initial commit

.dockerignore

@@ -0,0 +1,6 @@
+node_modules
+build
+mpc/../bin
+Session.vim
+.cache
+docker

.gitignore

@@ -0,0 +1,7 @@
+node_modules/
+Session.vim
+openssl/
+mpcbin/ipaddrs.txt
+mpcbin/output*.txt
+build
+.cache

.gitmodules

@@ -0,0 +1,12 @@
+[submodule "mpc/emp-agmpc"]
+	path = mpc/emp-agmpc
+	url = ../emp-agmpc.git
+[submodule "mpc/emp-ot"]
+	path = mpc/emp-ot
+	url = ../emp-ot.git
+[submodule "mpc/emp-tool"]
+	path = mpc/emp-tool
+	url = ../emp-tool.git
+[submodule "mpc/emp-sh2pc"]
+	path = mpc/emp-sh2pc
+	url = [email protected]:emp-toolkit/emp-sh2pc.git

.npmignore

@@ -0,0 +1,10 @@
+results/
+openssl/
+docker/
+#mpcbin/
+k8s_*
+gcp_*
+chameleon_*
+continuously_run.sh
+.dockerignore
+.gitattributes

CMakeLists.txt

@@ -0,0 +1,94 @@
+cmake_minimum_required (VERSION 3.10)
+project (agmpc_matcher)
+set(NAME "agmpc_matcher")
+
+cmake_policy(SET CMP0042 NEW)
+set (CMAKE_CXX_STANDARD 17)
+
+if( NODE_RUNTIMEVERSION VERSION_GREATER_EQUAL "17.0.0")
+  add_compile_definitions(OPENSSL_API_COMPAT=0x10100001L)
+  add_compile_definitions(OPENSSL_CONFIGURED_API=0x30000000L)
+endif()
+
+set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
+
+
+#add_compile_options(-fsanitize=address)
+#add_link_options(-fsanitize=address)
+#add_compile_options(-fsanitize=undefined)
+#add_link_options(-fsanitize=undefined)
+
+
+include(cmake/common.cmake)
+include(cmake/source_of_randomness.cmake)
+include(cmake/threading.cmake)
+
+find_package(OpenSSL REQUIRED)
+find_package(Boost REQUIRED COMPONENTS system)
+find_package(emp-tool REQUIRED)
+find_package(emp-ot REQUIRED)
+#find_package(emp-sh2pc REQUIRED)
+#find_package(emp-agmpc REQUIRED)
+find_package(GMP REQUIRED)
+
+set(EMP-TOOL_LIBRARIES
+  ${EMP-TOOL_LIBRARY}
+  ${OPENSSL_LIBRARIES}
+  ${Boost_LIBRARIES}
+  ${GMP_LIBRARIES})
+
+set(EMP_INCLUDE_DIRS
+  ${EMP-TOOL_INCLUDE_DIR}
+  ${EMP-OT_INCLUDE_DIRS}
+  ${OPENSSL_INCLUDE_DIR}
+  ${Boost_INCLUDE_DIRS}
+  ${GMP_INCLUDE_DIR})
+
+file(GLOB AGMPC_SINGLEATT_SOURCES
+    "src/mpc_addon/agmpc_matcher.cc"
+    "src/mpc_addon/agmpc_matcher.h")
+
+add_definitions(-DCIRCUIT_DIR="${CMAKE_RUNTIME_OUTPUT_DIRECTORY}")
+
+# Include Node-API wrappers
+execute_process(COMMAND node -p "require('node-addon-api').include"
+        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+        OUTPUT_VARIABLE NODE_ADDON_API_DIR
+        )
+string(REGEX REPLACE "[\r\n\"]" "" NODE_ADDON_API_DIR ${NODE_ADDON_API_DIR})
+message(STATUS "NODE_ADDON_API_DIR is ${NODE_ADDON_API_DIR}")
+#target_include_directories(agmpc_matcher PRIVATE ${NODE_ADDON_API_DIR})
+add_definitions(-DNAPI_VERSION=3)
+#include_directories(${CMAKE_JS_INC} "${NODE_ADDON_API_DIR}")
+
+# AGMPC matcher lib
+add_library(agmpc_matcher SHARED ${AGMPC_SINGLEATT_SOURCES})
+target_link_libraries(agmpc_matcher ${EMP-TOOL_LIBRARIES})
+target_include_directories(agmpc_matcher PUBLIC ${EMP_INCLUDE_DIRS} "src/mpc_addon")
+
+# AGMPC lib napi binding
+add_library(agmpc_matcher_napi SHARED
+  "src/mpc_addon/agmpc_matcher_napi.cc"
+  ${CMAKE_JS_SRC})
+target_include_directories(agmpc_matcher_napi PUBLIC ${CMAKE_JS_INC} ${NODE_ADDON_API_DIR} "src/mpc_addon")
+set_target_properties(agmpc_matcher_napi PROPERTIES PREFIX "" SUFFIX ".node")
+target_link_libraries(agmpc_matcher_napi ${CMAKE_JS_LIB} agmpc_matcher)
+
+# AGMPC matcher executable
+add_executable(agmpc_matcher_main "src/mpc_addon/agmpc_matcher_main.cc")
+target_link_libraries(agmpc_matcher_main agmpc_matcher)
+target_include_directories(agmpc_matcher_main PUBLIC "src/mpc_addon")
+
+# AGMPC matcher circuit generation
+add_executable(agmpc_matcher_circuit_generator "src/mpc_addon/agmpc_matcher_circuit_generator.cc")
+target_link_libraries(agmpc_matcher_circuit_generator ${EMP-TOOL_LIBRARIES})
+target_include_directories(agmpc_matcher_circuit_generator PUBLIC ${EMP_INCLUDE_DIRS} "src/mpc_addon")
+
+add_custom_target(agmpc_generate_circuits
+  ./agmpc_matcher_circuit_generator 10
+  DEPENDS agmpc_matcher_circuit_generator
+  WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}/build/bin"
+)
+add_dependencies(agmpc_matcher agmpc_generate_circuits)
+add_dependencies(agmpc_matcher_main agmpc_generate_circuits)
+add_dependencies(agmpc_matcher_napi agmpc_generate_circuits)

README.md

@@ -0,0 +1,92 @@
+# Angler
+*Resource Allocation from Dark Pools*
+
+Dark pool resource allocation is a way to consume multi-provider infrastructure
+in a privacy preserving way, e.g. without broadcasting how many CPUs are
+requested and without providers needing to share how many CPUs they have. The
+goal is to support a "dark pool" of resources where no one knows exactly how
+much infrastructure the pool contains and requests of the pool are fulfilled
+sharing the minimum amount of required information. This repo contains the
+source code of Angler, accompanying [this paper](TODO).
+
+This repo contains the source and a demonstration of Angler. The goal of the
+demo is to show a dark pool of managed Kubernetes-as-a-Service. Multiple
+infrastructure providers each contribute a portion of their own kubernetes
+cluster to the Angler dark pool, e.g. 10 vCPUs at a certain price per hour. A
+request of the dark pool is made for 1 vCPU and the lowest cost provider who
+can meet the request is selected to satisfy it. No one learns how many
+resources a provider has contributed to the pool, and only the matched provider
+learns how big the request is for.
+
+In more detail, the demo starts a kubernetes cluster and 5 infrastructure
+providers who contribute resources to the dark pool. In real life, each
+operator would have their own cluster but in this demo they all share one
+cluster. Then, a request is made of the pool for X vCPUs. The requestor and all
+the operators engage in a multiparty computation protocol to determine the
+lowest cost operator who can fulfill the request (capacity > X). The winning
+operator privisions a Kubernetes namespace and resource quota for X vCPUs, then
+grants the requestor access. See the scripts in `demo/` for more information.
+
+**DISCLAIMER** This code was written for research purposes and is not verified
+for production use.
+
+## Getting Started
+Initialize this repo's submodules.
+```bash
+git submodule update --init --recursive
+```
+
+Build the Container.
+**WARNING**: This will install Docker if not already installed.
+```bash
+./demo/build_container.sh
+```
+
+Run the demo.
+**WARNING**: This script will install Kubernetes and dependencies. It will also turn off swap and enable containerd.
+```bash
+./demo/run_operator_example.sh
+```
+
+Run the demo without the Angler Operator. Configuring the Angler Operator with
+Kubernetes Custom Resource Definitions (CRD) is not supported.
+```bash
+./demo/run_k8s_example.sh
+```
+
+Run the demo without anything to do with kubernetes, just run the matching
+function. Namespaces will not be automatically provisioned and configuration
+via CRD is not supported.
+```bash
+./demo/run_mpc_example.sh
+```
+
+## Compiling on Host
+Run the following.
+```
+npm install -g cmake-js
+npm run deps
+npm run libs
+npm run compile
+```
+See `demo/Dockerfile` for more details.
+
+To set cmake flags, see the following.
+```
+npm config set cmake_USE_RANDOM_DEVICE=OFF
+npm config edit
+```
+
+## Note: Port Allocation
+Angler needs outbound and inbound ports available on the host system(s). When
+running Angler with port x, the following ports are used.
+```
+DHT port = x
+web server port = x+1
+MPC starting port = x+2
+MPC ending port = x+2+2*<number of participants>
+```
+
+When running multiple AkriDEX containers/processes on the same system, ensure
+each party's port numbers are spaced far enough apart.
+

cmake/FindGMP.cmake

@@ -0,0 +1,21 @@
+# https://raw.githubusercontent.com/stevedekorte/io/master/modules/FindGMP.cmake
+
+# Try to find the GMP librairies
+# GMP_FOUND - system has GMP lib
+# GMP_INCLUDE_DIR - the GMP include directory
+# GMP_LIBRARIES - Libraries needed to use GMP
+
+if (GMP_INCLUDE_DIR AND GMP_LIBRARIES)
+		# Already in cache, be silent
+		set(GMP_FIND_QUIETLY TRUE)
+endif (GMP_INCLUDE_DIR AND GMP_LIBRARIES)
+
+find_path(GMP_INCLUDE_DIR NAMES gmp.h )
+find_library(GMP_LIBRARIES NAMES gmp libgmp )
+find_library(GMPXX_LIBRARIES NAMES gmpxx libgmpxx )
+MESSAGE(STATUS "GMP libs: " ${GMP_LIBRARIES} " " ${GMPXX_LIBRARIES} )
+
+include(FindPackageHandleStandardArgs)
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(GMP DEFAULT_MSG GMP_INCLUDE_DIR GMP_LIBRARIES)
+
+mark_as_advanced(GMP_INCLUDE_DIR GMP_LIBRARIES)

cmake/common.cmake

@@ -0,0 +1,43 @@
+if(NOT WIN32)
+  string(ASCII 27 Esc)
+  set(ColourReset "${Esc}[m")
+  set(ColourBold  "${Esc}[1m")
+  set(Red         "${Esc}[31m")
+  set(Green       "${Esc}[32m")
+  set(Yellow      "${Esc}[33m")
+  set(Blue        "${Esc}[34m")
+  set(Magenta     "${Esc}[35m")
+  set(Cyan        "${Esc}[36m")
+  set(White       "${Esc}[37m")
+  set(BoldRed     "${Esc}[1;31m")
+  set(BoldGreen   "${Esc}[1;32m")
+  set(BoldYellow  "${Esc}[1;33m")
+  set(BoldBlue    "${Esc}[1;34m")
+  set(BoldMagenta "${Esc}[1;35m")
+  set(BoldCyan    "${Esc}[1;36m")
+  set(BoldWhite   "${Esc}[1;37m")
+endif()
+
+if(POLICY CMP0042)
+  cmake_policy(SET CMP0042 NEW) # use rpath on macOS
+endif()
+
+set(CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake)
+
+include_directories(${CMAKE_SOURCE_DIR})
+
+## Build type
+if(NOT CMAKE_BUILD_TYPE)
+set(CMAKE_BUILD_TYPE Release)
+endif(NOT CMAKE_BUILD_TYPE)
+message(STATUS "Build type: ${CMAKE_BUILD_TYPE}")
+
+
+set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin )
+set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} ${CMAKE_SOURCE_DIR}/cmake)
+
+#Compilation flags
+set (CMAKE_C_FLAGS "-pthread -Wall -march=native -O3 -maes -mrdseed")
+set (CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -std=c++17 -fmax-errors=5")
+set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -ggdb -fno-omit-frame-pointer")
+set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}")

cmake/source_of_randomness.cmake

@@ -0,0 +1,25 @@
+OPTION(USE_RANDOM_DEVICE "Option description" OFF)
+
+# Use rdseed if available
+unset(RDSEED_COMPILE_RESULT CACHE)
+unset(RDSEED_RUN_RESULT CACHE)
+file(WRITE ${CMAKE_SOURCE_DIR}/rdseedtest.c "#include <stdio.h>\n#include <x86intrin.h>\nint main(){\nunsigned long long r;\n_rdseed64_step(&r);\nreturn 0;\n}\n")
+try_run(RDSEED_RUN_RESULT RDSEED_COMPILE_RESULT ${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/rdseedtest.c CMAKE_FLAGS ${CMAKE_C_FLAGS})
+file(REMOVE ${CMAKE_SOURCE_DIR}/rdseedtest.c)
+
+IF(NOT ${RDSEED_COMPILE_RESULT})
+        set(USE_RANDOM_DEVICE ON)
+ELSE(NOT ${RDSEED_COMPILE_RESULT})
+	string(COMPARE EQUAL "${RDSEED_RUN_RESULT}" "0" RDSEED_RUN_SUCCESS)
+        IF(NOT ${RDSEED_RUN_SUCCESS})
+                set(USE_RANDOM_DEVICE ON)
+        ENDIF(NOT ${RDSEED_RUN_SUCCESS})
+ENDIF(NOT ${RDSEED_COMPILE_RESULT})
+
+IF(${USE_RANDOM_DEVICE})
+	ADD_DEFINITIONS(-DEMP_USE_RANDOM_DEVICE)
+	message("${Red}-- Source of Randomness: random_device${ColourReset}")
+ELSE(${USE_RANDOM_DEVICE})
+	message("${Green}-- Source of Randomness: rdseed${ColourReset}")
+ENDIF(${USE_RANDOM_DEVICE})
+

cmake/threading.cmake

@@ -0,0 +1,5 @@
+OPTION(THREADING "Option description" OFF)
+IF(THREADING)
+	ADD_DEFINITIONS(-DTHREADING)
+	message("Multi Threading: on")
+ENDIF(THREADING)

demo/Dockerfile

@@ -0,0 +1,46 @@
+FROM ubuntu:20.04
+
+SHELL ["/bin/bash", "-c"]
+
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y \
+    time \
+    tzdata \
+    linux-tools-generic \
+    libcap2-bin \
+    wget \
+    ca-certificates \
+    curl \
+    openssl \
+    --no-install-recommends \
+    && rm -rf /var/lib/apt/lists/*
+    #linux-tools-5.4.0-54-generic \
+
+ENV NVM_DIR /usr/local/nvm
+ENV NODE_VERSION "v17.0.1"
+
+RUN mkdir -p $NVM_DIR && cd $NVM_DIR && \
+    wget -q -O - https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | /bin/bash - && \
+    export NVM_DIR="/usr/local/nvm" && \
+    [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" && \
+    nvm install $NODE_VERSION && \
+    nvm alias default $NODE_VERSION && \
+    nvm use default
+
+ENV NODE_PATH $NVM_DIR/$NODE_VERSION/lib/node_modules
+ENV PATH $NVM_DIR/versions/node/$NODE_VERSION/bin:$PATH
+ENV OPENSSL_PATH /akridex/openssl
+
+WORKDIR /akridex
+RUN mkdir $OPENSSL_PATH
+
+COPY . .
+
+RUN npm install -g cmake-js && \
+    npm install && \
+    npm run deps && \
+    npm run libs && \
+    npm run compile
+
+#ENTRYPOINT ["./sh2pc_auction_benchmark"]
+#CMD ["node", "app.js"]
+

demo/RentableNamespace.yaml

@@ -0,0 +1,12 @@
+apiVersion: "angler-dex.github.com/v1"
+kind: PoolContribution
+metadata:
+  name: demo-rentable-namespaces
+spec:
+  cpu: "200m"
+  memory: "128Mi"
+  location: "dn5bpsbw"
+  secretQuantity: 6
+  secretPriceFunc: "(1 * (q - r)) + 1"
+  # q= total quantity
+  # r= quantity remaining