《云原生机密计算最佳实践白皮书》——07解决方案——Intel Confidential Computing Zoo: Intel机密计算开源解决方案——部署隐私集合求交方案(3) https://developer.aliyun.com/article/1230738?groupCode=aliyun_linux
6.2 C++版本
6.2.1 编译C++程序
在每个启动的Docker容器中编译程序:
cd /gramine/CI-Examples/psi/cpp ./build.sh
在多台服务器上部署不同分布式节点的情况下,需要配置 dynamic_confifig.json 文件,填入待通信方节点在编译应用阶段生成的MR_ENCLAVE,MR_SIGNER,ISV_PROD_ID,ISV_SVN的值,如:
{ "verify_mr_enclave" : "on" , "verify_mr_signer" : "on" , "verify_isv_prod_id" : "on" , "verify_isv_svn" : "on" , "sgx_mrs": [ { "mr_enclave" : "1e4f3efafac6038dadaa94fdd248b93c82ae9f0a16642ffff4bb07afe442aac 56e" , "mr_signer" : "5add213ac35413033647621e2fab91edcc8b82f840426803feb8a603be2ce 8d4" , "isv_prod_id" : "0" , "isv_svn" : "0" } ] }
6.2.2 运行两方求交程序
在每个Docker的容器中的 /gramine/CI-Examples/psi/cpp 路径下分别执行对应的参与方命令:
# Kill the previous server process pkill -f gramine # Run the server cd runtime/server gramine-sgx grpc -host=localhost:50051 -confifig=dynamic_confifig.json # Run the client1 cd runtime/data_provider1 gramine-sgx grpc -host=localhost:50051 -confifig=dynamic_confifig.json -is_chief=true -client_ num=2 data_dir="data1.txt" client_name="data_provider1" # Run the client2 cd runtime/data_provider2 gramine-sgx grpc -host=localhost:50051 -confifig=dynamic_confifig.json -is_chief=false -client_ num=2 data_dir="data2.txt" client_name="data_provider2"
每个客户端都会得到交集结果:
car cat train
6.2.3 运行三方求交程序
在每个Docker的容器中的 /gramine/CI-Examples/psi/cpp 路径下分别执行对应的参与方命令:
# Kill the previous server process pkill -f gramine # Run the server cd runtime/server gramine-sgx grpc -host=localhost:50051 -confifig=dynamic_confifig.json # Run the client1 cd runtime/data_provider1 gramine-sgx grpc -host=localhost:50051 -confifig=dynamic_confifig.json -is_chief=true-client_ num=3 data_dir="data1.txt" client_name="data_provider1" # Run the client2 cd - cd runtime/data_provider2 gramine-sgx grpc -host=localhost:50051 -confifig=dynamic_confifig.json -is_chief=false-client_ num=3 data_dir="data2.txt" client_name="data_provider2" # Run the client3 cd - cd runtime/data_provider3 gramine-sgx grpc -host=localhost:50051 -confifig=dynamic_confifig.json -is_chief=false-client_ num=3 data_dir="data3.txt" client_name="data_provider3"
每个客户端都会得到交集结果:
car cat train
