{"id":24196529,"url":"https://github.com/dedis/apir-code","last_synced_at":"2025-09-21T21:31:50.424Z","repository":{"id":97499984,"uuid":"315988980","full_name":"dedis/apir-code","owner":"dedis","description":null,"archived":false,"fork":false,"pushed_at":"2024-11-25T09:52:23.000Z","size":98758,"stargazers_count":5,"open_issues_count":1,"forks_count":6,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-11-25T10:42:24.448Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dedis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-25T16:03:53.000Z","updated_at":"2024-10-19T07:52:04.000Z","dependencies_parsed_at":"2023-05-09T12:32:23.639Z","dependency_job_id":"40fba3cf-e26e-49ba-b58b-782243a50191","html_url":"https://github.com/dedis/apir-code","commit_stats":null,"previous_names":["si-co/vpir-code"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dedis%2Fapir-code","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dedis%2Fapir-code/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dedis%2Fapir-code/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dedis%2Fapir-code/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dedis","download_url":"https://codeload.github.com/dedis/apir-code/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233798281,"owners_count":18731954,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-13T19:35:44.077Z","updated_at":"2025-09-21T21:31:49.864Z","avatar_url":"https://github.com/dedis.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Authenticated PIR\n**WARNING**: This software is **not** production-ready \nand it might contain security vulnerabilities.\n\nThis code accompanies the paper \n[\"Verifiable private information retrieval\"](https://eprint.iacr.org/2023/297)\nby Simone Colombo, \nKirill Nikitin, \nHenry Corrigan-Gibbs,\nDavid J. Wu\nand Bryan Ford, to appear at USENIX Security 2023.\n\nThis repository contains the code for multi-server and\nsingle-server authenticated-PIR schemes and the code\nfor the proof of concept application Keyd, \na privacy-preserving PGP public keys directory based on multi-server \nauthenticated PIR.\n\n\n# Overview\nThe code in this repository is organizes as follows:\n\n* [lib/client](lib/client): clients for all the authenticated and\nunauthenticated PIR schemes.\n* [lib/database](lib/database): databases for all the authenticated and\n    unauthenticated PIR schemes, except the database for the Keyd PGP key.\n* [lib/ecc](lib/ecc): error correcting code (ECC) for the\n    single-server authenticated-PIR scheme based on integrity authentication;\n    currently, we implement a simple repetition code.\n* [lib/field](lib/field): field for the multi-server scheme for complex\n    queries.\n* [lib/fss](lib/fss): function-secret-sharing scheme.\n* [lib/matrix](lib/matrix): matrix operations for the single-server\n    authenticated-PIR scheme that relies on the LWE assumption.\n* [lib/merkle](lib/merkle): Merkle tree implementation.\n* [lib/monitor](lib/monitor): CPU monitoring and benchmarking tools.\n* [lib/pgp](lib/pgp): utilities to create the PGP key-server database for Keyd. \n* [lib/proto](lib/proto): gRPC protocol files for deployment.\n* [lib/query](lib/query): queries for the multi-server authenticated scheme for\n    complex queries, i.e., available privately-computed statistics.\n* [lib/server](lib/server): servers for all the authenticated and\n    unauthenticated PIR schemes.\n* [lib/utils](lib/utils): various utilities.\n* [cmd/](cmd): clients for Keyd, both local Go clients and the web front end.\n* [data/](data): data, i.e., PGP keys, for Keyd.\n* [scripts/](scripts): various useful scripts.\n\nThe dump of the SKS PGP key directory can be downloaded\n[here](https://drive.switch.ch/index.php/s/IFEmRlDNgachlOc). \nThe `sks*` file must be placed in the `data/sks` folder.\n\n# Setup\nTo run the code in this repository\ninstall [Go](https://go.dev/) (tested with Go 1.17.5 and 1.19.5)\nand a C compiler (tested with GCC 9.4.0).\n\nTo reproduce the evaluation results, install \n[GNU Make](https://www.gnu.org/software/make/),\n[Python 3](https://www.python.org/downloads/), \n[Fabric](https://www.fabfile.org/),\n[NumPy](https://numpy.org/) and \n[Matplotlib](https://matplotlib.org/).\n\nWe obtain our evaluation results \non machines equipped with two\nIntel Xeon E5-2680 v3 (Haswell) CPUs, each with 12 cores, 24 threads,\nand operating at 2.5 GHz. Each machine has 256 GB of RAM, and\nruns Ubuntu 20.04 and Go 1.17.5.\nHowever, the code runs on any machine equipped with the \nsoftwares listed above.\n\nIf the machine do not support one or more of the\n`-march=native`, `-msse4.1`, `-maes`, `-mavx2` or `-mavx` C compiler flags,\nit is possible to remove the appropriate flags from\n`lib/matrix/matrix128.go` and `lib/matrix/matrix.go`. \nAny flag modification is likely to negatively impact performance.\n\n\u003c!--# Usage and experiments--\u003e\n\n## Correctness tests\nTo run all basic correctness tests, execute\n`go test`\nThis command prints performance measurements to stdout.\nThe entire test suite takes about 6 minutes to run and it should terminate with a `PASS`,\nindicating that all tests have passed.\n\n\u003c!--## Multi-server point and complex queries--\u003e\n\u003c!--The code for the experiments on our multi-server authenticated-PIR schemes--\u003e\n\u003c!--is in [`simulations/multi`](simulations/multi).--\u003e\n\n\u003c!--To run the simulation, first modify--\u003e\n\u003c!--[`simulations/multi/config.toml`](simulations/multi/config.toml)--\u003e\n\u003c!--to indicate the IP address of the client machines and the IP addresses and--\u003e\n\u003c!--ports of the five servers machines. One can safely use the default --\u003e\n\u003c!--port numbers that we indicate in the `simulations/multi/config.toml` file.--\u003e\n\n\u003c!--The [`simulations/multi/simul.toml`](simulations/multi/simul.toml) --\u003e\n\u003c!--file contains the databases sizes, --\u003e\n\u003c!--the number of repetitions for a single experiment and the amount of data to --\u003e\n\u003c!--retrieve from the database. To reproduce the results of the paper, --\u003e\n\u003c!--do not modify this file; to speed up the simulation, or to run on machines with --\u003e\n\u003c!--insufficient RAM, one can reduce the sizes of the databases and/or the number of--\u003e\n\u003c!--repetitions.--\u003e\n\n\u003c!--TODO HERE FINISH--\u003e\n\n\u003c!--The multi-server authenticated-PIR scheme --\u003e\n\u003c!--for point queries needs database preprocessing:--\u003e\n\u003c!--the servers compute a Merkle--\u003e\n\u003c!--tree over the database entries along--\u003e\n\u003c!--with their indexes.--\u003e\n\u003c!--Then for each entry, each server constructs a Merkle proof--\u003e\n\u003c!--of inclusion in the rooted Merkle tree and attaches this proof--\u003e\n\u003c!--to each database record.--\u003e\n\u003c!--We measure the CPU time that a single server takes to process the database --\u003e\n\u003c!--with an experiment that can be executed as follows. From the root --\u003e\n\u003c!--of the repository, run the following commands:--\u003e\n\u003c!--```--\u003e\n\u003c!--cd simulations--\u003e\n\u003c!--make preprocessing--\u003e\n\u003c!--```--\u003e\n\n\u003c!--To reproduce the plot run the following command in the same directory:--\u003e\n\u003c!--```--\u003e\n\u003c!--python plot.py -e preprocessing--\u003e\n\u003c!--```--\u003e\n\u003c!--The resulting plot is saved in `figures/preprocessing.eps`.--\u003e\n\n\u003c!--## Single-server point queries--\u003e\n\u003c!--The code for the experiments on our single-server authenticated-PIR--\u003e\n\u003c!--resides in [`simulations`](simulations).--\u003e\n\n\u003c!--The experiments for single-serve schemes run on a single machine --\u003e\n\u003c!--give the sequential nature of the protocol. --\u003e\n\n\u003c!--As in the multi-server case, --\u003e\n\u003c!--the [`simulations/multi/simul.toml`](simulations/multi/simul.toml) --\u003e\n\u003c!--file contains the databases sizes, --\u003e\n\u003c!--the number of repetitions for a single experiment and the amount of data to --\u003e\n\u003c!--retrieve from the database. These can be modified to speed up the experiments--\u003e\n\u003c!--and/or use a machine with less RAM.--\u003e\n\n\u003c!--To run the single-server experiments, first clone this repository on the server. --\u003e\n\u003c!--Form the root of repository, run the command--\u003e\n\u003c!--```--\u003e\n\u003c!--cd simulations--\u003e\n\u003c!--make single--\u003e\n\u003c!--```--\u003e\n\n\u003c!--To reproduce the plots run the following commands in the same directory:--\u003e\n\u003c!--```--\u003e\n\u003c!--python plot.py -e single--\u003e\n\u003c!--```--\u003e\n\u003c!--This command saves the plot in `figures/single_bar_multi.eps` and prints a LaTeX--\u003e\n\u003c!--table in the terminal; the table is not used in the paper but it is useful to--\u003e\n\u003c!--extrapolate the overheads among schemes.--\u003e\n\n\u003c!--## Keyd: privacy-preserving key server--\u003e\n\nThe branch [sid](https://github.com/dedis/apir-code/tree/sid) enables to run the\ntests using less physical machines than the servers used by the different\nexperiments. We decided not to merge this branch into the main branch because\nmulti-server (authenticated) PIR schemes need non-colluding, i.e., different,\nservers for security.\n\n\n# Citation\n\n```\n@inproceedings{colombo23authenticated,\n  author    = {Simone Colombo and Kirill Nikitin and Henry Corrigan-Gibbs and David J. Wu and Bryan Ford},\n  title     = {Authenticated private information retrieval},\n  booktitle = {USENIX Security},\n  year      = {2023}\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdedis%2Fapir-code","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdedis%2Fapir-code","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdedis%2Fapir-code/lists"}