to encrypt a
25 Shamir secret shared message under a secret shared AES key to obtain a
26 secret shared ciphertext.
28 * Moved the crypto-related code from the viff.runtime.Runtime class to
29 a new class called viff.passive.PassiveRuntime. This is a backwards
30 incompatible change. Please update your import statements to import
31 PassiveRuntime instead of Runtime.
33 * Introduced input method in PassiveRuntime and PaillierRuntime. This
34 method should be used instead of shamir_share and share unless there
35 is a particular reason to select a secret sharing strategy.
37 * Introduced output method in Runtime classes. This method should be
38 used instead of the open method, which will go away in a future
39 release.
41 * Renamed random seed environment variable from SEED to VIFF_SEED.
43 * Made viff.prss.PRF produce consistent output on both 32-bit and
44 64-bit systems.
46 * Exponentiation of shares by square-and-multiply for public
47 exponents. This means that if x is a Share, x**7 now works.
49 * Added multiparty AES encryption. A highly optimized version of AES
50 has been added to viff.aes. It allows multiparty encryption of a
51 secret shared message using a secret shared AES key.
53 * Introduced our own Twisted reactor. This increases throughput by
54 sending data sooner, rather than later.
56 * Added new full-threshold actively secure runtime in viff.orlandi. It
57 currently relies on a third-party proprietary library for computing
58 commitments over elliptic curves, so it cannot be use with a plain
59 VIFF installation.
61 * Issue 4: Replace the marshal module. The marshal module is not safe
62 to use for malicious data, so we now use the struct module to parse
63 a fixed length format instead.
65 * Issue 62: Proper error message when no SSL certificate present.
67 * Issue 75: Test without local computations. The new FakeFieldElement
68 class has the interface of a FieldElement but does no computations.
69 A new --fake flag for benchmark.py enables these elements.
73 Version 0.7.1, released on 2008-10-09
74 -------------------------------------
76 A major bug was fixed in the passive multiplication protocol in the
77 case where 2t + 1 != n. Unit tests were updated for Python 2.6.
79 * Players would do inconsistent recombination of shares in the passive
80 multiplication protocol (Runtime.mul). This resulted in wrong
81 answers being computed when 2t + 1 != n.
83 * Fixed unit tests on Python 2.6. The Bracha broadcast let the players
84 send data to themselves by mistake, and for some reason this was not
85 detected in earlier Python versions.
87 * Profiling information (from a run with --profile) is dumped in
88 player-X.pstats and player-X.prof files for later analysis.
90 * Issue 57: Get rid of Runtime._shamir_share. The method was folded
91 into Runtime.mul.
93 * Issue 69: The installation was simplified by including the ConfigObj
94 library in the VIFF source. A system-wide installation of ConfigObj
95 (if any) will be ignored.
98 Version 0.7, released on 2008-09-21
99 -----------------------------------
101 PyOpenSSL is now used instead of GnuTLS and this enables secure
102 connections on Windows. The code dealing with starting a player has
103 been made much more robust and players can now be started in any
104 order. Players can now also be reliably shutdown. A new runtime based
105 on homomorphic Paillier encryption supports just two players. Added a
106 new protocol for equality testing with secret shared result.
108 * Moved ActiveRuntime and related code to its own module, viff.active.
109 This is an incompatible change compared to VIFF 0.6 and you must
110 update your code by changing
112 from viff.runtime import ActiveRuntime
114 to
116 from viff.active import ActiveRuntime
118 * Created mixin classes for different preprocessing choices for
119 actively secure multiplication protocol.
121 * Added a runtime based on the homomorphic Paillier encryption scheme
122 which supports twoparty computations. It is found in the new
123 viff.paillier module.
125 * A new probabilistic protocol for equality testing with secret shared
126 resultwas added in the viff.equality module.
128 * Issue 6: More robust handling of port allocation. We now keep
129 retrying until we succeed in binding to the listening port.
131 * Issue 8: Allow players to be started in any order. Instead of
132 crashing, players now retry if the initial connection fails.
134 * Issue 20: Find a python-gnutls replacement. We now use PyOpenSSL.
136 * Issue 35: Handle error if TLS is requested but python-gnutls is
137 missing. The ImportError is now passed through to the caller.
139 * Issue 37: Players hang while shutting down. The shutdown procedure
140 now correctly waits until all connections are closed before it stops
141 the reactor.
143 * Issue 59: Profiling support. Give a --profile command line argument
144 to make your VIFF programs output profiling info when stopped.
147 Version 0.6, released on 2008-05-28
148 -----------------------------------
150 The average time for a secure comparison was reduced by 60-70%.
151 Comparisons now work with an actively secure multiplication protocol.
152 A memory leak was fixed. Converted documentation to new Sphinx format.
154 * A new prss_lsb function in viff.prss efficiently produces a share of
155 a random field element together with a GF256 share of its least
156 significant bit. This made comparisons 3-4 times faster.
158 * New default flavors has been added to viff.comparison which uses the
159 actively secure multiplication protocol. Actively secure comparisons
160 take about twice as long as passive secure comparisons.
162 * When data was sent and received empty deque objects were left behind
163 in the ShareExchanger.incoming_data dictionaries. That caused a
164 memory leak which is now fixed. An example application, gc-test.py,
165 was added to test this and similar problems.
167 * The documentation is now generated using Sphinx and aims to be more
168 like a manual than purely an API documentation. The extended section
169 on program counters is an example of this.
171 * Fixed a bug that made 'GF256(1) != GF256(1)' return 'True'.
173 * Calling '~GF256(255)' would throw a KeyError, fixed.
175 * Issue 19: Make Runtime.convert_bit_share actively secure.
178 Version 0.5, released on 2008-04-28
179 -----------------------------------
181 If python-gnutls is unavailable, players now automatically fallback to
182 TCP connections. The installation guide was updated for Windows Vista.
183 Fixed minor typos in documentation.
185 Details:
187 * Automatic fallback to TCP if python-gnutls is unavailable. It was
188 previously necessary to specify the --no-tls flag when running the
189 example applications under Windows since python-gnutls is
190 unavailable there. This is now detected automatically at runtime.
193 Version 0.5rc1, released on 2008-04-23
194 --------------------------------------
196 Added preliminary support for preprocessing and an efficient
197 multiplication protocol which is secure against active adversaries.
198 The Runtime class has been split into several parts and two new mixin
199 classes provide different comparison protocols. Several coercion
200 problems were fixed. The Runtime.callback method was renamed to
201 Runtime.schedule_callback. VIFF was tested on Python 2.6 and some
202 small problems were fixed. A new example program was added and the
203 documentation was updated. Changed license to LGPL.
205 Details:
207 * Issue 2: Split Runtime class into smaller parts. The old Runtime
208 class has been split. If your program used the greater_than_equal
209 method, then you need to use the new Toft05Runtime class from
210 viff.comparison. If you used greater_than_equalII, then use the
211 Toft07Runtime from the same module.
213 * Issue 3: Preprocessing. The runtime will now log the use of certain
214 methods and this log can be used to preprocess the needed data.
216 * Issue 7: New system for unit tests. The tests now better simulate an
217 asynchronous network by randomly delaying the communication between
218 the players.
220 * Better coercion. The comparison in Toft07Runtime can now correctly
221 deal with arguments of mixed types, e.g., comparisons like "100 < x"
222 where x is a Share.
224 * The coercion done by the xor method was also fixed.
226 * Issue 30: Local multiplication if one operand is a constant. The
227 runtime will now avoid an expensive resharing step when multiplying
228 shares with constants.
230 * Issue 22: Allow sending data several times in one method. Previously
231 one could only send once to a given players in a given method since
232 all communication used the same program counter. The data is now
233 correctly buffered on the receiving side.
235 * Python 2.6 compatibility. VIFF is now regularly tested on Python 2.6
236 via a new build slave.
239 Version 0.4, released on 2008-03-12
240 -----------------------------------
242 Implemented a reliable Bracha broadcast which is secure against active
243 adversaries. Shamir sharings, pseudo-random as well as standard, can
244 now be asymmetric which means that only a subset of the parties
245 provide input. The open protocol is now also asymmetric, in the sense
246 that only a subset of the parties receive the opened result. The
247 behavior of field elements in Boolean expressions has been fixed. This
248 means that "GF256(0) and GF256(1)" now returns GF256(0) instead of
249 GF256(1). Added a modern implementation of the classic Yao
250 millionaires example from 1982 which started this field of research.
252 Details:
254 * Bracha broadcast, which is a reliable broadcast mechanism against
255 active adversaries, has been implemented. Secure broadcast is a
256 building block that is often used in active security scenarios.
258 * Asymmetric Shamir sharing. It is now possible to specify that just a
259 subset of the players should provide input to a Shamir sharing. This
260 change is not backwards compatible with version 0.3 or earlier.
261 Adapting old programs is easy, simply change:
263 a, b, c = rt.shamir_share(Zp(input))
265 to
267 a, b, c = rt.shamir_share([1, 2, 3], Zp, input)
269 where Zp is a field and rt is a Runtime.
271 * Asymmetric pseudo-random secret sharing. As the asymmetric Shamir
272 sharing above, this is not backwards compatible. This can be fixed
273 by changing statements such as e.g.
275 a, b, c = rt.prss_share(Zp(input))
277 to
279 a, b, c = rt.prss_share([1, 2, 3], Zp, input)
281 where Zp is a field and rt is a Runtime.
283 * Asymmetric open protocol, meaning that it is now possible to specify
284 that only a subset of the players should receive the opened secret.
285 This change is not backwards compatible in cases, where threshold is
286 explicitly passed as a parameter. To correct this, name the
287 threshold parameter, e.g. change
289 result = rt.open(sharing, rt.threshold * 2)
291 to
293 result = rt.open(sharing, threshold=rt.threshold * 2)
295 * Overloaded exclusive-or operations on Share instances. Given two
296 shares a and b, one can now do
298 c = a ^ b
300 to obtain the exclusive-or. This works for both GF256 shares and Zp
301 shares, though the two types must not be mixed.
304 Version 0.3, released on 2007-12-27
305 -----------------------------------
307 Secure communication between the players were implemented using TLS.
308 An included Makefile can generate the needed certificates. The network
309 layer was completely reimplemented, this breaks compatibility with
310 programs written for VIFF version 0.2 or earlier.
313 Version 0.2, released on 2007-11-14
314 -----------------------------------
316 Implemented overloaded arithmetic operators, so 'w = x + y * z' now
317 adds and multiplies the three shares as expected. Updated API
318 documentation. Released using a Distutils setup.py script.
321 Version 0.1.1, released on 2007-10-23
322 -------------------------------------
324 Added API documentation and updated the installation instructions.
327 Version 0.1, released on 2007-10-16
328 -----------------------------------
330 First public release.
332 Implements basic functionality including addition, multiplication,
333 exclusive-or, and comparison of shares. Shares can be made using
334 Shamir sharing or PRSS.
336 Includes a suite of unit tests and example programs.