How to write a real CA&TA application to implement paillier homomorphic encryption algorithm based on TEE

[oldoldcoder]

So far, I have learned how to design a custom_ Hello for my rare blog materials(a optee example), it can run perfectly on REE while interacting with TEE:

However, my current task is to implement the semi homomorphic encryption algorithm Paillier based on tee, and I have the following doubts: 1.Should the formal application still be placed on optee_examples folder or other place?

2. How can CA provide interfaces to other applications running in REE, in the form of command line parameters&JNI (Java Native Interface)?
3. Can I find the API for encryption algorithms (which can help me implement paillier) in the 2.2 Cryptographic Implementation section of the Architecture section of OP-TEE Documentation? If not, where should I find these APIs that can help me

Thank you for your help and I would like to express my sincere respect to a student who is currently studying optoe

[jbech-linaro]

Hi @oldoldcoder

1.Should the formal application still be placed on optee_examples folder or other place?

Yes, if it's meant to serve as an example, then optee_examples is a good place for it. If it's meant to become more of production ready TA, then perhaps the TA at least is better to have it here: https://github.com/OP-TEE/optee_os/tree/master/ta. As for the host code, we don't really have any location for storing host code as such. Although you find some counterparts for TA's at https://github.com/OP-TEE/optee_client

2. How can CA provide interfaces to other applications running in REE, in the form of command line parameters&JNI (Java Native Interface)?

If you app is C, then it's just to link to the libteec library and use the headers from optee_client. On you it sounds like you would like to write a mobile app that in the end interacts with secure world. I think you're on the right track here. I believe it's JNI etc that you need to use. I haven't tried it myself and we have no examples for it. There ring some bell that it's been discussed in the past here at the OP-TEE issue list, so it might be worth searching for older threads.

3. Can I find the API for encryption algorithms (which can help me implement paillier) in the 2.2 Cryptographic Implementation section of the Architecture section of OP-TEE Documentation? If not, where should I find these APIs that can help me

If you go to GlobalPlatform, then can search and find "TEE Internal Core API Specification v1.3.1 | GPD_SPE_010". That PDF lists the API for Crypto and a few other things that a TA can use.

Cool that to see someone trying to implement Paillier HE with this. Out of curiosity, do you intend to implement bootstrapping for this as well? Also curious to know what's the overall goal with leveraging the TEE for this? A word of warning is that you don't have that much memory to play around with on the secure side and also communication is somewhat slow at least when considering the amount of data usually transferred and used when doing homomorphic encryption.

[oldoldcoder]

Thank you for your reply @jbech-linaro,At Now,I should to achieve a example in optee_example folder.When the test is passed,May migrate the code to other places.

About interaction,Thank you for your answer, I will check other past discussions later.

In fact, my current task is to migrate some algorithms of homomorphic encryption or semi-homomorphic encryption algorithms that have already been implemented on the sgx to the TEE platform, which doesn't seem to have been completed at the moment, with the aim of laying the groundwork for a MPC(secure multi-party computational) model afterwards.

Regarding the API, I've found some encryption algorithms currently supported by TEE on the PDF you mentioned, but for example, like homomorphic encryption algorithms, it may need GMP with NTL and these large number computation libraries as a padding, so I'm going to modify the makefile (add parameter like: -lntl -lgmp -pthread)to add linked libraries to implement it (I don't know if this is right or not, it may be a bit dumb)

Regarding the ultimate goal, at present, we may want to realize multi-party secure computing in a TEE environment, in addition to some efficiency optimizations that may be possible due to the fact that our chips use Kunpeng and other support SIMD instructions (Single Instruction Multiple Data)

A word of warning is that you don't have that much memory to play around with on the secure side and also communication

About the warning you gave, I am not very clear. Maybe my understanding of TEE is not very good, so I hope you can give me some pointers. If the memory is indeed insufficient, it may affect efficiency.