sine-fdn / tandem Goto Github PK
View Code? Open in Web Editor NEWA maliciously secure two-party computation engine which is embeddable and accessible
License: MIT License
tandem's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
thebalaa amdahl-rs fruitbox12 ramtej william-devinci 448-og budikxyz s0c5 takodas binadamu-isiyoonekana ribeirovagn namnc mikelodder7tandem's Issues
Smart Cookie should fail when different server key is provided when log_interest happen.
The problem
First of all, thanks for such an amazing project, I have enjoyed thinking about how to implement this in a real-world case, however, running the example of a smart cookie and modifying the Tandem.toml to include a different key in the init and after the log_interest this should fail with LogResult::InvalidSignature but it doesn't, I'd like to know if its something i'm doing is wrong!
thanks in advance.
Tandem Toml
[handlers.init]
_ = "SigningKey { key: [ 1u8, 2u8, 4u8, 4u8, 5u8, 6u8, 7u8, 8u8, 9u8, 10u8, 11u8, 12u8, 13u8, 14u8, 15u8, 17u8] }"
[handlers.log_interest]
article1 = "WebsiteVisit { key: SigningKey { key: [1u8; 16] }, interest: UserInterest::Luxury }"
article2 = "WebsiteVisit { key: SigningKey { key: [1u8; 16] }, interest: UserInterest::Politics }"
article3 = "WebsiteVisit { key: SigningKey { key: [1u8; 16] }, interest: UserInterest::Cars }"
article4 = "WebsiteVisit { key: SigningKey { key: [1u8; 16] }, interest: UserInterest::Sports }"
article5 = "WebsiteVisit { key: SigningKey { key: [255u8; 16] }, interest: UserInterest::Politics }"
[handlers.decide_ad]
_ = "SigningKey { key: [ 1u8, 2u8, 3u8, 4u8, 5u8, 6u8, 7u8, 8u8, 9u8, 10u8, 11u8, 12u8, 13u8, 14u8, 15u8, 16u8] }"
Modified Test
I modified this test to include article5 as log_interest which have a different signature that was used when was called the init function
#![cfg(target_arch = "wasm32")]
// use std::{include_str, println};
use js_sys::Reflect;
use tandem_http_client::{compute, MpcData, MpcProgram};
use wasm_bindgen::prelude::*;
use wasm_bindgen_test::wasm_bindgen_test;
#[cfg(target_arch = "wasm32")]
wasm_bindgen_test::wasm_bindgen_test_configure!(run_in_browser);
#[wasm_bindgen]
extern "C" {
// Use `js_namespace` here to bind `console.log(..)` instead of just
// `log(..)`
#[wasm_bindgen(js_namespace = console)]
fn log(s: &str);
}
#[wasm_bindgen_test]
async fn test() {
console_log::init().expect("Could not init console_log");
let url = "http://127.0.0.1:8000";
let smart_cookie_prg = include_str!("smart_cookie_setup/program.garble.rs");
let function = "init".to_string();
let program = MpcProgram::new(smart_cookie_prg.to_string(), function)
.expect("Could not parse source code");
let metadata = "_";
let my_input =
MpcData::from_string(&program, "()".to_string()).unwrap_or_else(|e| panic!("{e}"));
let mut user_state = compute(url.to_string(), metadata.to_string(), program, my_input)
.await
.unwrap_or_else(|e| panic!("{e}"));
log(user_state.to_literal_string().as_ref());
let function = "log_interest".to_string();
let program = MpcProgram::new(smart_cookie_prg.to_string(), function)
.expect("Could not parse source code");
let metadata = "article5";
let log_result = compute(
url.to_string(),
metadata.to_string(),
program.clone(),
user_state,
)
.await
.unwrap_or_else(|e| panic!("{e}"))
.to_literal()
.unwrap_or_else(|e| panic!("{e}"));
let log_result = Reflect::get(&log_result, &"Enum".into()).unwrap_or_else(|e| panic!("{e:?}"));
let log_result_enum_name = Reflect::get_u32(&log_result, 0).unwrap_or_else(|e| panic!("{e:?}"));
assert_eq!(log_result_enum_name, JsValue::from("LogResult"));
let log_result_enum_variant =
Reflect::get_u32(&log_result, 1).unwrap_or_else(|e| panic!("{e:?}"));
assert_eq!(log_result_enum_variant, JsValue::from("Ok"));
let log_result = Reflect::get_u32(&log_result, 2).unwrap_or_else(|e| panic!("{e:?}"));
let log_result = Reflect::get(&log_result, &"Tuple".into()).unwrap_or_else(|e| panic!("{e:?}"));
let log_result = Reflect::get_u32(&log_result, 0).unwrap_or_else(|e| panic!("{e:?}"));
user_state = MpcData::from_object(&program, log_result).unwrap_or_else(|e| panic!("{e}"));
let function = "decide_ad".to_string();
let program = MpcProgram::new(smart_cookie_prg.to_string(), function)
.expect("Could not parse source code");
let metadata = "_";
let ad_decision = compute(url.to_string(), metadata.to_string(), program, user_state)
.await
.unwrap_or_else(|e| panic!("{e}"));
log(ad_decision.to_literal_string().as_ref());
// assert!(ad_decision.to_literal_string().contains("Sports"));
}RUSTSEC-2022-0054: wee_alloc is Unmaintained
wee_alloc is Unmaintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | wee_alloc |
| Version | 0.4.5 |
| URL | rustwasm/wee_alloc#107 |
| Date | 2022-05-11 |
Two of the maintainers have indicated that the crate may not be maintained.
The crate has open issues including memory leaks and may not be suitable for production use.
It may be best to switch to the default Rust standard allocator on wasm32 targets.
Last release seems to have been three years ago.
Possible Alternative(s)
The below list has not been vetted in any way and may or may not contain alternatives;
- Rust standard default allocator on wasm32-target
Honorable Mention(s)
The below may serve to educate on potential future alternatives:
See advisory page for additional details.
Versioning for Client/Server
Now that the repository is public, we should start thinking about how we want to handle a version mismatch between the client and server. Since the playground (or rather the echo server) is auto-deployed whenever something changes on main, everyone using a previously installed tandem_http_client will simply get a very confusing error message whenever a change results in incompatibility:
tandem_http_client --function main --input 3u8 --metadata 7u8 add.garble.rs
Error: MaxRetriesExceeded([ServerError("{\"error\":\"BincodeError\"}"), ServerError("{\"error\":\"BincodeError\"}"), ServerError("{\"error\":\"BincodeError\"}"), ServerError("{\"error\":\"BincodeError\"}"), ServerError("{\"error\":\"BincodeError\"}"), ServerError("{\"error\":\"BincodeError\"}"), ServerError("{\"error\":\"BincodeError\"}"), ServerError("{\"error\":\"BincodeError\"}"), ServerError("{\"error\":\"BincodeError\"}"), ServerError("{\"error\":\"BincodeError\"}")])
I would propose 2 changes:
- only deploy new versions to fly.io when a new tag is pushed (not on every commit)
- check the client version against the server version, print a more helpful error message in case there's a mismatch
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.