├── .env.example
├── .gitignore
├── src
    ├── utils.rs
    ├── lib.rs
    ├── utils
    │   ├── tasks.rs
    │   ├── templating.rs
    │   └── aws.rs
    ├── arch
    │   ├── mod.rs
    │   ├── reference.rs
    │   └── generic.rs
    ├── health_check.rs
    ├── rng_source.rs
    ├── bits
    │   └── all_bit_patterns_test.rs
    ├── config
    │   └── json_wrapper.rs
    ├── db
    │   └── impls.rs
    ├── iris_db.rs
    ├── config.rs
    ├── distance.rs
    ├── template.rs
    ├── participant.rs
    └── encoded_bits.rs
├── .github
    ├── CODEOWNERS
    ├── dependabot.yml
    ├── workflows
    │   ├── relyance-sci.yml
    │   ├── update-deployment.yaml
    │   └── ci.yml
    ├── ISSUE_TEMPLATE
    │   ├── feature.yml
    │   └── bug.yml
    └── PULL_REQUEST_TEMPLATE.md
├── rustfmt.toml
├── rust-toolchain.toml
├── .dockerignore
├── migrations
    └── 001_init.sql
├── config
    ├── participant.toml
    └── coordinator.toml
├── init-scripts
    └── ready.d
    │   └── create_sqs_queue.sh
├── bin
    ├── utils
    │   ├── generate_mock_templates.rs
    │   ├── sum_shares.rs
    │   ├── common.rs
    │   ├── utils.rs
    │   ├── sqs_query.rs
    │   ├── sqs_receive.rs
    │   ├── README.md
    │   ├── seed_iris_db.rs
    │   └── seed_mpc_db.rs
    ├── mpc_node.rs
    └── migrate-codes
    │   ├── mpc_db.rs
    │   └── migrate.rs
├── tests
    ├── e2e_config.toml
    ├── multi_match_truncated_e2e_sequence.json
    └── multi_match_e2e_sequence.json
├── LICENSE-MIT
├── compose_all_sides.yml
├── deny.toml
├── Dockerfile
├── Cargo.toml
├── SECURITY.md
├── CODE_OF_CONDUCT.md
├── compose.yml
├── README.md
├── benches
    └── rotation_comparison.rs
├── LICENSE-APACHE
└── docs
    └── specification.ipynb


/.env.example:
--------------------------------------------------------------------------------
1 | RUST_LOG=info
2 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /target
2 | .env
3 | mock_templates.json
4 | /.idea
5 | 


--------------------------------------------------------------------------------
/src/utils.rs:
--------------------------------------------------------------------------------
1 | pub mod aws;
2 | pub mod tasks;
3 | pub mod templating;
4 | 


--------------------------------------------------------------------------------
/.github/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # General code
2 | * @worldcoin/crypto @worldcoin/proof-of-personhood
3 | 
4 | 


--------------------------------------------------------------------------------
/rustfmt.toml:
--------------------------------------------------------------------------------
1 | group_imports = "StdExternalCrate"
2 | imports_granularity = "Module"
3 | max_width = 80


--------------------------------------------------------------------------------
/rust-toolchain.toml:
--------------------------------------------------------------------------------
1 | [toolchain]
2 | channel = "nightly-2024-04-27"
3 | components = ["rustc-dev", "rustc", "cargo", "rustfmt", "clippy"]
4 | 


--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
 1 | .github/
 2 | target/
 3 | .git
 4 | README.md
 5 | .env
 6 | .env.example
 7 | compose.yml
 8 | Dockerfile
 9 | Dockerfile.e2e
10 | init-scripts/
11 | config/


--------------------------------------------------------------------------------
/migrations/001_init.sql:
--------------------------------------------------------------------------------
 1 | CREATE TABLE masks (
 2 |     id BIGINT PRIMARY KEY,
 3 |     mask BYTEA NOT NULL
 4 | );
 5 | 
 6 | CREATE TABLE shares (
 7 |     id BIGINT PRIMARY KEY,
 8 |     share BYTEA NOT NULL
 9 | );
10 | 


--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
 1 | version: 2
 2 | updates:
 3 |   - package-ecosystem: "cargo"
 4 |     directory: "/"
 5 |     schedule:
 6 |       interval: "monthly"
 7 |   - package-ecosystem: "docker"
 8 |     directory: "/"
 9 |     schedule:
10 |       interval: "monthly"
11 |   - package-ecosystem: "github-actions"
12 |     directory: "/"
13 |     schedule:
14 |       interval: "monthly"


--------------------------------------------------------------------------------
/src/lib.rs:
--------------------------------------------------------------------------------
 1 | #![feature(array_chunks)]
 2 | #![allow(clippy::type_complexity, clippy::comparison_chain)]
 3 | 
 4 | pub mod arch;
 5 | pub mod bits;
 6 | pub mod config;
 7 | pub mod coordinator;
 8 | pub mod db;
 9 | pub mod distance;
10 | pub mod encoded_bits;
11 | pub mod health_check;
12 | pub mod iris_db;
13 | pub mod participant;
14 | pub mod rng_source;
15 | pub mod template;
16 | pub mod utils;
17 | 


--------------------------------------------------------------------------------
/config/participant.toml:
--------------------------------------------------------------------------------
 1 | # [service]
 2 | # service_name = "mpc-participant"
 3 | # metrics_host = "localhost"
 4 | # metrics_port = 8125
 5 | # metrics_queue_size = 5000
 6 | # metrics_buffer_size = 1024
 7 | # metrics_prefix = "mpc-participant"
 8 | 
 9 | [participant]
10 | socket_addr = "127.0.0.1:8081"
11 | batch_size = 20000
12 | 
13 | [participant.db]
14 | url = "postgres://localhost:5432/participant"
15 | migrate = true
16 | 


--------------------------------------------------------------------------------
/src/utils/tasks.rs:
--------------------------------------------------------------------------------
 1 | use std::future::Future;
 2 | 
 3 | use futures::stream::FuturesUnordered;
 4 | use futures::StreamExt;
 5 | use tokio::task::JoinError;
 6 | 
 7 | pub async fn finalize_futures_unordered<F>(
 8 |     mut tasks: FuturesUnordered<F>,
 9 | ) -> eyre::Result<()>
10 | where
11 |     F: Future<Output = Result<eyre::Result<()>, JoinError>> + Unpin,
12 | {
13 |     while let Some(result) = tasks.next().await {
14 |         result??;
15 |     }
16 | 
17 |     Ok(())
18 | }
19 | 


--------------------------------------------------------------------------------
/src/arch/mod.rs:
--------------------------------------------------------------------------------
 1 | mod generic; // Optimized generic implementation
 2 | mod reference; // Simple generic implementations
 3 | 
 4 | pub use generic::{denominators, distances};
 5 | 
 6 | //TODO: move this to the benches file
 7 | #[cfg(feature = "bench")]
 8 | pub mod benches {
 9 |     use criterion::Criterion;
10 | 
11 |     use super::*;
12 | 
13 |     pub fn group(c: &mut Criterion) {
14 |         reference::benches::group(c);
15 | 
16 |         generic::benches::group(c);
17 |     }
18 | }
19 | 


--------------------------------------------------------------------------------
/.github/workflows/relyance-sci.yml:
--------------------------------------------------------------------------------
 1 | name: Relyance SCI Scan
 2 | 
 3 | on:
 4 |   schedule:
 5 |     - cron: "0 20 * * *"
 6 |   workflow_dispatch:
 7 | 
 8 | jobs:
 9 |   execute-relyance-sci:
10 |     name: Relyance SCI Job
11 |     runs-on: ubuntu-latest
12 | 
13 |     steps:
14 |       - name: Checkout
15 |         uses: actions/checkout@v4
16 | 
17 |       - name: Pull and run SCI binary
18 |         run: |-
19 |           docker pull gcr.io/relyance-ext/compliance_inspector:release && \
20 |           docker run --rm -v `pwd`:/repo --env API_KEY='${{ secrets.DPP_SCI_KEY }}' gcr.io/relyance-ext/compliance_inspector:release
21 | 


--------------------------------------------------------------------------------
/init-scripts/ready.d/create_sqs_queue.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Create your SQS queues
 4 | echo "Creating SQS queues..."
 5 | awslocal sqs create-queue --queue-name coordinator-uniqueness-check.fifo --attributes "{\"FifoQueue\":\"true\", \"ContentBasedDeduplication\":\"true\"}"
 6 | awslocal sqs create-queue --queue-name coordinator-results-queue.fifo --attributes "{\"FifoQueue\":\"true\", \"ContentBasedDeduplication\":\"true\"}"
 7 | 
 8 | awslocal sqs create-queue --queue-name coordinator-db-sync-queue
 9 | awslocal sqs create-queue --queue-name participant-0-db-sync-queue
10 | awslocal sqs create-queue --queue-name participant-1-db-sync-queue
11 | 


--------------------------------------------------------------------------------
/bin/utils/generate_mock_templates.rs:
--------------------------------------------------------------------------------
 1 | use clap::Args;
 2 | 
 3 | use crate::common::generate_templates;
 4 | 
 5 | #[derive(Debug, Clone, Args)]
 6 | pub struct GenerateMockTemplates {
 7 |     #[clap(short, long)]
 8 |     pub output: String,
 9 | 
10 |     #[clap(short, long)]
11 |     pub num_templates: usize,
12 | }
13 | 
14 | pub async fn generate_mock_templates(
15 |     args: &GenerateMockTemplates,
16 | ) -> eyre::Result<()> {
17 |     let templates = generate_templates(args.num_templates);
18 |     let json = serde_json::to_string(&templates)?;
19 | 
20 |     //write to file
21 |     std::fs::write(&args.output, json)?;
22 | 
23 |     Ok(())
24 | }
25 | 


--------------------------------------------------------------------------------
/bin/utils/sum_shares.rs:
--------------------------------------------------------------------------------
 1 | use std::fs::read_to_string;
 2 | 
 3 | use clap::Args;
 4 | use mpc::distance::{decode, EncodedBits};
 5 | 
 6 | #[derive(Debug, Clone, Args)]
 7 | pub struct SumShares {
 8 |     path: String,
 9 | }
10 | 
11 | pub async fn sum_shares(args: &SumShares) -> eyre::Result<()> {
12 |     let shares_json = read_to_string(&args.path)?;
13 |     let data = serde_json::from_str::<Vec<EncodedBits>>(&shares_json)?;
14 | 
15 |     let encoded: EncodedBits = data.iter().sum();
16 | 
17 |     let decoded = decode(&encoded)?;
18 | 
19 |     println!("Code: {:?}", decoded.code);
20 |     println!("Mask: {:?}", decoded.mask);
21 | 
22 |     Ok(())
23 | }
24 | 


--------------------------------------------------------------------------------
/config/coordinator.toml:
--------------------------------------------------------------------------------
 1 | # [service]
 2 | # service_name = "mpc-coordinator"
 3 | # metrics_host = "localhost"
 4 | # metrics_port = 8125
 5 | # metrics_queue_size = 5000
 6 | # metrics_buffer_size = 1024
 7 | # metrics_prefix = "mpc-coordinator"
 8 | 
 9 | [coordinator]
10 | participants = '["127.0.0.1:8081"]'
11 | hamming_distance_threshold = 0.375
12 | n_closest_distances = 20
13 | 
14 | [coordinator.gateway]
15 | type = "http"
16 | socket_addr = "127.0.0.1:8080"
17 | # Values below are not implemented yet
18 | distance_results_url = ""
19 | fire_and_forget = true
20 | 
21 | [coordinator.db]
22 | url = "postgres://localhost:5432/coordinator"
23 | migrate = true
24 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature.yml:
--------------------------------------------------------------------------------
 1 | name: Feature request
 2 | description: Suggest a feature
 3 | labels: ["C-enhancement", "S-needs-triage"]
 4 | body:
 5 |   - type: markdown
 6 |     attributes:
 7 |       value: |
 8 |         Please ensure that the feature has not already been requested in the issue tracker.
 9 |   - type: textarea
10 |     attributes:
11 |       label: Describe the feature
12 |       description: |
13 |         Please describe the feature and what it is aiming to solve, if relevant.
14 |     validations:
15 |       required: true
16 |   - type: textarea
17 |     attributes:
18 |       label: Additional context
19 |       description: Add any other context to the feature (like screenshots, resources)


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!--
 2 | Thank you for your Pull Request. Please provide a description above and review
 3 | the requirements below.
 4 | 
 5 | Bug fixes and new features should include tests.
 6 | -->
 7 | 
 8 | <!-- ** Please select "Allow edits from maintainers" in the PR Options ** -->
 9 | 
10 | ## Motivation
11 | 
12 | <!--
13 | Explain the context and why you're making that change. What is the problem
14 | you're trying to solve? In some cases there is not a problem and this can be
15 | thought of as being the motivation for your change.
16 | -->
17 | 
18 | ## Solution
19 | 
20 | <!--
21 | Summarize the solution and provide any necessary context needed to understand
22 | the code change.
23 | -->
24 | 
25 | ## PR Checklist
26 | 
27 | - [ ] Added Tests
28 | - [ ] Added Documentation
29 | - [ ] Breaking changes


--------------------------------------------------------------------------------
/.github/workflows/update-deployment.yaml:
--------------------------------------------------------------------------------
 1 | name: Update deployment ref number
 2 | 
 3 | on: [push]
 4 | 
 5 | jobs:
 6 |   update-deployment:
 7 |     runs-on: ubuntu-latest
 8 | 
 9 |     steps:
10 |       - name: Repository Dispatch
11 |         uses: peter-evans/repository-dispatch@v3
12 |         with:
13 |           token: ${{ secrets.GIT_HUB_TOKEN }}
14 |           repository: worldcoin/mpc-uniqueness-check-deploy
15 |           event-type: update-ref
16 |           client-payload: |
17 |             {
18 |               "sha": "${{ github.sha }}",
19 |               "ref": "${{ github.ref }}",
20 |               "ref_name": "${{ github.ref_name }}",
21 |               "ref_type": "${{ github.ref_type }}",
22 |               "repository": "${{ github.repository }}",
23 |               "default_branch": "${{ github.event.repository.default_branch }}"
24 |             }
25 | 


--------------------------------------------------------------------------------
/src/utils/templating.rs:
--------------------------------------------------------------------------------
 1 | use std::collections::HashMap;
 2 | 
 3 | use serde::Serialize;
 4 | use tinytemplate::TinyTemplate;
 5 | 
 6 | const TEMPLATE_NAME: &str = "TEMPLATE";
 7 | 
 8 | #[derive(Serialize)]
 9 | struct Context {
10 |     env: HashMap<String, String>,
11 | }
12 | 
13 | pub fn resolve_template(s: &str) -> eyre::Result<String> {
14 |     let mut tt = TinyTemplate::new();
15 | 
16 |     tt.add_template(TEMPLATE_NAME, s)?;
17 | 
18 |     let context = Context {
19 |         env: std::env::vars().collect(),
20 |     };
21 | 
22 |     Ok(tt.render(TEMPLATE_NAME, &context)?)
23 | }
24 | 
25 | #[cfg(test)]
26 | mod tests {
27 |     use super::*;
28 | 
29 |     #[test]
30 |     fn test_resolve_template() {
31 |         let template = "Hello, {env.USER}!";
32 |         let expected = format!("Hello, {}!", std::env::var("USER").unwrap());
33 |         let actual = resolve_template(template).unwrap();
34 | 
35 |         assert_eq!(actual, expected);
36 |     }
37 | }
38 | 


--------------------------------------------------------------------------------
/tests/e2e_config.toml:
--------------------------------------------------------------------------------
 1 | [coordinator]
 2 | service_name = "mpc-coordinator"
 3 | db.url = "postgres://postgres:postgres@localhost:8432/coordinator_db"
 4 | db.migrate = true
 5 | db.create = true
 6 | queues.queries_queue_url = "http://localhost:4566/000000000000/coordinator-queries.fifo"
 7 | queues.distances_queue_url = "http://localhost:4566/000000000000/coordinator-distances.fifo"
 8 | queues.db_sync_queue_url = "http://localhost:4566/000000000000/coordinator-db-sync"
 9 | participants = '["0.0.0.0:8080", "0.0.0.0:8081"]'
10 | hamming_distance_threshold = 0.375
11 | n_closest_distances = 20
12 | 
13 | [[participant]]
14 | socket_addr = "0.0.0.0:8080"
15 | batch_size = 20000
16 | db.url = "postgres://postgres:postgres@localhost:8433/participant_0_db"
17 | db.migrate = true
18 | db.create = true
19 | queues.db_sync_queue_url = "http://localhost:4566/000000000000/participant-0-db-sync"
20 | 
21 | [[participant]]
22 | socket_addr = "0.0.0.0:8081"
23 | batch_size = 20000
24 | db.url = "postgres://postgres:postgres@localhost:8434/participant_1_db"
25 | db.migrate = true
26 | db.create = true
27 | queues.db_sync_queue_url = "http://localhost:4566/000000000000/participant-1-db-sync"
28 | 


--------------------------------------------------------------------------------
/LICENSE-MIT:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2024 Worldcoin
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/compose_all_sides.yml:
--------------------------------------------------------------------------------
 1 | version: "3"
 2 | services:
 3 |   coordinator_left_db:
 4 |     image: postgres
 5 |     ports:
 6 |       - 8432:5432
 7 |     environment:
 8 |       - POSTGRES_HOST_AUTH_METHOD=trust
 9 |   participant_left_0_db:
10 |     image: postgres
11 |     ports:
12 |       - 8433:5432
13 |     environment:
14 |       - POSTGRES_HOST_AUTH_METHOD=trust
15 |   participant_left_1_db:
16 |     image: postgres
17 |     ports:
18 |       - 8534:5432
19 |     environment:
20 |       - POSTGRES_HOST_AUTH_METHOD=trust
21 |   coordinator_right_db:
22 |     image: postgres
23 |     ports:
24 |       - 8532:5432
25 |     environment:
26 |       - POSTGRES_HOST_AUTH_METHOD=trust
27 |   participant_right_0_db:
28 |     image: postgres
29 |     ports:
30 |       - 8533:5432
31 |     environment:
32 |       - POSTGRES_HOST_AUTH_METHOD=trust
33 |   participant_right_1_db:
34 |     image: postgres
35 |     ports:
36 |       - 8434:5432
37 |     environment:
38 |       - POSTGRES_HOST_AUTH_METHOD=trust
39 |   iris_db:
40 |     hostname: iris_db
41 |     image: mongo
42 |     ports:
43 |       - 27017:27017
44 |     environment:
45 |       - MONGO_INITDB_ROOT_USERNAME=admin
46 |       - MONGO_INITDB_ROOT_PASSWORD=password
47 | 


--------------------------------------------------------------------------------
/bin/utils/common.rs:
--------------------------------------------------------------------------------
 1 | use indicatif::{ProgressBar, ProgressStyle};
 2 | use mpc::template::Template;
 3 | use rand::distributions::Alphanumeric;
 4 | use rand::{thread_rng, Rng};
 5 | use rayon::iter::{IntoParallelIterator, ParallelIterator};
 6 | 
 7 | pub fn generate_templates(num_templates: usize) -> Vec<Template> {
 8 |     let pb = ProgressBar::new(num_templates as u64)
 9 |         .with_message("Generating templates...");
10 | 
11 |     pb.set_style(ProgressStyle::default_bar()
12 |         .template("{spinner:.green} {msg} [{elapsed_precise}] [{wide_bar:.green}] {pos:>7}/{len:7} ({eta})")
13 |         .expect("Could not create progress bar"));
14 | 
15 |     // Generate templates
16 |     let templates = (0..num_templates)
17 |         .into_par_iter()
18 |         .map(|_| {
19 |             let mut rng = thread_rng();
20 | 
21 |             let template = rng.gen();
22 | 
23 |             pb.inc(1);
24 |             template
25 |         })
26 |         .collect::<Vec<Template>>();
27 | 
28 |     pb.finish_with_message("Created templates");
29 | 
30 |     templates
31 | }
32 | 
33 | pub fn generate_random_string(rng: &mut impl Rng, len: usize) -> String {
34 |     rng.sample_iter(&Alphanumeric)
35 |         .take(len)
36 |         .map(char::from)
37 |         .collect()
38 | }
39 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug.yml:
--------------------------------------------------------------------------------
 1 | name: Bug Report
 2 | description: Create a bug report
 3 | labels: ["C-bug", "S-needs-triage"]
 4 | body:
 5 |   - type: markdown
 6 |     attributes:
 7 |       value: |
 8 |         Thanks for taking the time to fill out this bug report! Please provide as much detail as possible.
 9 |         
10 |         If you believe you have found a vulnerability, please provide details [here](mailto:georgios@paradigm.xyz) instead.
11 |   - type: textarea
12 |     id: what-happened
13 |     attributes:
14 |       label: Describe the bug
15 |       description: |
16 |         A clear and concise description of what the bug is.
17 |         
18 |     validations:
19 |       required: true
20 |   - type: textarea
21 |     id: reproduction-steps
22 |     attributes:
23 |       label: Steps to reproduce
24 |       description: Please provide any steps you think might be relevant to reproduce the bug.
25 |       placeholder: |
26 |         Steps to reproduce:
27 |         
28 |         1. Start '...'
29 |         2. Then '...'
30 |         3. Check '...'
31 |         4. See error
32 |     validations:
33 |       required: true
34 |  
35 |   - type: dropdown
36 |     id: platform
37 |     attributes:
38 |       label: Platform(s)
39 |       description: What platform(s) did this occur on?
40 |       multiple: true
41 |       options:
42 |         - Linux (x86)
43 |         - Linux (ARM)
44 |         - Mac (Intel)
45 |         - Mac (Apple Silicon)
46 |         - Windows (x86)
47 |         - Windows (ARM)
48 |   - type: input
49 |     id: client-version
50 |     attributes:
51 |       label: What version/commit are you on?


--------------------------------------------------------------------------------
/bin/utils/utils.rs:
--------------------------------------------------------------------------------
 1 | #![feature(array_chunks)]
 2 | 
 3 | use clap::Parser;
 4 | use generate_mock_templates::{generate_mock_templates, GenerateMockTemplates};
 5 | use seed_iris_db::{seed_iris_db, SeedIrisDb};
 6 | use seed_mpc_db::{seed_mpc_db, SeedMPCDb};
 7 | use sqs_query::{sqs_query, SQSQuery};
 8 | use sqs_receive::{sqs_receive, SQSReceive};
 9 | use sum_shares::{sum_shares, SumShares};
10 | 
11 | mod common;
12 | mod generate_mock_templates;
13 | mod seed_iris_db;
14 | mod seed_mpc_db;
15 | mod sqs_query;
16 | mod sqs_receive;
17 | mod sum_shares;
18 | 
19 | #[derive(Debug, Clone, Parser)]
20 | enum Opt {
21 |     SQSQuery(SQSQuery),
22 |     SeedMPCDb(SeedMPCDb),
23 |     SeedIrisDb(SeedIrisDb),
24 |     SQSReceive(SQSReceive),
25 |     GenerateMockTemplates(GenerateMockTemplates),
26 |     SumShares(SumShares),
27 | }
28 | 
29 | #[tokio::main]
30 | async fn main() -> eyre::Result<()> {
31 |     dotenvy::dotenv().ok();
32 | 
33 |     let args = Opt::parse();
34 | 
35 |     match args {
36 |         Opt::SeedMPCDb(args) => {
37 |             seed_mpc_db(&args).await?;
38 |         }
39 |         Opt::SeedIrisDb(args) => {
40 |             seed_iris_db(&args).await?;
41 |         }
42 |         Opt::SQSQuery(args) => {
43 |             sqs_query(&args).await?;
44 |         }
45 |         Opt::SQSReceive(args) => {
46 |             sqs_receive(&args).await?;
47 |         }
48 |         Opt::GenerateMockTemplates(args) => {
49 |             generate_mock_templates(&args).await?;
50 |         }
51 |         Opt::SumShares(args) => {
52 |             sum_shares(&args).await?;
53 |         }
54 |     }
55 | 
56 |     Ok(())
57 | }
58 | 


--------------------------------------------------------------------------------
/.github/workflows/ci.yml:
--------------------------------------------------------------------------------
 1 | name: CI
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [main]
 6 |   pull_request:
 7 | 
 8 | env:
 9 |   CARGO_TERM_COLOR: always
10 | 
11 | jobs:
12 |   test:
13 |     runs-on: ubuntu-latest
14 |     timeout-minutes: 30
15 |     env:
16 |       RUST_LOG: info
17 |       RUST_BACKTRACE: "1"
18 |     steps:
19 |       - uses: actions/checkout@v4
20 |       - uses: dtolnay/rust-toolchain@nightly
21 |       - name: build
22 |         run: cargo build --workspace
23 |       - name: test
24 |         run: cargo test --workspace
25 | 
26 |   clippy:
27 |     runs-on: ubuntu-latest
28 |     timeout-minutes: 30
29 |     steps:
30 |       - uses: actions/checkout@v4
31 |       - uses: dtolnay/rust-toolchain@clippy
32 |         env:
33 |           RUSTFLAGS: -Dwarnings
34 | 
35 |   docs:
36 |     runs-on: ubuntu-latest
37 |     timeout-minutes: 30
38 |     steps:
39 |       - uses: actions/checkout@v4
40 |       - uses: dtolnay/rust-toolchain@nightly
41 |       - run: cargo doc --workspace --all-features --no-deps --document-private-items
42 |         env:
43 |           RUSTDOCFLAGS: "--cfg docsrs -D warnings"
44 | 
45 |   fmt:
46 |     runs-on: ubuntu-latest
47 |     timeout-minutes: 30
48 |     steps:
49 |       - uses: actions/checkout@v4
50 |       - uses: dtolnay/rust-toolchain@nightly
51 |         with:
52 |           components: rustfmt
53 |       - run: cargo fmt --all --check
54 | 
55 |   cargo-deny:
56 |     runs-on: ubuntu-24.04
57 |     timeout-minutes: 5
58 |     steps:
59 |       - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin@v4.2.1
60 |       - uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268 # pin@v2.0.1
61 | 


--------------------------------------------------------------------------------
/deny.toml:
--------------------------------------------------------------------------------
 1 | [graph]
 2 | # Cargo deny will check dependencies via `--all-features`
 3 | all-features = true
 4 | 
 5 | [advisories]
 6 | version = 2
 7 | ignore = [
 8 | 	# https://github.com/mehcode/config-rs/issues/563
 9 | 	{ id = "RUSTSEC-2024-0320", reason = "waiting for `config` crate to remove the dependency" },
10 | 	{ id = "RUSTSEC-2024-0357", reason = "openssl UB, we should update to latest crate" },
11 | 	{ id = "RUSTSEC-2024-0384", reason = "instant crate is no longer maintained" },
12 | 	{ id = "RUSTSEC-2024-0388", reason = "derivative crate is no longer maintained" },
13 | 	{ id = "RUSTSEC-2024-0399", reason = "rustls issue with tlsacceptor, we are not using this functionality" }
14 | ]
15 | 
16 | [sources]
17 | unknown-registry = "deny"
18 | 
19 | [licenses]
20 | version = 2
21 | # We want really high confidence when inferring licenses from text
22 | confidence-threshold = 1.0
23 | 
24 | # List of explicitly allowed licenses
25 | # See https://spdx.org/licenses/ for list of possible licenses
26 | allow = [
27 |     "0BSD",
28 |     "Apache-2.0 WITH LLVM-exception",
29 |     "Apache-2.0",
30 |     "BSD-2-Clause",
31 |     "BSD-3-Clause",
32 |     "BSL-1.0",
33 |     "CC0-1.0",
34 |     "ISC",
35 |     "LicenseRef-ring",
36 |     "MIT",
37 |     "MPL-2.0", # Although this is copyleft, it is scoped to modifying the original files
38 |     "OpenSSL",
39 |     "Unicode-DFS-2016",
40 |     "Unlicense",
41 |     "Zlib",
42 | ]
43 | 
44 | # See https://github.com/briansmith/ring/blob/95948b3977013aed16db92ae32e6b8384496a740/deny.toml#L12
45 | [[licenses.clarify]]
46 | name = "ring"
47 | expression = "LicenseRef-ring"
48 | license-files = [
49 |     { path = "LICENSE", hash = 0xbd0eed23 },
50 | ]
51 | 


--------------------------------------------------------------------------------
/bin/utils/sqs_query.rs:
--------------------------------------------------------------------------------
 1 | use clap::Args;
 2 | use mpc::config::AwsConfig;
 3 | use mpc::coordinator::UniquenessCheckRequest;
 4 | use mpc::rng_source::RngSource;
 5 | use mpc::template::Template;
 6 | use mpc::utils::aws::sqs_client_from_config;
 7 | use rand::Rng;
 8 | 
 9 | use crate::common::generate_random_string;
10 | 
11 | #[derive(Debug, Clone, Args)]
12 | pub struct SQSQuery {
13 |     /// The endpoint URL for the AWS service
14 |     ///
15 |     /// Useful when using LocalStack
16 |     #[clap(short, long)]
17 |     pub endpoint_url: Option<String>,
18 | 
19 |     /// The AWS region
20 |     #[clap(short, long)]
21 |     pub region: Option<String>,
22 | 
23 |     /// The URL of the SQS queue
24 |     #[clap(short, long)]
25 |     pub queue_url: String,
26 | 
27 |     #[clap(long, default_value = "thread")]
28 |     pub rng: RngSource,
29 | }
30 | 
31 | pub async fn sqs_query(args: &SQSQuery) -> eyre::Result<()> {
32 |     let sqs_client = sqs_client_from_config(&AwsConfig {
33 |         endpoint: args.endpoint_url.clone(),
34 |         region: args.region.clone(),
35 |     })
36 |     .await?;
37 | 
38 |     let mut rng = args.rng.to_rng();
39 |     let plain_code: Template = rng.gen();
40 | 
41 |     let signup_id = generate_random_string(&mut rng, 10);
42 |     let group_id = generate_random_string(&mut rng, 10);
43 | 
44 |     tracing::info!(?signup_id, ?group_id, "Sending message");
45 | 
46 |     let request = UniquenessCheckRequest {
47 |         plain_code,
48 |         signup_id,
49 |     };
50 | 
51 |     sqs_client
52 |         .send_message()
53 |         .queue_url(args.queue_url.clone())
54 |         .message_group_id(group_id)
55 |         .message_body(serde_json::to_string(&request)?)
56 |         .send()
57 |         .await?;
58 | 
59 |     Ok(())
60 | }
61 | 


--------------------------------------------------------------------------------
/src/health_check.rs:
--------------------------------------------------------------------------------
 1 | use std::net::SocketAddr;
 2 | 
 3 | use axum::http::StatusCode;
 4 | use axum::{routing, Router};
 5 | use serde::{Deserialize, Serialize};
 6 | use tokio::net::TcpListener;
 7 | use tokio::task::JoinHandle;
 8 | 
 9 | #[derive(Debug, Clone, Serialize, Deserialize)]
10 | pub struct HealthCheck;
11 | 
12 | impl HealthCheck {
13 |     pub fn spawn(
14 |         addr: impl Into<SocketAddr> + Send + 'static,
15 |     ) -> JoinHandle<eyre::Result<()>> {
16 |         let router = Self::router();
17 | 
18 |         tokio::spawn(async move {
19 |             axum::serve(
20 |                 TcpListener::bind(addr.into()).await?,
21 |                 router.into_make_service(),
22 |             )
23 |             .await
24 |             .map_err(eyre::Report::from)
25 |         })
26 |     }
27 | 
28 |     pub fn router() -> Router {
29 |         Router::new().route("/health", routing::get(Self::health_check))
30 |     }
31 | 
32 |     async fn health_check() -> impl axum::response::IntoResponse {
33 |         StatusCode::OK
34 |     }
35 | }
36 | 
37 | #[cfg(test)]
38 | mod tests {
39 |     use std::time::Duration;
40 | 
41 |     use reqwest::StatusCode;
42 | 
43 |     use super::*;
44 | 
45 |     #[tokio::test]
46 |     async fn test_health_check() -> eyre::Result<()> {
47 |         let addr: SocketAddr = "127.0.0.1:3000".parse()?;
48 | 
49 |         // Spawn the HealthCheck server
50 |         let _health_check = HealthCheck::spawn(addr);
51 | 
52 |         // Wait for the server to start
53 |         tokio::time::sleep(Duration::from_millis(100)).await;
54 | 
55 |         // Make a request to the health check endpoint
56 |         let client = reqwest::Client::new();
57 |         let response = client
58 |             .get(format!("http://{}/health", addr))
59 |             .send()
60 |             .await
61 |             .expect("Failed to send request");
62 | 
63 |         // Assert the response is OK
64 |         assert_eq!(response.status(), StatusCode::OK);
65 | 
66 |         Ok(())
67 |     }
68 | }
69 | 


--------------------------------------------------------------------------------
/src/arch/reference.rs:
--------------------------------------------------------------------------------
 1 | #![allow(unused)]
 2 | 
 3 | use crate::distance::{Bits, ROTATIONS};
 4 | use crate::encoded_bits::EncodedBits;
 5 | 
 6 | pub fn distances(
 7 |     query_rotations: Vec<EncodedBits>,
 8 |     db: &[EncodedBits],
 9 | ) -> impl Iterator<Item = [u16; 31]> + '_ {
10 |     db.iter().map(move |entry| {
11 |         let mut result = [0_u16; 31];
12 |         for (d, r) in result.iter_mut().zip(0..=31) {
13 |             *d = query_rotations[r].dot(entry);
14 |         }
15 |         result
16 |     })
17 | }
18 | 
19 | pub fn denominators<'a>(
20 |     query: &'a Bits,
21 |     db: &'a [Bits],
22 | ) -> impl Iterator<Item = [u16; 31]> + 'a {
23 |     db.iter().map(|entry| {
24 |         let mut result = [0_u16; 31];
25 |         for (d, r) in result.iter_mut().zip(query.rotations()) {
26 |             *d = r.dot(entry);
27 |         }
28 |         result
29 |     })
30 | }
31 | 
32 | //TODO: move this to the benches file
33 | #[cfg(feature = "bench")]
34 | pub mod benches {
35 |     use core::hint::black_box;
36 | 
37 |     use criterion::Criterion;
38 |     use rand::{thread_rng, Rng};
39 | 
40 |     use super::*;
41 | 
42 |     pub fn group(c: &mut Criterion) {
43 |         let mut rng = thread_rng();
44 |         let mut g = c.benchmark_group("reference");
45 | 
46 |         g.bench_function("distances 31x1000", |bench| {
47 |             let a: EncodedBits = rng.gen();
48 |             let b: Box<[EncodedBits]> = (0..1000).map(|_| rng.gen()).collect();
49 |             bench.iter(|| {
50 |                 black_box(distances(black_box(&a), black_box(&b)))
51 |                     .for_each(|_| {})
52 |             })
53 |         });
54 | 
55 |         g.bench_function("denominators 31x1000", |bench| {
56 |             let a: Bits = rng.gen();
57 |             let b: Box<[Bits]> = (0..1000).map(|_| rng.gen()).collect();
58 |             bench.iter(|| {
59 |                 black_box(denominators(black_box(&a), black_box(&b)))
60 |                     .for_each(|_| {})
61 |             })
62 |         });
63 |     }
64 | }
65 | 


--------------------------------------------------------------------------------
/bin/utils/sqs_receive.rs:
--------------------------------------------------------------------------------
 1 | use clap::Args;
 2 | use eyre::ContextCompat;
 3 | use mpc::config::AwsConfig;
 4 | use mpc::coordinator::UniquenessCheckResult;
 5 | use mpc::utils::aws::sqs_client_from_config;
 6 | 
 7 | #[derive(Debug, Clone, Args)]
 8 | pub struct SQSReceive {
 9 |     /// The endpoint URL for the AWS service
10 |     ///
11 |     /// Useful when using LocalStack
12 |     #[clap(short, long)]
13 |     pub endpoint_url: Option<String>,
14 | 
15 |     /// The AWS region
16 |     #[clap(short, long)]
17 |     pub region: Option<String>,
18 | 
19 |     /// The URL of the SQS queue
20 |     #[clap(short, long)]
21 |     pub queue_url: String,
22 | }
23 | 
24 | pub async fn sqs_receive(args: &SQSReceive) -> eyre::Result<()> {
25 |     let sqs_client = sqs_client_from_config(&AwsConfig {
26 |         endpoint: args.endpoint_url.clone(),
27 |         region: args.region.clone(),
28 |     })
29 |     .await?;
30 | 
31 |     loop {
32 |         let sqs_msg = sqs_client
33 |             .receive_message()
34 |             .queue_url(args.queue_url.clone())
35 |             .send()
36 |             .await?;
37 | 
38 |         let messages = sqs_msg.messages.unwrap_or_default();
39 | 
40 |         if messages.is_empty() {
41 |             tokio::time::sleep(tokio::time::Duration::from_secs(1)).await;
42 |             continue;
43 |         }
44 | 
45 |         for message in messages {
46 |             let body = message.body.context("Missing message body")?;
47 |             let receipt_handle = message
48 |                 .receipt_handle
49 |                 .context("Missing receipt handle in message")?;
50 | 
51 |             let request: UniquenessCheckResult = serde_json::from_str(&body)?;
52 | 
53 |             tracing::info!(?request, "Received message");
54 | 
55 |             sqs_client
56 |                 .delete_message()
57 |                 .queue_url(args.queue_url.clone())
58 |                 .receipt_handle(receipt_handle)
59 |                 .send()
60 |                 .await?;
61 |         }
62 | 
63 |         break;
64 |     }
65 | 
66 |     Ok(())
67 | }
68 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | ### Base stage
 2 | FROM debian:12 as base
 3 | 
 4 | WORKDIR /src
 5 | 
 6 | # Install dependencies
 7 | RUN apt-get update && \
 8 |     apt-get install -y \
 9 |     curl build-essential \
10 |     libssl-dev texinfo \
11 |     libcap2-bin pkg-config
12 | 
13 | # TODO: Use a specific version of rustup
14 | # Install rustup
15 | RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
16 | 
17 | COPY ./rust-toolchain.toml ./rust-toolchain.toml
18 | 
19 | # Set environment variables
20 | ENV PATH="/root/.cargo/bin:${PATH}"
21 | ENV RUSTUP_HOME="/root/.rustup"
22 | ENV CARGO_HOME="/root/.cargo"
23 | 
24 | # Install the toolchain
25 | RUN rustup component add cargo
26 | 
27 | # Install cargo chef
28 | RUN cargo install cargo-chef --locked
29 | 
30 | ### Recipe cooking stage
31 | FROM base as build-env-base
32 | 
33 | # Copy everything
34 | COPY . .
35 | 
36 | ARG RUSTFLAGS=""
37 | 
38 | # Prepare the recipe
39 | RUN cargo chef prepare --recipe-path recipe.json
40 | 
41 | ### Build stage
42 | FROM base as build-env
43 | 
44 | # Copy recipe
45 | COPY --from=build-env-base /src/recipe.json ./recipe.json
46 | 
47 | # Set build env vars
48 | ARG RUSTFLAGS=""
49 | 
50 | # Build the dependencies
51 | RUN cargo chef cook --release --recipe-path ./recipe.json
52 | 
53 | # Copy the remaining source code
54 | COPY . .
55 | 
56 | ARG BIN=mpc-node
57 | ARG RUSTFLAGS=""
58 | 
59 | # Build the binary
60 | RUN cargo build --release --bin $BIN --no-default-features
61 | 
62 | # Make sure it runs
63 | # RUN /src/target/release/$BIN --version
64 | 
65 | ### Runtime stage
66 | # cc variant because we need libgcc and others
67 | FROM gcr.io/distroless/cc-debian12:nonroot
68 | 
69 | ARG BIN=mpc-node
70 | 
71 | # Copy the binary
72 | # This is ok when building but when running fails with:
73 | # `docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/bin/mpc": is a directory: unknown: permission denied.`
74 | COPY --from=build-env --chown=0:10001 --chmod=010 /src/target/release/$BIN /bin/mpc
75 | 
76 | ENTRYPOINT [ "/bin/mpc" ]
77 | 


--------------------------------------------------------------------------------
/bin/utils/README.md:
--------------------------------------------------------------------------------
 1 | # MPC Utils
 2 | 
 3 | 
 4 | ## Seed MPC Databases
 5 | Seed the coordinator and participant databases with random shares and masks. When seeding multiple participant databases, specify a `--participant-db-url` for each participant db.
 6 | 
 7 | ```bash
 8 | cargo run --bin utils seed-mpc-db  --coordinator-db-url <COORDINATOR_DB_URL> --participant-db-url <PARTICIPANT_0_DB_URL> --participant-db-url <PARTICIPANT_1_DB_URL> --num-templates <NUM_TEMPLATES> 
 9 | ```
10 | 
11 | ## Seed Iris Database
12 | Seed the iris code database with random iris code entries. Each entry includes a `signup_id`, `serial_id`, `iris_code_left`, `mask_code_left`, `iris_code_right` and `mask_code_right`.
13 | 
14 | ```bash
15 | cargo run --bin utils seed-iris-db  --iris-code-db <IRIS_CODE_DB> --num-templates <NUM_TEMPLATES> 
16 | ```
17 | 
18 | 
19 | ## Send a Random Query via SQS
20 | Send a random iris code template to the MPC setup via SQS. Ensure that you are logged into the proper AWS account for the queue url you are using. If running with Localstack, ensure to also pass `--endpoint-url <ENDPOINT_URL>` and `--region <AWS_REGION>`.
21 | 
22 | ```bash
23 | cargo run --bin utils sqs-query  --queue-url <SQS_QUEUE_URL> 
24 | ```
25 | 
26 | 
27 | ## Receive SQS Results
28 | Receive messages from a queue. This is useful when inspecting the results queue after sending a query to the MPC setup. If the queue is empty, the program will continually check for new message every second. Once messages are in the queue, the program will receive all messages, print them to the terminal and then delete the message from the queue. Ensure that you are logged into the proper AWS account for the queue url you are using. If running with Localstack, ensure to also pass `--endpoint-url <ENDPOINT_URL>` and `--region <AWS_REGION>`.
29 | 
30 | ```bash
31 | cargo run --bin utils sqs-receive  --queue-url <SQS_QUEUE_URL> 
32 | ```
33 | 
34 | ## Generate Mock Templates
35 | 
36 | Generate random templates and write the resulting items to an output file.
37 | 
38 | ```bash
39 | cargo run --bin utils generate-mock-templates --num-templates <NUM_TEMPLATES> --output <OUTPUT_FILE>
40 | ```
41 | 


--------------------------------------------------------------------------------
/Cargo.toml:
--------------------------------------------------------------------------------
 1 | [package]
 2 | name = "mpc"
 3 | version = "0.1.0"
 4 | edition = "2021"
 5 | 
 6 | [dependencies]
 7 | async-trait = "0.1.77"
 8 | aws-config = "1.1.4"
 9 | aws-sdk-sqs = "1.12.0"
10 | axum = "0.7.4"
11 | base64 = "0.21.7"
12 | bitvec = "1"
13 | bytemuck = { version = "1.14.1", features = ["derive"] }
14 | clap = { version = "4.4.18", features = ["derive", "env"] }
15 | color-eyre = "0.6.3"
16 | config = "0.14.0"
17 | criterion = "0.5.1"
18 | dotenvy = "0.15.7"
19 | eyre = "0.6.12"
20 | futures = "0.3.30"
21 | hex = { version = "0.4.3", features = ["serde"] }
22 | humantime-serde = "1.1.1"
23 | indicatif = "0.17.7"
24 | indoc = "2.0.4"
25 | itertools = "0.12.0"
26 | metrics = "0.22.1"
27 | metrics-exporter-statsd = "0.7"
28 | # TODO: only include this for migrate-codes bin
29 | mongodb = "2.8.1"
30 | ordered-float = "4.2.0"
31 | rand = "0.8.5"
32 | rayon = "1.8.1"
33 | reqwest = { version = "0.11.24", features = ["json"] }
34 | serde = { version = "1.0.195", features = ["derive"] }
35 | serde_json = "1.0.111"
36 | sqlx = { version = "0.8", features = [
37 |     "runtime-tokio-native-tls",
38 |     "any",
39 |     "postgres",
40 |     "chrono",
41 | ] }
42 | telemetry-batteries = { git = "https://github.com/worldcoin/telemetry-batteries.git", rev = "901ea26e478c81e10d5d4355ac628ab7b15afca7" }
43 | tinytemplate = "1.2.1"
44 | tokio = { version = "1.35.1", features = ["macros"] }
45 | toml = "0.8.9"
46 | tracing = "0.1.40"
47 | tracing-subscriber = "0.3.18"
48 | url = "2.5.0"
49 | 
50 | [dev-dependencies]
51 | config = "0.14.0"
52 | float_eq = "1.0.1"
53 | proptest = "1.4.0"
54 | serial_test = "3.1.1"
55 | similar-asserts = "1.5.0"
56 | test-case = "3.3.1"
57 | testcontainers = "0.15"
58 | testcontainers-modules = { version = "0.3", features = [
59 |     "postgres",
60 |     "localstack",
61 | ] }
62 | 
63 | [[bin]]
64 | name = "mpc-node"
65 | path = "bin/mpc_node.rs"
66 | 
67 | [[bin]]
68 | name = "utils"
69 | path = "bin/utils/utils.rs"
70 | 
71 | [[bin]]
72 | name = "migrate-codes"
73 | path = "bin/migrate-codes/migrate.rs"
74 | 
75 | [[bench]]
76 | name = "rotation_comparison"
77 | harness = false
78 | 
79 | [profile.release]
80 | panic = "abort"
81 | 


--------------------------------------------------------------------------------
/src/rng_source.rs:
--------------------------------------------------------------------------------
 1 | use std::fmt;
 2 | use std::str::FromStr;
 3 | 
 4 | use rand::{thread_rng, RngCore, SeedableRng};
 5 | use serde::{Deserialize, Serialize};
 6 | 
 7 | #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
 8 | #[serde(rename_all = "snake_case")]
 9 | #[serde(tag = "kind")]
10 | pub enum RngSource {
11 |     Thread,
12 |     Small(u64),
13 |     Std(u64),
14 | }
15 | 
16 | impl RngSource {
17 |     pub fn to_rng(&self) -> Box<dyn RngCore> {
18 |         match self {
19 |             RngSource::Thread => Box::new(thread_rng()),
20 |             RngSource::Small(seed) => {
21 |                 let rng: rand::rngs::SmallRng =
22 |                     SeedableRng::seed_from_u64(*seed);
23 |                 Box::new(rng)
24 |             }
25 |             RngSource::Std(seed) => {
26 |                 let rng: rand::rngs::StdRng = SeedableRng::seed_from_u64(*seed);
27 |                 Box::new(rng)
28 |             }
29 |         }
30 |     }
31 | }
32 | 
33 | impl fmt::Display for RngSource {
34 |     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
35 |         match self {
36 |             RngSource::Thread => write!(f, "thread"),
37 |             RngSource::Small(seed) => write!(f, "small:{}", seed),
38 |             RngSource::Std(seed) => write!(f, "std:{}", seed),
39 |         }
40 |     }
41 | }
42 | 
43 | impl FromStr for RngSource {
44 |     type Err = eyre::Error;
45 | 
46 |     fn from_str(s: &str) -> Result<Self, Self::Err> {
47 |         if s == "thread" {
48 |             Ok(RngSource::Thread)
49 |         } else if s.starts_with("small:") {
50 |             let seed = s.trim_start_matches("small:").parse()?;
51 |             Ok(RngSource::Small(seed))
52 |         } else if s.starts_with("std:") {
53 |             let seed = s.trim_start_matches("std:").parse()?;
54 |             Ok(RngSource::Std(seed))
55 |         } else {
56 |             Err(eyre::eyre!("Invalid RngSource: {}", s))
57 |         }
58 |     }
59 | }
60 | 
61 | #[cfg(test)]
62 | mod tests {
63 |     use test_case::test_case;
64 | 
65 |     use super::*;
66 | 
67 |     #[test_case("thread" => RngSource::Thread)]
68 |     #[test_case("std:42" => RngSource::Std(42))]
69 |     #[test_case("small:42" => RngSource::Small(42))]
70 |     fn serialization_round_trip(s: &str) -> RngSource {
71 |         s.parse().unwrap()
72 |     }
73 | }
74 | 


--------------------------------------------------------------------------------
/src/bits/all_bit_patterns_test.rs:
--------------------------------------------------------------------------------
 1 | #![cfg(test)]
 2 | 
 3 | use std::collections::HashMap;
 4 | 
 5 | use bitvec::order::{BitOrder, Msb0};
 6 | use bitvec::vec::BitVec;
 7 | use eyre::{Context, ContextCompat};
 8 | 
 9 | use crate::bits::Bits;
10 | 
11 | const TEST_DATA: &str = include_str!("./all_rotations.txt");
12 | 
13 | struct TestData {
14 |     code: Bits,
15 | 
16 |     rotations: HashMap<i32, String>,
17 | }
18 | 
19 | fn parse_test_data(s: &str) -> eyre::Result<TestData> {
20 |     let lines = s.lines();
21 |     let mut lines = lines.map(|s| s.trim()).filter(|s| !s.is_empty());
22 | 
23 |     let code: Bits = lines.next().context("Missing code")?.parse()?;
24 | 
25 |     let mut rotations = HashMap::new();
26 | 
27 |     for line in lines {
28 |         let mut parts = line.splitn(2, ':');
29 |         let rotation = parts
30 |             .next()
31 |             .context("Missing rotation number")?
32 |             .trim()
33 |             .parse()
34 |             .context("Invalid rotation")?;
35 | 
36 |         let bit_str = parts.next().context("Missing bit string")?;
37 | 
38 |         rotations.insert(rotation, bit_str.trim().to_string());
39 |     }
40 | 
41 |     Ok(TestData { code, rotations })
42 | }
43 | 
44 | fn bit_vec_to_str<B: BitOrder>(bv: BitVec<u64, B>) -> String {
45 |     let mut s = String::new();
46 | 
47 |     for (i, bit) in bv.iter().enumerate() {
48 |         if i != 0 && i % 64 == 0 {
49 |             s.push(' ');
50 |         }
51 | 
52 |         s.push(if *bit { '1' } else { '0' });
53 |     }
54 | 
55 |     s
56 | }
57 | 
58 | #[test]
59 | fn all_bit_patterns() -> eyre::Result<()> {
60 |     let test_data = parse_test_data(TEST_DATA).unwrap();
61 | 
62 |     let rotations: HashMap<i32, String> = test_data
63 |         .code
64 |         .rotations()
65 |         .map(|bits| BitVec::<_, Msb0>::from_slice(bits.0.as_slice()))
66 |         .map(bit_vec_to_str)
67 |         .enumerate()
68 |         .map(|(i, x)| (i as i32 - 15, x))
69 |         .collect();
70 | 
71 |     assert_eq!(rotations.len(), test_data.rotations.len());
72 | 
73 |     let mut keys = rotations.keys().collect::<Vec<_>>();
74 |     keys.sort();
75 | 
76 |     for k in keys {
77 |         similar_asserts::assert_eq!(
78 |             rotations[k],
79 |             test_data.rotations[k],
80 |             "Testing rotation {}",
81 |             k
82 |         );
83 |     }
84 | 
85 |     Ok(())
86 | }
87 | 


--------------------------------------------------------------------------------
/bin/utils/seed_iris_db.rs:
--------------------------------------------------------------------------------
 1 | use clap::Args;
 2 | use indicatif::{ProgressBar, ProgressStyle};
 3 | use mpc::iris_db::IrisCodeEntry;
 4 | use mpc::rng_source::RngSource;
 5 | use rand::Rng;
 6 | 
 7 | use crate::common::{generate_random_string, generate_templates};
 8 | 
 9 | pub const DATABASE_NAME: &str = "iris";
10 | pub const COLLECTION_NAME: &str = "codes.v2";
11 | 
12 | #[derive(Debug, Clone, Args)]
13 | pub struct SeedIrisDb {
14 |     #[clap(short, long)]
15 |     pub iris_code_db: String,
16 | 
17 |     #[clap(short, long)]
18 |     pub num_templates: usize,
19 | 
20 |     #[clap(short, long, default_value = "100")]
21 |     pub batch_size: usize,
22 | 
23 |     #[clap(long, default_value = "thread")]
24 |     pub rng: RngSource,
25 | }
26 | 
27 | pub async fn seed_iris_db(args: &SeedIrisDb) -> eyre::Result<()> {
28 |     let client_options =
29 |         mongodb::options::ClientOptions::parse(&args.iris_code_db).await?;
30 | 
31 |     let client: mongodb::Client =
32 |         mongodb::Client::with_options(client_options)?;
33 | 
34 |     let iris_db = client.database(DATABASE_NAME);
35 | 
36 |     tracing::info!("Generating left templates...");
37 |     let left_templates = generate_templates(args.num_templates);
38 |     tracing::info!("Generating right templates...");
39 |     let right_templates = generate_templates(args.num_templates);
40 | 
41 |     let collection = iris_db.collection::<IrisCodeEntry>(COLLECTION_NAME);
42 | 
43 |     // Next serial id with 1 based indexing
44 |     let next_serial_id = collection.count_documents(None, None).await? + 1;
45 | 
46 |     tracing::info!(?next_serial_id);
47 | 
48 |     let mut rng = args.rng.to_rng();
49 | 
50 |     let documents = left_templates
51 |         .iter()
52 |         .zip(right_templates.iter())
53 |         .enumerate()
54 |         .map(|(serial_id, (left, right))| IrisCodeEntry {
55 |             signup_id: generate_random_string(&mut rng, 10),
56 |             serial_id: next_serial_id + serial_id as u64,
57 |             iris_code_left: left.code,
58 |             mask_code_left: left.mask,
59 |             iris_code_right: right.code,
60 |             mask_code_right: right.mask,
61 |             whitelisted: rng.gen_bool(0.8),
62 |         })
63 |         .collect::<Vec<IrisCodeEntry>>();
64 | 
65 |     let pb = ProgressBar::new(documents.len() as u64)
66 |         .with_message("Seeding iris codes");
67 | 
68 |     pb.set_style(ProgressStyle::default_bar()
69 |         .template("{spinner:.green} {msg} [{elapsed_precise}] [{wide_bar:.green}] {pos:>7}/{len:7} ({eta})")
70 |         .expect("Could not create progress bar"));
71 | 
72 |     for chunk in documents.chunks(args.batch_size) {
73 |         collection.insert_many(chunk, None).await?;
74 | 
75 |         pb.inc(chunk.len() as u64);
76 |     }
77 | 
78 |     pb.finish_with_message("Seeded iris codes");
79 | 
80 |     Ok(())
81 | }
82 | 


--------------------------------------------------------------------------------
/src/config/json_wrapper.rs:
--------------------------------------------------------------------------------
  1 | use std::borrow::Cow;
  2 | use std::fmt;
  3 | use std::str::FromStr;
  4 | 
  5 | use serde::de::DeserializeOwned;
  6 | use serde::{Deserialize, Serialize};
  7 | 
  8 | #[derive(Debug, Clone, PartialEq, Eq, Hash, Default)]
  9 | pub struct JsonStrWrapper<T>(pub T);
 10 | 
 11 | impl<T> FromStr for JsonStrWrapper<T>
 12 | where
 13 |     T: DeserializeOwned,
 14 | {
 15 |     type Err = serde_json::Error;
 16 | 
 17 |     fn from_str(s: &str) -> Result<Self, Self::Err> {
 18 |         serde_json::from_str(s).map(JsonStrWrapper)
 19 |     }
 20 | }
 21 | 
 22 | impl<T> fmt::Display for JsonStrWrapper<T>
 23 | where
 24 |     T: Serialize,
 25 | {
 26 |     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
 27 |         let s = serde_json::to_string(self).map_err(|_| fmt::Error)?;
 28 | 
 29 |         s.fmt(f)
 30 |     }
 31 | }
 32 | 
 33 | impl<T> Serialize for JsonStrWrapper<T>
 34 | where
 35 |     T: Serialize,
 36 | {
 37 |     fn serialize<S: serde::Serializer>(
 38 |         &self,
 39 |         serializer: S,
 40 |     ) -> Result<S::Ok, S::Error> {
 41 |         serde_json::to_string(&self.0)
 42 |             .map_err(serde::ser::Error::custom)?
 43 |             .serialize(serializer)
 44 |     }
 45 | }
 46 | 
 47 | impl<'de, T> Deserialize<'de> for JsonStrWrapper<T>
 48 | where
 49 |     // TODO: Is there some way to use T:
 50 |     // Deserialize<'de> here?
 51 |     T: DeserializeOwned,
 52 | {
 53 |     fn deserialize<D: serde::Deserializer<'de>>(
 54 |         deserializer: D,
 55 |     ) -> Result<Self, D::Error> {
 56 |         let s = Cow::<'static, str>::deserialize(deserializer)?;
 57 | 
 58 |         serde_json::from_str(&s)
 59 |             .map(JsonStrWrapper)
 60 |             .map_err(serde::de::Error::custom)
 61 |     }
 62 | }
 63 | 
 64 | impl<T> From<T> for JsonStrWrapper<T> {
 65 |     fn from(t: T) -> Self {
 66 |         Self(t)
 67 |     }
 68 | }
 69 | 
 70 | #[cfg(test)]
 71 | mod tests {
 72 |     use serde_json::Value;
 73 | 
 74 |     use super::*;
 75 | 
 76 |     #[test]
 77 |     fn json() {
 78 |         let wrapper = JsonStrWrapper(vec![1, 2, 3]);
 79 | 
 80 |         let s = serde_json::to_string(&wrapper).unwrap();
 81 | 
 82 |         assert_eq!(s, "\"[1,2,3]\"");
 83 | 
 84 |         let wrapper: JsonStrWrapper<Vec<u32>> =
 85 |             serde_json::from_str(&s).unwrap();
 86 | 
 87 |         assert_eq!(wrapper.0, vec![1, 2, 3]);
 88 |     }
 89 | 
 90 |     #[test]
 91 |     fn json_value() {
 92 |         let wrapper = JsonStrWrapper(vec![1, 2, 3]);
 93 | 
 94 |         let s = serde_json::to_value(wrapper).unwrap();
 95 | 
 96 |         assert_eq!(s, Value::String("[1,2,3]".to_string()));
 97 | 
 98 |         let wrapper: JsonStrWrapper<Vec<u32>> =
 99 |             serde_json::from_value(s).unwrap();
100 | 
101 |         assert_eq!(wrapper.0, vec![1, 2, 3]);
102 |     }
103 | }
104 | 


--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
 1 | # Security @ Worldcoin
 2 | 
 3 | Security is an essential part of Worldcoin, and we take it very seriously. From the beginning, we have incorporated secure design and applied best practices across the project. However, security doesn’t just end with us. Security audits by third-party firms and research by community members are critical to establishing a solid foundation. If you have identified a security concern, we encourage you to submit your findings to our Product Security Incident Response Team (PSIRT) — your findings may even qualify for a reward!
 4 | 
 5 | ## Think you’ve found a security issue?
 6 | 
 7 | We accept vulnerability reports in two ways: through our public bug bounty program or through our security disclosure email. **Please note that only reports submitted through the HackerOne bug bounty program may be eligible for bounties.**
 8 | 
 9 | ### 1. (Preferred, bounty-eligible) [Tools For Humanity Bug Bounty Program](https://hackerone.com/toolsforhumanity)
10 | 
11 | _Tools For Humanity_ manages the bug bounty program on behalf of Worldcoin through the HackerOne platform. Reports submitted to this program may be eligible for rewards as governed by the bug bounty policy. **This repository is [within scope](https://hackerone.com/toolsforhumanity/policy_scopes) for the bounty program.**
12 | 
13 | ### 2. (Not bounty-eligible) Security mailing list `security@worldcoin.org`
14 | 
15 | We also accept vulnerability reports in multiple languages via email at [security@worldcoin.org](mailto:security@worldcoin.org). If reporting via email, please encrypt the content and attachments using Worldcoin PSIRT’s PGP Key (please see [https://worldcoin.org/pgp-key.txt](https://worldcoin.org/pgp-key.txt) or check [https://worldcoin.org/.well-known/security.txt](https://worldcoin.org/.well-known/security.txt) for more info). The current fingerprint for this ECC curve25519 key is `45FE 2A09 90DD 7B04 EE51 1FEB 5F22 D67F 2C43 B48D`.
16 | 
17 | Please include the following details in your report (if applicable):
18 | 
19 | - Product/Repository and version/branch that contains the vulnerability
20 | - Type of vulnerability
21 | - Security impact of the vulnerability
22 | - Instructions for reproduction
23 | - Proof-of-concept (POC) demonstrating the vulnerability
24 | 
25 | ### Issues in third-party libraries or modules
26 | 
27 | Please report security bugs in third-party software to the original maintainers.
28 | 
29 | ### Responsible Disclosure
30 | 
31 | We believe that responsible disclosure is a net benefit for the community and subsequently encourage researchers to publish their findings after the issues have been remediated. We do ask, however, that you allow sufficient time for patches to be deployed globally, so please coordinate with Worldcoin PSIRT prior to publishing, either through the bug bounty program or over email. For more information on responsible disclosure, please see Google Project Zero’s [Vulnerability Disclosure policy](https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-policy.html) as an example.


--------------------------------------------------------------------------------
/bin/mpc_node.rs:
--------------------------------------------------------------------------------
 1 | use std::path::PathBuf;
 2 | use std::sync::Arc;
 3 | 
 4 | use clap::Parser;
 5 | use metrics_exporter_statsd::StatsdBuilder;
 6 | use mpc::config::{load_config, Config};
 7 | use mpc::coordinator::Coordinator;
 8 | use mpc::health_check::HealthCheck;
 9 | use mpc::participant::Participant;
10 | use telemetry_batteries::tracing::datadog::DatadogBattery;
11 | use telemetry_batteries::tracing::TracingShutdownHandle;
12 | use tokio::task::JoinHandle;
13 | use tracing_subscriber::layer::SubscriberExt;
14 | use tracing_subscriber::util::SubscriberInitExt;
15 | 
16 | #[derive(Parser)]
17 | #[clap(version)]
18 | pub struct Args {
19 |     #[clap(short, long, env)]
20 |     config: Option<PathBuf>,
21 | }
22 | 
23 | #[tokio::main]
24 | async fn main() -> color_eyre::Result<()> {
25 |     color_eyre::install()?;
26 |     dotenvy::dotenv().ok();
27 | 
28 |     let args = Args::parse();
29 | 
30 |     let config: Config = load_config("MPC", args.config.as_deref())?;
31 | 
32 |     let _tracing_shutdown_handle = if let Some(service) = &config.service {
33 |         let tracing_shutdown_handle = DatadogBattery::init(
34 |             service.traces_endpoint.as_deref(),
35 |             &service.service_name,
36 |             None,
37 |             true,
38 |         );
39 | 
40 |         if let Some(metrics_config) = &service.metrics {
41 |             tracing::info!("Initializing metrics using config...");
42 |             let recorder =
43 |                 StatsdBuilder::from(&metrics_config.host, metrics_config.port)
44 |                     .with_queue_size(metrics_config.queue_size)
45 |                     .with_buffer_size(metrics_config.buffer_size)
46 |                     .histogram_is_distribution()
47 |                     .build(Some(&metrics_config.prefix))?;
48 | 
49 |             metrics::set_global_recorder(recorder)?;
50 |         }
51 | 
52 |         tracing_shutdown_handle
53 |     } else {
54 |         tracing_subscriber::registry()
55 |             .with(tracing_subscriber::fmt::layer().pretty().compact())
56 |             .with(tracing_subscriber::EnvFilter::from_default_env())
57 |             .init();
58 | 
59 |         TracingShutdownHandle
60 |     };
61 | 
62 |     let mut tasks: Vec<JoinHandle<eyre::Result<()>>> = vec![];
63 | 
64 |     if let Some(coordinator) = config.coordinator {
65 |         let coordinator = Arc::new(Coordinator::new(coordinator).await?);
66 | 
67 |         tasks.push(tokio::spawn(async move {
68 |             coordinator.spawn().await?;
69 | 
70 |             Ok(())
71 |         }));
72 |     }
73 | 
74 |     if let Some(participant) = config.participant {
75 |         let participant = Arc::new(Participant::new(participant).await?);
76 | 
77 |         tasks.push(tokio::spawn(async move {
78 |             participant.spawn().await?;
79 | 
80 |             Ok(())
81 |         }));
82 |     }
83 | 
84 |     if let Some(health_check) = config.health_check {
85 |         let health_check = HealthCheck::spawn(health_check.socket_addr);
86 |         tasks.push(health_check);
87 |     }
88 | 
89 |     for task in tasks {
90 |         task.await??;
91 |     }
92 | 
93 |     Ok(())
94 | }
95 | 


--------------------------------------------------------------------------------
/src/arch/generic.rs:
--------------------------------------------------------------------------------
 1 | #![allow(unused)]
 2 | use std::cmp::min;
 3 | use std::mem::swap;
 4 | use std::thread::JoinHandle;
 5 | 
 6 | use rayon::prelude::*;
 7 | 
 8 | use crate::distance::{Bits, ROTATIONS};
 9 | use crate::encoded_bits::EncodedBits;
10 | 
11 | pub fn distances(
12 |     query_rotations: Vec<EncodedBits>,
13 |     db: &[EncodedBits],
14 | ) -> impl Iterator<Item = [u16; 31]> + '_ {
15 |     const BATCH: usize = 10_000;
16 | 
17 |     // Iterate over a batch of database entries
18 |     db.chunks(BATCH).flat_map(move |chunk| {
19 |         let mut results = [[0_u16; 31]; BATCH];
20 | 
21 |         // Parallel computation over batch
22 |         results.par_iter_mut().zip(chunk.par_iter()).for_each(
23 |             |(result, entry)| {
24 |                 // Compute dot product for each rotation
25 |                 for (d, rotation) in
26 |                     result.iter_mut().zip(query_rotations.iter())
27 |                 {
28 |                     *d = rotation.dot(entry);
29 |                 }
30 |             },
31 |         );
32 | 
33 |         // Sequentially output results
34 |         results.into_iter().take(chunk.len())
35 |     })
36 | }
37 | 
38 | pub fn denominators<'a>(
39 |     query: &'a Bits,
40 |     db: &'a [Bits],
41 | ) -> impl Iterator<Item = [u16; 31]> + 'a {
42 |     const BATCH: usize = 10_000;
43 | 
44 |     // Iterate over a batch of database entries
45 |     db.chunks(BATCH).flat_map(move |chunk| {
46 |         // Parallel computation over batch
47 |         let results = chunk
48 |             .par_iter()
49 |             .map(|(entry)| {
50 |                 let mut result = [0_u16; 31];
51 |                 // Compute dot product for each rotation
52 |                 for (d, rotation) in result.iter_mut().zip(query.rotations()) {
53 |                     *d = rotation.dot(entry);
54 |                 }
55 |                 result
56 |             })
57 |             .collect::<Vec<_>>();
58 | 
59 |         // Sequentially output results
60 |         results.into_iter().take(chunk.len())
61 |     })
62 | }
63 | 
64 | //TODO: move this to the benches file
65 | #[cfg(feature = "bench")]
66 | pub mod benches {
67 |     use core::hint::black_box;
68 | 
69 |     use criterion::Criterion;
70 |     use rand::{thread_rng, Rng};
71 | 
72 |     use super::*;
73 | 
74 |     pub fn group(c: &mut Criterion) {
75 |         let mut rng = thread_rng();
76 |         let mut g = c.benchmark_group("generic");
77 | 
78 |         g.bench_function("distances 31x1000", |bench| {
79 |             let a: EncodedBits = rng.gen();
80 |             let b: Box<[EncodedBits]> = (0..1000).map(|_| rng.gen()).collect();
81 |             bench.iter(|| {
82 |                 black_box(distances(black_box(&a), black_box(&b)))
83 |                     .for_each(|_| {})
84 |             })
85 |         });
86 | 
87 |         g.bench_function("denominators 31x1000", |bench| {
88 |             let a: Bits = rng.gen();
89 |             let b: Box<[Bits]> = (0..1000).map(|_| rng.gen()).collect();
90 |             bench.iter(|| {
91 |                 black_box(denominators(black_box(&a), black_box(&b)))
92 |                     .for_each(|_| {})
93 |             })
94 |         });
95 |     }
96 | }
97 | 


--------------------------------------------------------------------------------
/src/db/impls.rs:
--------------------------------------------------------------------------------
  1 | use crate::bits::{Bits, BITS};
  2 | use crate::distance::EncodedBits;
  3 | 
  4 | const BYTES_PER_BITS: usize = BITS / 8;
  5 | const BYTES_PER_ENCODED_BITS: usize = BITS * 2;
  6 | 
  7 | impl<DB> sqlx::Type<DB> for Bits
  8 | where
  9 |     DB: sqlx::Database,
 10 |     [u8; BYTES_PER_BITS]: sqlx::Type<DB>,
 11 | {
 12 |     fn type_info() -> DB::TypeInfo {
 13 |         <[u8; BYTES_PER_BITS] as sqlx::Type<DB>>::type_info()
 14 |     }
 15 | }
 16 | 
 17 | impl<'r, DB> sqlx::Decode<'r, DB> for Bits
 18 | where
 19 |     DB: sqlx::Database,
 20 |     [u8; BYTES_PER_BITS]: sqlx::Decode<'r, DB>,
 21 | {
 22 |     fn decode(
 23 |         value: <DB as sqlx::database::Database>::ValueRef<'r>,
 24 |     ) -> Result<Self, sqlx::error::BoxDynError> {
 25 |         let bytes = <[u8; BYTES_PER_BITS] as sqlx::Decode<DB>>::decode(value)?;
 26 | 
 27 |         let bits: Vec<u64> = bytes
 28 |             .array_chunks::<8>()
 29 |             .map(|x| u64::from_be_bytes(*x))
 30 |             .collect();
 31 | 
 32 |         let bits = bits.try_into().expect("Wrong size");
 33 | 
 34 |         Ok(Self(bits))
 35 |     }
 36 | }
 37 | 
 38 | impl<'q, DB> sqlx::Encode<'q, DB> for Bits
 39 | where
 40 |     DB: sqlx::Database,
 41 |     [u8; BYTES_PER_BITS]: sqlx::Encode<'q, DB>,
 42 | {
 43 |     fn encode_by_ref(
 44 |         &self,
 45 |         buf: &mut <DB as sqlx::database::Database>::ArgumentBuffer<'q>,
 46 |     ) -> Result<sqlx::encode::IsNull, sqlx::error::BoxDynError> {
 47 |         let mut bytes: [u8; BYTES_PER_BITS] = [0; BYTES_PER_BITS];
 48 | 
 49 |         for (i, v) in self.0.into_iter().flat_map(u64::to_be_bytes).enumerate()
 50 |         {
 51 |             bytes[i] = v;
 52 |         }
 53 | 
 54 |         <[u8; BYTES_PER_BITS] as sqlx::Encode<DB>>::encode(bytes, buf)
 55 |     }
 56 | }
 57 | 
 58 | impl<DB> sqlx::Type<DB> for EncodedBits
 59 | where
 60 |     DB: sqlx::Database,
 61 |     [u8; BYTES_PER_ENCODED_BITS]: sqlx::Type<DB>,
 62 | {
 63 |     fn type_info() -> DB::TypeInfo {
 64 |         <[u8; BYTES_PER_ENCODED_BITS] as sqlx::Type<DB>>::type_info()
 65 |     }
 66 | }
 67 | 
 68 | impl<'r, DB> sqlx::Decode<'r, DB> for EncodedBits
 69 | where
 70 |     DB: sqlx::Database,
 71 |     [u8; BYTES_PER_ENCODED_BITS]: sqlx::Decode<'r, DB>,
 72 | {
 73 |     fn decode(
 74 |         value: <DB as sqlx::database::Database>::ValueRef<'r>,
 75 |     ) -> Result<Self, sqlx::error::BoxDynError> {
 76 |         let bytes =
 77 |             <[u8; BYTES_PER_ENCODED_BITS] as sqlx::Decode<DB>>::decode(value)?;
 78 | 
 79 |         let bits: Vec<u16> = bytes
 80 |             .array_chunks::<2>()
 81 |             .map(|x| u16::from_be_bytes(*x))
 82 |             .collect();
 83 |         let bits = bits.try_into().expect("Wrong size");
 84 | 
 85 |         Ok(Self(bits))
 86 |     }
 87 | }
 88 | 
 89 | impl<'q, DB> sqlx::Encode<'q, DB> for EncodedBits
 90 | where
 91 |     DB: sqlx::Database,
 92 |     [u8; BYTES_PER_ENCODED_BITS]: sqlx::Encode<'q, DB>,
 93 | {
 94 |     fn encode_by_ref(
 95 |         &self,
 96 |         buf: &mut <DB as sqlx::database::Database>::ArgumentBuffer<'q>,
 97 |     ) -> Result<sqlx::encode::IsNull, sqlx::error::BoxDynError> {
 98 |         let mut bytes: [u8; BYTES_PER_ENCODED_BITS] =
 99 |             [0; BYTES_PER_ENCODED_BITS];
100 | 
101 |         for (i, v) in self.0.into_iter().flat_map(u16::to_be_bytes).enumerate()
102 |         {
103 |             bytes[i] = v;
104 |         }
105 | 
106 |         <[u8; BYTES_PER_ENCODED_BITS] as sqlx::Encode<DB>>::encode(bytes, buf)
107 |     }
108 | }
109 | 


--------------------------------------------------------------------------------
/bin/migrate-codes/mpc_db.rs:
--------------------------------------------------------------------------------
  1 | use eyre::ContextCompat;
  2 | use mpc::config::DbConfig;
  3 | use mpc::db::Db;
  4 | 
  5 | pub struct MPCDb {
  6 |     pub left_coordinator_db: Db,
  7 |     pub left_participant_dbs: Vec<Db>,
  8 |     pub right_coordinator_db: Db,
  9 |     pub right_participant_dbs: Vec<Db>,
 10 | }
 11 | 
 12 | impl MPCDb {
 13 |     pub async fn new(
 14 |         left_coordinator_db_url: String,
 15 |         left_participant_db_urls: Vec<String>,
 16 |         right_coordinator_db_url: String,
 17 |         right_participant_db_urls: Vec<String>,
 18 |         no_migrate_or_create: bool,
 19 |     ) -> eyre::Result<Self> {
 20 |         let migrate = !no_migrate_or_create;
 21 |         let create = !no_migrate_or_create;
 22 | 
 23 |         tracing::info!("Connecting to left coordinator db");
 24 |         let left_coordinator_db = Db::new(&DbConfig {
 25 |             url: left_coordinator_db_url,
 26 |             migrate,
 27 |             create,
 28 |         })
 29 |         .await?;
 30 | 
 31 |         let mut left_participant_dbs = vec![];
 32 | 
 33 |         for (i, url) in left_participant_db_urls.into_iter().enumerate() {
 34 |             tracing::info!(participant=?i, "Connecting to left participant db");
 35 |             let db = Db::new(&DbConfig {
 36 |                 url,
 37 |                 migrate,
 38 |                 create,
 39 |             })
 40 |             .await?;
 41 |             left_participant_dbs.push(db);
 42 |         }
 43 | 
 44 |         tracing::info!("Connecting to right coordinator db");
 45 |         let right_coordinator_db = Db::new(&DbConfig {
 46 |             url: right_coordinator_db_url,
 47 |             migrate,
 48 |             create,
 49 |         })
 50 |         .await?;
 51 | 
 52 |         let mut right_participant_dbs = vec![];
 53 |         for (i, url) in right_participant_db_urls.into_iter().enumerate() {
 54 |             tracing::info!(participant=?i, "Connecting to right participant db");
 55 |             let db = Db::new(&DbConfig {
 56 |                 url,
 57 |                 migrate,
 58 |                 create,
 59 |             })
 60 |             .await?;
 61 | 
 62 |             right_participant_dbs.push(db);
 63 |         }
 64 | 
 65 |         Ok(Self {
 66 |             left_coordinator_db,
 67 |             left_participant_dbs,
 68 |             right_coordinator_db,
 69 |             right_participant_dbs,
 70 |         })
 71 |     }
 72 | 
 73 |     #[tracing::instrument(skip(self,))]
 74 |     pub async fn prune_items(&self, serial_id: u64) -> eyre::Result<()> {
 75 |         self.left_coordinator_db.prune_items(serial_id).await?;
 76 |         self.right_coordinator_db.prune_items(serial_id).await?;
 77 | 
 78 |         for db in self.left_participant_dbs.iter() {
 79 |             db.prune_items(serial_id).await?;
 80 |         }
 81 | 
 82 |         for db in self.right_participant_dbs.iter() {
 83 |             db.prune_items(serial_id).await?;
 84 |         }
 85 | 
 86 |         Ok(())
 87 |     }
 88 | 
 89 |     #[tracing::instrument(skip(self,))]
 90 |     pub async fn fetch_latest_serial_id(&self) -> eyre::Result<u64> {
 91 |         let mut ids = Vec::new();
 92 | 
 93 |         ids.push(self.left_coordinator_db.fetch_latest_mask_id().await?);
 94 |         ids.push(self.right_coordinator_db.fetch_latest_mask_id().await?);
 95 | 
 96 |         for db in self.left_participant_dbs.iter() {
 97 |             ids.push(db.fetch_latest_share_id().await?);
 98 |         }
 99 | 
100 |         for db in self.right_participant_dbs.iter() {
101 |             ids.push(db.fetch_latest_share_id().await?);
102 |         }
103 | 
104 |         ids.into_iter().min().context("No serial ids found")
105 |     }
106 | }
107 | 


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Worldcoin Open Source Code of Conduct
 2 | 
 3 | ## Our Pledge
 4 | 
 5 | We as members, contributors, and leaders pledge to make participation in our
 6 | community a harassment-free experience for everyone, regardless of age, body
 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender
 8 | identity and expression, level of experience, education, socio-economic status,
 9 | nationality, personal appearance, race, caste, color, religion, or sexual
10 | identity and orientation.
11 | 
12 | We pledge to act and interact in ways that contribute to an open, welcoming,
13 | diverse, inclusive, and healthy community.
14 | 
15 | ## Our Standards
16 | 
17 | Examples of behavior that contributes to a positive environment for our
18 | community include:
19 | - Demonstrating empathy and kindness toward other people
20 | - Being respectful of differing opinions, viewpoints, and experiences
21 | - Giving and gracefully accepting constructive feedback
22 | - Accepting responsibility and apologizing to those affected by our mistakes,
23 |   and learning from the experience
24 | - Focusing on what is best not just for us as individuals, but for the overall
25 |   community
26 | 
27 | Examples of unacceptable behavior include:
28 | - The use of sexualized language or imagery, and sexual attention or advances
29 |   of any kind
30 | - Trolling, insulting or derogatory comments, and personal or political attacks
31 | - Public or private harassment
32 | - Disruptive behavior
33 | - Publishing others' private information, such as a physical or email address,
34 |   without their explicit permission
35 | - Other conduct which could reasonably be considered inappropriate in a
36 |   professional setting
37 | 
38 | The Worldcoin open source community is united in its conviction that its open
39 | source materials not be used:
40 | - For mass surveillance of individuals or for unlawful individual surveillance
41 |   or other unlawful targeted actions, including on the basis on race, gender,
42 |   sexual orientation, or religion; or
43 | - In any activity or manner that violates, or supports, assists, facilitates,
44 |   enables, constitutes or is otherwise deemed to be a violation of the
45 |   Universal Declaration of Human Rights
46 |   (https://www.un.org/en/universaldeclaration-human-rights/), the International
47 |   Covenant on Civil and Political Rights
48 |   (https://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx), the
49 |   International Labor Organization Declaration on Fundamental Principles and
50 |   Rights at Work
51 |   (https://www.ilo.org/declaration/thedeclaration/textdeclaration/lang--en/index.htm),
52 |   or any local laws implementing those instruments.
53 | 
54 | ## Enforcement Responsibilities
55 | 
56 | Community leaders are responsible for clarifying and enforcing our standards of
57 | acceptable behavior and will take appropriate and fair corrective action in
58 | response to any behavior that they deem inappropriate, threatening, offensive,
59 | or harmful.
60 | 
61 | Community leaders have the right and responsibility to remove, edit, or reject
62 | comments, commits, code, wiki edits, issues, and other contributions that are
63 | not aligned to this Code of Conduct, and will communicate reasons for
64 | moderation decisions when appropriate.
65 | 
66 | ## Scope
67 | 
68 | This Code of Conduct applies within all project spaces, and it also applies
69 | when an individual is representing the project or its community in public
70 | spaces. Examples of representing a project or community include using an
71 | official project e-mail address, posting via an official social media account,
72 | or acting as an appointed representative at an online or offline event.
73 | Representation of a project may be further defined and clarified by project
74 | maintainers.
75 | 
76 | This Code of Conduct also applies outside the project spaces when there is a
77 | reasonable belief that an individual's behavior may have a negative impact on
78 | the project or its community.
79 | 
80 | ## Enforcement
81 | 
82 | We encourage all communities to resolve issues on their own whenever possible.
83 | Instances of abusive, harassing, or otherwise unacceptable behavior should be
84 | reported to the community leaders responsible for enforcement in a given
85 | project or to legal@worldcoin.org. All project and community leaders are
86 | obligated to respect the privacy and security of the reporter of any incident.
87 | 
88 | ## Attribution
89 | 
90 | This Code of Conduct is adapted from the Contributor Covenant, version 1.4,
91 | available at
92 | https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
93 | 
94 | For answers to common questions about this code of conduct, see
95 | https://www.contributor-covenant.org/faq
96 | 
97 | Expanding scope to include impact on community health inspired by Meta's Open
98 | Source Code of Conduct.


--------------------------------------------------------------------------------
/compose.yml:
--------------------------------------------------------------------------------
  1 | version: '3'
  2 | services:
  3 |   localstack:
  4 |     hostname: localstack
  5 |     image: localstack/localstack
  6 |     ports:
  7 |       - "4566:4566"
  8 |     environment:
  9 |       # LocalStack configuration: https://docs.localstack.cloud/references/configuration/
 10 |       - DEBUG=${DEBUG:-0}
 11 |     volumes:
 12 |       - "./init-scripts/ready.d:/etc/localstack/init/ready.d"
 13 |       - "localstack-data:/var/lib/localstack"
 14 |       - "/var/run/docker.sock:/var/run/docker.sock"
 15 | 
 16 |   coordinator:
 17 |     restart: always
 18 |     environment:
 19 |       - 'RUST_LOG=mpc=debug,mpc-node=debug,mpc_node=debug,info'
 20 |       - 'MPC__COORDINATOR__PARTICIPANTS=["participant_0:8080", "participant_1:8081"]'
 21 |       - 'MPC__COORDINATOR__HAMMING_DISTANCE_THRESHOLD=0.375'
 22 |       - 'MPC__COORDINATOR__N_CLOSEST_DISTANCES=20'
 23 |       - 'MPC__COORDINATOR__DB__URL=postgres://postgres:postgres@coordinator_db:5432/db'
 24 |       - 'MPC__COORDINATOR__DB__MIGRATE=true'
 25 |       - 'MPC__COORDINATOR__DB__CREATE=true'
 26 |       - 'MPC__COORDINATOR__AWS__ENDPOINT=http://localstack:4566'
 27 |       - 'MPC__COORDINATOR__AWS__REGION=us-east-1'
 28 |       - 'MPC__COORDINATOR__QUEUES__QUERIES_QUEUE_URL=http://sqs.us-east-1.localhost.localstack.cloud:4566/000000000000/coordinator-uniqueness-check.fifo'
 29 |       - 'MPC__COORDINATOR__QUEUES__DISTANCES_QUEUE_URL=http://sqs.us-east-1.localhost.localstack.cloud:4566/000000000000/coordinator-results-queue.fifo'
 30 |       - 'MPC__COORDINATOR__QUEUES__DB_SYNC_QUEUE_URL=http://sqs.us-east-1.localhost.localstack.cloud:4566/000000000000/coordinator-db-sync-queue'
 31 |       # AWS env vars - they don't matter but are required
 32 |       - 'AWS_ACCESS_KEY_ID=test'
 33 |       - 'AWS_SECRET_ACCESS_KEY=test'
 34 |       - 'AWS_DEFAULT_REGION=us-east-1'
 35 | 
 36 |     build:
 37 |       context: .
 38 |       dockerfile: Dockerfile
 39 |     ports:
 40 |       - 8080:8080
 41 |     depends_on:
 42 |       - coordinator_db
 43 |       - localstack
 44 |   participant_0:
 45 |     restart: always
 46 |     hostname: participant
 47 |     environment:
 48 |       - 'RUST_LOG=mpc=debug,mpc-node=debug,mpc_node=debug,info'
 49 |       - 'MPC__PARTICIPANT__SOCKET_ADDR=0.0.0.0:8080'
 50 |       - 'MPC__PARTICIPANT__BATCH_SIZE=20000'
 51 |       - 'MPC__PARTICIPANT__DB__URL=postgres://postgres:postgres@participant_0_db:5432/db'
 52 |       - 'MPC__PARTICIPANT__DB__MIGRATE=true'
 53 |       - 'MPC__PARTICIPANT__DB__CREATE=true'
 54 |       - 'MPC__PARTICIPANT__AWS__ENDPOINT=http://localstack:4566'
 55 |       - 'MPC__PARTICIPANT__AWS__REGION=us-east-1'
 56 |       - 'MPC__PARTICIPANT__QUEUES__DB_SYNC_QUEUE_URL=http://sqs.us-east-1.localhost.localstack.cloud:4566/000000000000/participant-0-db-sync-queue'
 57 |       # AWS env vars - they don't matter but are required
 58 |       - 'AWS_ACCESS_KEY_ID=test'
 59 |       - 'AWS_SECRET_ACCESS_KEY=test'
 60 |       - 'AWS_DEFAULT_REGION=us-east-1'
 61 |     build:
 62 |       context: .
 63 |       dockerfile: Dockerfile
 64 |     depends_on:
 65 |       - participant_0_db
 66 |       - localstack
 67 | 
 68 |   participant_1:
 69 |     restart: always
 70 |     hostname: participant
 71 |     environment:
 72 |       - 'RUST_LOG=mpc=debug,mpc-node=debug,mpc_node=debug,info'
 73 |       - 'MPC__PARTICIPANT__SOCKET_ADDR=0.0.0.0:8081'
 74 |       - 'MPC__PARTICIPANT__BATCH_SIZE=20000'
 75 |       - 'MPC__PARTICIPANT__DB__URL=postgres://postgres:postgres@participant_1_db:5432/db'
 76 |       - 'MPC__PARTICIPANT__DB__MIGRATE=true'
 77 |       - 'MPC__PARTICIPANT__DB__CREATE=true'
 78 |       - 'MPC__PARTICIPANT__AWS__ENDPOINT=http://localstack:4566'
 79 |       - 'MPC__PARTICIPANT__AWS__REGION=us-east-1'
 80 |       - 'MPC__PARTICIPANT__QUEUES__DB_SYNC_QUEUE_URL=http://sqs.us-east-1.localhost.localstack.cloud:4566/000000000000/participant-1-db-sync-queue'
 81 |       # AWS env vars - they don't matter but are required
 82 |       - 'AWS_ACCESS_KEY_ID=test'
 83 |       - 'AWS_SECRET_ACCESS_KEY=test'
 84 |       - 'AWS_DEFAULT_REGION=us-east-1'
 85 |     depends_on:
 86 |       - participant_1_db
 87 |       - localstack
 88 |     build:
 89 |       context: .
 90 |       dockerfile: Dockerfile
 91 | 
 92 |   coordinator_db:
 93 |     hostname: coordinator_db
 94 |     image: postgres
 95 |     ports:
 96 |       - 8432:5432
 97 |     environment:
 98 |       - POSTGRES_HOST_AUTH_METHOD=trust
 99 | 
100 |   participant_0_db:
101 |     hostname: participant_db
102 |     image: postgres
103 |     ports:
104 |       - 8433:5432
105 |     environment:
106 |       - POSTGRES_HOST_AUTH_METHOD=trust
107 | 
108 |   participant_1_db:
109 |     hostname: participant_db
110 |     image: postgres
111 |     ports:
112 |       - 8434:5432
113 |     environment:
114 |       - POSTGRES_HOST_AUTH_METHOD=trust
115 | 
116 |   iris_db:
117 |     hostname: iris_db
118 |     image: mongo
119 |     ports:
120 |       - 27017:27017
121 |     environment:
122 |       - MONGO_INITDB_ROOT_USERNAME=admin
123 |       - MONGO_INITDB_ROOT_PASSWORD=password
124 | 
125 | networks:
126 |   default:
127 |     driver: bridge
128 | 
129 | volumes:
130 |   localstack-data:
131 |     # Define the Docker volume
132 | 
133 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # MPC Uniqueness Check
  2 | 
  3 | The MPC Uniqueness Check is a secure multi-party computation (SMPC) protocol that powers the matching engine behind Worldcoin's [iris recognition inference system](https://worldcoin.org/blog/engineering/iris-recognition-inference-system). SMPC is used to calculate a fractional hamming distance to determine uniqueness of a given iris code. A detailed specification of the iris code SMPC can be found [here](docs/specification.ipynb).
  4 | 
  5 | 
  6 | 
  7 | ```mermaid
  8 | sequenceDiagram
  9 |     autonumber
 10 |     participant RequestQueue as Uniqueness Check Queue
 11 |     participant Coord as Coordinator
 12 |     participant Participants as Participants
 13 |     participant ResultsQueue as Results Queue
 14 | 
 15 |     RequestQueue ->> Coord: New uniquness check request
 16 |     Coord ->> Participants: Send code to all participants
 17 |     Coord ->> Coord: Sync latest masks from the database
 18 |     Coord ->> Coord: Calculate mask portion of FHD
 19 |     Participants ->> Participants: Sync latest shares from the database
 20 |     Participants ->> Participants: Calculate iris code portion of FHD
 21 |     Participants ->> Coord: Send partial results
 22 |     Coord ->> Coord: Calculate final result
 23 |     Coord ->> ResultsQueue: Enqueue final result
 24 | ```
 25 | 
 26 | The MPC setup consists of a coordinator and `n` participants, where each participant stores an encrypted portion of each iris code and the coordinator stores the corresponding masks. When a new uniqueness check request is enqueued, the coordinator will send the code to each of the participants, which will compute a fractional hamming distance against their encrypted partial iris codes. The participant results will be sent back to the coordinator and the partial results will be combined to arrive at the final result.
 27 | 
 28 | ## Installing
 29 | To install mpc uniqueness check and all utilities, you can run the following command.
 30 | ```
 31 | cargo install --path .
 32 | ```
 33 | 
 34 | ## Usage
 35 | 
 36 | ### Coordinator
 37 | 
 38 | To start the coordinator, you can run `mpc-node --config <path_to_config>` or specify the following configuration via environment variables.
 39 | 
 40 | ```toml
 41 | [coordinator]
 42 | # Socket addresses for each participant
 43 | participants = '["127.0.0.1:8000", "127.0.0.1:8001", "127.0.0.1:8002"]'
 44 | # Hamming distance threshold to determine if a given iris code is unique
 45 | hamming_distance_threshold = 0.375
 46 | # Max duration allotted when connecting to participants
 47 | participant_connection_timeout = "1s"
 48 | 
 49 | # Database where the masks will be stored
 50 | [coordinator.db]
 51 | url = "postgres://localhost:5432/mpc"
 52 | migrate = true
 53 | create = false
 54 | 
 55 | # AWS configuration for the coordinator
 56 | [coordinator.aws]
 57 | endpoint = ""
 58 | region = ""
 59 | 
 60 | [coordinator.queues]
 61 | # Uniqueness check requests queue
 62 | queries_queue_url = "https://sqs.us-east-1.amazonaws.com/1234567890/mpc-query-queue"
 63 | # Uniqueness check results queue
 64 | distances_queue_url = "https://sqs.us-east-1.amazonaws.com/1234567890/mpc-distance-results-queue"
 65 | # Queue specifying masks to add to the database
 66 | db_sync_queue_url = "https://sqs.us-east-1.amazonaws.com/1234567890/mpc-query-queue"
 67 | ```
 68 | 
 69 | ### Participant
 70 | 
 71 | To start the participant, you can run `mpc-node --config <path_to_config>`. Note that the command to run the participant is the same as the coordinator, however you will need to specify the following configuration variables instead.
 72 | 
 73 | ```toml
 74 | [participant]
 75 | # Socket address for the participant
 76 | socket_addr = "127.0.0.1:8000"
 77 | # Batch size when calculating fractional hamming distance
 78 | batch_size = 20000
 79 | 
 80 | # Database where the shares will be stored
 81 | [participant.db]
 82 | url = "postgres://localhost:5432/participant_db"
 83 | migrate = true
 84 | create = false
 85 | 
 86 | # AWS configuration for the participant
 87 | [participant.aws]
 88 | endpoint = ""
 89 | region = ""
 90 | 
 91 | [participant.queues]
 92 | # Queue specifying shares to add to the database
 93 | db_sync_queue_url = "https://sqs.us-east-1.amazonaws.com/1234567890/participant-db-sync-queue"
 94 | ```
 95 | 
 96 | 
 97 | ### Running Locally
 98 | 
 99 | To run a local version of the MPC uniqueness check with two participants, you can execute the following command. Note that you do not need to specify the configuration above as this is already included in the compose file.
100 | ```
101 | docker compose up -d
102 | ```
103 | 
104 | Once all of the services are running, you can seed the coordinator and participant databases with random iris codes/masks.
105 | ```
106 | utils seed-db -c postgres://postgres:postgres@127.0.0.1:5432/db -p postgres://postgres:postgres@127.0.0.1:5433/db --num 10000 --batch-size 1000
107 | ```
108 | 
109 | After seeding the databases, you can enqueue a random template to the coordinator queue which will orchestrate the MPC uniqueness check.
110 | 
111 | ```
112 | utils sqs-query -e http://localhost:4566 -q http://sqs.us-east-1.localhost.localstack.cloud:4566/000000000000/coordinator-uniqueness-check
113 | ```
114 | 
115 | ## License
116 | 
117 | Unless otherwise specified, all code in this repository is dual-licensed under
118 | either:
119 | 
120 | - MIT License ([LICENSE-MIT](LICENSE-MIT))
121 | - Apache License, Version 2.0, with LLVM Exceptions
122 |   ([LICENSE-APACHE](LICENSE-APACHE))
123 | 
124 | at your option. This means you may select the license you prefer to use.
125 | 
126 | Any contribution intentionally submitted for inclusion in the work by you, as
127 | defined in the Apache-2.0 license, shall be dual licensed as above, without any
128 | additional terms or conditions.
129 | 


--------------------------------------------------------------------------------
/src/iris_db.rs:
--------------------------------------------------------------------------------
  1 | use futures::{Stream, TryStreamExt};
  2 | use mongodb::bson::doc;
  3 | use mongodb::Collection;
  4 | use serde::{Deserialize, Serialize};
  5 | 
  6 | use crate::bits::Bits;
  7 | 
  8 | pub const IRIS_CODE_BATCH_SIZE: u32 = 30_000;
  9 | pub const DATABASE_NAME: &str = "iris";
 10 | pub const COLLECTION_NAME: &str = "codes.v2";
 11 | pub const FINAL_RESULT_COLLECTION_NAME: &str = "mpc.results";
 12 | pub const FINAL_RESULT_STATUS: &str = "COMPLETED";
 13 | 
 14 | #[derive(Debug, Clone, Serialize, Deserialize)]
 15 | pub struct IrisCodeEntry {
 16 |     pub signup_id: String,
 17 |     /// Internal serial id of the iris code db
 18 |     pub serial_id: u64,
 19 |     pub iris_code_left: Bits,
 20 |     pub mask_code_left: Bits,
 21 |     pub iris_code_right: Bits,
 22 |     pub mask_code_right: Bits,
 23 |     pub whitelisted: bool,
 24 | }
 25 | 
 26 | #[derive(Serialize, Deserialize, Debug)]
 27 | pub struct FinalResult {
 28 |     /// Should always by "COMPLETED"
 29 |     pub status: String,
 30 | 
 31 |     /// The MPC serial id associated with this signup
 32 |     pub serial_id: u64,
 33 | 
 34 |     /// A unique signup id string
 35 |     pub signup_id: String,
 36 | 
 37 |     pub unique: bool,
 38 | 
 39 |     pub right_result: SideResult,
 40 | 
 41 |     pub left_result: SideResult,
 42 | }
 43 | 
 44 | #[derive(Serialize, Deserialize, Debug)]
 45 | pub struct SideResult {
 46 |     // This struct is intentionally left empty to represent an empty document.
 47 | }
 48 | 
 49 | pub struct IrisDb {
 50 |     pub db: mongodb::Database,
 51 | }
 52 | 
 53 | impl IrisDb {
 54 |     pub async fn new(url: String) -> eyre::Result<Self> {
 55 |         let client_options =
 56 |             mongodb::options::ClientOptions::parse(url).await?;
 57 | 
 58 |         let client: mongodb::Client =
 59 |             mongodb::Client::with_options(client_options)?;
 60 | 
 61 |         let db = client.database(DATABASE_NAME);
 62 | 
 63 |         Ok(Self { db })
 64 |     }
 65 | 
 66 |     #[tracing::instrument(skip(self))]
 67 |     pub async fn save_final_results(
 68 |         &self,
 69 |         final_results: &[FinalResult],
 70 |     ) -> eyre::Result<()> {
 71 |         let collection: Collection<FinalResult> =
 72 |             self.db.collection(FINAL_RESULT_COLLECTION_NAME);
 73 | 
 74 |         collection.insert_many(final_results, None).await?;
 75 | 
 76 |         Ok(())
 77 |     }
 78 | 
 79 |     #[tracing::instrument(skip(self))]
 80 |     pub async fn get_final_result_by_serial_id(
 81 |         &self,
 82 |         serial_id: u64,
 83 |     ) -> eyre::Result<Option<FinalResult>> {
 84 |         let collection: Collection<FinalResult> =
 85 |             self.db.collection(FINAL_RESULT_COLLECTION_NAME);
 86 | 
 87 |         let final_result = collection
 88 |             .find_one(doc! { "serial_id": serial_id as i64 }, None)
 89 |             .await?;
 90 | 
 91 |         Ok(final_result)
 92 |     }
 93 | 
 94 |     /// Removes all final result entries with serial id larger than the given one
 95 |     #[tracing::instrument(skip(self))]
 96 |     pub async fn prune_final_results(
 97 |         &self,
 98 |         serial_id: u64,
 99 |     ) -> eyre::Result<()> {
100 |         let collection: Collection<FinalResult> =
101 |             self.db.collection(FINAL_RESULT_COLLECTION_NAME);
102 | 
103 |         collection
104 |             .delete_many(
105 |                 doc! { "serial_id": { "$gt": serial_id as i64 } },
106 |                 None,
107 |             )
108 |             .await?;
109 | 
110 |         Ok(())
111 |     }
112 | 
113 |     #[tracing::instrument(skip(self))]
114 |     pub async fn count_whitelisted_iris_codes(
115 |         &self,
116 |         last_serial_id: u64,
117 |     ) -> eyre::Result<u64> {
118 |         let collection: Collection<IrisCodeEntry> =
119 |             self.db.collection(COLLECTION_NAME);
120 | 
121 |         let count = collection
122 |             .count_documents(
123 |                 doc! {
124 |                     "serial_id": {"$gt": last_serial_id as i64},
125 |                     "whitelisted": true,
126 |                 },
127 |                 None,
128 |             )
129 |             .await?;
130 | 
131 |         Ok(count)
132 |     }
133 | 
134 |     #[tracing::instrument(skip(self))]
135 |     pub async fn get_entry_by_signup_id(
136 |         &self,
137 |         signup_id: &str,
138 |     ) -> eyre::Result<Option<IrisCodeEntry>> {
139 |         let collection: Collection<IrisCodeEntry> =
140 |             self.db.collection(COLLECTION_NAME);
141 | 
142 |         let iris_code_entry = collection
143 |             .find_one(doc! {"signup_id": signup_id}, None)
144 |             .await?;
145 | 
146 |         Ok(iris_code_entry)
147 |     }
148 | 
149 |     #[tracing::instrument(skip(self))]
150 |     pub async fn stream_whitelisted_iris_codes(
151 |         &self,
152 |         last_serial_id: u64,
153 |     ) -> eyre::Result<
154 |         impl Stream<Item = Result<IrisCodeEntry, mongodb::error::Error>>,
155 |     > {
156 |         let find_options = mongodb::options::FindOptions::builder()
157 |             .batch_size(IRIS_CODE_BATCH_SIZE)
158 |             .sort(doc! { "serial_id": 1 })
159 |             .build();
160 | 
161 |         let collection = self.db.collection(COLLECTION_NAME);
162 | 
163 |         let cursor = collection
164 |             .find(
165 |                 doc! {
166 |                     "serial_id": {"$gt": last_serial_id as i64},
167 |                     "whitelisted": true
168 |                 },
169 |                 find_options,
170 |             )
171 |             .await?;
172 | 
173 |         let codes_stream = cursor.and_then(|document| async move {
174 |             let iris_code_element =
175 |                 mongodb::bson::from_document::<IrisCodeEntry>(document)?;
176 | 
177 |             eyre::Result::Ok(iris_code_element)
178 |         });
179 | 
180 |         Ok(codes_stream)
181 |     }
182 | }
183 | 


--------------------------------------------------------------------------------
/src/utils/aws.rs:
--------------------------------------------------------------------------------
  1 | use std::collections::HashMap;
  2 | use std::fmt::Debug;
  3 | 
  4 | use aws_config::Region;
  5 | use aws_sdk_sqs::types::{Message, MessageAttributeValue};
  6 | use eyre::Context;
  7 | use serde::Serialize;
  8 | use telemetry_batteries::reexports::opentelemetry::trace::{
  9 |     SpanContext, SpanId, TraceFlags, TraceId, TraceState,
 10 | };
 11 | 
 12 | use crate::config::AwsConfig;
 13 | 
 14 | const DEQUEUE_WAIT_TIME_SECONDS: i32 = 1;
 15 | const TRACE_ID_MESSAGE_ATTRIBUTE_NAME: &str = "TraceID";
 16 | const SPAN_ID_MESSAGE_ATTRIBUTE_NAME: &str = "SpanID";
 17 | 
 18 | pub async fn sqs_client_from_config(
 19 |     config: &AwsConfig,
 20 | ) -> eyre::Result<aws_sdk_sqs::Client> {
 21 |     let mut config_builder =
 22 |         aws_config::defaults(aws_config::BehaviorVersion::latest());
 23 | 
 24 |     if let Some(endpoint_url) = config.endpoint.as_ref() {
 25 |         config_builder = config_builder.endpoint_url(endpoint_url);
 26 |     }
 27 | 
 28 |     if let Some(region) = config.region.as_ref() {
 29 |         config_builder = config_builder.region(Region::new(region.clone()));
 30 |     }
 31 | 
 32 |     let aws_config = config_builder.load().await;
 33 | 
 34 |     let aws_client = aws_sdk_sqs::Client::new(&aws_config);
 35 | 
 36 |     Ok(aws_client)
 37 | }
 38 | 
 39 | #[tracing::instrument(skip(client, queue_url), level = "debug")]
 40 | pub async fn sqs_dequeue(
 41 |     client: &aws_sdk_sqs::Client,
 42 |     queue_url: &str,
 43 |     max_number_of_messages: Option<i32>,
 44 | ) -> eyre::Result<Vec<Message>> {
 45 |     let mut sqs_message = client
 46 |         .receive_message()
 47 |         .message_attribute_names("All")
 48 |         .queue_url(queue_url)
 49 |         .wait_time_seconds(DEQUEUE_WAIT_TIME_SECONDS);
 50 | 
 51 |     if let Some(max_number_of_messages) = max_number_of_messages {
 52 |         sqs_message =
 53 |             sqs_message.max_number_of_messages(max_number_of_messages);
 54 |     }
 55 | 
 56 |     let sqs_message = sqs_message.send().await?;
 57 | 
 58 |     let messages = sqs_message.messages;
 59 | 
 60 |     let Some(messages) = messages else {
 61 |         return Ok(vec![]);
 62 |     };
 63 | 
 64 |     let message_receipts = messages
 65 |         .iter()
 66 |         .map(|message| message.receipt_handle.clone())
 67 |         .collect::<Vec<Option<String>>>();
 68 | 
 69 |     tracing::debug!(?message_receipts, "Dequeued messages");
 70 | 
 71 |     Ok(messages)
 72 | }
 73 | 
 74 | #[tracing::instrument(skip(client, payload))]
 75 | pub async fn sqs_enqueue<T>(
 76 |     client: &aws_sdk_sqs::Client,
 77 |     queue_url: &str,
 78 |     message_group_id: &str,
 79 |     payload: T,
 80 | ) -> eyre::Result<()>
 81 | where
 82 |     T: Serialize + Debug,
 83 | {
 84 |     let body = serde_json::to_string(&payload)
 85 |         .wrap_err("Failed to serialize message")?;
 86 | 
 87 |     let message_attributes = construct_message_attributes()?;
 88 | 
 89 |     let send_message_output = client
 90 |         .send_message()
 91 |         .queue_url(queue_url)
 92 |         .message_group_id(message_group_id)
 93 |         .set_message_attributes(Some(message_attributes))
 94 |         .message_body(body)
 95 |         .send()
 96 |         .await?;
 97 | 
 98 |     tracing::info!(?send_message_output, ?payload, "Enqueued message");
 99 | 
100 |     Ok(())
101 | }
102 | 
103 | pub fn construct_message_attributes(
104 | ) -> eyre::Result<HashMap<String, MessageAttributeValue>> {
105 |     let (trace_id, span_id) = telemetry_batteries::tracing::extract_span_ids();
106 | 
107 |     let mut message_attributes = HashMap::new();
108 | 
109 |     let trace_id_message_attribute = MessageAttributeValue::builder()
110 |         .data_type("String")
111 |         .string_value(trace_id.to_string())
112 |         .build()?;
113 | 
114 |     message_attributes.insert(
115 |         TRACE_ID_MESSAGE_ATTRIBUTE_NAME.to_string(),
116 |         trace_id_message_attribute,
117 |     );
118 | 
119 |     let span_id_message_attribute = MessageAttributeValue::builder()
120 |         .data_type("String")
121 |         .string_value(span_id.to_string())
122 |         .build()?;
123 | 
124 |     message_attributes.insert(
125 |         SPAN_ID_MESSAGE_ATTRIBUTE_NAME.to_string(),
126 |         span_id_message_attribute,
127 |     );
128 | 
129 |     Ok(message_attributes)
130 | }
131 | 
132 | pub async fn sqs_delete_message(
133 |     client: &aws_sdk_sqs::Client,
134 |     queue_url: impl Into<String>,
135 |     receipt_handle: impl Into<String>,
136 | ) -> eyre::Result<()> {
137 |     let receipt_handle = receipt_handle.into();
138 | 
139 |     client
140 |         .delete_message()
141 |         .queue_url(queue_url)
142 |         .receipt_handle(&receipt_handle)
143 |         .send()
144 |         .await?;
145 | 
146 |     tracing::info!(?receipt_handle, "Deleted message from queue");
147 | 
148 |     Ok(())
149 | }
150 | 
151 | pub fn trace_from_message_attributes(
152 |     message_attributes: &HashMap<String, MessageAttributeValue>,
153 |     receipt_handle: &str,
154 | ) -> eyre::Result<()> {
155 |     if let Some(trace_id) =
156 |         message_attributes.get(TRACE_ID_MESSAGE_ATTRIBUTE_NAME)
157 |     {
158 |         if let Some(span_id) =
159 |             message_attributes.get(SPAN_ID_MESSAGE_ATTRIBUTE_NAME)
160 |         {
161 |             let trace_id = trace_id
162 |                 .string_value()
163 |                 .expect("Could not parse TraceID")
164 |                 .parse::<u128>()?;
165 | 
166 |             let span_id = span_id
167 |                 .string_value()
168 |                 .expect("Could not parse SpanID")
169 |                 .parse::<u64>()?;
170 | 
171 |             // Create and set the span parent context
172 |             let parent_ctx = SpanContext::new(
173 |                 TraceId::from(trace_id),
174 |                 SpanId::from(span_id),
175 |                 TraceFlags::default(),
176 |                 true,
177 |                 TraceState::default(),
178 |             );
179 | 
180 |             telemetry_batteries::tracing::trace_from_ctx(parent_ctx);
181 |         } else {
182 |             tracing::warn!(?receipt_handle, "SQS message missing SpanID");
183 |         }
184 |     } else {
185 |         tracing::warn!(?receipt_handle, "SQS message missing TraceID");
186 |     }
187 | 
188 |     Ok(())
189 | }
190 | 


--------------------------------------------------------------------------------
/src/config.rs:
--------------------------------------------------------------------------------
  1 | use std::net::SocketAddr;
  2 | use std::path::Path;
  3 | use std::time::Duration;
  4 | 
  5 | use serde::de::DeserializeOwned;
  6 | use serde::{Deserialize, Serialize};
  7 | 
  8 | use self::json_wrapper::JsonStrWrapper;
  9 | 
 10 | mod json_wrapper;
 11 | 
 12 | pub fn load_config<T>(
 13 |     prefix: &str,
 14 |     config_path: Option<&Path>,
 15 | ) -> eyre::Result<T>
 16 | where
 17 |     T: DeserializeOwned,
 18 | {
 19 |     let mut settings = config::Config::builder();
 20 | 
 21 |     if let Some(path) = config_path {
 22 |         settings = settings.add_source(config::File::from(path).required(true));
 23 |     }
 24 | 
 25 |     let settings = settings
 26 |         .add_source(
 27 |             config::Environment::with_prefix(prefix)
 28 |                 .separator("__")
 29 |                 .try_parsing(true),
 30 |         )
 31 |         .build()?;
 32 | 
 33 |     let config = settings.try_deserialize::<T>()?;
 34 | 
 35 |     Ok(config)
 36 | }
 37 | 
 38 | #[derive(Debug, Clone, Serialize, Deserialize)]
 39 | pub struct Config {
 40 |     #[serde(default)]
 41 |     pub service: Option<ServiceConfig>,
 42 |     #[serde(default)]
 43 |     pub coordinator: Option<CoordinatorConfig>,
 44 |     #[serde(default)]
 45 |     pub participant: Option<ParticipantConfig>,
 46 |     #[serde(default)]
 47 |     pub health_check: Option<HealthCheckConfig>,
 48 | }
 49 | 
 50 | #[derive(Debug, Clone, Serialize, Deserialize)]
 51 | pub struct CoordinatorConfig {
 52 |     pub participants: JsonStrWrapper<Vec<String>>,
 53 |     #[serde(
 54 |         with = "humantime_serde",
 55 |         default = "default::participant_connection_timeout"
 56 |     )]
 57 |     pub participant_connection_timeout: Duration,
 58 |     #[serde(
 59 |         with = "humantime_serde",
 60 |         default = "default::latest_serial_id_interval"
 61 |     )]
 62 |     pub latest_serial_id_interval: Duration,
 63 |     pub hamming_distance_threshold: f64,
 64 |     pub n_closest_distances: usize,
 65 |     pub db: DbConfig,
 66 |     pub queues: CoordinatorQueuesConfig,
 67 |     #[serde(default)]
 68 |     pub aws: AwsConfig,
 69 | }
 70 | 
 71 | #[derive(Debug, Clone, Serialize, Deserialize)]
 72 | pub struct ParticipantConfig {
 73 |     pub socket_addr: SocketAddr,
 74 |     pub batch_size: usize,
 75 |     pub db: DbConfig,
 76 |     pub queues: ParticipantQueuesConfig,
 77 |     #[serde(default)]
 78 |     pub aws: AwsConfig,
 79 | }
 80 | 
 81 | #[derive(Debug, Clone, Serialize, Deserialize)]
 82 | pub struct DbConfig {
 83 |     pub url: String,
 84 | 
 85 |     #[serde(default)]
 86 |     pub migrate: bool,
 87 | 
 88 |     #[serde(default)]
 89 |     pub create: bool,
 90 | }
 91 | 
 92 | #[derive(Debug, Clone, Serialize, Deserialize)]
 93 | pub struct CoordinatorQueuesConfig {
 94 |     pub queries_queue_url: String,
 95 |     pub distances_queue_url: String,
 96 |     pub db_sync_queue_url: String,
 97 | }
 98 | 
 99 | #[derive(Debug, Clone, Serialize, Deserialize)]
100 | pub struct ParticipantQueuesConfig {
101 |     pub db_sync_queue_url: String,
102 | }
103 | 
104 | #[derive(Debug, Clone, Serialize, Deserialize, Default)]
105 | pub struct AwsConfig {
106 |     /// Used to override the default endpoint url for the AWS service
107 |     ///
108 |     /// Useful when using something like LocalStack
109 |     pub endpoint: Option<String>,
110 | 
111 |     #[serde(default)]
112 |     pub region: Option<String>,
113 | }
114 | 
115 | #[derive(Debug, Clone, Serialize, Deserialize)]
116 | pub struct ServiceConfig {
117 |     // Service name - used for logging, metrics and tracing
118 |     pub service_name: String,
119 |     // Traces
120 |     pub traces_endpoint: Option<String>,
121 |     // Metrics
122 |     pub metrics: Option<MetricsConfig>,
123 | }
124 | 
125 | #[derive(Debug, Clone, Serialize, Deserialize)]
126 | pub struct MetricsConfig {
127 |     pub host: String,
128 |     pub port: u16,
129 |     pub queue_size: usize,
130 |     pub buffer_size: usize,
131 |     pub prefix: String,
132 | }
133 | 
134 | #[derive(Debug, Clone, Serialize, Deserialize)]
135 | pub struct HealthCheckConfig {
136 |     pub socket_addr: SocketAddr,
137 | }
138 | 
139 | mod default {
140 |     use std::time::Duration;
141 | 
142 |     pub fn participant_connection_timeout() -> Duration {
143 |         Duration::from_secs(5)
144 |     }
145 | 
146 |     pub fn latest_serial_id_interval() -> Duration {
147 |         Duration::from_secs(2)
148 |     }
149 | }
150 | 
151 | #[cfg(test)]
152 | mod tests {
153 |     use super::*;
154 | 
155 |     #[test]
156 |     fn to_toml() {
157 |         let config = Config {
158 |             service: Some(ServiceConfig {
159 |                 service_name: "mpc-coordinator".to_string(),
160 |                 traces_endpoint: None,
161 | 
162 |                 metrics: Some(MetricsConfig {
163 |                     // Metrics
164 |                     host: "localhost".to_string(),
165 |                     port: 8125,
166 |                     queue_size: 5000,
167 |                     buffer_size: 1024,
168 |                     prefix: "mpc-coordinator".to_string(),
169 |                 }),
170 |             }),
171 |             coordinator: Some(CoordinatorConfig {
172 |                 participants: JsonStrWrapper(vec![
173 |                     "127.0.0.1:8000".to_string(),
174 |                     "127.0.0.1:8001".to_string(),
175 |                     "127.0.0.1:8002".to_string(),
176 |                 ]),
177 |                 participant_connection_timeout: Duration::from_secs(1),
178 |                 latest_serial_id_interval: Duration::from_secs(5),
179 |                 hamming_distance_threshold: 0.375,
180 |                 n_closest_distances: 20,
181 |                 db: DbConfig {
182 |                     url: "postgres://localhost:5432/mpc".to_string(),
183 |                     migrate: true,
184 |                     create: true,
185 |                 },
186 |                 queues: CoordinatorQueuesConfig {
187 |                     queries_queue_url: "https://sqs.us-east-1.amazonaws.com/1234567890/mpc-query-queue"
188 |                         .to_string(),
189 |                     distances_queue_url: "https://sqs.us-east-1.amazonaws.com/1234567890/mpc-distance-results-queue"
190 |                         .to_string(),
191 |                     db_sync_queue_url: "https://sqs.us-east-1.amazonaws.com/1234567890/mpc-query-queue"
192 |                         .to_string(),
193 |                 },
194 |                 aws: AwsConfig {
195 |                     endpoint: Some("http://localhost:4566".to_string()),
196 |                     region: None,
197 |                 },
198 |             }),
199 |             participant: None,
200 |             health_check: None,
201 |         };
202 | 
203 |         let toml = toml::to_string(&config).unwrap();
204 | 
205 |         println!("{}", toml);
206 |     }
207 | 
208 |     #[test]
209 |     fn from_toml_coordinator() {
210 |         const TOML: &str = indoc::indoc! {
211 |             r#"
212 |             [service]
213 |             service_name = "mpc-coordinator"
214 |             metrics_host = "localhost"
215 |             metrics_port = 8125
216 |             metrics_queue_size = 5000
217 |             metrics_buffer_size = 1024
218 |             metrics_prefix = "mpc-coordinator"
219 | 
220 |             [coordinator]
221 |             participants = '["127.0.0.1:8000", "127.0.0.1:8001", "127.0.0.1:8002"]'
222 |             hamming_distance_threshold = 0.375
223 |             n_closest_distances = 20
224 |             participant_connection_timeout = "1s"
225 | 
226 |             [coordinator.db]
227 |             url = "postgres://localhost:5432/mpc"
228 |             migrate = true
229 | 
230 |             [coordinator.queues]
231 |             queries_queue_url = "https://sqs.us-east-1.amazonaws.com/1234567890/mpc-query-queue"
232 |             distances_queue_url = "https://sqs.us-east-1.amazonaws.com/1234567890/mpc-distance-results-queue"
233 |             db_sync_queue_url = "https://sqs.us-east-1.amazonaws.com/1234567890/mpc-query-queue"
234 | 
235 |             [coordinator.aws]
236 |             endpoint = "http://localhost:4566"
237 |             "#
238 |         };
239 | 
240 |         let config: Config = toml::from_str(TOML).unwrap();
241 | 
242 |         println!("{:#?}", config);
243 |     }
244 | }
245 | 


--------------------------------------------------------------------------------
/src/distance.rs:
--------------------------------------------------------------------------------
  1 | use std::ops::RangeInclusive;
  2 | 
  3 | use rayon::prelude::*;
  4 | use serde::{Deserialize, Serialize};
  5 | 
  6 | use crate::arch;
  7 | pub use crate::bits::Bits;
  8 | pub use crate::encoded_bits::EncodedBits;
  9 | pub use crate::template::Template;
 10 | 
 11 | pub const COLS: usize = 200;
 12 | pub const ROWS: usize = 4 * 16;
 13 | pub const BITS: usize = ROWS * COLS;
 14 | 
 15 | pub const ROTATIONS: RangeInclusive<i32> = -15..=15;
 16 | 
 17 | /// Generate a [`EncodedBits`] such that values are $\{-1,0,1\}$, representing
 18 | /// unset, masked and set.
 19 | pub fn encode(template: &Template) -> EncodedBits {
 20 |     // Make sure masked-out pattern bits are zero;
 21 |     let pattern = &template.code & &template.mask;
 22 | 
 23 |     // Convert to u16s
 24 |     let pattern = EncodedBits::from(&pattern);
 25 |     let mask = EncodedBits::from(&template.mask);
 26 | 
 27 |     // Preprocessed is (mask - 2 * pattern)
 28 |     mask - pattern - pattern
 29 | }
 30 | 
 31 | pub fn decode(encoded: &EncodedBits) -> eyre::Result<Template> {
 32 |     let mut code = Bits::ZERO;
 33 |     let mut mask = Bits::ZERO;
 34 | 
 35 |     for (idx, bit) in encoded.0.iter().enumerate() {
 36 |         match bit {
 37 |             0 => {
 38 |                 code.set(idx, false);
 39 |                 mask.set(idx, false);
 40 |             }
 41 |             1 => {
 42 |                 code.set(idx, false);
 43 |                 mask.set(idx, true);
 44 |             }
 45 |             &u16::MAX => {
 46 |                 code.set(idx, true);
 47 |                 mask.set(idx, true);
 48 |             }
 49 |             _ => eyre::bail!("Invalid encoded bits"),
 50 |         }
 51 |     }
 52 | 
 53 |     Ok(Template { code, mask })
 54 | }
 55 | 
 56 | pub struct DistanceEngine {
 57 |     rotations: Box<[EncodedBits; 31]>,
 58 | }
 59 | 
 60 | impl DistanceEngine {
 61 |     pub fn new(rotations: impl Iterator<Item = EncodedBits>) -> Self {
 62 |         Self {
 63 |             rotations: rotations.collect::<Box<[_]>>().try_into().unwrap(),
 64 |         }
 65 |     }
 66 | 
 67 |     #[tracing::instrument(skip(self, out, db), level = "debug")]
 68 |     pub fn batch_process(&self, out: &mut [[u16; 31]], db: &[EncodedBits]) {
 69 |         assert_eq!(out.len(), db.len());
 70 |         out.par_iter_mut()
 71 |             .zip(db.par_iter())
 72 |             .for_each(|(result, entry)| {
 73 |                 // Compute dot product for each rotation
 74 |                 for (d, rotation) in
 75 |                     result.iter_mut().zip(self.rotations.iter())
 76 |                 {
 77 |                     *d = rotation.dot(entry);
 78 |                 }
 79 |             });
 80 |     }
 81 | }
 82 | 
 83 | #[derive(Debug, Clone, Serialize, Deserialize)]
 84 | pub struct Distance {
 85 |     pub distance: f64,
 86 |     pub serial_id: u64,
 87 | }
 88 | 
 89 | impl Distance {
 90 |     pub fn new(serial_id: u64, distance: f64) -> Self {
 91 |         Self {
 92 |             distance,
 93 |             serial_id,
 94 |         }
 95 |     }
 96 | }
 97 | 
 98 | impl Eq for Distance {}
 99 | 
100 | impl PartialEq for Distance {
101 |     fn eq(&self, other: &Self) -> bool {
102 |         self.distance.eq(&other.distance) && self.serial_id.eq(&other.serial_id)
103 |     }
104 | }
105 | 
106 | /// Result data for a uniqueness check
107 | #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
108 | pub struct DistanceResults {
109 |     /// The lowest serial id known across all nodes
110 |     pub serial_id: u64,
111 |     /// The distances to the query - truncated by n_closest_distances config variable
112 |     pub matches: Vec<Distance>,
113 |     // The number of matches before truncation
114 |     pub n_untruncated_matches: u32,
115 | }
116 | 
117 | impl DistanceResults {
118 |     pub fn new(
119 |         serial_id: u64,
120 |         matches: Vec<Distance>,
121 |         n_untruncated_matches: u32,
122 |     ) -> Self {
123 |         Self {
124 |             serial_id,
125 |             matches,
126 |             n_untruncated_matches,
127 |         }
128 |     }
129 | }
130 | 
131 | pub struct MasksEngine {
132 |     rotations: Box<[Bits; 31]>,
133 | }
134 | 
135 | impl MasksEngine {
136 |     pub fn new(query: &Bits) -> Self {
137 |         let rotations =
138 |             query.rotations().collect::<Box<[_]>>().try_into().unwrap();
139 |         Self { rotations }
140 |     }
141 | 
142 |     #[tracing::instrument(skip(self, out, db), level = "debug")]
143 |     pub fn batch_process(&self, out: &mut [[u16; 31]], db: &[Bits]) {
144 |         assert_eq!(out.len(), db.len());
145 |         out.par_iter_mut()
146 |             .zip(db.par_iter())
147 |             .for_each(|(result, entry)| {
148 |                 // Compute dot product for each rotation
149 |                 for (d, rotation) in
150 |                     result.iter_mut().zip(self.rotations.iter())
151 |                 {
152 |                     *d = rotation.dot(entry);
153 |                 }
154 |             });
155 |     }
156 | }
157 | 
158 | /// Compute encoded distances for each rotation, iterating over a database
159 | pub fn distances<'a>(
160 |     query: &'a Template,
161 |     db: &'a [EncodedBits],
162 | ) -> impl Iterator<Item = [u16; 31]> + 'a {
163 |     let query_rotations: Vec<_> =
164 |         query.rotations().map(|query| encode(&query)).collect();
165 | 
166 |     arch::distances(query_rotations, db)
167 | }
168 | 
169 | /// Compute the 31 rotated mask popcounts.
170 | pub fn denominators<'a>(
171 |     query: &'a Bits,
172 |     db: &'a [Bits],
173 | ) -> impl Iterator<Item = [u16; 31]> + 'a {
174 |     arch::denominators(query, db)
175 | }
176 | 
177 | /// Decode a distances. Takes the minimum over the rotations
178 | pub fn decode_distance(distances: &[u16; 31], denominators: &[u16; 31]) -> f64 {
179 |     // TODO: Detect errors.
180 |     // (d - n) must be an even number in range
181 | 
182 |     distances
183 |         .iter()
184 |         .zip(denominators.iter())
185 |         .map(|(&n, &d)| (d.wrapping_sub(n) / 2, d))
186 |         .map(|(n, d)| (n as f64) / (d as f64))
187 |         .fold(f64::INFINITY, f64::min)
188 | }
189 | 
190 | #[cfg(test)]
191 | mod tests {
192 |     use proptest::bits::u16;
193 |     use rand::{thread_rng, Rng};
194 | 
195 |     use super::*;
196 | 
197 |     #[test]
198 |     fn test_preprocess() {
199 |         let mut rng = thread_rng();
200 |         for _ in 0..100 {
201 |             let entry = rng.gen();
202 |             let encrypted = encode(&entry);
203 |             for (i, v) in encrypted.0.iter().enumerate() {
204 |                 match *v {
205 |                     u16::MAX => assert!(entry.mask[i] && entry.code[i]),
206 |                     0 => assert!(!entry.mask[i]),
207 |                     1 => assert!(entry.mask[i] && !entry.code[i]),
208 |                     _ => panic!(),
209 |                 }
210 |             }
211 |         }
212 |     }
213 | 
214 |     #[test]
215 |     fn test_dotproduct() {
216 |         let mut rng = thread_rng();
217 |         for _ in 0..100 {
218 |             let a = rng.gen();
219 |             let b = rng.gen();
220 |             let pre_a = encode(&a);
221 |             let pre_b = encode(&b);
222 | 
223 |             let mut equal = 0;
224 |             let mut uneq = 0;
225 |             let mut denominator = 0;
226 |             for i in 0..BITS {
227 |                 if a.mask[i] && b.mask[i] {
228 |                     denominator += 1;
229 |                     if a.code[i] == b.code[i] {
230 |                         equal += 1;
231 |                     } else {
232 |                         uneq += 1;
233 |                     }
234 |                 }
235 |             }
236 | 
237 |             let sum = (pre_a * &pre_b).sum() as i16;
238 |             assert_eq!(equal - uneq, sum);
239 |             assert_eq!(equal + uneq, denominator);
240 |             assert_eq!((denominator - sum) % 2, 0);
241 |             assert_eq!(uneq, (denominator - sum) / 2);
242 |         }
243 |     }
244 | 
245 |     #[test]
246 |     fn encode_decode() {
247 |         let mut rng = thread_rng();
248 | 
249 |         for _ in 0..100 {
250 |             let template = rng.gen::<Template>();
251 | 
252 |             let encoded = encode(&template);
253 | 
254 |             let decoded = decode(&encoded).expect("Decoding failed");
255 | 
256 |             // Masks must always be equal
257 |             assert_eq!(template.mask, decoded.mask);
258 | 
259 |             // Codes are equal with masks applied
260 |             let orig_pattern = template.code & &template.mask;
261 |             let actual_pattern = decoded.code & &decoded.mask;
262 | 
263 |             assert_eq!(orig_pattern, actual_pattern);
264 |         }
265 |     }
266 | }
267 | 
268 | // TODO: move this to benches
269 | #[cfg(feature = "bench")]
270 | pub mod benches {
271 |     use criterion::Criterion;
272 | 
273 |     use super::*;
274 | 
275 |     pub fn group(c: &mut Criterion) {
276 |         arch::benches::group(c);
277 |     }
278 | }
279 | 


--------------------------------------------------------------------------------
/benches/rotation_comparison.rs:
--------------------------------------------------------------------------------
 1 | use criterion::{criterion_group, criterion_main, Criterion};
 2 | use mpc::template::Template;
 3 | 
 4 | const A: &str = indoc::indoc! { r#"{
 5 |         "code": "UGQwOHvPdn5w70Tf52jWiso1Upw4taZzWbvoQeYD2JocpibnzBLJJHCBhtFSDfCSxHc7RFXcVCRfNocX4KZdXxx3Vhn+yVHOcskVi6/2/JsaGztJJDCpo+oI+0+DEP+pYPMqOIYA2Ii3VJxnkcQKcdnTKuBOOXV5SXCj8yo/XZhcjvRj+OHeNvgh8UKvFsEVgD0GL7uq+0GAb0s6WQz6wzAmnlkGfV9E7gxT9QcIoezUZm8ZTuHyUcnpDhQ8ptiTbdIWsWL4VIY9PPntGPOL5pMXAQ7Tc7estxTf1za962XDAXwv4l3NkintjfowFJQaLTzDsHzFk4EQwmMCggiQ04nw2YUMc/HtYqbKjopNoMRrvQFrXHW1w2Gipa+RPw5aPiIP7fUF2G9uSemoPvdTHCAZXc887T30fucHUaSv9/2h656KPCA35j1icisHzDn3OEAGVBKr1yhwnzkcM1DNSMcquzDHtSNy7Xn/+6WVVrMNaN9vZg9IMREqn0qqMKrNubfCNHAMOUpIhNIa3Sr75k2xlsb0j+c3cCnkyLD5wHTVBvyzkjCM2siFl4TLZ0EK/DJ+DhNglXSgBfwgzE13F0I1mTyekXov2GYUZUS0ZJrJQyJRWZq+Kx3EfFKFUS9BKu6RFsBovYOpvWUMeWwsC93je6dKQIjRCahKnGSjoLPLNfJBFVdts4ZRoDTL6r8HOTIS+UZM3p75EUeK4LpfZaEC3I7vRLhtiMt64U1VQpWDeJdutbGzmC91p9Xxr3mEyVzjWQbvWEF9/qcYehsxLhlG4Uq2AQGBuP8Ro23wSPbeBhZIu/FaRvYT0HmtaqDgVTZBJkLxR9+qYO1rdY2HFTnQynZyRq15Ri0mIFFrlSv234r0wro49SfF7q/e6oaz3gcvMouqOAABTxLdv8xTSVZxaes5EGrBDr2TY8MJmIu6zYZ729rmr1njAWCZijz2g3lk74X0hyN1+MDgbeGzxXDjcxcAtHswxH58HN9oQ0E92dnoUsQzDX5JWmRcjh5LdsdJmxZYbzuqUDJFselLM06ZJhfHJ6P8oCod2aWVLNX5fkSdT0BfCNw63PlyfifWJbLuL2kbMB5jzvjjJtc428m5JF5+6yMHHc1+7Pic0tTm+D/vtJ4PQrY/YrQDbBIhZCqIB9fjcBqktC75e81JyUsHNM1qRuySG1maGxTgwRfzJgUoKYSaK+g/IKfDPU04AMhHSNi5BXijjicbf4vVLsRVNT5hEFl/XRr0YAxaNdcDPzys3NZ37hc/8RGkPLbNBzsIhd0KKdHbTxGm+at4Sa2a1bpOWx1crPx9QXq7asC0YJ5yE8zWSf/VD0VEJ9LJ7mrgsU7SF2iJRmhPZVkdOv0QkCk9hR3PGLpkCUsUMMpZh+oSHF4n1GGUKLinThXMDsVW+BNZ0ukE9TmBKLXOpPxTYkaPBjeyqJurGXA5mlCDKGGzFHLHh/D/DqR10OK/XhwmXoML6rWFUrai3FPdJBmRTzFga3TrBD0td1x0iBeqhmdz48NoBEjOTdLkB5AezSJ2+o4xQll+9fzdirWV/QbqOidaZMGW3RwlE03FqYNrH+izh46oxstQhmf4GxWLnUvlqF/K9djhB9ziTX5e0RCJ+rctPGD1uhOqcHIWASvQWBKKtxPnyjx0wMIBvQUj43hXpX1L3YQfKe0ZacoHigu9n2DYAfgHU5bT9N/MU2pcdPukVckPd2ExHAFNUi+/VyxKvla6tZP4khc9pa7dEKhNxyRDxGr35tT01SGTziaEyf61HTeeMO5WxEVg8wx0GX6ibXkFIb2UHZYagJs+VX59xzU9DkRvrP7IcjScvJ7M5pef4ZhkwzpyLJ9Q+zi2FyDGqc/n+isaT6owkh+X3kn7GZ6BtDvRlO10MmOq+lKFWt/ZhfADtBmnuJV0UC4YvEjqfxD88Yx7yeAHEwiUTY2yCrJi1hpLnq0bVE8r3RkcXDamk/kNmcvZJ0iNMWszSptlR24UVTcXvEHlKrTsl5m0qGskwFn7xg6CPHRSgfhP8tD0ksM6xzsEQmjXkrt1S3NIWRz26bcBTrwmmrb7rsunEdO+GHGfHWBssD9c4G+OOc8vXeXsHxmMqcj8EwvFjDtdBrR9wvd/irYDEPYZvw==",
 6 |         "mask":"/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w=="
 7 |     }"# };
 8 | 
 9 | const B: &str = indoc::indoc! { r#"{
10 |         "code": "NBmIZfruaQ6PwrJ34jZriTKuhEwPqn7TlbY33BrnQxSS6cLrGy8ZwI6lfekKyTgV627R70xHb9HDPi4brHiBhGGouyWdGUjulBVEJ/nEOjWMY0GyV4c+sZVIONy5TtT66xJgfOG+8SVWkycZge+L26nc22vpcETqc5fyArVXFCaD2dS+d4X8jb5sMdzDNYLILeCCCQUy8Wz9Kr0wef1vcjnINru5JZ/QmBaWlggUspWxpxDNf692RiGoj/ue7Py45jqdr+/SgOcbl9zDvnVk7rd3B8K4BgHMq+YFuiBREVFvzcuI1cl5oLJOzAJhpi+sfYe1tOeYWEYQJBMvGEIOmz8AKWoLKESVbh/9lIYSW9JE+bGJKEsPPZxCpo9vfFCYwROL6Rxw4wgxeNQ/VUX8HYqbSEUDpDIvZVOOAEOGxwa6v/P91ZOTEUwZ6V/Vz+46Z+oAUyccEcikKvreMBqZJw6x3PY3pESIz6JYoclDkjUOXTBjReCEv6smAv+YfRICRQavmVsT1j2L0GCmAH4bNxCATyAPq2YqdtH5VwrKZPczMb5ExAryRzQyiOWOVTBkPjUElhxeprilmyuV4AkHW+xPgDnGitgpQ6hk/s2eL8/SwBMtRUygc/tz6bdszyt5WhEBy5qfsQ71/A6GRkndCIjXj//W5lhcdiqobrZ70WFfQy/NRgL3SFLMEYZQrTfonp+mRDI0DwQeFKojEjjpx7T9DdSBMBLhRs/PwOCVLcQZbeduRYxPrz4GOqWAcw7p6v56i6+YJOLm0mxcjVnhgIlTM1LJkp+UF2Ke6LmKFeFeuSjpA/GH2TiDlLKl04++V4aspmmRYZU5BS02FFh4V7P8u4m4SPMJXJkUV9bXMP67aqMAVkFzQBVg7wqzPw8eSvpRw6NticywIYf8n+RPjrHpPH3EZJriFRHQW8qqMQCfE3nVNSOLsTWkc+QFvaANPZJDUA5RvPQTFyqd2Jl8sSw0rnlKex1Rn5tVzoMof/aq1ARscRP49XEjaNDH9axziDyoWTcdmLDt4QcWURMTu5Hu6S4Fd/SW1qDQGt8jWlUABqmPNwDOmX3mgiErrE+RvAhwe1k4wQc9uB22O/MiBTSd/gwcqElvvxUSHIlgNyjsi2YHFucLpiNAPk9zaQsA1RP8gtLsKk+OKiIEJX+nNQHFYbPpcpSuY/XA2QFmNvzN0G9y25FVMir4+bBhvD9UKjHoxtfEGWW5Tq4UrQTaR4PzY2Vns3d0vz1KmLooIVpUNfQ0uVh2rODbhCNWkt/8skRSjAf9e+zNXWj5oMNaKNKVyWiS5VAUpITivy3yCpdwjFNWAREsufl1IOMo861bl1gJrKS6RxPPOXZJ36wHxSVRrsrQcoz0oqx2S6eE6sIssOUxaR31SaAXxZ0C/rRSDcUW/psYgUXeR6AxzyxkbXxxIdPnubRG/v1im4chRVxvy3r6YVsAZYR4uIJE2KPtCQYbJojD3/F11YnDXDA15L8hCxcMoCpjz+IzVfdBBM+jJK0KAqIWItWSOHPDbANzUuY4jxKVTbfY7XHE8OXE+fcCKk6j5eoTTiOKWneDn0Ym2c8sgIxwzUOPmCy0GhexARPqYrKPCRNgvOJ6gCUTDK7KOYzn8UmzFQ9/hOWc1rfFx7HxcK/8kSzzD8EroLccyAz6ZT7fa3YrmosEiCjTNc9DKF4j5dSgYBCFDXPpHAxPTKk8pZSNKfuLWtXQV/OjRky9XEl7g85ejwZKm/w7zpE7gtFUBYH2rAu7cCyai5OGbWUB8Jw0sOeOHRsuFxdyQknYazomA8ZQD+aQglwfMfHG2YkiNSM2eHR+4jBU4TUoTXrqgEQBMuVfHROdSLZdUPK+4kd5VM5cfDJsmKYBXSIetLwl/OEQ9faB5RjoDmcRcP123Yv3hHt/VozmTI/4BiUypkGigGfwMTNQaO6HcIu/mfaBCtoUgy9xmD4YfDIKpQjsI66MrC4SGCBjp9s6Eo+N9R6kS976dzPg/6EJPfPQdUVnAfscyonUNLgjLvcGehZ4S9v6SABx9AzVXGPPJ19qv5Y6nSxJ8fgo38ULCIVP8cMbYZ5SNfHlVREqccQjopkcM+8YIEYBp05c99cii0h6bpEcJtwja4U6gEDgaw==",
11 |         "mask":"/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w=="
12 |     }"# };
13 | 
14 | pub fn rotation_comparison(c: &mut Criterion) {
15 |     let a: Template = serde_json::from_str(A).unwrap();
16 |     let b: Template = serde_json::from_str(B).unwrap();
17 |     c.bench_function("rotation comparison", |bencher| {
18 |         bencher.iter(|| {
19 |             // Benchmark logic here
20 |             a.distance(&b).unwrap();
21 |         })
22 |     });
23 | }
24 | 
25 | criterion_group!(benches, rotation_comparison);
26 | criterion_main!(benches);
27 | 


--------------------------------------------------------------------------------
/bin/migrate-codes/migrate.rs:
--------------------------------------------------------------------------------
  1 | #![allow(clippy::type_complexity)]
  2 | 
  3 | use clap::Parser;
  4 | use eyre::ContextCompat;
  5 | use futures::{pin_mut, Stream, StreamExt};
  6 | use indicatif::{ProgressBar, ProgressStyle};
  7 | use mpc::bits::Bits;
  8 | use mpc::db::Db;
  9 | use mpc::distance::EncodedBits;
 10 | use mpc::iris_db::{
 11 |     FinalResult, IrisCodeEntry, IrisDb, SideResult, FINAL_RESULT_STATUS,
 12 | };
 13 | use mpc::template::Template;
 14 | use rand::thread_rng;
 15 | use rayon::iter::{IntoParallelIterator, ParallelIterator};
 16 | use telemetry_batteries::tracing::stdout::StdoutBattery;
 17 | 
 18 | use crate::mpc_db::MPCDb;
 19 | 
 20 | mod mpc_db;
 21 | 
 22 | #[derive(Parser)]
 23 | pub struct Args {
 24 |     /// Connection string for the iris MongoDB
 25 |     #[clap(alias = "ic", long, env)]
 26 |     pub iris_code_db: String,
 27 |     /// Connection string for the left coordinator Postgres DB
 28 |     #[clap(alias = "lc", long, env)]
 29 |     pub left_coordinator_db: String,
 30 |     /// Connection strings for the left participant Postgres DBs
 31 |     #[clap(alias = "lp", long, env)]
 32 |     pub left_participant_db: Vec<String>,
 33 |     /// Connection strings for the right coordinator Postgres DBs
 34 |     #[clap(alias = "rc", long, env)]
 35 |     pub right_coordinator_db: String,
 36 |     /// Connection string for the right participant Postgres DB
 37 |     #[clap(alias = "rp", long, env)]
 38 |     pub right_participant_db: Vec<String>,
 39 | 
 40 |     /// Batch size for encoding shares
 41 |     #[clap(short, long, default_value = "100")]
 42 |     batch_size: usize,
 43 | 
 44 |     /// If set to true, no migration or creation of the database will occur on the Postgres side
 45 |     #[clap(long)]
 46 |     no_migrate_or_create: bool,
 47 | }
 48 | 
 49 | #[tokio::main]
 50 | async fn main() -> color_eyre::Result<()> {
 51 |     color_eyre::install()?;
 52 |     dotenvy::dotenv().ok();
 53 | 
 54 |     let _shutdown_tracing_provider = StdoutBattery::init();
 55 | 
 56 |     let args = Args::parse();
 57 | 
 58 |     eyre::ensure!(
 59 |         args.left_participant_db.len() == args.right_participant_db.len(),
 60 |         "Number of participants on left & right must match (left: {}, right: {})",
 61 |         args.left_participant_db.len(),
 62 |         args.right_participant_db.len()
 63 |     );
 64 | 
 65 |     let num_participants = args.left_participant_db.len() as u64;
 66 | 
 67 |     let mpc_db = MPCDb::new(
 68 |         args.left_coordinator_db,
 69 |         args.left_participant_db,
 70 |         args.right_coordinator_db,
 71 |         args.right_participant_db,
 72 |         args.no_migrate_or_create,
 73 |     )
 74 |     .await?;
 75 | 
 76 |     let iris_db = IrisDb::new(args.iris_code_db).await?;
 77 | 
 78 |     let latest_serial_id = mpc_db.fetch_latest_serial_id().await?;
 79 |     tracing::info!("Latest serial id {latest_serial_id}");
 80 | 
 81 |     // Cleanup items with larger ids
 82 |     // as they might be assigned new values in the future
 83 |     mpc_db.prune_items(latest_serial_id).await?;
 84 |     iris_db.prune_final_results(latest_serial_id).await?;
 85 | 
 86 |     let first_unsynced_iris_serial_id = if let Some(final_result) = iris_db
 87 |         .get_final_result_by_serial_id(latest_serial_id)
 88 |         .await?
 89 |     {
 90 |         iris_db
 91 |             .get_entry_by_signup_id(&final_result.signup_id)
 92 |             .await?
 93 |             .context("Could not find iris code entry")?
 94 |             .serial_id
 95 |     } else {
 96 |         0
 97 |     };
 98 | 
 99 |     let num_iris_codes = iris_db
100 |         .count_whitelisted_iris_codes(first_unsynced_iris_serial_id)
101 |         .await?;
102 |     tracing::info!("Processing {} iris codes", num_iris_codes);
103 | 
104 |     let pb =
105 |         ProgressBar::new(num_iris_codes).with_message("Migrating iris codes");
106 |     let pb_style = ProgressStyle::default_bar()
107 |         .template("{spinner:.green} {msg} [{elapsed_precise}] [{wide_bar:.green}] {pos:>7}/{len:7} ({eta})")
108 |         .expect("Could not create progress bar");
109 |     pb.set_style(pb_style);
110 | 
111 |     let iris_code_entries = iris_db
112 |         .stream_whitelisted_iris_codes(first_unsynced_iris_serial_id)
113 |         .await?
114 |         .chunks(args.batch_size)
115 |         .map(|chunk| chunk.into_iter().collect::<Result<Vec<_>, _>>());
116 | 
117 |     handle_templates_stream(
118 |         iris_code_entries,
119 |         &iris_db,
120 |         &mpc_db,
121 |         num_participants as usize,
122 |         latest_serial_id,
123 |         &pb,
124 |     )
125 |     .await?;
126 | 
127 |     pb.finish();
128 | 
129 |     Ok(())
130 | }
131 | 
132 | pub struct MPCIrisData {
133 |     pub masks: Vec<(usize, Bits)>,
134 |     pub shares: Vec<(usize, Box<[EncodedBits]>)>,
135 | }
136 | 
137 | pub fn encode_shares(
138 |     template_data: Vec<(usize, Template)>,
139 |     num_participants: usize,
140 | ) -> eyre::Result<Vec<(usize, Bits, Box<[EncodedBits]>)>> {
141 |     let iris_data = template_data
142 |         .into_par_iter()
143 |         .map(|(serial_id, template)| {
144 |             let mut rng = thread_rng();
145 | 
146 |             let shares = mpc::distance::encode(&template)
147 |                 .share(num_participants, &mut rng);
148 | 
149 |             (serial_id, template.mask, shares)
150 |         })
151 |         .collect();
152 | 
153 |     Ok(iris_data)
154 | }
155 | 
156 | async fn handle_templates_stream(
157 |     iris_code_entries: impl Stream<
158 |         Item = mongodb::error::Result<Vec<IrisCodeEntry>>,
159 |     >,
160 |     iris_db: &IrisDb,
161 |     mpc_db: &MPCDb,
162 |     num_participants: usize,
163 |     mut latest_serial_id: u64,
164 |     pb: &ProgressBar,
165 | ) -> eyre::Result<()> {
166 |     pin_mut!(iris_code_entries);
167 | 
168 |     // Consume the stream
169 |     while let Some(entries) = iris_code_entries.next().await {
170 |         let entries = entries?;
171 | 
172 |         let count = entries.len() as u64;
173 | 
174 |         let left_data: Vec<_> = entries
175 |             .iter()
176 |             .enumerate()
177 |             .map(|(idx, entry)| {
178 |                 let template = Template {
179 |                     code: entry.iris_code_left,
180 |                     mask: entry.mask_code_left,
181 |                 };
182 | 
183 |                 (latest_serial_id as usize + 1 + idx, template)
184 |             })
185 |             .collect();
186 | 
187 |         let right_data: Vec<_> = entries
188 |             .iter()
189 |             .enumerate()
190 |             .map(|(idx, entry)| {
191 |                 let template = Template {
192 |                     code: entry.iris_code_right,
193 |                     mask: entry.mask_code_right,
194 |                 };
195 | 
196 |                 (latest_serial_id as usize + 1 + idx, template)
197 |             })
198 |             .collect();
199 | 
200 |         let left = handle_side_data_chunk(
201 |             left_data,
202 |             num_participants,
203 |             &mpc_db.left_coordinator_db,
204 |             &mpc_db.left_participant_dbs,
205 |         );
206 | 
207 |         let right = handle_side_data_chunk(
208 |             right_data,
209 |             num_participants,
210 |             &mpc_db.right_coordinator_db,
211 |             &mpc_db.right_participant_dbs,
212 |         );
213 | 
214 |         let final_results: Vec<_> = entries
215 |             .iter()
216 |             .enumerate()
217 |             .map(|(idx, entry)| FinalResult {
218 |                 status: FINAL_RESULT_STATUS.to_string(),
219 |                 serial_id: latest_serial_id + 1 + idx as u64,
220 |                 signup_id: entry.signup_id.clone(),
221 |                 unique: true,
222 |                 right_result: SideResult {},
223 |                 left_result: SideResult {},
224 |             })
225 |             .collect();
226 | 
227 |         let results = iris_db.save_final_results(&final_results);
228 | 
229 |         futures::try_join!(left, right, results)?;
230 | 
231 |         latest_serial_id += count;
232 |         pb.inc(count);
233 |     }
234 | 
235 |     Ok(())
236 | }
237 | 
238 | async fn handle_side_data_chunk(
239 |     templates: Vec<(usize, Template)>,
240 |     num_participants: usize,
241 |     coordinator_db: &Db,
242 |     participant_dbs: &[Db],
243 | ) -> eyre::Result<()> {
244 |     let data = encode_shares(templates, num_participants)?;
245 | 
246 |     insert_masks_and_shares(&data, coordinator_db, participant_dbs).await?;
247 | 
248 |     Ok(())
249 | }
250 | 
251 | async fn insert_masks_and_shares(
252 |     data: &[(usize, Bits, Box<[EncodedBits]>)],
253 |     coordinator_db: &Db,
254 |     participant_dbs: &[Db],
255 | ) -> eyre::Result<()> {
256 |     let masks: Vec<_> = data
257 |         .iter()
258 |         .map(|(serial_id, mask, _)| (*serial_id as u64, *mask))
259 |         .collect();
260 | 
261 |     coordinator_db.insert_masks(&masks).await?;
262 | 
263 |     // Insert shares to each participant
264 |     for (i, participant_db) in participant_dbs.iter().enumerate() {
265 |         let shares: Vec<_> = data
266 |             .iter()
267 |             .map(|(serial_id, _, shares)| (*serial_id as u64, shares[i]))
268 |             .collect();
269 | 
270 |         participant_db.insert_shares(&shares).await?;
271 |     }
272 | 
273 |     Ok(())
274 | }
275 | 


--------------------------------------------------------------------------------
/bin/utils/seed_mpc_db.rs:
--------------------------------------------------------------------------------
  1 | use std::sync::Arc;
  2 | 
  3 | use clap::Args;
  4 | use futures::stream::FuturesUnordered;
  5 | use indicatif::{MultiProgress, ProgressBar, ProgressStyle};
  6 | use mpc::bits::Bits;
  7 | use mpc::config::DbConfig;
  8 | use mpc::db::Db;
  9 | use mpc::distance::EncodedBits;
 10 | use mpc::rng_source::RngSource;
 11 | use mpc::template::Template;
 12 | use mpc::utils::tasks::finalize_futures_unordered;
 13 | use rand::{thread_rng, Rng};
 14 | use rayon::iter::{IntoParallelIterator, ParallelIterator};
 15 | 
 16 | #[derive(Debug, Clone, Args)]
 17 | pub struct SeedMPCDb {
 18 |     #[clap(short, long)]
 19 |     pub coordinator_db_url: String,
 20 | 
 21 |     #[clap(short, long)]
 22 |     pub participant_db_url: Vec<String>,
 23 | 
 24 |     #[clap(short, long, default_value = "100000")]
 25 |     pub num_templates: usize,
 26 | 
 27 |     #[clap(short, long, default_value = "100")]
 28 |     pub batch_size: usize,
 29 | 
 30 |     #[clap(short, long, env, default_value = "thread")]
 31 |     pub rng: RngSource,
 32 | }
 33 | 
 34 | pub async fn seed_mpc_db(args: &SeedMPCDb) -> eyre::Result<()> {
 35 |     if args.participant_db_url.is_empty() {
 36 |         return Err(eyre::eyre!("No participant DBs provided"));
 37 |     }
 38 | 
 39 |     let (coordinator_db, participant_dbs) = initialize_dbs(args).await?;
 40 | 
 41 |     let now = std::time::Instant::now();
 42 | 
 43 |     let latest_serial_id =
 44 |         get_latest_serial_id(coordinator_db.clone(), participant_dbs.clone())
 45 |             .await?;
 46 | 
 47 |     let templates = generate_templates(args);
 48 |     println!("Templates generated in {:?}", now.elapsed());
 49 | 
 50 |     let (batched_masks, batched_shares) = generate_shares_and_masks(
 51 |         args,
 52 |         templates,
 53 |         (latest_serial_id + 1) as usize,
 54 |     );
 55 |     println!("Shares and masks generated in {:?}", now.elapsed());
 56 | 
 57 |     insert_masks_and_shares(
 58 |         batched_masks,
 59 |         batched_shares,
 60 |         coordinator_db,
 61 |         participant_dbs,
 62 |         args.num_templates,
 63 |         args.batch_size,
 64 |     )
 65 |     .await?;
 66 | 
 67 |     println!("Time elapsed: {:?}", now.elapsed());
 68 | 
 69 |     Ok(())
 70 | }
 71 | 
 72 | async fn initialize_dbs(
 73 |     args: &SeedMPCDb,
 74 | ) -> eyre::Result<(Arc<Db>, Vec<Arc<Db>>)> {
 75 |     let coordinator_db = Arc::new(
 76 |         Db::new(&DbConfig {
 77 |             url: args.coordinator_db_url.clone(),
 78 |             migrate: true,
 79 |             create: true,
 80 |         })
 81 |         .await?,
 82 |     );
 83 | 
 84 |     let mut participant_dbs = vec![];
 85 | 
 86 |     for db_config in args.participant_db_url.iter() {
 87 |         participant_dbs.push(Arc::new(
 88 |             Db::new(&DbConfig {
 89 |                 url: db_config.clone(),
 90 |                 migrate: true,
 91 |                 create: true,
 92 |             })
 93 |             .await?,
 94 |         ));
 95 |     }
 96 | 
 97 |     Ok((coordinator_db, participant_dbs))
 98 | }
 99 | 
100 | fn generate_templates(args: &SeedMPCDb) -> Vec<Template> {
101 |     let pb = ProgressBar::new(args.num_templates as u64)
102 |         .with_message("Generating templates...");
103 | 
104 |     pb.set_style(ProgressStyle::default_bar()
105 |         .template("{spinner:.green} {msg} [{elapsed_precise}] [{wide_bar:.green}] {pos:>7}/{len:7} ({eta})")
106 |         .expect("Could not create progress bar"));
107 | 
108 |     // Generate templates
109 |     let templates = (0..args.num_templates)
110 |         .into_par_iter()
111 |         .map(|_| {
112 |             let mut rng = thread_rng();
113 | 
114 |             let template = rng.gen();
115 | 
116 |             pb.inc(1);
117 |             template
118 |         })
119 |         .collect::<Vec<Template>>();
120 | 
121 |     pb.finish_with_message("Created templates");
122 | 
123 |     templates
124 | }
125 | 
126 | pub type BatchedShares = Vec<Vec<Vec<(u64, EncodedBits)>>>;
127 | pub type BatchedMasks = Vec<Vec<(u64, Bits)>>;
128 | 
129 | fn generate_shares_and_masks(
130 |     args: &SeedMPCDb,
131 |     templates: Vec<Template>,
132 |     next_serial_id: usize,
133 | ) -> (BatchedMasks, BatchedShares) {
134 |     // Generate shares and masks
135 |     let mut batched_shares = vec![];
136 |     let mut batched_masks = vec![];
137 | 
138 |     let num_participants = args.participant_db_url.len();
139 | 
140 |     let pb = ProgressBar::new(args.num_templates as u64)
141 |         .with_message("Generating shares and masks...");
142 | 
143 |     pb.set_style(ProgressStyle::default_bar()
144 |         .template("{spinner:.green} {msg} [{elapsed_precise}] [{wide_bar:.green}] {pos:>7}/{len:7} ({eta})")
145 |         .expect("Could not create progress bar"));
146 | 
147 |     for (idx, chunk) in templates.chunks(args.batch_size).enumerate() {
148 |         let mut batch_masks = Vec::with_capacity(chunk.len());
149 |         let mut batch_shares: Vec<_> = (0..num_participants)
150 |             .map(|_| Vec::with_capacity(chunk.len()))
151 |             .collect();
152 | 
153 |         let shares_chunk = chunk
154 |             .into_par_iter()
155 |             .map(|template| {
156 |                 let mut rng = thread_rng();
157 | 
158 |                 let shares = mpc::distance::encode(template)
159 |                     .share(num_participants, &mut rng);
160 | 
161 |                 pb.inc(1);
162 |                 shares
163 |             })
164 |             .collect::<Vec<Box<[EncodedBits]>>>();
165 | 
166 |         for (offset, (shares, template)) in
167 |             shares_chunk.iter().zip(chunk).enumerate()
168 |         {
169 |             let id = offset + (idx * args.batch_size) + next_serial_id;
170 | 
171 |             batch_masks.push((id as u64, template.mask));
172 | 
173 |             for (idx, share) in shares.iter().enumerate() {
174 |                 batch_shares[idx].push((id as u64, *share));
175 |             }
176 |         }
177 | 
178 |         batched_shares.push(batch_shares);
179 |         batched_masks.push(batch_masks);
180 |     }
181 | 
182 |     pb.finish_with_message("Created shares and masks");
183 | 
184 |     (batched_masks, batched_shares)
185 | }
186 | 
187 | async fn insert_masks_and_shares(
188 |     batched_masks: BatchedMasks,
189 |     batched_shares: BatchedShares,
190 |     coordinator_db: Arc<Db>,
191 |     participant_dbs: Vec<Arc<Db>>,
192 |     num_templates: usize,
193 |     batch_size: usize,
194 | ) -> eyre::Result<()> {
195 |     println!("Inserting masks and shares into db...");
196 | 
197 |     // Commit shares and masks to db
198 |     let mpb = MultiProgress::new();
199 |     let style = ProgressStyle::default_bar().template("{spinner:.green} {msg} [{elapsed_precise}] [{wide_bar:.green}] {pos:>7}/{len:7} ({eta})")?;
200 | 
201 |     let participant_progress_bars = participant_dbs
202 |         .iter()
203 |         .enumerate()
204 |         .map(|(i, _)| {
205 |             mpb.add(ProgressBar::new(num_templates as u64).with_message(
206 |                 format!("Inserting shares for participant {}", i),
207 |             ))
208 |         })
209 |         .collect::<Vec<_>>();
210 | 
211 |     for pb in participant_progress_bars.iter() {
212 |         pb.set_style(style.clone());
213 |     }
214 | 
215 |     let coordinator_progress_bar = mpb.add(
216 |         ProgressBar::new(num_templates as u64)
217 |             .with_message("Inserting masks for coordinator"),
218 |     );
219 |     coordinator_progress_bar.set_style(style.clone());
220 | 
221 |     for (shares, masks) in
222 |         batched_shares.into_iter().zip(batched_masks.into_iter())
223 |     {
224 |         let tasks = FuturesUnordered::new();
225 | 
226 |         for (idx, db) in participant_dbs.iter().enumerate() {
227 |             let shares = shares[idx].clone();
228 |             let db = db.clone();
229 |             let pb = participant_progress_bars[idx].clone();
230 | 
231 |             tasks.push(tokio::spawn(async move {
232 |                 db.insert_shares(&shares).await?;
233 |                 pb.inc(batch_size as u64);
234 |                 eyre::Result::<()>::Ok(())
235 |             }));
236 |         }
237 | 
238 |         let coordinator_db = coordinator_db.clone();
239 |         let coordinator_progress_bar = coordinator_progress_bar.clone();
240 |         tasks.push(tokio::spawn(async move {
241 |             coordinator_db.insert_masks(&masks).await?;
242 |             coordinator_progress_bar.inc(batch_size as u64);
243 |             eyre::Result::<()>::Ok(())
244 |         }));
245 | 
246 |         finalize_futures_unordered(tasks).await?;
247 |     }
248 | 
249 |     Ok(())
250 | }
251 | 
252 | async fn get_latest_serial_id(
253 |     coordinator_db: Arc<Db>,
254 |     participant_dbs: Vec<Arc<Db>>,
255 | ) -> eyre::Result<u64> {
256 |     let coordinator_serial_id = coordinator_db.fetch_latest_mask_id().await?;
257 |     println!("Coordinator serial id: {}", coordinator_serial_id);
258 | 
259 |     for (i, db) in participant_dbs.iter().enumerate() {
260 |         let participant_id = db.fetch_latest_share_id().await?;
261 | 
262 |         println!("Participant {} ids: {}", i, participant_id);
263 |         assert_eq!(
264 |             coordinator_serial_id, participant_id,
265 |             "Databases are not in sync"
266 |         );
267 |     }
268 | 
269 |     Ok(coordinator_serial_id)
270 | }
271 | 


--------------------------------------------------------------------------------
/src/template.rs:
--------------------------------------------------------------------------------
  1 | use std::fmt::Debug;
  2 | 
  3 | use bytemuck::{Pod, Zeroable};
  4 | use itertools::izip;
  5 | use rand::distributions::{Distribution, Standard};
  6 | use rand::Rng;
  7 | use serde::{Deserialize, Serialize};
  8 | 
  9 | pub use crate::bits::Bits;
 10 | 
 11 | #[repr(C)]
 12 | #[derive(
 13 |     Clone,
 14 |     Copy,
 15 |     PartialEq,
 16 |     Eq,
 17 |     PartialOrd,
 18 |     Ord,
 19 |     Debug,
 20 |     Default,
 21 |     Serialize,
 22 |     Deserialize,
 23 |     Pod,
 24 |     Zeroable,
 25 | )]
 26 | pub struct Template {
 27 |     pub code: Bits,
 28 |     pub mask: Bits,
 29 | }
 30 | 
 31 | impl Template {
 32 |     pub fn rotations(&self) -> impl Iterator<Item = Template> + '_ {
 33 |         let codes = self.code.rotations();
 34 |         let masks = self.mask.rotations();
 35 |         codes
 36 |             .into_iter()
 37 |             .zip(masks)
 38 |             .map(|(code, mask)| Template { code, mask })
 39 |     }
 40 | 
 41 |     pub fn distance(&self, other: &Self) -> eyre::Result<f64> {
 42 |         self.rotations()
 43 |             .map(|r| r.fraction_hamming(other))
 44 |             .try_fold(f64::INFINITY, |a, b| Ok(a.min(b?)))
 45 |     }
 46 | 
 47 |     pub fn fraction_hamming(&self, other: &Self) -> eyre::Result<f64> {
 48 |         let mut num = 0;
 49 |         let mut den = 0;
 50 | 
 51 |         for (ap, am, bp, bm) in izip!(
 52 |             self.code.0.iter(),
 53 |             self.mask.0.iter(),
 54 |             other.code.0.iter(),
 55 |             other.mask.0.iter()
 56 |         ) {
 57 |             let m = am & bm;
 58 |             let p = (ap ^ bp) & m;
 59 |             num += p.count_ones();
 60 |             den += m.count_ones();
 61 |         }
 62 | 
 63 |         if den == 0 {
 64 |             return Err(eyre::eyre!("division by zero"));
 65 |         }
 66 | 
 67 |         Ok((num as f64) / (den as f64))
 68 |     }
 69 | }
 70 | 
 71 | impl Distribution<Template> for Standard {
 72 |     fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> Template {
 73 |         Template {
 74 |             code: rng.gen(),
 75 |             mask: rng.gen(),
 76 |         }
 77 |     }
 78 | }
 79 | 
 80 | #[cfg(test)]
 81 | mod tests {
 82 |     use super::*;
 83 |     use crate::bits::LIMBS;
 84 | 
 85 |     const A: &str = indoc::indoc! { r#"{
 86 |         "code": "2om6m4m6gBMgAgF0X+ybmgEwV2zf6qAXdszbqBJFdX7Ozbqom6iAMgIBEyAyRX7NuDIFdXTf7JogRXRX7f/s38m6iJEyAyRFd93+zbqAEiB2X+3pugEyEzIFds/tuIIDJUV/7PqJupqJuqgTIiAVdF/s27oAAVds3bqgBXbs26ASRVV+zt+7qIugATISABMBOgA6iSAyRXV+3+i6ABdlV23/7N+JuoiBMgMkRXfd/sm6gAIFdl/t6KgRMgEyBXZN7bqBIgRFf+zqibICm5uomzIgF2Rf7N26ogF2Rs3/6EX/6JugEkdXZMzf6bqIkgIBMiBXzfqIshEwNkV0/s+ougAXZXZN/+zJq6qKoTASIFV3/d/ouiASVXfd//qokTZVdkV+zf26gSAWRX3/qoEyJFff6JuqATJFd039+6iDIBNkV03f7OibqAATV2Rk3+26qJuiASMkV83+iIARMgZFdP7JuqIAF0V+zN/4m6qqiqEwMiBVVX7d+IogE1V33f/uqIEkVXfN/N/uz9dkVkft/6qgE3RW3+zbqJm6AyBFX926iSATZFdN/+zM26iqgTIgZFf+zfibqgETJFdt/s+JubiboCAXuZogBV/NuogTO4uLqKqgMTMgF3Vf3fqKoBM0V13/3qigBFVXbf/f/s3f7f7Ozdv+5EV23s+ookXd+pugETZNuoggE2RXzd/szd/ouoogAgBVdkdlX8zFV3RN/f+aiLGom6AwETJXZE3f+6qBEzuqiaiqIBEyIFV2Xd3+iKgTAFZX/N+qgBdkV0VX7d/t//qIEkVXf+zN/+6LoCB0XfqboBEyAbugIBdV/uibIARX/Nu6gAMyFXZHZFdkV93+3+mbqAExIBuoEhASVmZM3bqogTO6qoioIgABMXZFdk3f6ImoEgEgF2RXZkVXZFdFV2zf7f6qgTJFdX7s7d/6igABdt34m6AxMgEzICRV3+qImyAgVXzduoABNlV2Q2RXZFff7N+Jm6ABMHTf6JoQMjJGbN36qJm7qoqgAAAGRXd2RVfs3+iJqLIDIDIgABdVd2V3ZFd13/3+qoEyR3X+zezd/+qJIXbN+JuJMzIBMiAEXf+oiRMgIFd83boCRVXd/oMkV2RV3+zbqJsgASV036iZsDISR2TN+qiJuiAAIBVXdk3//sRXbN36qIm6m6m6oAIDF3VVVXZFVf/f7JqANldl/M1kRd/sqKoCTfybiLgyATICAF26iBEzICAXZFd2RFdd//6BJFdl/d/si6ibIDIBfJuomyEyAkdszfqoiaIAAAVXVX7N//7PR2zd+6iZuJuJuoAyEgEkV1V3ZVXd3+zaoBRXfexFZEXf7LuqASVs26iosgEyAiCZMgARd2zoE2RVdnRd3f/+xXRXff3s3+moqom6iaibqJIBMgBHbs26qoqiAABVV1V/7f3+z8383N+om6iaiKqgMDIDIBdVd1V3zd/s3P7kV//sxXZF/+yZqAE0Td+oqJoAIBOokyABFXd+7NV2dFd+/f7d9kVVV3ZF7N//7f7JuqigEyC6ibqIqaqJuqqCIgASV1dFd339/s/N/N7f7N+omoiboCAhMiAAEXdVd23f7P3f7N/+3+xWRX7N3biBMkXfqIioiCCZuyAAAwV1duxVV+zd/v7uRWRHRXZkVXbd/+3+ybqgEBds36i6iam6i6qiAgARdkVXRXRX/d/fzfzeT+zfuJqpuyASAyIgADAXRVd13/3d/+zf/M3sV0V2zd3+ibqombqJqIqomZogABEBJHZERV/uz/yXZFdkRUV2ZFV3Tf/t3826qBIFbN+oiom5uqiqIgIBV3R0V0V2V1/t/+3+383s27qKibuouBMgIAEyAWRVdVf93//d3/zN/kVXfs39/qi6qIkyiaioiLqaIAIhISASASVXX9+oASV3Ze3FdkRVd0VX7d/d+qiSAXTf6oqLibuoqiICAFdkVldlV13f7N/t/t/N7Lm6iom7qKiTICATIgEiBXVVf9/939/s/f7N3+zd/f+omqiIIgMgIAm6ugASISEgEgMgF1ffigFld03uybogAXZEV3X9/+3omgE0RX7fz4mbqqgAAyBVdFdFdlft3+zf7f/P3ey4moqJm6iosgAhMyIAIgNkVXf9/f//7Q==",
 87 |         "mask":"//////////////////////z//////////////////////8zM///////////8z//M/////////////M/P/////P////MzMzAAADMwAP///////////////////////8zM////////////////////////////////////////////////////////////////////////////////////////////////MzMAAAAzMzP//8zP////////////////////////////////////////////////////////////////////////////////////////////////////////////////////8zMzAAAAAzMzMwAAAP////////////////////////////////////////////////////////////////////////////////////////////////////////////////////MzMwAAAAAzMzAAAAAzMz////////////////////////////////////////////////////////////////////////////////////////////////////////////////8zMzMAAAAAADAAAAAAAAAzMzMAAAAM////////////////////////////////////////////////////////////////////////////////////////////////////////MzMzAAAAAAAAAAAAAAAAAAAAAAAAAAADMz/////////////////////////////////////////////////////////////////////////////////////////////////zMzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzP///////////////////////////////////////////////////////////////////////////////////////////8zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzP///////////////////////////////////////////////////////////////////////////////////////8zMzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzP//////////////////////////////////////////////////////////////////////////////////////zMzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzP/////////////////////////////////////////////////////////////////////////////////////MzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzP///////////////////////////////////////////////////////////////////////////////////MzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMzP/////////////////////////////////////////////////////////////////////////////////MzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzM/////////////////////////////////////////////////////////////////////////////////8zMzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzM///////////////////////////////////////////////////////////////////////////////8zMzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzMz/////////////////////////////////////////////////////////////////////////////zMzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzMz///w=="
 88 |     }"# };
 89 | 
 90 |     const B: &str = indoc::indoc! { r#"{
 91 |         "code": "ibqIuouomyABMyAgG4mom4moIBMiITMiRXds3+32RXdk7N/+iJqgASBkVX7f+qiTASV2RX/+37qLIAF1fsm6iSAROom6IAF1dkVf//7N32RXTf7N/s3/zbogE2RV/f6ouqATMs26iJuKiZsgATIgATKJqJuJICASiiAzIkV3fN/ldlV3bM3f6qiaACATZkV+3/qIEwFkdkV//t36iyABdX7N+om6iACZMiABVXdkXf/+iJsgF0V83fqBds3boBdkX/36qLIAF17d+ombqomTIAEyIBMgAbqLibqIMgMgMldF/t6AF2RVd+zN/s26qoMgEkZFft/6gFdFdERVduzd+okiAXVs3/qIuqIAEzIiAFVXZN3++oiDIBNldX3+R2Xd3+ibIFftm6ggAVZN/7qJuyIDEyCJuqiTIBE2Tem6iBITBHZf/u6LqBMgF3dkRXbN//qboDIDdXTf9kV3XfzNd3bN37qIMgFX7N+qiooCABMxIgBFd2Td/LqIgyAzZFd1dldt393+iKoTIBu6IgF2Tbu6iCAyBVdk3+y4mqARMgNpu6gTAkV2zf/szd+6qLIAMEV2Rez926iyATJFV0V+zd3+iKB2zduogBNk3+yKiJqAAyARETJkRXds3f26iAIBMkVXdVdt3f/t/oibEyJFdt/tuom7m6oBMkVXZN/t2bqIkiATIRMgEwdF/siTIGRf/JuqACE1VXZERV/N+oEwRVdF/s39+oqgEhCbIAF1bN+qiIkyIBE0RFd3ZEVXft39uoiAATA2VXVXZN3+7f7MV0V2Td/fqLqBdX+iBXdHbezf7om6iboAEyATJFZN36iIkyBkV+zbqoABIFV0BkVXTd/s5EVX3f7N/bqbqAEwEgIBbfibqgAhF2RVd3Tf/+5FV/7M37qqoAMhMgAwV2RXfu32RVdFfs3f+6gSAWV2Vk3f/omooCIJuomoABMgEkRXzduoiRMgNFfs26qCASBVcAJFV0Vd/s3+zdu6AXXd26iZMBISiaibkyIBdFV1Vf/+3f3+zf3f7N/JuqiDITALqJMgAyAldkVXZX/N/4uoEgdldl383fqKqCACAbqJqJAyADZEX9+6iJETIDATIJugAkVd3boAJVZFXf7N/omZMgNX7duomqAwEgIgEwIkVXRVdlX93938/s/+3+zf6buoizKouoi6oAAgABF2RXV33f7JqAAXRX7d/sm6qKggAgE4maiIMgEhZE3/6oiam6iokgATIEZEX/26ASRXV13+zf6IiTIGR+3bqIqoshIiABZHdVd2VXdVdd/9/szf/s/u36i6qIm6ibqJuqACICIBMkV0VV3+zfqAF9/+ibqJu6iaIgIFbd24iLIDIXZF/P6om4uoqJIBICASRV/fqAF0VXdP7N/v7WRf/s/t24qKiLoCIgBXV3VX/1V3V1Xf3f7M3/7f7s/tuoioqom6ibqoAgAiAAIVd2RV/9/f7N/7mom6ARMgEyIBdk39+oigISR2Rez+qJupICASAyAgEgAgEyADZFV2R2Xf/83+3f7N7dqLqoiyAgJFV1d1V//9/3dN/s3+zd/s387P7bqIqIqoqom6qIIBIgAAAVV3V33f3+zfuJuokgEyAFV2RX7N/bqLIAEkVk/s36iboAAgMgE6iJqKoBMgARE2ZEdlVf7N/t/+zezfqJqoIiIFVVd3ZVX/3f/f7PZEV0VXZVX/3+36qKiZqKqJuqioiyAAIgABVXdk3//s37qbqIMgIgVVfu3+iam6gyABdFdF7N+IiaADIDJFfsmbqoiTIAARMiRXV0V/7f7f7s3826iboAAgVXdVd3/d3/36iqggABMkV0VVd93////ouqiqi4uoqJqgAAIiABFXdVX/7N36i6qAIAMFdd/ouqipMgEgBGRXZN3fi6mgEyACBXZPy7qIm6AgEyAkV1dFV/3/3+7N/9momiAABVV2VV//3d+qqoqgAAADIFdVdVVV39//zeiIioqLqKiqqAACIgABJFV1X/39/tupqDIBRXzbqJqoISIBMkZkV2zf3oupsBMgAgEyVk+qiIqAIBIgNVdXRVdd/9/N7f35upIgBkVXd1Xf/f2bqogAAAACAyBXVXVVVVXd/8/siZqoiKiqiqiIIiIAACBFd1///Q==",
 92 |         "mask":"////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////z////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////Mz//Mz///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////zAMwAAMwAAAAMzM///zMz/////////////////////////////////////////////////////////////////////////////////////////////////////////////MzMAAAAAAAAAAAAAAAAAAAAAAzM//////////////////////////////////////////////////////////////////////////////////////////////////////M8zMzAAAAAAAAAAAAAAAAAAAAAAAAAAADM////////////////////////////////////////////////////////////////////////////////////////////////zMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMzMADP////////////////////////////////////////////////////////////////////////////////////////8zMzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM///////////////////////////////////////////////////////////////////////////////////8zMzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADM///////////////////////////////////////////////////////////////////////////////8zMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMz////////////////////////////////////////////////////////////////////////////MzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzP/////////////////////////////////////////////////////////////////////////MzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMz///////////////////////////////////////////////////////////////////////zMzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMz//////////////////////////////////////////////////////////////////////MzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMz///////////////////////////////MzMzMz///////////////////////////////8zMzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzMzP/////////////////////////8zMAAAAAAAAAMz////////////////////////////MzMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzMw=="
 93 |     }"# };
 94 | 
 95 |     #[test]
 96 |     fn hamming_distance_with_rotations() {
 97 |         let a: Template = serde_json::from_str(A).unwrap();
 98 |         let b: Template = serde_json::from_str(B).unwrap();
 99 | 
100 |         let d = a.distance(&b).unwrap();
101 | 
102 |         assert_eq!(d, 0.3352968352968353);
103 |     }
104 | 
105 |     #[test]
106 |     fn hamming_distance_no_rotations() {
107 |         let a: Template = serde_json::from_str(A).unwrap();
108 |         let b: Template = serde_json::from_str(B).unwrap();
109 | 
110 |         let d = a.fraction_hamming(&b).unwrap();
111 | 
112 |         assert_eq!(d, 0.47833602212491355);
113 |     }
114 | 
115 |     #[test]
116 |     fn hamming_distance_div_by_zero() {
117 |         let mut rng = rand::thread_rng();
118 | 
119 |         let a = Template {
120 |             code: rng.gen(),
121 |             mask: Bits([0_u64; LIMBS]),
122 |         };
123 | 
124 |         let b = Template {
125 |             code: rng.gen(),
126 |             mask: Bits([0_u64; LIMBS]),
127 |         };
128 | 
129 |         let result = a.distance(&b);
130 | 
131 |         assert!(
132 |             matches!(result, Err(e) if e.to_string().contains("division by zero"))
133 |         );
134 |     }
135 | }
136 | 


--------------------------------------------------------------------------------
/src/participant.rs:
--------------------------------------------------------------------------------
  1 | use std::io;
  2 | use std::sync::Arc;
  3 | use std::time::Duration;
  4 | 
  5 | use aws_sdk_sqs::types::Message;
  6 | use distance::Template;
  7 | use eyre::ContextCompat;
  8 | use futures::stream::FuturesUnordered;
  9 | use serde::{Deserialize, Serialize};
 10 | use telemetry_batteries::reexports::opentelemetry::trace::{
 11 |     SpanContext, SpanId, TraceFlags, TraceId, TraceState,
 12 | };
 13 | use tokio::io::{AsyncReadExt, AsyncWriteExt, BufWriter};
 14 | use tokio::net::TcpStream;
 15 | use tokio::sync::{mpsc, Mutex};
 16 | use tracing::instrument;
 17 | 
 18 | use crate::config::ParticipantConfig;
 19 | use crate::coordinator::{ACK_BYTE, LATEST_SERIAL_ID_BYTE, START_BYTE};
 20 | use crate::db::Db;
 21 | use crate::distance::{self, encode, DistanceEngine, EncodedBits};
 22 | use crate::utils;
 23 | use crate::utils::aws::{
 24 |     sqs_client_from_config, sqs_delete_message, sqs_dequeue,
 25 | };
 26 | use crate::utils::tasks::finalize_futures_unordered;
 27 | 
 28 | const IDLE_SLEEP_TIME: Duration = Duration::from_secs(1);
 29 | 
 30 | pub struct Participant {
 31 |     listener: tokio::net::TcpListener,
 32 |     batch_size: usize,
 33 |     database: Arc<Db>,
 34 |     shares: Arc<Mutex<Vec<EncodedBits>>>,
 35 |     sqs_client: aws_sdk_sqs::Client,
 36 |     config: ParticipantConfig,
 37 | }
 38 | 
 39 | impl Participant {
 40 |     pub async fn new(config: ParticipantConfig) -> eyre::Result<Self> {
 41 |         tracing::info!("Initializing participant");
 42 | 
 43 |         let database = Db::new(&config.db).await?;
 44 | 
 45 |         tracing::info!("Fetching shares from database");
 46 |         let shares = database.fetch_shares(0).await?;
 47 |         let shares = Arc::new(Mutex::new(shares));
 48 | 
 49 |         let database = Arc::new(database);
 50 | 
 51 |         let sqs_client = sqs_client_from_config(&config.aws).await?;
 52 | 
 53 |         Ok(Self {
 54 |             listener: tokio::net::TcpListener::bind(config.socket_addr).await?,
 55 |             batch_size: config.batch_size,
 56 |             database,
 57 |             shares,
 58 |             sqs_client,
 59 |             config,
 60 |         })
 61 |     }
 62 | 
 63 |     pub async fn spawn(self: Arc<Self>) -> eyre::Result<()> {
 64 |         tracing::info!("Spawning participant");
 65 | 
 66 |         let tasks = FuturesUnordered::new();
 67 | 
 68 |         tasks.push(tokio::spawn(self.clone().handle_uniqueness_checks()));
 69 |         tasks.push(tokio::spawn(self.clone().handle_db_sync()));
 70 | 
 71 |         finalize_futures_unordered(tasks).await?;
 72 | 
 73 |         Ok(())
 74 |     }
 75 | 
 76 |     async fn handle_uniqueness_checks(self: Arc<Self>) -> eyre::Result<()> {
 77 |         loop {
 78 |             let mut stream = match self.listener.accept().await {
 79 |                 Ok((stream, addr)) => {
 80 |                     tracing::debug!(?addr, "Accepting connection");
 81 | 
 82 |                     tokio::io::BufWriter::new(stream)
 83 |                 }
 84 |                 Err(error) => {
 85 |                     tracing::error!(
 86 |                         ?error,
 87 |                         "Failed to accept incoming connection"
 88 |                     );
 89 |                     continue;
 90 |                 }
 91 |             };
 92 | 
 93 |             if let Err(err) = self.process_stream(&mut stream).await {
 94 |                 tracing::error!(?err, "Failed to process stream");
 95 |                 continue;
 96 |             }
 97 |         }
 98 |     }
 99 | 
100 |     async fn process_stream(
101 |         &self,
102 |         stream: &mut BufWriter<TcpStream>,
103 |     ) -> eyre::Result<()> {
104 |         loop {
105 |             // Handle ack/start signal from the coordinator
106 |             let payload = stream.read_u8().await?;
107 | 
108 |             if payload == START_BYTE {
109 |                 self.handle_uniqueness_check(stream).await?;
110 |             } else if payload == ACK_BYTE {
111 |                 stream.write_u8(ACK_BYTE).await?;
112 |                 stream.flush().await?;
113 |             } else if payload == LATEST_SERIAL_ID_BYTE {
114 |                 let latest_serial_id = self.sync_shares().await? as u64;
115 |                 stream.write_u64(latest_serial_id).await?;
116 |                 stream.flush().await?;
117 |             } else {
118 |                 return Err(eyre::eyre!(
119 |                     "Unknown byte from coordinator: {payload}",
120 |                 ));
121 |             }
122 |         }
123 |     }
124 | 
125 |     #[tracing::instrument(skip(self))]
126 |     async fn handle_uniqueness_check(
127 |         &self,
128 |         stream: &mut BufWriter<TcpStream>,
129 |     ) -> eyre::Result<()> {
130 |         // Process the trace and span ids to correlate traces between services
131 |         self.handle_traces_payload(stream).await?;
132 | 
133 |         // Process the query
134 |         self.uniqueness_check(stream).await?;
135 | 
136 |         Ok(())
137 |     }
138 | 
139 |     async fn handle_traces_payload(
140 |         &self,
141 |         stream: &mut BufWriter<TcpStream>,
142 |     ) -> io::Result<()> {
143 |         // Read the span ID from the stream and add to the current span
144 |         let mut trace_id_bytes = [0_u8; 16];
145 |         let mut span_id_bytes = [0_u8; 8];
146 | 
147 |         stream
148 |             .read_exact(bytemuck::bytes_of_mut(&mut trace_id_bytes))
149 |             .await?;
150 | 
151 |         stream
152 |             .read_exact(bytemuck::bytes_of_mut(&mut span_id_bytes))
153 |             .await?;
154 | 
155 |         // Create span parent context
156 |         let parent_ctx = SpanContext::new(
157 |             TraceId::from_bytes(trace_id_bytes),
158 |             SpanId::from_bytes(span_id_bytes),
159 |             TraceFlags::default(),
160 |             true,
161 |             TraceState::default(),
162 |         );
163 | 
164 |         // Set the parent context for the current span to correlate traces between services
165 |         telemetry_batteries::tracing::trace_from_ctx(parent_ctx);
166 | 
167 |         Ok(())
168 |     }
169 | 
170 |     #[tracing::instrument(skip(self, stream))]
171 |     async fn uniqueness_check(
172 |         &self,
173 |         stream: &mut BufWriter<TcpStream>,
174 |     ) -> eyre::Result<()> {
175 |         // We could do this and reading from the stream simultaneously
176 |         self.sync_shares().await?;
177 | 
178 |         let mut template = Template::default();
179 |         stream
180 |             .read_exact(bytemuck::bytes_of_mut(&mut template))
181 |             .await?;
182 | 
183 |         tracing::info!("Received query");
184 |         let shares_ref = self.shares.clone();
185 | 
186 |         let batch_size = self.batch_size;
187 | 
188 |         // Process in worker thread
189 |         let (sender, mut receiver) = mpsc::channel(4);
190 |         let worker = tokio::task::spawn_blocking(move || {
191 |             calculate_share_distances(shares_ref, template, batch_size, sender)
192 |         });
193 | 
194 |         tracing::info!("Sending batch result to coordinator");
195 |         while let Some(buffer) = receiver.recv().await {
196 |             let buffer_len = buffer.len() as u64;
197 |             stream.write_u64(buffer_len).await?;
198 |             stream.write_all(&buffer).await?;
199 |             stream.flush().await?;
200 |         }
201 | 
202 |         // Signal the end of the payload
203 |         stream.write_u64(0).await?;
204 |         stream.flush().await?;
205 | 
206 |         tracing::info!("Batch result sent to coordinator");
207 | 
208 |         worker.await??;
209 | 
210 |         Ok(())
211 |     }
212 | 
213 |     async fn handle_db_sync(self: Arc<Self>) -> eyre::Result<()> {
214 |         loop {
215 |             // Dequeue the max number of messages possible from the queue
216 |             let messages = match sqs_dequeue(
217 |                 &self.sqs_client,
218 |                 &self.config.queues.db_sync_queue_url,
219 |                 Some(10),
220 |             )
221 |             .await
222 |             {
223 |                 Ok(messages) => messages,
224 |                 Err(error) => {
225 |                     tracing::error!(
226 |                         ?error,
227 |                         "Failed to dequeue db-sync messages"
228 |                     );
229 |                     continue;
230 |                 }
231 |             };
232 | 
233 |             if messages.is_empty() {
234 |                 tokio::time::sleep(IDLE_SLEEP_TIME).await;
235 |             }
236 | 
237 |             for message in messages {
238 |                 if let Err(error) = self.db_sync(message).await {
239 |                     tracing::error!(?error, "Failed to handle db-sync message");
240 |                 }
241 |             }
242 |         }
243 |     }
244 | 
245 |     #[tracing::instrument(skip(self, message))]
246 |     async fn db_sync(&self, message: Message) -> eyre::Result<()> {
247 |         let receipt_handle = message
248 |             .receipt_handle
249 |             .context("Missing receipt handle in message")?;
250 | 
251 |         if let Some(message_attributes) = &message.message_attributes {
252 |             utils::aws::trace_from_message_attributes(
253 |                 message_attributes,
254 |                 &receipt_handle,
255 |             )?;
256 |         } else {
257 |             tracing::warn!(
258 |                 ?receipt_handle,
259 |                 "SQS message missing message attributes"
260 |             );
261 |         }
262 | 
263 |         let body = message.body.context("Missing message body")?;
264 |         if let Ok(items) = serde_json::from_str::<Vec<DbSyncPayload>>(&body) {
265 |             // Insert the shares into the db
266 |             self.insert_shares(items).await?;
267 |         } else {
268 |             tracing::error!(?receipt_handle, "Failed to parse message body");
269 |         };
270 | 
271 |         sqs_delete_message(
272 |             &self.sqs_client,
273 |             &self.config.queues.db_sync_queue_url,
274 |             receipt_handle,
275 |         )
276 |         .await?;
277 | 
278 |         Ok(())
279 |     }
280 | 
281 |     async fn insert_shares(
282 |         &self,
283 |         shares: Vec<DbSyncPayload>,
284 |     ) -> eyre::Result<()> {
285 |         tracing::info!(
286 |             num_shares = shares.len(),
287 |             "Inserting shares into database"
288 |         );
289 | 
290 |         let shares = shares
291 |             .into_iter()
292 |             .map(|item| (item.id, item.share))
293 |             .collect::<Vec<(u64, EncodedBits)>>();
294 | 
295 |         self.database.insert_shares(&shares).await?;
296 | 
297 |         Ok(())
298 |     }
299 | 
300 |     #[tracing::instrument(skip(self))]
301 |     pub async fn sync_shares(&self) -> eyre::Result<usize> {
302 |         let mut shares = self.shares.lock().await;
303 | 
304 |         let next_share_number = shares.len();
305 |         let new_shares = self.database.fetch_shares(next_share_number).await?;
306 | 
307 |         shares.extend(new_shares);
308 | 
309 |         tracing::info!(num_shares = shares.len(), "Shares synchronized");
310 |         metrics::gauge!("participant.latest_serial_id")
311 |             .set(shares.len() as f64);
312 | 
313 |         Ok(shares.len())
314 |     }
315 | }
316 | 
317 | #[derive(Debug, Clone, Deserialize, Serialize)]
318 | pub struct DbSyncPayload {
319 |     pub id: u64,
320 |     pub share: EncodedBits,
321 | }
322 | 
323 | #[instrument(skip(shares, template, sender))]
324 | fn calculate_share_distances(
325 |     shares: Arc<Mutex<Vec<EncodedBits>>>,
326 |     template: Template,
327 |     batch_size: usize,
328 |     sender: mpsc::Sender<Vec<u8>>,
329 | ) -> eyre::Result<()> {
330 |     let shares = shares.blocking_lock();
331 |     let patterns: &[EncodedBits] = bytemuck::cast_slice(&shares);
332 | 
333 |     let template_rotations = template.rotations().map(|r| encode(&r));
334 |     let engine = DistanceEngine::new(template_rotations);
335 | 
336 |     for chunk in patterns.chunks(batch_size) {
337 |         let mut result = vec![
338 |             0_u8;
339 |             chunk.len()
340 |                 * std::mem::size_of::<[u16; 31]>() //TODO: make this a const
341 |         ];
342 | 
343 |         engine.batch_process(bytemuck::cast_slice_mut(&mut result), chunk);
344 | 
345 |         sender.blocking_send(result)?;
346 |     }
347 | 
348 |     Ok(())
349 | }
350 | 


--------------------------------------------------------------------------------
/tests/multi_match_truncated_e2e_sequence.json:
--------------------------------------------------------------------------------
 1 | [
 2 |   {
 3 |     "iris_code": "/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
 4 |     "mask_code": "/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
 5 |     "matched_with": []
 6 |   },
 7 |   {
 8 |     "iris_code": "///////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
 9 |     "mask_code": "/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
10 |     "matched_with": []
11 |   },
12 |   {
13 |     "iris_code": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
14 |     "mask_code": "/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
15 |     "matched_with": [
16 |       {
17 |         "distance": 0.25,
18 |         "serial_id": 1
19 |       }
20 |     ]
21 |   }
22 | ]


--------------------------------------------------------------------------------
/tests/multi_match_e2e_sequence.json:
--------------------------------------------------------------------------------
 1 | [
 2 |   {
 3 |     "iris_code": "/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
 4 |     "mask_code": "/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
 5 |     "matched_with": []
 6 |   },
 7 |   {
 8 |     "iris_code": "///////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
 9 |     "mask_code": "/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
10 |     "matched_with": []
11 |   },
12 |   {
13 |     "iris_code": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
14 |     "mask_code": "/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////w==",
15 |     "matched_with": [
16 |       {
17 |         "distance": 0.25,
18 |         "serial_id": 1
19 |       },
20 |       {
21 |         "distance": 0.25328125,
22 |         "serial_id": 2
23 |       }
24 |     ]
25 |   }
26 | ]


--------------------------------------------------------------------------------
/LICENSE-APACHE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |     TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |     1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |     2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |     3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |     4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |     5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |     6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |     7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |     8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |     9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |     END OF TERMS AND CONDITIONS
177 | 
178 |     APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |     Copyright 2024 Worldcoin Foundation
190 | 
191 |     Licensed under the Apache License, Version 2.0 (the "License");
192 |     you may not use this file except in compliance with the License.
193 |     You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |     Unless required by applicable law or agreed to in writing, software
198 |     distributed under the License is distributed on an "AS IS" BASIS,
199 |     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |     See the License for the specific language governing permissions and
201 |     limitations under the License.
202 | 
203 | 
204 | ---- LLVM Exceptions to the Apache 2.0 License ----
205 | 
206 | As an exception, if, as a result of your compiling your source code, portions
207 | of this Software are embedded into an Object form of such source code, you
208 | may redistribute such embedded portions in such Object form without complying
209 | with the conditions of Sections 4(a), 4(b) and 4(d) of the License.
210 | 
211 | In addition, if you combine or link compiled forms of this Software with
212 | software that is licensed under the GPLv2 ("Combined Software") and if a
213 | court of competent jurisdiction determines that the patent provision (Section
214 | 3), the indemnity provision (Section 9) or other Section of the License
215 | conflicts with the conditions of the GPLv2, you may retroactively and
216 | prospectively choose to deem waived or otherwise exclude such Section(s) of
217 | the License, but only in their entirety and only with respect to the Combined
218 | Software.


--------------------------------------------------------------------------------
/docs/specification.ipynb:
--------------------------------------------------------------------------------
  1 | {
  2 |  "cells": [
  3 |   {
  4 |    "cell_type": "markdown",
  5 |    "metadata": {},
  6 |    "source": [
  7 |     "# Specification\n",
  8 |     "\n",
  9 |     "$$\n",
 10 |     "\\def\\vec#1{\\mathbf{#1}}\n",
 11 |     "\\def\\T{\\mathsf{T}}\n",
 12 |     "\\def\\F{\\mathsf{F}}\n",
 13 |     "\\def\\U{\\mathsf{U}}\n",
 14 |     "\\def\\popcount{\\mathtt{popcount}}\n",
 15 |     "\\def\\count{\\mathtt{count}}\n",
 16 |     "\\def\\fhd{\\mathtt{fhd}}\n",
 17 |     "\\def\\vsum{\\mathtt{sum}}\n",
 18 |     "$$\n",
 19 |     "\n",
 20 |     "First we need some definitions and theory on masked bitvectors and their representation in $ℤ_{2^{16}}$ and present a simple secure multiparty computation scheme.\n",
 21 |     "\n",
 22 |     "## Masked bitvectors\n",
 23 |     "\n",
 24 |     "### Binary operations in rings\n",
 25 |     "\n",
 26 |     "Given a bitvector $\\vec b ∈ \\{\\F,\\T\\}^n$ of length $n$, we take the usual binary operations of *not* $¬$, *and* $∧$, *or* $∨$, *xor* $⊕$, and also $\\popcount$. We can embed this in a ring $R$ by representing $\\F,\\T$ as $0,1$ respectively and using the following operations on vectors $\\vec b ∈ R^n$:\n",
 27 |     "\n",
 28 |     "$$\n",
 29 |     "\\begin{aligned}\n",
 30 |     "¬ \\vec a &= 1 - \\vec a \\\\\n",
 31 |     "\\vec a ∧ \\vec b &= \\vec a ⊙ \\vec b \\\\\n",
 32 |     "\\vec a ∨ \\vec b &= \\vec a + \\vec b - \\vec a ⊙ \\vec b \\\\\n",
 33 |     "\\vec a ⊕ \\vec b &= \\vec a + \\vec b - 2 ⋅ \\vec a ⊙ \\vec b \\\\\n",
 34 |     "\\popcount(\\vec a) &= \\vsum(\\vec a) \\\\\n",
 35 |     "\\end{aligned}\n",
 36 |     "$$\n",
 37 |     "\n",
 38 |     "Where $⊙$ is the element wise product and $\\vsum$ adds the vector elements. Note that $\\vsum(\\vec a ⊙ \\vec b)$ is the vector dot product $\\vec a ⋅ \\vec b$. Note also that the $\\popcount$ will be computed in the ring, so a sufficiently large modular ring is required.\n",
 39 |     "\n",
 40 |     "### Masked binary operations in rings\n",
 41 |     "\n",
 42 |     "A *masked bitvector* has three values $\\mathtt{b} ∈ \\{\\F, \\T, \\U\\}^n$ which should be interpreted as *false*, *true* and *unavailable* respectively. The operations are the same as for binary, except when one of the arguments is $\\U$, the result is always $\\U$. We take $\\popcount$ to count the number of $\\T$'s and introduce $\\mathtt{count}$ to count the number of available entries i.e. either $\\F$ or $\\T$ but not $\\U$.\n",
 43 |     "\n",
 44 |     "We can represent this on a suitably large (**Q** how large?) ring as $-1,0,1$ for $\\F, \\U, \\T$ respectively.\n",
 45 |     "\n",
 46 |     "$$\n",
 47 |     "\\begin{aligned}\n",
 48 |     "¬ \\vec a &= - \\vec a \\\\\n",
 49 |     "\\vec a ∧ \\vec b &= ½ ⋅ \\vec a ⊙ \\vec b ⊙ (1 + \\vec a + \\vec b - \\vec a ⊙ \\vec b) \\\\\n",
 50 |     "\\vec a ∨ \\vec b &= ½ ⋅ \\vec a ⊙ \\vec b ⊙ (\\vec a ⊙ \\vec b + \\vec a + \\vec b -1 ) \\\\\n",
 51 |     "\\vec a ⊕ \\vec b &= -\\vec a ⊙ \\vec b \\\\\n",
 52 |     "\\count(\\vec a) &= \\vsum\\left(\\vec a^{⊙2}\\right) \\\\\n",
 53 |     "\\popcount(\\vec a) &= ½ ⋅ \\vsum\\left(\\vec a^{⊙2} + \\vec a\\right)\n",
 54 |     "\\end{aligned}\n",
 55 |     "$$\n",
 56 |     "\n",
 57 |     "Note that squaring, $\\vec a^{⊙2}$, produces a regular $0,1$ bitvector that is $0$ whenever the value is $\\U$ and $1$ otherwise, i.e. it  allows us to extract the mask as a regular bitvector. Similarly $½ ⋅(\\vec a^{⊙2} + \\vec a)$ extracts the data bits: $1$ for $\\T$ and $0$ otherwise. The reverse mapping, converting data bits $\\vec b$ and mask bits $\\vec m$ to a masked bitvector is $\\vec m - 2⋅\\vec b⊙\\vec m$. If the data bits are known to be $\\F$ in the in the unavailable region, then it simplifies to $\\vec m - 2⋅\\vec b⊙\\vec m$.\n",
 58 |     "\n",
 59 |     "In this representation *and* and *or* have awkward fourth degree expressions, though they can be evaluated using only two multiplies. The expressions for *xor*, $\\count$ and $\\popcount$ are quite nice considering that they correctly account for masks. This makes it a suitable system for computing fractional hamming distances.\n",
 60 |     "\n",
 61 |     "### Fractional hamming distance\n",
 62 |     "\n",
 63 |     "The *fractional hamming weight* of a masked bitvector $\\vec a$ is defined as\n",
 64 |     "\n",
 65 |     "$$\n",
 66 |     "\\begin{aligned}\n",
 67 |     "\\mathtt{fhw}(\\vec a) &= \\frac\n",
 68 |     "{\\popcount(\\vec a)}\n",
 69 |     "{\\count(\\vec a )}\n",
 70 |     "\\end{aligned}\n",
 71 |     "$$\n",
 72 |     "\n",
 73 |     "and the *fractional hamming distance* between two masked bitvectors $\\vec a$ and $\\vec b$ as\n",
 74 |     "\n",
 75 |     "$$\n",
 76 |     "\\begin{aligned}\n",
 77 |     "\\fhd(\\vec a, \\vec b)\n",
 78 |     "&= \\mathtt{fhw}(\\vec a ⊕ \\vec b) =\\frac\n",
 79 |     "{\\popcount(\\vec a ⊕ \\vec b)}\n",
 80 |     "{\\count(\\vec a ⊕ \\vec b)}\n",
 81 |     "\\end{aligned}\n",
 82 |     "$$\n",
 83 |     "\n",
 84 |     "In the ring representation these can be computed as\n",
 85 |     "\n",
 86 |     "$$\n",
 87 |     "\\begin{aligned}\n",
 88 |     "\\fhd(\\vec a, \\vec b)\n",
 89 |     "& =\\frac\n",
 90 |     "{ ½ ⋅ \\vsum\\left((-\\vec a ⊙ \\vec b)^{⊙2} -\\vec a ⊙ \\vec b\\right)}\n",
 91 |     "{\\vsum\\left((-\\vec a ⊙ \\vec b)^{⊙2}\\right)} \n",
 92 |     "&&=\\frac{1}{2} -\\frac\n",
 93 |     "{ \\vsum\\left(\\vec a ⊙ \\vec b\\right)}\n",
 94 |     "{2⋅\\vsum\\left((\\vec a ⊙ \\vec b)^{⊙2}\\right)}  \\\\\n",
 95 |     "\\end{aligned}\n",
 96 |     "$$\n",
 97 |     "\n",
 98 |     "Note that $(\\vec a ⊙ \\vec b)^{⊙2} = \\vec a^{⊙2} ⊙ \\vec b^{⊙2}$ and thus depends only on the masks of $\\vec a$ and $\\vec b$. Given the masks $\\vec a_m$ and $\\vec b_m$ it can be computed in binary as\n",
 99 |     "\n",
100 |     "$$\n",
101 |     "\\vsum\\left((\\vec a ⊙ \\vec b)^{⊙2}\\right) = \\popcount(\\vec a_m ∧ \\vec b_m)\n",
102 |     "$$\n",
103 |     "\n",
104 |     "## Secure Multiparty Computation\n",
105 |     "\n",
106 |     "We construct a simple secret sharing scheme over $ℤ_{2^{16}}$. To encrypt a value $x$ we compute $n$ random secret shares $x_0,…,x_{n-1}$ such that\n",
107 |     "\n",
108 |     "$$\n",
109 |     "x = \\sum_{i∈[0,n)} x_i\n",
110 |     "$$\n",
111 |     "\n",
112 |     "One way to do this is by generating $n-1$ random values $x_0,…,x_{n-2}∈ℤ_{2^{16}}$ and solving for $x_{n-1}$:\n",
113 |     "\n",
114 |     "$$\n",
115 |     "x_{n-1} = x - \\sum_{i∈[0,n-1)} x_i\n",
116 |     "$$\n",
117 |     "\n",
118 |     "The shares are encrypted in the sense that this is essentially a [one-time-pad] with any $n-1$ shares being the decryption key for the remaining share. Another valid perspective is that the shares are independently random and the secret is stored in their correlation.\n",
119 |     "\n",
120 |     "[one-time-pad]: https://en.wikipedia.org/wiki/One-time_pad\n",
121 |     "\n",
122 |     "### Additive homomorphism\n",
123 |     "\n",
124 |     "This secret sharing scheme is additive homomorphic. Given two secrets $a$ and $b$ with shares $a_i$ and $b_i$, each party can locally compute $c_i = a_i + b_i$. These $c_i$ are valid shares for the sum $c = a + b$.\n",
125 |     "\n",
126 |     "Similarly we can compute the product of a secret $a$ with shares $a_i$ and a constant $b ∈ ℤ_{2^{16}}$ locally as $c_i = a_i ⋅ b$.\n",
127 |     "\n",
128 |     "Generalizing this, given a secret vector $\\vec a ∈ ℤ_{2^{16}}^n$ and a cleartext vector $\\vec b ∈ ℤ_{2^{16}}^n$ we can compute shares of the dot product $\\vec c = \\vec a ⋅ \\vec b$ as $c_i = \\sum_j a_{ij} \\cdot b_j$.\n",
129 |     "\n",
130 |     "Note that these newly created shares are correlated with the input secret shares. To solve this, they need to be re-randomized.\n",
131 |     "\n",
132 |     "### Re-randomizing\n",
133 |     "\n",
134 |     "To re-randomize results we construct secret shares of zero and add them to the result. One way to do this locally is for each party to have two random number generators, $r_0, …, r_{n-1}$ and some cyclic permutation $r_{σ(0)}, … r_{σ(n-1)}$. The a secret share $a_i$ is locally updated as:\n",
135 |     "\n",
136 |     "$$\n",
137 |     "a_i' = a_i + r_i - r_{σ(i)}\n",
138 |     "$$\n",
139 |     "\n",
140 |     "One method for parties $i$ and $σ(i)$ to establish shared randomness is by using [Diffie-Hellman][DH] to establish a seed for a cryptographic PRNG.\n",
141 |     "\n",
142 |     "[DH]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange\n",
143 |     "\n",
144 |     "## Iris codes\n",
145 |     "\n",
146 |     "For present purposes an iriscode is a $12\\ 800$-bit masked bitvector.\n",
147 |     "\n",
148 |     "### Rotations\n",
149 |     "\n",
150 |     "The $12\\ 800$ masked bitvectors can be interpreted as $64 × 200$ bit matrices. We can then define a rotation as a permutation on the columns:\n",
151 |     "\n",
152 |     "$$\n",
153 |     "\\mathtt{rot}(\\vec b, n)[i,j] = \\vec b[i,(j+n)\\ \\mathrm{mod}\\ 200]\n",
154 |     "$$\n",
155 |     "\n",
156 |     "### Distance\n",
157 |     "\n",
158 |     "The *distance* between two iriscodes $\\mathtt a$ and $\\mathtt b$ is defined as the minimum distance over rotations from $-15$ to $15$:\n",
159 |     "\n",
160 |     "$$\n",
161 |     "\\mathtt{dist}(\\vec a, \\vec b) = \\min_{r∈[-15,15]}\\ \\fhd(\\mathtt{rot}(\\vec a, r), \\vec b)\n",
162 |     "$$\n",
163 |     "\n",
164 |     "### Uniqueness\n",
165 |     "\n",
166 |     "To verify uniqueness we require that an iriscode $\\vec a$ is a certain minimum distance from all previous iriscodes:\n",
167 |     "\n",
168 |     "$$\n",
169 |     "\\mathop{\\Large ∀}\\limits_{\\vec b ∈ \\mathtt{DB}}\\ \n",
170 |     "\\mathtt{dist}(\\vec a, \\vec b) > \\mathrm{threshold}\n",
171 |     "$$\n",
172 |     "\n",
173 |     "where $\\mathtt{DB}$ is the set of already registered iriscodes (currently 3 million entries).\n",
174 |     "\n",
175 |     "When there is a match, we are also interested in finding the location of the best match. Both can be addressed by implementing a method that returns the index of the minimum distance entry.\n",
176 |     "\n",
177 |     "## Iriscode SMPC v1\n",
178 |     "\n",
179 |     "Objective: DB iriscode bits encrypted. Query, mask and distances unencrypted. \n",
180 |     "\n",
181 |     "For each iriscode $\\vec b_i$ in the database $\\mathtt{DB}$ we convert it to a masked bitvector embedded in the ring $ℤ_{2^{16}}$. We then create secret shares such that each party $j$ has a share $\\vec b_{ij}$.\n",
182 |     "\n",
183 |     "Given a query iriscode $\\vec a$, also encoded as a masked bitvector embedded in $ℤ_{2^{16}}$, but not converted to secret shares. Each party $j$ computes rotations of the query $r∈[-15,15]$ and computes the following with each database share $\\vec b_{ij}$:\n",
184 |     "\n",
185 |     "$$\n",
186 |     "d_{ijr} = \\vsum(\\mathtt{rot}(\\vec a, r) ⊙ \\vec b_{ij})\n",
187 |     "$$\n",
188 |     "\n",
189 |     "Each party produces $31 ⋅ |\\mathtt{DB}|$ values this way. These values are aggregated in the coordinator, which can decrypt the results\n",
190 |     "\n",
191 |     "$$\n",
192 |     "d_{ir} = \\sum_j d_{ijr} = \\vsum(\\mathtt{rot}(\\vec a, r) ⊙ \\vec b_{i})\n",
193 |     "$$\n",
194 |     "\n",
195 |     "The coordinator has a database of only the masks $\\vec b_{i\\ \\mathrm{m}}$ as regular bitvectors. This allows it to compute\n",
196 |     "\n",
197 |     "$$\n",
198 |     "m_{ir} = \\popcount(\\mathtt{rot}(\\vec a_{\\mathrm{m}}, r) ∧ \\vec b_{i\\,\\mathrm{m}})\n",
199 |     "$$\n",
200 |     "\n",
201 |     "With both these pieces of information, the coordinator can compute the $\\fhd$ between the query $\\vec a$ and database entry $\\vec b_i$.\n",
202 |     "\n",
203 |     "$$\n",
204 |     "\\mathtt{dist}(\\vec a, \\vec b_i) =\n",
205 |     "\\min_{r∈[-15,15]}\\ \\left( \\frac12 - \\frac\n",
206 |     "{d_{ir}}\n",
207 |     "{2⋅m_{ir}} \\right)\n",
208 |     "$$\n",
209 |     "\n",
210 |     "To see that this work we can substitute back all the definitions from above:\n",
211 |     "\n",
212 |     "$$\n",
213 |     "\\begin{aligned}\n",
214 |     "\\mathtt{dist}(\\vec a, \\vec b_i) &=\n",
215 |     "\\min_{r∈[-15,15]}\\ \\left( \\frac12 - \\frac\n",
216 |     "{d_{ir}}\n",
217 |     "{2⋅m_{ir}} \\right) \\\\\n",
218 |     "\\min_{r∈[-15,15]}\\ \\fhd(\\mathtt{rot}(\\vec a, r), \\vec b_i) &=\n",
219 |     "\\min_{r∈[-15,15]}\\ \\left( \\frac12 - \\frac\n",
220 |     "{\\sum_j d_{ijr}}\n",
221 |     "{2⋅\\popcount(\\vec a_{\\mathrm{m}} ∧ \\vec b_{i\\,\\mathrm{m}})} \\right) \\\\\n",
222 |     "\\fhd(\\mathtt{rot}(\\vec a, r), \\vec b_i) &=\n",
223 |     "\\frac12 - \\frac\n",
224 |     "{\\vsum(\\mathtt{rot}(\\vec a, r) ⊙ \\vec b_{i})}\n",
225 |     "{2⋅\\vsum\\left((\\mathtt{rot}(\\vec a, r) ⊙ \\vec b_{i})^{⊙2}\\right)} \\\\\n",
226 |     "\\end{aligned}\n",
227 |     "$$\n",
228 |     "\n",
229 |     "## References\n",
230 |     "\n",
231 |     "* [MRZ15] Payman Mohassel, Mike Rosulek, and Ye Zhang (2015). Fast and Secure Three-party Computation: The Garbled Circuit Approach.\n",
232 |     "* [AFL+16] Toshinori Araki, Jun Furukawa, Yehuda Lindell, Ariel Nof, and Kazuma Ohara (2016) High-Throughput Semi-Honest Secure Three-Party Computation with an Honest Majority.\n",
233 |     "* [MZ17] Payman Mohassel and Yupeng Zhang (2017). SecureML: A System for Scalable Privacy-Preserving Machine Learning.\n",
234 |     "* [MR18] Payman Mohassel and Peter Rindal (2018). ABY3: A Mixed Protocol Framework for Machine Learning.\n",
235 |     "* [CRS19] Harsh Chaudhari, Rahul Rachuri, and Ajith Suresh (2019). Trident: Efficient 4PC Framework for Privacy Preserving Machine Learning.\n",
236 |     "* [BCPS19] Megha Byali, Harsh Chaudhari, Arpita Patra, and Ajith Suresh (2019). FLASH: Fast and Robust Framework for Privacy-preserving Machine Learning.\n",
237 |     "* [PS20] Arpita Patra and Ajith Suresh (2020). BLAZE: Blazing Fast Privacy-Preserving Machine Learning.\n",
238 |     "* [PSSY20] Arpita Patra, Thomas Schneider, Ajith Suresh, and Hossein Yalame (2020). ABY2.0: Improved Mixed-Protocol Secure Two-Party Computation.\n",
239 |     "\n",
240 |     "[MRZ15]: https://eprint.iacr.org/2015/931.pdf\n",
241 |     "[AFL+16]: https://eprint.iacr.org/2016/768.pdf\n",
242 |     "[MZ17]: https://eprint.iacr.org/2017/396.pdf\n",
243 |     "[MR18]: https://eprint.iacr.org/2018/403.pdf\n",
244 |     "[CRS19]: https://eprint.iacr.org/2019/1315.pdf\n",
245 |     "[BCPS19]: https://eprint.iacr.org/2019/1365.pdf\n",
246 |     "[PS20]: https://eprint.iacr.org/2020/042.pdf\n",
247 |     "[PSSY20]: https://eprint.iacr.org/2020/1225.pdf"
248 |    ]
249 |   }
250 |  ],
251 |  "metadata": {
252 |   "kernelspec": {
253 |    "display_name": "Python 3",
254 |    "language": "python",
255 |    "name": "python3"
256 |   },
257 |   "language_info": {
258 |    "name": "python",
259 |    "version": "3.10.12"
260 |   }
261 |  },
262 |  "nbformat": 4,
263 |  "nbformat_minor": 2
264 | }
265 | 


--------------------------------------------------------------------------------
/src/encoded_bits.rs:
--------------------------------------------------------------------------------
  1 | use core::fmt;
  2 | use std::array;
  3 | use std::borrow::Cow;
  4 | use std::iter::{self, Sum};
  5 | use std::ops::{self, MulAssign};
  6 | 
  7 | use base64::prelude::BASE64_STANDARD;
  8 | use base64::Engine;
  9 | use bytemuck::{cast_slice_mut, Pod, Zeroable};
 10 | use rand::distributions::{Distribution, Standard};
 11 | use rand::Rng;
 12 | use serde::de::Error as _;
 13 | use serde::{Deserialize, Deserializer, Serialize};
 14 | 
 15 | use crate::bits::{Bits, BITS};
 16 | 
 17 | #[repr(transparent)]
 18 | #[derive(Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
 19 | pub struct EncodedBits(pub [u16; BITS]);
 20 | 
 21 | unsafe impl Zeroable for EncodedBits {}
 22 | 
 23 | unsafe impl Pod for EncodedBits {}
 24 | 
 25 | impl EncodedBits {
 26 |     pub const ZERO: Self = Self([0; BITS]);
 27 |     pub const MAX: Self = Self([u16::MAX; BITS]);
 28 | 
 29 |     /// Generate secret shares from this bitvector.
 30 |     pub fn share(&self, n: usize, rng: &mut impl Rng) -> Box<[EncodedBits]> {
 31 |         assert!(n > 0);
 32 | 
 33 |         // Create `n - 1` random shares.
 34 |         let mut result: Box<[EncodedBits]> =
 35 |             iter::repeat_with(|| rng.gen::<EncodedBits>())
 36 |                 .take(n - 1)
 37 |                 .chain(iter::once(EncodedBits([0_u16; BITS])))
 38 |                 .collect();
 39 |         let (last, rest) = result.split_last_mut().unwrap();
 40 | 
 41 |         // Initialize last to sum of self
 42 |         *last = self - rest.iter().sum::<EncodedBits>();
 43 | 
 44 |         result
 45 |     }
 46 | 
 47 |     pub fn sum(&self) -> u16 {
 48 |         self.0.into_iter().fold(0_u16, u16::wrapping_add)
 49 |     }
 50 | 
 51 |     pub fn dot(&self, other: &Self) -> u16 {
 52 |         self.0
 53 |             .iter()
 54 |             .zip(other.0.iter())
 55 |             .map(|(&a, &b)| u16::wrapping_mul(a, b))
 56 |             .fold(0_u16, u16::wrapping_add)
 57 |     }
 58 | }
 59 | 
 60 | impl Default for EncodedBits {
 61 |     fn default() -> Self {
 62 |         Self([0; BITS])
 63 |     }
 64 | }
 65 | 
 66 | impl From<&Bits> for EncodedBits {
 67 |     fn from(value: &Bits) -> Self {
 68 |         EncodedBits(array::from_fn(|i| if value[i] { 1 } else { 0 }))
 69 |     }
 70 | }
 71 | 
 72 | impl Distribution<EncodedBits> for Standard {
 73 |     fn sample<R: Rng + ?Sized>(&self, rng: &mut R) -> EncodedBits {
 74 |         let mut values = [0_u16; BITS];
 75 |         rng.fill_bytes(cast_slice_mut(values.as_mut_slice()));
 76 |         EncodedBits(values)
 77 |     }
 78 | }
 79 | 
 80 | impl ops::Neg for EncodedBits {
 81 |     type Output = EncodedBits;
 82 | 
 83 |     fn neg(mut self) -> Self::Output {
 84 |         for r in self.0.iter_mut() {
 85 |             *r = 0_u16.wrapping_sub(*r);
 86 |         }
 87 |         self
 88 |     }
 89 | }
 90 | 
 91 | impl ops::Neg for &EncodedBits {
 92 |     type Output = EncodedBits;
 93 | 
 94 |     fn neg(self) -> Self::Output {
 95 |         let mut result = *self;
 96 |         for r in result.0.iter_mut() {
 97 |             *r = 0_u16.wrapping_sub(*r);
 98 |         }
 99 |         result
100 |     }
101 | }
102 | 
103 | impl<'a> Sum<&'a EncodedBits> for EncodedBits {
104 |     fn sum<I: Iterator<Item = &'a Self>>(iter: I) -> Self {
105 |         let mut result = Self::default();
106 |         for i in iter {
107 |             result += i;
108 |         }
109 |         result
110 |     }
111 | }
112 | 
113 | impl ops::Add<EncodedBits> for &EncodedBits {
114 |     type Output = EncodedBits;
115 | 
116 |     fn add(self, rhs: EncodedBits) -> Self::Output {
117 |         let mut copy = *self;
118 |         copy += &rhs;
119 |         copy
120 |     }
121 | }
122 | 
123 | impl ops::Add<&EncodedBits> for EncodedBits {
124 |     type Output = EncodedBits;
125 | 
126 |     fn add(mut self, rhs: &EncodedBits) -> Self::Output {
127 |         self += rhs;
128 |         self
129 |     }
130 | }
131 | 
132 | impl ops::Add<EncodedBits> for EncodedBits {
133 |     type Output = EncodedBits;
134 | 
135 |     fn add(mut self, rhs: EncodedBits) -> Self::Output {
136 |         self += &rhs;
137 |         self
138 |     }
139 | }
140 | 
141 | impl ops::Sub<EncodedBits> for &EncodedBits {
142 |     type Output = EncodedBits;
143 | 
144 |     fn sub(self, mut rhs: EncodedBits) -> Self::Output {
145 |         for (a, &b) in rhs.0.iter_mut().zip(self.0.iter()) {
146 |             *a = b.wrapping_sub(*a);
147 |         }
148 |         rhs
149 |     }
150 | }
151 | 
152 | impl ops::Sub<&EncodedBits> for EncodedBits {
153 |     type Output = EncodedBits;
154 | 
155 |     fn sub(mut self, rhs: &EncodedBits) -> Self::Output {
156 |         self -= rhs;
157 |         self
158 |     }
159 | }
160 | 
161 | impl ops::Sub<EncodedBits> for EncodedBits {
162 |     type Output = EncodedBits;
163 | 
164 |     fn sub(mut self, rhs: EncodedBits) -> Self::Output {
165 |         self -= &rhs;
166 |         self
167 |     }
168 | }
169 | 
170 | impl ops::Mul for &EncodedBits {
171 |     type Output = EncodedBits;
172 | 
173 |     fn mul(self, rhs: Self) -> Self::Output {
174 |         let mut copy = *self;
175 |         copy.mul_assign(rhs);
176 |         copy
177 |     }
178 | }
179 | 
180 | impl ops::Mul<&EncodedBits> for EncodedBits {
181 |     type Output = EncodedBits;
182 | 
183 |     fn mul(mut self, rhs: &EncodedBits) -> Self::Output {
184 |         self.mul_assign(rhs);
185 |         self
186 |     }
187 | }
188 | 
189 | impl ops::Mul<u16> for EncodedBits {
190 |     type Output = EncodedBits;
191 | 
192 |     fn mul(mut self, rhs: u16) -> Self::Output {
193 |         self.mul_assign(rhs);
194 |         self
195 |     }
196 | }
197 | 
198 | impl ops::AddAssign<&EncodedBits> for EncodedBits {
199 |     fn add_assign(&mut self, rhs: &EncodedBits) {
200 |         for (s, &r) in self.0.iter_mut().zip(rhs.0.iter()) {
201 |             *s = s.wrapping_add(r);
202 |         }
203 |     }
204 | }
205 | 
206 | impl ops::SubAssign<&EncodedBits> for EncodedBits {
207 |     fn sub_assign(&mut self, rhs: &EncodedBits) {
208 |         for (s, &r) in self.0.iter_mut().zip(rhs.0.iter()) {
209 |             *s = s.wrapping_sub(r);
210 |         }
211 |     }
212 | }
213 | 
214 | impl ops::MulAssign<&EncodedBits> for EncodedBits {
215 |     fn mul_assign(&mut self, rhs: &EncodedBits) {
216 |         for (s, &r) in self.0.iter_mut().zip(rhs.0.iter()) {
217 |             *s = s.wrapping_mul(r);
218 |         }
219 |     }
220 | }
221 | 
222 | impl ops::MulAssign<u16> for EncodedBits {
223 |     fn mul_assign(&mut self, rhs: u16) {
224 |         for s in self.0.iter_mut() {
225 |             *s = s.wrapping_mul(rhs);
226 |         }
227 |     }
228 | }
229 | 
230 | impl<'de> Deserialize<'de> for EncodedBits {
231 |     fn deserialize<D>(deserializer: D) -> Result<EncodedBits, D::Error>
232 |     where
233 |         D: Deserializer<'de>,
234 |     {
235 |         let s: Cow<'static, str> = Deserialize::deserialize(deserializer)?;
236 | 
237 |         let bytes = BASE64_STANDARD
238 |             .decode(s.as_bytes())
239 |             .map_err(D::Error::custom)?;
240 | 
241 |         if bytes.len() != std::mem::size_of::<EncodedBits>() {
242 |             return Err(D::Error::invalid_length(bytes.len(), &"16 bytes"));
243 |         }
244 | 
245 |         let mut limbs = [0_u16; BITS];
246 |         for (i, chunk) in bytes.array_chunks::<2>().enumerate() {
247 |             limbs[i] = u16::from_be_bytes(*chunk);
248 |         }
249 | 
250 |         Ok(Self(limbs))
251 |     }
252 | }
253 | 
254 | impl Serialize for EncodedBits {
255 |     fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
256 |     where
257 |         S: serde::Serializer,
258 |     {
259 |         let mut bytes = [0_u8; std::mem::size_of::<Self>()];
260 | 
261 |         for (i, limb) in self.0.iter().enumerate() {
262 |             let limb_bytes = limb.to_be_bytes();
263 |             bytes[i * 2..(i + 1) * 2].copy_from_slice(&limb_bytes);
264 |         }
265 | 
266 |         let s = BASE64_STANDARD.encode(bytes);
267 | 
268 |         s.serialize(serializer)
269 |     }
270 | }
271 | 
272 | impl fmt::Debug for EncodedBits {
273 |     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
274 |         if f.alternate() {
275 |             write!(f, "EncodedBits({:?})", &self.0)
276 |         } else {
277 |             let s = serde_json::to_string(self).unwrap();
278 |             let s = s.trim_matches('"');
279 |             write!(f, "{}", s)
280 |         }
281 |     }
282 | }
283 | 
284 | #[cfg(test)]
285 | mod tests {
286 |     use rand::thread_rng;
287 | 
288 |     use super::*;
289 |     use crate::bits::tests::*;
290 |     use crate::template::Template;
291 | 
292 |     #[test]
293 |     fn encoded_bits_serialization() {
294 |         let mut encoded_bits = EncodedBits::default();
295 | 
296 |         // Random changes
297 |         let mut rng = thread_rng();
298 |         for _ in 0..100 {
299 |             let index = rng.gen_range(0..encoded_bits.0.len());
300 | 
301 |             encoded_bits.0[index] = rng.gen();
302 |         }
303 | 
304 |         let serialized = serde_json::to_string(&encoded_bits).unwrap();
305 | 
306 |         let deserialized = serde_json::from_str::<EncodedBits>(&serialized)
307 |             .expect("Failed to deserialize EncodedBits");
308 | 
309 |         assert_eq!(deserialized, encoded_bits);
310 |     }
311 | 
312 |     #[test]
313 |     fn encoded_bits_deserialization_known_pattern() -> eyre::Result<()> {
314 |         let unpacked_bits_u16_first_half_set_pattern =
315 |             [[1_u16; 32], [0_u16; 32]].concat().repeat(BITS / 64);
316 | 
317 |         assert_eq!(unpacked_bits_u16_first_half_set_pattern.len(), BITS);
318 | 
319 |         let base64_code = format!(
320 |             "\"{}\"",
321 |             BASE64_STANDARD.encode(u16_slice_to_u8_vec(
322 |                 &unpacked_bits_u16_first_half_set_pattern
323 |             ))
324 |         );
325 | 
326 |         let deserialized = serde_json::from_str::<EncodedBits>(&base64_code)
327 |             .expect("Failed to deserialize EncodedBits");
328 | 
329 |         assert_eq!(
330 |             binary_string_unpacked_u16(&deserialized, false),
331 |             FIRST_HALF_BITS_SET_PATTERN_U64_STR.repeat(BITS / 64)
332 |         );
333 | 
334 |         Ok(())
335 |     }
336 | 
337 |     #[test]
338 |     fn encoded_bits_serialization_known_pattern() -> eyre::Result<()> {
339 |         let bits: Bits = Bits(FIRST_HALF_BITS_SET_PATTERN_U64_IRIS_CODE);
340 |         assert_eq!(bits.0.len(), BITS / 64); // BITS = 12800 /64 => 200
341 | 
342 |         let encoded_bits = EncodedBits::from(&bits);
343 |         assert_eq!(encoded_bits.0.len(), BITS);
344 | 
345 |         let serialized = serde_json::to_string(&encoded_bits)?;
346 | 
347 |         let bits_u16_pattern =
348 |             [[1_u16; 32], [0_u16; 32]].concat().repeat(BITS / 64);
349 | 
350 |         assert_eq!(bits_u16_pattern.len(), BITS);
351 | 
352 |         let base64_code = format!(
353 |             "\"{}\"",
354 |             BASE64_STANDARD.encode(u16_slice_to_u8_vec(&bits_u16_pattern))
355 |         );
356 | 
357 |         assert_eq!(serialized, base64_code);
358 | 
359 |         Ok(())
360 |     }
361 | 
362 |     #[test]
363 |     fn unpack_from_bits_to_encoded_bits() -> eyre::Result<()> {
364 |         let bits_u64 = Bits::from(FIRST_HALF_BITS_SET_PATTERN_IRIS_CODE_BYTES);
365 |         let bits_u16_unpacked = EncodedBits::from(&bits_u64);
366 | 
367 |         print_binary_representation_u8(
368 |             &FIRST_HALF_BITS_SET_PATTERN_IRIS_CODE_BYTES,
369 |         );
370 |         print_binary_representation_u64(&bits_u64.0);
371 |         print_binary_u16_unpacked(&bits_u16_unpacked);
372 |         assert_eq!(
373 |             binary_string_u8(
374 |                 &FIRST_HALF_BITS_SET_PATTERN_IRIS_CODE_BYTES,
375 |                 false,
376 |             ),
377 |             binary_string_unpacked_u16(&bits_u16_unpacked, false)
378 |         );
379 |         print_binary_u16_unpacked(&bits_u16_unpacked);
380 | 
381 |         Ok(())
382 |     }
383 | 
384 |     fn u16_slice_to_u8_vec(s: &[u16]) -> Vec<u8> {
385 |         s.iter().flat_map(|x| x.to_be_bytes()).collect()
386 |     }
387 | 
388 |     fn print_binary_u16_unpacked(bits: &EncodedBits) {
389 |         println!("{}", binary_string_unpacked_u16(bits, false));
390 |     }
391 | 
392 |     fn binary_string_unpacked_u16(
393 |         bits: &EncodedBits,
394 |         separated: bool,
395 |     ) -> String {
396 |         bits.0
397 |             .iter()
398 |             .map(|byte| {
399 |                 if *byte == 1 {
400 |                     String::from("1")
401 |                 } else {
402 |                     String::from("0")
403 |                 }
404 |             })
405 |             .collect::<Vec<String>>()
406 |             .join(if separated { " " } else { "" })
407 |     }
408 | 
409 |     #[test]
410 |     fn test_sum_shares() {
411 |         let mut rng = rand::thread_rng();
412 | 
413 |         for _ in 0..100 {
414 |             let template = rng.gen::<Template>();
415 | 
416 |             let encoded_bits: EncodedBits = EncodedBits::from(&template.code);
417 | 
418 |             let shares = encoded_bits.share(2, &mut rng);
419 | 
420 |             let summed_encoded_bits = shares.iter().sum::<EncodedBits>();
421 | 
422 |             let summed_bits = Bits::from(&summed_encoded_bits);
423 | 
424 |             assert_eq!(summed_bits, template.code);
425 |         }
426 |     }
427 | 
428 |     #[test]
429 |     fn add_shares() {
430 |         let mut rng = rand::thread_rng();
431 | 
432 |         let template = rng.gen::<Template>();
433 |         let encoded_bits: EncodedBits = EncodedBits::from(&template.code);
434 | 
435 |         let shares = encoded_bits.share(2, &mut rng);
436 |         let summed_encoded_bits = shares[1] + shares[0];
437 | 
438 |         let summed_bits = Bits::from(&summed_encoded_bits);
439 | 
440 |         assert_eq!(summed_bits, template.code);
441 |     }
442 | 
443 |     #[test]
444 |     fn recovery_text_repr() {
445 |         let mut rng = rand::thread_rng();
446 | 
447 |         let template = rng.gen::<Template>();
448 |         let code_repr = serde_json::to_string(&template.code).unwrap();
449 |         let encoded_bits: EncodedBits = EncodedBits::from(&template.code);
450 | 
451 |         let shares = encoded_bits.share(2, &mut rng);
452 |         let summed_encoded_bits = shares[1] + shares[0];
453 | 
454 |         let summed_bits = Bits::from(&summed_encoded_bits);
455 |         let summed_repr = serde_json::to_string(&summed_bits).unwrap();
456 | 
457 |         assert_eq!(summed_bits, template.code);
458 |         assert_eq!(summed_repr, code_repr);
459 |     }
460 | 
461 |     #[test]
462 |     fn deserialize_missing_data() {
463 |         const ENCODED_BITS: &str = r#""////""#;
464 | 
465 |         let _eb = serde_json::from_str::<EncodedBits>(ENCODED_BITS)
466 |             .expect_err("Parsing should fail if not enough data");
467 |     }
468 | }
469 | 


--------------------------------------------------------------------------------