|
| 1 | +# Private Authentification in FHE |
| 2 | + |
| 3 | +This folder contains an example that shows how to combine Concrete ML and TFHE-rs workflows through a privacy-preserving, server-side authentication scenario. In this example, access to a remote server is granted via a token, only if the client's encrypted information meets specific criteria. The returned token thus serves as proof of successful authentication — all without ever exposing any sensitive data. |
| 4 | + |
| 5 | +## Overview |
| 6 | + |
| 7 | +To determine whether the client meets the specified requirements, the problem is treated as a classification task. In this example, a decision tree model is used for that purpose and Concrete ML handles the encrypted inference part, while training is performed on clear data. |
| 8 | + |
| 9 | +The process involves the following steps: |
| 10 | + |
| 11 | +**On the developer side**: |
| 12 | + |
| 13 | +1. Train the decision tree model on clear data |
| 14 | +1. Compile the model to an FHE circuit using the TFHE-rs ciphertext format |
| 15 | +1. Deploy the model using Concrete ML APIs. To know more about it, please refer to the [Client-Server Guide](../../docs/guides/client_server.md) and the [Client-Server Notebook](../../docs/advanced_examples/ClientServer.ipynb) |
| 16 | + |
| 17 | +**On the client Side**: |
| 18 | + |
| 19 | +- Encrypt the client's information using a private key and send it to the server. |
| 20 | + |
| 21 | +**On the server side**: |
| 22 | + |
| 23 | +1. Use Concrete ML to predict whether the client's information is valid. If the prediction is positive, the user is authenticated; otherwise, authentication is denied. |
| 24 | +1. Use TFHE-rs for the post-processing part to generate a random token (known only to the server) and multiply it by the output of the decision. |
| 25 | +1. Return the result, the encrypted token if the user is authenticated; otherwise, an encrypted zero vector. |
| 26 | + |
| 27 | +**On the client side**: |
| 28 | + |
| 29 | +- Decrypt the server's response and send it back to the server to finalize the authentication process. |
| 30 | + |
| 31 | +## Installation |
| 32 | + |
| 33 | +- First, create a virtual env and activate it: |
| 34 | + |
| 35 | +<!--pytest-codeblocks:skip--> |
| 36 | + |
| 37 | +```bash |
| 38 | +python -m venv .venv |
| 39 | +source .venv/bin/activate |
| 40 | +``` |
| 41 | + |
| 42 | +- Then, install required packages: |
| 43 | + |
| 44 | +<!--pytest-codeblocks:skip--> |
| 45 | + |
| 46 | +```bash |
| 47 | +pip install -r requirements.txt --ignore-installed |
| 48 | +``` |
0 commit comments