zk-ApplePSI repository provides an E2E pipeline, supported by picozk, to test differential privacy under Zero-Knowledge Proof.
This software aims to enhance the transparency of the Apple PSI Protocol by using a zero-knowledge proof technique on the server-side setup. Apple claims that it utilizes the NCMEC’s CSAM database to identify illegal images stored on users’ devices and generates random images derived from these images to fill bots in a Cuckoo Table Apple builds on its server. However, the current implementation does not provide a means for the public to verify whether Apple exclusively uses images from the specified database. Therefore, our implementation offers a step-by-step proof for each stage in the protocol, ensuring that no arbitrary images are added.
Run this line of code in the command line:
docker run --platform linux/amd64 -it hicsail/zk-applepsi:main
Run the following in the command line to get the container up and running:
git clone https://github.com/hicsail/zk-ApplePSI.git # Clone the repository
cd zk-ApplePSI # Move into the root directory of the project
docker-compose up -d --build # Inside the root directory, run the build image:
Since you have a running container, you can subsequently run the following command in your terminal to start Docker Shell:
docker exec -it <containerID> bash
You can get a container-ID from the docker desktop app by clicking the small button highlighted in the red circle
If you see something like the following in your command line, you are successfully inside the docker shell
We are using Fire Alarm, one of wiztoolkit packages. After entering the container, clone wiztoolkit repo and run the following commands to install wiztoolkit:
(* You might need to set up ssh key - Follow the instruction )
git clone git@github.mit.edu:sieve-all/wiztoolkit.git
cd wiztoolkit
make
make install
Now all setups are done for you to run your Python script inside the docker shell. Run the following command in the docker shell, and you will see the Python script, apple_psi.py, generating zk statements and fire-alarm checks the format of the statements:
/bin/bash ./run_IR0.sh -f apple_psi
👨💻 Run Locally
This option doesn't require Docker, while it focuses on running the Python scripts, skipping setting Fire Alarm.
Run this in the command line:
git clone git@github.com:hicsail/zk-ApplePSI.git
Move into the root directory of the project and install dependencies
cd zk-ApplePSI
git clone https://github.com/uvm-plaid/picozk.git
cp ./consts/poseidon_hash.py ./picozk/picozk/poseidon_hash/poseidon_hash.py
python3 -m venv venv # or pypy3 -m venv myenv
source venv/bin/activate # or source myenv/bin/activate
pip install --upgrade pip # or pypy3 -m pip install --upgrade pip
pip install -r requirements.txt # or pypy3 -m pip install -r requirements.txt
pip install picozk/. # or pypy3 -m pip install picozk/.
The following will run the main file:
python3 zk-ApplePSI.py # or pypy3 zk-ApplePSI.py
The current file contains sample inputs of images in a vector . If you would like to experiment with a different set of images, you can modify the vector. Be sure to match both apple_secrets and ncmec_secrets; otherwise, the proof will fail.
You may also choose a form of Lagrange interpolation. For simplicity, the default setting skips Lagrange interpolation to demonstrate that bots in a cuckoo table are generated from the same polynomial as the true data, because this proof is performed outside of zk. However, should you wish to see this part in the action, you could choose either the "Standard" method or "BaryCentric" method by changing the Lagrange variable in this line .
