Microsoft SEAL is an easy-to-use and powerful homomorphic encryption library.
Перейти к файлу
Kim Laine 9db551d452 Renamed seal::SEAL_BYTE to seal::seal_byte; the old name no longer works. Reordered API changes in CHANGES.md to better reflect importance for updating existing code to SEAL 3.6. 2020-11-13 14:14:55 -08:00
android
cmake
dotnet
native Renamed seal::SEAL_BYTE to seal::seal_byte; the old name no longer works. Reordered API changes in CHANGES.md to better reflect importance for updating existing code to SEAL 3.6. 2020-11-13 14:14:55 -08:00
pipelines
pkgconfig
tools
.clang-format
.gitignore
.pre-commit-config.yaml
CHANGES.md Renamed seal::SEAL_BYTE to seal::seal_byte; the old name no longer works. Reordered API changes in CHANGES.md to better reflect importance for updating existing code to SEAL 3.6. 2020-11-13 14:14:55 -08:00
CMakeLists.txt
CODE_OF_CONDUCT.md
CONTRIBUTING.md
ISSUES.md
LICENSE
NOTICE
README.md Renamed seal::SEAL_BYTE to seal::seal_byte; the old name no longer works. Reordered API changes in CHANGES.md to better reflect importance for updating existing code to SEAL 3.6. 2020-11-13 14:14:55 -08:00
SECURITY.md

README.md

Microsoft SEAL

Microsoft SEAL is an easy-to-use open-source (MIT licensed) homomorphic encryption library developed by the Cryptography and Privacy Research group at Microsoft. Microsoft SEAL is written in modern standard C++ and is easy to compile and run in many different environments. For more information about the Microsoft SEAL project, see sealcrypto.org.

This document pertains to Microsoft SEAL version 3.6. Users of previous versions of the library should look at the list of changes.

Correct Use of Microsoft SEAL

Homomorphic encryption schemes have various and often unexpected security models that may be surprising even to cryptography experts. In particular, decryptions of Microsoft SEAL ciphertexts should be treated as private information only available to the secret key owner, and sharing information directly or indirectly about a decryption should be thought of as equivalent to sharing information about the secret key itself. If it is absolutely necessary to share information about the decryption of a ciphertext, the number of bits shared should be kept to a minimum, and no more decryptions under the same secret key should be performed. Commercial applications of Microsoft SEAL, or any homomorphic encryption library, should be carefully reviewed by experts who are familiar with these matters.

Contents

Introduction

Core Concepts

Most encryption schemes consist of three functionalities: key generation, encryption, and decryption. Symmetric-key encryption schemes use the same secret key for both encryption and decryption; public-key encryption schemes use separately a public key for encryption and a secret key for decryption. Therefore, public-key encryption schemes allow anyone who knows the public key to encrypt data, but only those who know the secret key can decrypt and read the data. Symmetric-key encryption can be used for efficiently encrypting very large amounts of data, and enables secure outsourced cloud storage. Public-key encryption is a fundamental concept that enables secure online communication today, but is typically much less efficient than symmetric-key encryption.

While traditional symmetric- and public-key encryption can be used for secure storage and communication, any outsourced computation will necessarily require such encryption layers to be removed before computation can take place. Therefore, cloud services providing outsourced computation capabilities must have access to the secret keys, and implement access policies to prevent unauthorized employees from getting access to these keys.

Homomorphic Encryption

Homomorphic encryption refers to encryption schemes that allow the cloud to compute directly on the encrypted data, without requiring the data to be decrypted first. The results of such encrypted computations remain encrypted, and can be only decrypted with the secret key (by the data owner). Multiple homomorphic encryption schemes with different capabilities and trade-offs have been invented over the past decade; most of these are public-key encryption schemes, although the public-key functionality may not always be needed.

Homomorphic encryption is not a generic technology: only some computations on encrypted data are possible. It also comes with a substantial performance overhead, so computations that are already very costly to perform on unencrypted data are likely to be infeasible on encrypted data. Moreover, data encrypted with homomorphic encryption is many times larger than unencrypted data, so it may not make sense to encrypt, e.g., entire large databases, with this technology. Instead, meaningful use-cases are in scenarios where strict privacy requirements prohibit unencrypted cloud computation altogether, but the computations themselves are fairly lightweight.

Typically, homomorphic encryption schemes have a single secret key which is held by the data owner. For scenarios where multiple different private data owners wish to engage in collaborative computation, homomorphic encryption is probably not a reasonable solution.

Homomorphic encryption cannot be used to enable data scientist to circumvent GDPR. For example, there is no way for a cloud service to use homomorphic encryption to draw insights from encrypted customer data. Instead, results of encrypted computations remain encrypted and can only be decrypted by the owner of the data, e.g., a cloud service customer.

Most homomorphic encryption schemes provide weaker security guarantees than traditional encryption schemes. Two things are important to be aware of:

  1. Information about decryptions of ciphertexts must not be shared with anyone; see Correct Use of Microsoft SEAL.

  2. A ciphertext protects the underlying data from anyone who does not have the secret key.

A ciphertext does not protect anything from anyone who has the secret key. For example, a server cannot apply a proprietary algorithm on encrypted data, return it to the secret key owner, and expect that its algorithm remains protected.

Microsoft SEAL

Microsoft SEAL is a homomorphic encryption library that allows additions and multiplications to be performed on encrypted integers or real numbers. Other operations, such as encrypted comparison, sorting, or regular expressions, are in most cases not feasible to evaluate on encrypted data using this technology. Therefore, only specific privacy-critical cloud computation parts of programs should be implemented with Microsoft SEAL.

It is not always easy or straightfoward to translate an unencrypted computation into a computation on encrypted data, for example, it is not possible to branch on encrypted data. Microsoft SEAL itself has a steep learning curve and requires the user to understand many homomorphic encryption specific concepts, even though in the end the API is not too complicated. Even if a user is able to program and run a specific computation using Microsoft SEAL, the difference between efficient and inefficient implementations can be several orders of magnitude, and it can be hard for new users to know how to improve the performance of their computation.

Microsoft SEAL comes with two different homomorphic encryption schemes with very different properties. The BFV scheme allows modular arithmetic to be performed on encrypted integers. The CKKS scheme allows additions and multiplications on encrypted real or complex numbers, but yields only approximate results. In applications such as summing up encrypted real numbers, evaluating machine learning models on encrypted data, or computing distances of encrypted locations CKKS is going to be by far the best choice. For applications where exact values are necessary, the BFV scheme is the only choice.

Getting Started

There are multiple ways of installing Microsoft SEAL and starting to use it. The easiest way is to use a package manager such as vcpkg or Homebrew to download, build, and install the library. The .NET library is available as a multiplatform NuGet package. Finally, one can build Microsoft SEAL manually with a multiplatform CMake build system; see Building Microsoft SEAL Manually for details.

Optional Dependencies

Microsoft SEAL has no required dependencies, but certain optional features can be enabled when compiling with support for specific third-party libraries.

When building manually, one can choose to have the Microsoft SEAL build system download and build the dependencies, or alternatively search the system directories for pre-installed dependencies. On the other extreme, the downloadable NuGet package cannot be configured at all, but it is always possible to build a custom NuGet package. Other package managers offer varying amounts of opportunities for configuring the dependencies and other build options.

The optional dependencies and their tested versions (other versions may work as well) are as follows:

Optional dependency Tested version Use
Microsoft GSL 3.1.0 API extensions
ZLIB 1.2.11 Compressed serialization
Zstandard 1.4.5 Compressed serialization (much faster than ZLIB)
GoogleTest 1.10.0 For running tests

Microsoft GSL

Microsoft GSL (Guidelines Support Library) is a header-only library that implements gsl::span: a view type that provides safe (bounds-checked) array access to memory.

For example, if Microsoft GSL is available, Microsoft SEAL can allow BatchEncoder and CKKSEncoder to encode from and decode to a gsl::span instead of std::vector, which can in some cases have a significant performance benefit.

ZLIB and Zstandard

ZLIB and Zstandard are widely used compression libraries. Microsoft SEAL can optionally use these libraries to compress data that is serialized.

One may ask how compression can help when ciphertext and key data is supposed to be indistinguishable from random. In Microsoft SEAL Ciphertext objects consist of a large number of integers modulo specific prime numbers (coeff_modulus primes). When using the CKKS scheme in particular, these prime numbers can be quite small (e.g., 30 bits), but the data is nevertheless serialized as 64-bit integers. Therefore, it is not uncommon that almost half of the ciphertext bytes are zeros, and applying a general-purpose compression algorithm is a convenient way of getting rid this wasted space. The BFV scheme benefits typically less from this technique, because the prime numbers used for the coeff_modulus encryption parameter tend to be larger, and integers modulo these prime numbers fill more of each 64-bit word. Compressed serialization can be applied to any serializable Microsoft SEAL object – not just to Ciphertext and keys .

If Microsoft SEAL is compiled with ZLIB or Zstandard support, compression will automatically be used for serialization; see Serialization::compr_mode_default in native/src/seal/serialization.h. However, it is always possible to explicitly pass compr_mode_type::none to serialization methods to disable compression. If both ZLIB and Zstandard support are enabled, Zstandard is used by default due to its much better performance.

Note: The compression rate for a SecretKey can (in theory at least) reveal information about the key. In most common applications of Microsoft SEAL the size of a SecretKey would not be deliberately revealed to untrusted parties. If this is a concern, one can always save the SecretKey in an uncompressed form.

Installing from NuGet Package (Windows, Linux, macOS, Android, iOS)

For .NET developers the easiest way of installing Microsoft SEAL is by using the multiplatform NuGet package available at NuGet.org. Simply add this package into your .NET project as a dependency and you are ready to go.

To develop mobile applications using Microsoft SEAL and .NET for Android and iOS, just add this package to your Xamarin project. Unlike the Microsoft SEAL C++ library, the .NET wrapper library works only on 64-bit platforms, so only arm64-v8a/x86_64 Android ABIs and arm64/x86_64 iOS architectures are supported.

Examples

Using Microsoft SEAL will require the user to invest some time in learning fundamental concepts in homomorphic encryption. The code comes with heavily commented examples that are designed to gradually teach such concepts as well as demonstrate a large fraction of the API. The examples are available (and identical) in C++ and C#, and are divided into several source files in native/examples/ (C++) and dotnet/examples/ (C#), as follows:

C++ C# Description
examples.cpp Examples.cs The example runner application
1_bfv_basics.cpp 1_BFV_Basics.cs Encrypted modular arithmetic using the BFV scheme
2_encoders.cpp 2_Encoders.cs Encoding more complex data into Microsoft SEAL plaintext objects
3_levels.cpp 3_Levels.cs Introduces the concept of levels; prerequisite for using the CKKS scheme
4_ckks_basics.cpp 4_CKKS_Basics.cs Encrypted real number arithmetic using the CKKS scheme
5_rotation.cpp 5_Rotation.cs Performing cyclic rotations on encrypted vectors in the BFV and CKKS schemes
6_serialization.cpp 6_Serialization.cs Serializing objects in Microsoft SEAL
7_performance.cpp 7_Performance.cs Performance tests

It is recommended to read the comments and the code snippets along with command line printout from running an example. For easier navigation, command line printout provides the line number in the associated source file where the associated code snippets start. To build the examples, see Examples and Tests or Building .NET Components.

Note: It is impossible to know how to use Microsoft SEAL correctly without studying examples 1–6. They are designed to provide the reader with the necessary conceptual background on homomorphic encryption. Reusing code directly from the examples will not work well, as the examples are often demonstrating individual pieces of functionality, and are not optimized for performance. Writing Microsoft SEAL code without studying the examples in depth will inevitably result in code that is vulnerable, malfunctioning, or extremely slow.

Building Microsoft SEAL Manually

Building C++ Components

On all platforms Microsoft SEAL is built with CMake. We recommend using out-of-source build although in-source build works. Below we give instructions for how to configure, build, and install Microsoft SEAL either globally (system-wide), or locally (for a single user). A global install requires elevated (root or administrator) privileges.

Requirements

System Toolchain
Windows Visual Studio 2019 with C++ CMake Tools for Windows
Linux Clang++ (>= 5.0) or GNU G++ (>= 6.0), CMake (>= 3.12)
macOS/iOS Xcode toolchain (>= 9.3), CMake (>= 3.12)
Android Android Studio

Note: Microsoft SEAL compiled with Clang++ has much better runtime performance than one compiled with GNU G++.

Building Microsoft SEAL

We assume that Microsoft SEAL has been cloned into a directory called SEAL and all commands presented below are assumed to be executed in the directory SEAL.

You can build Microsoft SEAL library (out-of-source) for your machine by executing the following commands:

cmake -S . -B build
cmake --build build

After the build completes, the output binaries can be found in build/lib/ and build/bin/ directories.

Various configuration options can be specified and passed to the CMake build system. These are decribed below in sections Basic CMake Options and Advanced CMake Options.

Installing Microsoft SEAL

If you have root access to the system you can install Microsoft SEAL globally as follows:

cmake -S . -B build
cmake --build build
sudo cmake --install build

To instead install Microsoft SEAL locally, e.g., to ~/mylibs/, do the following:

cmake -S . -B build -DCMAKE_INSTALL_PREFIX=~/mylibs
cmake --build build
sudo cmake --install build

Building and Installing on Windows

On Windows the same scripts above work in a developer command prompt for Visual Studio. The right x64 or x86 version of command prompt ...

Ninja/Visual Studio generators. Please choose the right platform before building Microsoft SEAL. The SEAL_C project and the .NET wrapper library SEALNet can only be built for x64. With Ninja generator ... With Visual Studio generator, a specific architecture flag -A x64 or -A x86 should be provided.

Visual Studio / Visual Stuido Code open as CMake project.

Replace sudo with administrator.

This results in the static library seal.lib to be created in lib\$(Platform)\$(Configuration). When linking with applications, you need to add native\src\ (full path) as an include directory for Microsoft SEAL header files.

Building for Android and iOS

Microsoft SEAL can be compiled for Android and iOS. Under the android/ directory of the source tree you will find an Android Studio project that you can use to compile the library for Android.

To build the library for iOS, use the following scripts:

# Configure CMake
cmake -S . -B build -GXcode -DSEAL_BUILD_SEAL_C=ON -DSEAL_BUILD_STATIC_SEAL_C=ON -DCMAKE_SYSTEM_NAME=iOS "-DCMAKE_OSX_ARCHITECTURES=arm64;x86_64" -C cmake/memset_s.iOS.cmake

# Build libseal*.a for x86_64
xcodebuild -project build/SEAL.xcodeproj -sdk iphonesimulator -arch x86_64 -configuration Release clean build
mkdir -p build/lib/x86_64
cp build/lib/Release/libseal*.a build/lib/x86_64

# Build libseal*.a for arm64
xcodebuild -project SEAL.xcodeproj -sdk iphoneos -arch arm64 -configuration Release clean build
mkdir -p build/lib/arm64
cp build/lib/Release/libseal*.a build/lib/arm64

# Combine libseal-*.a into libseal.a and libsealc-*.a into libsealc.a
lipo -create -output build/lib/libseal.a build/lib/x86_64/libseal-*.a arm64/libseal-*.a
lipo -create -output build/lib/libsealc.a build/lib/x86_64/libsealc-*.a build/lib/arm64/libsealc-*.a

The native libraries generated through these methods are meant to be called only through the .NET library described in the following sections. Specifically, they do not contain any wrappers that can be used from Java (for Android) or Objective C (for iOS).

Basic CMake Options

The following options can be used with CMake to configure the build. The default value for each option is denoted with boldface in the Values column.

CMake option Values Information
CMAKE_BUILD_TYPE Release
Debug
RelWithDebInfo
MinSizeRel
Debug and MinSizeRel have worse run-time performance. Debug inserts additional assertion code. Set to Release unless you are developing Microsoft SEAL itself or debugging some complex issue.
SEAL_BUILD_EXAMPLES ON / OFF Build the C++ examples in native/examples.
SEAL_BUILD_TESTS ON / OFF Build the tests to check that Microsoft SEAL works correctly.
SEAL_BUILD_DEPS ON / OFF Set to ON to automatically download and build optional dependencies; otherwise CMake will attempt to locate pre-installed dependencies.
SEAL_USE_MSGSL ON / OFF Build with Microsoft GSL support.
SEAL_USE_ZLIB ON / OFF Build with ZLIB support.
SEAL_USE_ZSTD ON / OFF Build with Zstandard support.
BUILD_SHARED_LIBS ON / OFF Set to ON to build a shared library instead of a static library. Not supported in Windows.
SEAL_BUILD_SEAL_C ON / OFF Build the C wrapper library SEAL_C. This is used by the C# wrapper and most users should have no reason to build it.
SEAL_USE_CXX17 ON / OFF Set to ON to build Microsoft SEAL as C++17 for a positive performance impact.
SEAL_USE_INTRIN ON / OFF Set to ON to use compiler intrinsics for improved performance. CMake will automatically detect which intrinsics are available and enable them accordingly.

As usual, these options can be passed to CMake with the -D flag. For example, one could run

cmake -S . -B build -DSEAL_BUILD_EXAMPLES=ON

to configure a release build of a static Microsoft SEAL library and also build the examples.

Advanced CMake Options

The following options can be used with CMake to further configure the build. Most users should have no reason to change these, which is why they are marked as advanced.

CMake option Values Information
SEAL_THROW_ON_TRANSPARENT_CIPHERTEXT ON / OFF Set to ON to throw an exception when Microsoft SEAL produces a ciphertext with no key-dependent component. For example, subtracting a ciphertext from itself, or multiplying a ciphertext with a plaintext zero yield identically zero ciphertexts that should not be considered as valid ciphertexts.
SEAL_BUILD_STATIC_SEAL_C ON / OFF Set to ON to build SEAL_C as a static library instead of a shared library.
SEAL_DEFAULT_PRNG Blake2xb
Shake256
Microsoft SEAL supports both Blake2xb and Shake256 XOFs for generating random bytes. Blake2xb is much faster, but it is not standardized, whereas Shake256 is a FIPS standard.
SEAL_USE_GAUSSIAN_NOISE ON / OFF Set to ON to use a non-constant time rounded continuous Gaussian for the error distribution; otherwise a centered binomial distribution – with slightly larger standard deviation – is used.

Linking with Microsoft SEAL through CMake

It is very easy to link your own applications and libraries with Microsoft SEAL if you use CMake. Simply add the following to your CMakeLists.txt:

find_package(SEAL 3.6 REQUIRED)
target_link_libraries(<your target> SEAL::seal)

If Microsoft SEAL was installed globally, the above find_package command will likely find the library automatically. To link with a Microsoft SEAL installed locally, e.g., installed in ~/mylibs as described above, you may need to tell CMake where to look for Microsoft SEAL when you configure your application by running:

cd <directory containing your CMakeLists.txt>
cmake . -DCMAKE_PREFIX_PATH=~/mylibs

If Microsoft SEAL was installed using a package manager like vcpkg or Homebrew, please refer to their documentation for how to link with the installed library. For example, vcpkg requires you to specify the vcpkg CMake toolchain file when configuring your project.

Examples and Tests

When building Microsoft SEAL, examples and tests can be built by setting SEAL_BUILD_EXAMPLES=ON and SEAL_BUILD_TESTS=ON; see Basic CMake Options. Alternatively, both examples and tests can be built as standalone CMake projects linked with Microsoft SEAL (installed in ~/mylibs), by following the commands below. Omit setting SEAL_ROOT if the library is installed globally.

cd native/<examples|tests>
cmake -S . -B build -DSEAL_ROOT=~/mylibs
cmake --build build

Building .NET Components

Microsoft SEAL provides a .NET Standard library that wraps the functionality in Microsoft SEAL for use in .NET development. NuGet package is recommended unless development of Microsoft SEAL or building a custom NuGet package is intended. Prior to building .NET components, the C wrapper library SEAL_C must be built following Building C++ Components. The SEAL_C library is meant to be used only by the .NET library, not by end users.

Windows, Linux, and macOS

For compiling .NET code you will need to install a .NET Core SDK (>= 3.1). Building the SEAL_C library with CMake will generates project files for the .NET wrapper library, examples, and unit tests. The SEAL_C library must be discoverable when running a .NET application, e.g., be present in the same directory as your executable, which is taken care of by the .NET examples and tests project files. Run the following scripts to build each project:

dotnet build dotnet/src --configuration <Debug|Release> # Build .NET wrapper library
dotnet test dotnet/tests # Build and run .NET unit tests
dotnet run -p dotnet/examples # Build and run .NET examples

You can use the dotnet parameter --configuration <Debug|Release> to run Debug or Relase examples and unit tests. And you can use --verbosity detailed to print the list of unit tests that are being run.

On Windows, one can also build the Microsoft Visual Studio 2019 solution file dotnet/SEALNet.sln that contains the three projects.

Android and iOS

You can use Android Studio to build the native shared library used by the .NET Standard wrapper library for Android. If you want to build for iOS, please take a look at our iOS pipeline file to see how to configure and build the native library using CMake and Xcode.

However, the recommended way of using SEAL for .NET in Android and iOS is to add a reference to the multiplatform NuGet package to your Xamarin project.

Using Microsoft SEAL for .NET in Your Own Application

To use Microsoft SEAL for .NET in your own application you need to:

  1. add a reference in your project to SEALNet.dll;
  2. ensure the native shared library is available for your application when run. The easiest way to ensure this is to copy the native shared library to the same directory where your application's executable is located.

Building Your Own NuGet Package

You can build your own NuGet package for Microsoft SEAL by following the instructions in NUGET.md.

As mentioned before, the .NET project will copy the shared native library to the assembly output directory. You can use the dotnet parameter --configuration <Debug|Release> to run either Debug or Release versions of the examples.

Contributing

For contributing to Microsoft SEAL, please see CONTRIBUTING.md.

Citing Microsoft SEAL

To cite Microsoft SEAL in academic papers, please use the following BibTeX entries.

Version 3.6

    @misc{sealcrypto,
        title = {{M}icrosoft {SEAL} (release 3.6)},
        howpublished = {\url{https://github.com/Microsoft/SEAL}},
        month = nov,
        year = 2020,
        note = {Microsoft Research, Redmond, WA.},
        key = {SEAL}
    }

Version 3.5

    @misc{sealcrypto,
        title = {{M}icrosoft {SEAL} (release 3.5)},
        howpublished = {\url{https://github.com/Microsoft/SEAL}},
        month = apr,
        year = 2020,
        note = {Microsoft Research, Redmond, WA.},
        key = {SEAL}
    }

Version 3.4

    @misc{sealcrypto,
        title = {{M}icrosoft {SEAL} (release 3.4)},
        howpublished = {\url{https://github.com/Microsoft/SEAL}},
        month = oct,
        year = 2019,
        note = {Microsoft Research, Redmond, WA.},
        key = {SEAL}
    }

Version 3.3

    @misc{sealcrypto,
        title = {{M}icrosoft {SEAL} (release 3.3)},
        howpublished = {\url{https://github.com/Microsoft/SEAL}},
        month = jun,
        year = 2019,
        note = {Microsoft Research, Redmond, WA.},
        key = {SEAL}
    }

Version 3.2

    @misc{sealcrypto,
        title = {{M}icrosoft {SEAL} (release 3.2)},
        howpublished = {\url{https://github.com/Microsoft/SEAL}},
        month = feb,
        year = 2019,
        note = {Microsoft Research, Redmond, WA.},
        key = {SEAL}
    }

Version 3.1

    @misc{sealcrypto,
        title = {{M}icrosoft {SEAL} (release 3.1)},
        howpublished = {\url{https://github.com/Microsoft/SEAL}},
        month = dec,
        year = 2018,
        note = {Microsoft Research, Redmond, WA.},
        key = {SEAL}
    }

Version 3.0

    @misc{sealcrypto,
        title = {{M}icrosoft {SEAL} (release 3.0)},
        howpublished = {\url{http://sealcrypto.org}},
        month = oct,
        year = 2018,
        note = {Microsoft Research, Redmond, WA.},
        key = {SEAL}
    }