search

mofanv / PPFL

Privacy-preserving Federated Learning with Trusted Execution Environments
MIT License
63 stars 24 forks source link

the use of AES #1

Open DylanWangWQF opened 3 years ago

DylanWangWQF commented 3 years ago

Hi, @mofanv , it's really great work, and I have a question about the use of AES.

void aes_cbc_TA(char* xcrypt, float* gradient, int org_len)
{
    IMSG("aes_cbc_TA %s ing\n", xcrypt);
    //convert float array to uint_8 one by one
    uint8_t *byte;
    uint8_t array[org_len*4];
    for(int z = 0; z < org_len; z++){
        byte = (uint8_t*)(&gradient[z]);
        for(int y = 0; y < 4; y++){
            array[z*4 + y] = byte[y];
        }
    }

    //set ctx, iv, and key for aes
    int enc_len = (int)(org_len/4);
    struct AES_ctx ctx;
    uint8_t iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
    uint8_t key[16] = { (uint8_t)0x2b, (uint8_t)0x7e, (uint8_t)0x15, (uint8_t)0x16, (uint8_t)0x28, (uint8_t)0xae, (uint8_t)0xd2, (uint8_t)0xa6, (uint8_t)0xab, (uint8_t)0xf7, (uint8_t)0x15, (uint8_t)0x88, (uint8_t)0x09, (uint8_t)0xcf, (uint8_t)0x4f, (uint8_t)0x3c };

    //encryption
    AES_init_ctx_iv(&ctx, key, iv);
    for (int i = 0; i < enc_len; ++i)
    {
        if(strncmp(xcrypt, "encrypt", 2) == 0){
            AES_CBC_encrypt_buffer(&ctx, array + (i * 16), 16);
        }else if(strncmp(xcrypt, "decrypt", 2) == 0){
            AES_CBC_decrypt_buffer(&ctx, array + (i * 16), 16);
        }
    }

    //convert uint8_t to float one by one
    for(int z = 0; z < org_len; z++){
        gradient[z] = *(float*)(&array[z*4]);
    }
}

For the encryption, it seems that we do not output the ctxt? I want to use the workflow of client-server AES, that is, client encrypts the message and sends the ctxt to the server, then decrypted inside the enclave.

mofanv commented 3 years ago

Hi @DylanWangWQF , thanks!

Please note that we were using hardcoded AES keys inside both server and client TEEs. So key management is not presented, and this file is actually not necessary for our prototype. I guess maybe a tiny AES c like this https://github.com/kokke/tiny-AES-c is what you need? I remember our AES submodule (during previous tests) is from there.

DylanWangWQF commented 3 years ago

This tiny AES-c is helpful, thanks for your help!