Secure Computations code is written in Python and is executed in an encrypted Python runtime.
As a code provider, you are responsible for writing the code of the computation, encrypting it and and sending it to the enclave.
The typical structure of your code should look like this:
secret_module.py file contains your secret functions. It will be encrypted before being sent to the enclave.
run.py file is a mandatory entrypoint. It will not be encrypted, but it does not contain any sensitive operation.
# run.py from io import BytesIO from typing import Iterator from cosmian_lib_sgx import Enclave import pandas as pd def convert_input(datas): """ Transform input data bytes to pandas DataFrame. """ for data in datas: yield pd.read_csv(data) def main(): with Enclave() as enclave: """ 🔒 Everything that happens here will be executed in a Trusted Execution Environment. """ # Import your encrypted module import secret_module # Convert input data bytes from the Data Provider datas = convert_input(enclave.read()) data = next(datas) # Apply your secret function coded by the Code Provider dataframe = secret_module.secret_function(data) # Convert output result to bytes result = dataframe.to_csv().encode("utf-8") # Write result for the Result Consumer enclave.write(result) return 0 if __name__ == "__main__": main()
Input data (coming from Data Providers) and output data (sent to Result Consumers) have to be represented in bytes.
These bytes can represent for example:
- UTF-8 encoded string, CSV or JSON
- SQLite database
- integer encoded as 8-bytes in big endian (to represent
- float encoded as 8-bytes with IEEE-754 (to represent
The Code Provider is responsible for serializing/deserializing data in the entrypoint.
SGX enclaves are resource constrained environments. It might be better to use small chunk of input data instead of sending the whole file.
Currently, Data Providers can upload files up to 2GB.
The following Python packages are automatically installed alongside your function during deployment:
This list is not exhaustive: you can use any package that is available by default in Ubuntu Focal (20.04LTS). You can search the full list here.