{"id":43287041,"url":"https://github.com/secretflow/psi","last_synced_at":"2026-02-01T18:03:14.122Z","repository":{"id":208633160,"uuid":"483071974","full_name":"secretflow/psi","owner":"secretflow","description":"The repo of Private Set Intersection(PSI) and Private Information Retrieval(PIR) from SecretFlow.","archived":false,"fork":false,"pushed_at":"2026-01-12T18:00:11.000Z","size":4768,"stargazers_count":47,"open_issues_count":26,"forks_count":47,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-01-12T23:39:01.287Z","etag":null,"topics":["multiparty-computation","private-information-retrieval","private-set-intersection"],"latest_commit_sha":null,"homepage":"https://www.secretflow.org.cn/docs/psi","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secretflow.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-04-19T02:48:09.000Z","updated_at":"2026-01-09T07:27:13.000Z","dependencies_parsed_at":"2026-01-12T20:01:19.973Z","dependency_job_id":null,"html_url":"https://github.com/secretflow/psi","commit_stats":null,"previous_names":["secretflow/psi","secretflow/ezpsi"],"tags_count":30,"template":false,"template_full_name":null,"purl":"pkg:github/secretflow/psi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretflow%2Fpsi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretflow%2Fpsi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretflow%2Fpsi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretflow%2Fpsi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secretflow","download_url":"https://codeload.github.com/secretflow/psi/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretflow%2Fpsi/sbom","scorecard":{"id":388651,"data":{"date":"2025-08-12T09:54:08Z","repo":{"name":"github.com/secretflow/psi","commit":"5dd1ce73e20ab703468c0e0a13dc8aea8c296c13"},"scorecard":{"version":"v5.0.0","commit":"ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"},"score":7.2,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review"}},{"name":"Contributors","score":10,"reason":"project has 3 contributing companies or organizations -- score normalized to 10","details":["Info: nvidia contributor org/company found, secretflow contributor org/company found, asterinas contributor org/company found, "],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license"}},{"name":"Maintained","score":10,"reason":"10 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/secretflow/psi/docs-publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/secretflow/psi/docs-publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/secretflow/psi/docs-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish_docker_image.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/secretflow/psi/publish_docker_image.yml/main?enable=pin","Warn: containerImage not pinned by hash: docker/Dockerfile:1","Warn: containerImage not pinned by hash: docker/Dockerfile:22: pin your Docker image by updating openanolis/anolisos:8.8 to openanolis/anolisos:8.8@sha256:b5aceb026244814de1a1ab62a8cc3dc322fcff1578c58de2722035ef47669da5","Warn: pipCommand not pinned by hash: .github/workflows/docs-publish.yml:39","Info: 2 out of 5 GitHub-owned GitHubAction dependencies pinned","Info: 1 out of 2 third-party GitHubAction dependencies pinned","Info: 0 out of 2 containerImage dependencies pinned","Info: 0 out of 1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/buildifier.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/clang-format.yml:11","Warn: no topLevel permission defined: .github/workflows/docs-publish.yml:1","Warn: no topLevel permission defined: .github/workflows/oscp.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/publish_docker_image.yml:5","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/yaml-linter.yml:11","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T17:16:31.759Z","repository_id":208633160,"created_at":"2025-08-18T17:16:31.759Z","updated_at":"2025-08-18T17:16:31.759Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28984830,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T17:52:09.146Z","status":"ssl_error","status_checked_at":"2026-02-01T17:49:53.529Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["multiparty-computation","private-information-retrieval","private-set-intersection"],"created_at":"2026-02-01T18:03:10.719Z","updated_at":"2026-02-01T18:03:14.113Z","avatar_url":"https://github.com/secretflow.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SecretFlow PSI Library\n\n[![CircleCI](https://dl.circleci.com/status-badge/img/gh/secretflow/psi/tree/main.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/secretflow/psi/tree/main)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/secretflow/psi/badge)](https://securityscorecards.dev/viewer/?uri=github.com/secretflow/psi)\n\nThe repo of Private Set Intersection(PSI) and Private Information Retrieval(PIR) from SecretFlow.\n\nThis repo is formerly psi/pir part from secretflow/spu repo.\n\n\u003e **Note**\u003cbr\u003e\nWe invite you to try [Easy PSI](https://www.secretflow.org.cn/zh-CN/docs/easy-psi/), a standalone PSI product powered by this library.\n\n## PSI Quick Start with v2 API\n\nFor PSI v1 API and PIR, please check [documentation](https://www.secretflow.org.cn/docs/psi).\n\n### Release Docker\n\nIn the following example, we are going to run PSI at a single host.\n\n1. Check official release docker image at [dockerhub](https://hub.docker.com/r/secretflow/psi-anolis8). We also have mirrors at Alibaba Cloud: secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/psi-anolis8.\n\n2. Prepare data and config.\n\n receiver.config:\n\n ```json\n {\n \"psi_config\": {\n \"protocol_config\": {\n \"protocol\": \"PROTOCOL_RR22\",\n \"role\": \"ROLE_RECEIVER\",\n \"broadcast_result\": true\n },\n \"input_config\": {\n \"type\": \"IO_TYPE_FILE_CSV\",\n \"path\": \"/root/receiver/receiver_input.csv\"\n },\n \"output_config\": {\n \"type\": \"IO_TYPE_FILE_CSV\",\n \"path\": \"/root/receiver/receiver_output.csv\"\n },\n \"keys\": [\n \"id0\",\n \"id1\"\n ],\n \"debug_options\": {\n \"trace_path\": \"/root/receiver/receiver.trace\"\n }\n },\n \"self_link_party\": \"receiver\",\n \"link_config\": {\n \"parties\": [\n {\n \"id\": \"receiver\",\n \"host\": \"127.0.0.1:5300\"\n },\n {\n \"id\": \"sender\",\n \"host\": \"127.0.0.1:5400\"\n }\n ]\n }\n }\n ```\n\n sender.config:\n\n ```json\n {\n \"psi_config\": {\n \"protocol_config\": {\n \"protocol\": \"PROTOCOL_RR22\",\n \"role\": \"ROLE_SENDER\",\n \"broadcast_result\": true\n },\n \"input_config\": {\n \"type\": \"IO_TYPE_FILE_CSV\",\n \"path\": \"/root/sender/sender_input.csv\"\n },\n \"output_config\": {\n \"type\": \"IO_TYPE_FILE_CSV\",\n \"path\": \"/root/sender/sender_output.csv\"\n },\n \"keys\": [\n \"id0\",\n \"id1\"\n ],\n \"debug_options\": {\n \"trace_path\": \"/root/sender/sender.trace\"\n }\n },\n \"self_link_party\": \"sender\",\n \"link_config\": {\n \"parties\": [\n {\n \"id\": \"receiver\",\n \"host\": \"127.0.0.1:5300\"\n },\n {\n \"id\": \"sender\",\n \"host\": \"127.0.0.1:5400\"\n }\n ]\n }\n }\n ```\n\n | File Name | Location | Description |\n | :---------------- | :---------------------------------- | :------------------------------------------------------------------------- |\n | receiver.config | /tmp/receiver/receiver.config | Config for receiver. |\n | sender.config | /tmp/sender/sender.config | Config for sender. |\n | receiver_input.csv | /tmp/receiver/receiver_input.csv | Input for receiver. Make sure the file contains two id keys - id0 and id1. |\n | sender_input.csv | /tmp/sender/sender_input.csv | Input for sender. Make sure the file contains two id keys - id0 and id1. |\n\n3. Run PSI\n\nIn the first terminal, run the following command\n\n```bash\ndocker run -it --rm --network host --mount type=bind,source=/tmp/receiver,target=/root/receiver --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --cap-add=NET_ADMIN --privileged=true secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/psi-anolis8:latest --config receiver/receiver.config\n```\n\nIn the other terminal, run the following command simultaneously.\n\n```bash\ndocker run -it --rm --network host --mount type=bind,source=/tmp/sender,target=/root/sender --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --cap-add=NET_ADMIN --privileged=true secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/psi-anolis8:latest --config sender/sender.config\n```\n\nYou could also pass a minified JSON config directly. A minified JSON is a compact one without white space and line breaks.\n\ne.g.\n\n```bash\ndocker run -it --rm --network host --mount type=bind,source=/tmp/sender,target=/root/sender --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --cap-add=NET_ADMIN --privileged=true secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/psi-anolis8:latest --json '{\"psi_config\":{\"protocol_config\":{\"protocol\":\"PROTOCOL_RR22\",\"role\":\"ROLE_RECEIVER\",\"broadcast_result\":true},\"input_config\":{\"type\":\"IO_TYPE_FILE_CSV\",\"path\":\"/root/receiver/receiver_input.csv\"},\"output_config\":{\"type\":\"IO_TYPE_FILE_CSV\",\"path\":\"/root/receiver/receiver_output.csv\"},\"keys\":[\"id0\",\"id1\"],\"debug_options\":{\"trace_path\":\"/root/receiver/receiver.trace\"}},\"self_link_party\":\"receiver\",\"link_config\":{\"parties\":[{\"id\":\"receiver\",\"host\":\"127.0.0.1:5300\"},{\"id\":\"sender\",\"host\":\"127.0.0.1:5400\"}]}}'\n```\n\n## Building SecretFlow PSI Library\n\n### System Setup\n\n\n#### Dev Docker\n\nWe use secretflow/ubuntu-base-ci docker image. You may check at [dockerhub](https://hub.docker.com/r/secretflow/ubuntu-base-ci).\n\n```sh\n# start container\ndocker run -d -it --name psi-dev-$(whoami) \\\n --mount type=bind,source=\"$(pwd)\",target=/home/admin/dev/ \\\n -w /home/admin/dev \\\n --cap-add=SYS_PTRACE --security-opt seccomp=unconfined \\\n --cap-add=NET_ADMIN \\\n --privileged=true \\\n --entrypoint=\"bash\" \\\n secretflow/ubuntu-base-ci:latest\n\n# attach to build container\ndocker exec -it psi-dev-$(whoami) bash\n```\n\n#### Linux\n\n```sh\nInstall gcc\u003e=11.2, cmake\u003e=3.26, ninja, nasm\u003e=2.15, python\u003e=3.8, bazel, golang, xxd, lld\n```\n\n\u003e **Note**\u003cbr\u003e\nPlease install bazel with version in .bazeliskrc or use bazelisk.\n\n### Build \u0026 UnitTest\n\n\n\n\n``` sh\n# build as debug\nbazel build //... -c dbg\n\n# build as release\nbazel build //... -c opt\n\n# test\nbazel test //...\n```\n\n### Trace\n\nWe use [Perfetto](https://perfetto.dev/) from Google for tracing.\n\nPlease use debug_options.trace_path field in PsiConfig to modify trace file path. The default path is /tmp/psi.trace.\n\nAfter running psi binaries, please check trace by using [Trace Viewer](https://ui.perfetto.dev/). If this is not applicable,\nplease check [this link](https://github.com/google/perfetto/issues/170) to deploy your own website.\n\nThe alternate way to visualize trace is to use **chrome://tracing**:\n\n1. Download perfetto assets from \u003chttps://github.com/google/perfetto/releases/tag/v37.0\u003e\n2. You should find traceconv binary in assets folder.\n3. Transfer trace file to JSON format:\n\n ```bash\n chmod +x traceconv\n\n ./traceconv json [trace file path] [json file path]\n ```\n\n4. Open chrome://tracing in your chrome and load JSON file.\n\n\n\n\n\n## PSI V2 Benchmark\n\nPlease refer to [PSI V2 Benchmark](docs/user_guide/psi_v2_benchmark.md)\n\n## APSI Benchmark\n\nPlease refer to [APSI Benchmark](docs/user_guide/apsi_benchmark.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecretflow%2Fpsi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecretflow%2Fpsi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecretflow%2Fpsi/lists"}