Is it possible to link GMP, NTL and HElib libraries in mystikos to do some encryption and decryption?

[DylanWangWQF]

Hi, team. Currently, I want to link the GMP, NTL, and HElib libraries and do some homomorphic encryptions and decryptions inside the enclave. In this case, I need to send some ciphertexts to the enclave for decryption and encrypt some messages, then return the ciphertexts to the host (outside the enclave) for following operations. This is an interactive process.

NTL and HElib are built against GLIBC.

[praenubilus]

It is possible but not guaranteed. Mystikos has partial glibc support. You can just start and try with a ubuntu(glibc) image for rootfs. You may have unsupported symbols when running the enclave. Some examples we have used glibc:

1. https://github.com/deislabs/mystikos/blob/main/solutions/python_webserver/Dockerfile
2. https://github.com/deislabs/mystikos/blob/main/samples/pytorch/Dockerfile.rootfs

[DylanWangWQF]

@praenubilus Many thanks for your reply! I'm new to this. For OE SDK-based development in my case, I would define the EDL file to pass the ciphertext buffers to/out the enclave. But in the samples you provide, it seems that we will put all of the computations into the enclave

[praenubilus]

OESDK is just backend. Depends on your design, works can be all inside the enclave, or you can do part in the mystikos enclave, part in an untrusted environment, w/ trusted/untrusted channel communicating data and results. Or you can even do it between an OE enclave and a Mystikos enclave. e.g https://github.com/deislabs/mystikos/tree/main/solutions/attested_tls

[paulcallen]

It would be good to investigate what is not working when these libraries are used, but this is not something we will are planning on at this time. We do have some limited glibc support within mystikos. If you can run and let us know what kinds of missing symbols it is using, or unsupported syscalls then we can certainly spend time to determine if we can add that support.