The repo of Private Set Intersection(PSI) and Private Information Retrieval(PIR) from SecretFlow.
This repo is formerly psi/pir part from secretflow/spu repo.
Note
We invite you to try Easy PSI, a standalone PSI product powered by this library.
For PSI v1 API and PIR, please check documentation.
In the following example, we are going to run PSI at a single host.
Check official release docker image at dockerhub. We also have mirrors at Alibaba Cloud: secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/psi-anolis8.
Prepare data and config.
receiver.config:
{
"psi_config": {
"protocol_config": {
"protocol": "PROTOCOL_RR22",
"role": "ROLE_RECEIVER",
"broadcast_result": true
},
"input_config": {
"type": "IO_TYPE_FILE_CSV",
"path": "/root/receiver/receiver_input.csv"
},
"output_config": {
"type": "IO_TYPE_FILE_CSV",
"path": "/root/receiver/receiver_output.csv"
},
"keys": [
"id0",
"id1"
],
"debug_options": {
"trace_path": "/root/receiver/receiver.trace"
}
},
"self_link_party": "receiver",
"link_config": {
"parties": [
{
"id": "receiver",
"host": "127.0.0.1:5300"
},
{
"id": "sender",
"host": "127.0.0.1:5400"
}
]
}
}
sender.config:
{
"psi_config": {
"protocol_config": {
"protocol": "PROTOCOL_RR22",
"role": "ROLE_SENDER",
"broadcast_result": true
},
"input_config": {
"type": "IO_TYPE_FILE_CSV",
"path": "/root/sender/sender_input.csv"
},
"output_config": {
"type": "IO_TYPE_FILE_CSV",
"path": "/root/sender/sender_output.csv"
},
"keys": [
"id0",
"id1"
],
"debug_options": {
"trace_path": "/root/sender/sender.trace"
}
},
"self_link_party": "sender",
"link_config": {
"parties": [
{
"id": "receiver",
"host": "127.0.0.1:5300"
},
{
"id": "sender",
"host": "127.0.0.1:5400"
}
]
}
}
File Name | Location | Description |
---|---|---|
receiver.config | /tmp/receiver/receiver.config | Config for receiver. |
sender.config | /tmp/sender/sender.config | Config for sender. |
receiver_input.csv | /tmp/receiver/receiver_input.csv | Input for receiver. Make sure the file contains two id keys - id0 and id1. |
sender_input.csv | /tmp/sender/sender_input.csv | Input for sender. Make sure the file contains two id keys - id0 and id1. |
In the first terminal, run the following command
docker run -it --rm --network host --mount type=bind,source=/tmp/receiver,target=/root/receiver --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --cap-add=NET_ADMIN --privileged=true secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/psi-anolis8:latest --config receiver/receiver.config
In the other terminal, run the following command simultaneously.
docker run -it --rm --network host --mount type=bind,source=/tmp/sender,target=/root/sender --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --cap-add=NET_ADMIN --privileged=true secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/psi-anolis8:latest --config sender/sender.config
You could also pass a minified JSON config directly. A minified JSON is a compact one without white space and line breaks.
e.g.
docker run -it --rm --network host --mount type=bind,source=/tmp/sender,target=/root/sender --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --cap-add=NET_ADMIN --privileged=true secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/psi-anolis8:latest --json '{"psi_config":{"protocol_config":{"protocol":"PROTOCOL_RR22","role":"ROLE_RECEIVER","broadcast_result":true},"input_config":{"type":"IO_TYPE_FILE_CSV","path":"/root/receiver/receiver_input.csv"},"output_config":{"type":"IO_TYPE_FILE_CSV","path":"/root/receiver/receiver_output.csv"},"keys":["id0","id1"],"debug_options":{"trace_path":"/root/receiver/receiver.trace"}},"self_link_party":"receiver","link_config":{"parties":[{"id":"receiver","host":"127.0.0.1:5300"},{"id":"sender","host":"127.0.0.1:5400"}]}}'
We use secretflow/ubuntu-base-ci docker image. You may check at dockerhub.
# start container
docker run -d -it --name psi-dev-$(whoami) \
--mount type=bind,source="$(pwd)",target=/home/admin/dev/ \
-w /home/admin/dev \
--cap-add=SYS_PTRACE --security-opt seccomp=unconfined \
--cap-add=NET_ADMIN \
--privileged=true \
--entrypoint="bash" \
secretflow/ubuntu-base-ci:latest
# attach to build container
docker exec -it psi-dev-$(whoami) bash
Install gcc>=11.2, cmake>=3.26, ninja, nasm>=2.15, python>=3.8, bazel, golang, xxd, lld
Note
Please install bazel with version in .bazelversion or use bazelisk.
# build as debug
bazel build //... -c dbg
# build as release
bazel build //... -c opt
# test
bazel test //...
We use Perfetto from Google for tracing.
Please use debug_options.trace_path field in PsiConfig to modify trace file path. The default path is /tmp/psi.trace.
After running psi binaries, please check trace by using Trace Viewer. If this is not applicable, please check this link to deploy your own website.
The alternate way to visualize trace is to use chrome://tracing:
chmod +x traceconv
./traceconv json [trace file path] [json file path]
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。