Release Notes
2023.09
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
Due to old version of NodeJS in distribution’s package repository on Debian 10 and Ubuntu 20.04, web-client
and nodejs-web-gateway
are built using NodeJS LTS (v18) on these platforms. This may cause compatibility issues when using these libraries with older NodeJS versions.
Added support for Debian 12 (Bookworm) and Ubuntu 22.04 (Jammy Jellyfish). Removed support for Ubuntu 18.04 (Bionic Beaver).
Features
Client libraries and gateways
-
Java client library is now packaged as a single JAR file containing both Java class files as well as native code (.so file).
SecreC compiler and standard library
-
Added exponent and logarithm (
exp
,log
,ln
) operations for fixed-point numbers to SecreC Standard Library. -
Added oblivious RAM (ORAM) functionality to SecreC Standard Library. This can be used to read from and write to secret-shared vectors by secret indices. See shared3p_oblivious_ram module for more details.
2022.03
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
Support for Debian 9 (Stretch) was removed and support for Debian 11 (Bullseye) was added.
Starting from the 2022.03 release, there is no separate academic version of the Sharemind MPC platform. The differentiating module mod_shared3p_dev has been discontinued.
Features
Client libraries and gateways
-
Javascript Client Library now supports application-level arguments that can be used by Sharemind Web Gateway applications. These arguments are separate from already existing SecreC bytecode arguments and can be set independently for each of the three hosts.
-
We have completely reimplemented the Java bindings for the Sharemind Web Gateway (unavailable for Ubuntu 18.04 because of missing dependencies on that distribution).
-
The sharemind-web-gateway Debian package was renamed to sharemind-nodejs-web-gateway.
SecreC compiler and standard library
-
Optimised
matrixMultiplication
for fixed point data types. It now uses a dedicated MPC protocol.
Sharemind Analytics
-
Added decision tree (
ctree
) and random forest (randomForest
) algorithms to Rmind. Also available as part of SecreC Analytics Library (SAL) in analytics_trees module. Visualization of the result is not available. -
Added
xgboost
algorithm for regression and classification to Rmind and SecreC Analytics Library (analytics_xgboost). Visualization of the result is not available. -
Added
glmnet
(GLM + elastic net) algorithm to Rmind and SAL (analytics_linear_model). -
Added Fast Fourier Transform (
fft
) and autocorrelation (acf
) algorithms to Rmind and SAL (analytics_time_series). -
Added Kalman and Liu-West filters to Rmind and SAL (analytics_kalman_filter). Related functions (
dlm*
) and its usage are based on the dlm package in R. -
Added metrics (
accuracy
,precision
,recall
,f1
,mse
,rmse
) to Rmind and SAL (analytics_metrics). -
Added
is.binary
function to Rmind and SAL (analytics_metrics). -
Added complex field operations (4 basic operations + exp, conjugate) to SecreC Analytics Library (see the analytics_complex module).
-
Added utilities for array computation to SAL module analytics_array. Notably
argmax
,argmin
,matTimesVec
,addOneColumn
,unique
,getTiles
. -
Added utilities for machine learning computation to SAL module analytics_ml. Notably,
intoBinary
,oneHotLabeling
,selectMaxEachRow
. -
Added other utilities for datasets handling to SAL module analytics_datasets. The main ones are
shiftLabel
,scale
,scaleMinMax
,extractSubsets
,trainTestSplit
. -
Added random value generators (
randomUniform
andrandomNormal
) to SAL module analytics_generate. -
Added
castToFloat
and other wrapper functions for fix point data type to SAL module analytics_shared3p_fix.
2020.12
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
Features
SecreC compiler and standard library
-
Several internal optimisations in the SecreC compiler.
-
Added weighted linear regression, LOESS regression, quantiles function to SecreC Standard Library.
-
Added
bl_strFind
that returns the index of the first occurrence of needle in haystack. -
Optimised the Gauss method of solving systems of linear equations.
-
GLM now by default uses Gauss method for solving systems of linear equations.
-
Added
prefixSum
andinvPrefixSum
functions for vectors. -
Added shared3p_permutation module for generating public and private permutations and permuting vectors and matrices by rows or columns.
-
Added fast matrix transpose that uses
gather
andscatter
syscalls. -
Added
clientAuth
function that returns the authentication string (name) of client application running the current SecreC program. Note that the client authentication string may be different on different computation parties.
Sharemind Analytics
-
Added functions for computing quantiles and LOESS regression.
-
Removed unnecessary
meanOp
from the SecreC Analytics Library in favour of the ordinarymean
operation. -
Added a new analytics_date module to SecreC Analytics Library with conversion functions between Gregorian calendar and an internal Julian day format which allows calculating with dates (e.g. number of days between two dates). These functions were previously only in the Sharemind Analytics Engine.
Fixed issues
-
Fixed a bug in SecreC Standard Library
bl_strLengthenBound
where the returnedBlStringVector
had the old bound. -
Fixed bug in analytics_join in the SecreC Analytics Library and Rmind. When adding key columns to the result, the constructed
hasIA
vector did not match the number of columns in the DataFrame containing the keys. -
Fixed date verification in CSV Importer.
-
Fixed
--xstr
construction invalid values insharemind-runscript
. -
Fixed a null pointer dereference in
YaoProtocol
on invalid circuit type (mod_shared3p_dev).
2019.03
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
Features
Packaging
-
The
libsharemind-mod-shared3p
,libsharemind-mod-shared3pdev
andlibsharemind-mod-shared3p-emu
Debian packages are marked as conflicting so only one of them can be installed at any time. This is because they all provide the shared3p protection domain kind. -
The
sharemind-meta-shared3p
,sharemind-meta-shared3pdev
andsharemind-meta-shared3p-emu
Debian meta-packages install SecreC compiler (scc
) and Standard Library (secrec-stdlib
), Sharemind Application Server (sharemind-server
), HDF5 storage back-end (libsharemind-mod-tabledb-hdf5
) andlibsharemind-mod-algorithms
modules and the respective shared3p protection domain kind module. Thesharemind-meta-clientdev
meta-package includes everything for custom client application development and local testing:sharemind-meta-shared3p-emu
,libsharemind-controller-dev
,libloghard-dev
andlibsharemind-mod-passthrough
. -
The Debian package for Sharemind Application Server (
sharemind-server
) now generates a server key pair on installation. -
The self-hosted web front-ends for Rmind (Rmind Studio,
rmind-service
) and CSV Importer (sharemind-csv-importer-service
) now generate a client application key pair when installed from a Debian package. This speeds up their set up process. -
The Sharemind Web Gateway (
sharemind-web-gateway
) and JavaScript Client Library (sharemind-web-client
) NodeJS modules are now installed into/usr/lib/nodejs/
on Debian, instead of/usr/local
.
Encrypted Computing Engine
-
Sharemind configuration files can now be combined from multiple files using the
@include
directive, which takes a globbing pathname argument. For example,@include %{CurrentFileDirectory}/conf.d/*.conf
takes all the files ending with.conf
from theconf.d
subdirectory and loads them as they were part of the current file.
SecreC compiler and standard library
-
Added support for the
get_fpu_state
andset_fpu_state(v)
expressions to the SecreC language for changing the floating point unit state. -
SecreC language now supports deprecation messages for deprecated functions via the
@deprecated("message")
annotation. -
SecreC language gained support for the comma operator, for example to be used in cycles:
for (uint i = acount - 1, j = acount; j != 0; --i, --j)
. -
Functions for working with bounded length strings (
bl_string
) were moved from Sharemind Analytics Engine (Rmind back-end) to SecreC Standard Library. See the shared3p_string and shared3p_table_database modules.
Sharemind Analytics
-
Rmind gained support for factors, that allows to use string literals instead of their generated classifier values in expressions. See the documentation for
factor
andlevels
. -
Rmind now supports binary operations on combinations of private and public string arguments.
-
Added support for
?function
apropos in Rmind Studio for displaying information aboutfunction
. Rmind already had this support.
Fixed issues
-
Changed the SecreC bytecode hashing algorithm to SHA-256 in order to guarantee an identical hash function on all participating Sharemind MPC servers.
-
Fixed a file handle leak in the HDF5 storage back-end module.
-
Fixed a bug where some protection domains failed to initialise because they were started before networking.
-
Fixed Rmind crashing when
gnuplot
was not installed. -
The consensus service in Sharemind Application Server no longer uses a fixed-time polling loop which took too much CPU time.
-
Fixed a regression bug introduced in CSV Importer v4.0.0 (2018.12), where the whole CSV file was loaded into memory. Now the file is loaded by streaming again.
2018.12.1
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
Fixed issues
-
Fixed versioning conflicts between Debian packages of several Sharemind MPC components.
-
Added missing dependencies (
libatomic1
andlibgcc1
) to Rmind and CSV Importer Debian packages. -
Added
gnuplot
to the list of packages recommended by Rmind so it would be installed automatically on most Debian configurations.
2018.12
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
Features
Encrypted Computing Engine
-
Improved user exception reporting by introducing a new VM opcode (
common.user_except
). This statement was included in the 2018.09 changelog by mistake. -
Ported libsortnetwork to C++.
-
Replaced OpenSSL with Crypto++ in Sharemind randomness library librandom.
-
Changed execution profiling to be per SecreC process instead of being per Application Server process until now. In Application Server configuration file, the
ProfileLogFile
option is replaced withProfileLogPrefix
that points to a directory where the profiling information of each SecreC process is written to a separate file.
Traceability
-
SecreC Standard Library includes a new trace module that enables SecreC programs to log well-structured information about the process itself and data the process loads or saves. This module is used by the Sharemind Analytics Engine (Rmind back-end) and may also be used by custom SecreC programs.
-
Sharemind CSV Importer back-end logs the SHA-256 hash value of the user-uploaded data to allow re-producible analysis.
-
Released Sharemind MPC Tracer (
sharemind-trace
), a stand-alone command-line tool that extracts structured information from Application Server logs and shows data flow between SecreC processes. Its output uses Business Process Model and Notation (BPMN), where SecreC processes are modelled as BPMN Tasks and data tables as BPMN DataObjects. Sharemind MPC Tracer output can be visualised with many software supporting the BPMN 2.0 language. When given logs from more than one Application Server, Sharemind MPC Tracer also brings out discrepancies in SecreC processes between the different logs.
SecreC compiler and standard library
-
SecreC compiler now warns about usage of deprecated SecreC functions.
-
Added fixed point versions of
abs
,choose
andshuffle
to the Standard Library. -
Optimised solving systems of linear equations using the Gauss method. An inner loop was transformed into a data parallel computation.
Fixed issues
-
Mitigated a SecreC buffer overflow by introducing a workaround when Boost 1.67 is in use.
-
Fixed an Application Server crash on SecreC bytecode validation error.
-
Fixed a bug in SecreC process count limiting logic, where the client application was notified about the end of process before actually releasing the process slot. This introduced a race condition, where the latter of sequentially run SecreC programs might have been denied if the previous process slot was still being freed.
2018.09
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
Features
Encrypted Computing Engine
-
Made
sharemind-runscript
command-line interface more similar to that ofsharemind-emulator
. The--log-to-file
command-line option was renamed to--logFile
, the--run
argument was removed. Additionally, it is now possible to write the bytecode output argument stream to file with--outFile
, instead of pretty-printing it. -
Improved user exception reporting by introducing a new VM opcode (
common.user_except
).
Sharemind Emulator
-
The
mod_shared3p_emu
module gained client application support (cmod_passthrough
). Now it is possible to run existing client applications (e.g. Rmind) with a single Sharemind Application Server running themod_shared3p_emu
module. -
Carter-Wegman hash system call (
shared3p::cw128_xor_uint8_vec
syscall) was added to themod_shared3p_emu
module.
SecreC compiler and standard library
-
SecreC bytecode compiled with
scc
v2.2.1+ takes advantage of the newcommon.user_except
syscall for improved reporting of error conditions, including user assertions. -
The
quicksort
function now works on Booleans. Boolean values are internally converted toxor_uint8
and the result back tobool
. -
Added floating point data type support to
cut
,min
,max
,variance
,standardDev
,MAD
,fiveNumberSummary
,covariance
, t-tests, linear regression,quicksort
, outlier detection,histogram
,heatmap
, Wilcoxon signed rank, Wilcoxon rank sum and Mann-Whitney U. -
The deprecated
quickquicksort
function was removed from the SecreC standard library. -
Added Carter-Wegman hash functionality in Standard Library
shared3p_string
module. -
Added fixed point data type support (
fix32
,fix64
) to shared3p module. -
Added
tdbVmapGetVlenValue
function totable_database
module to get a variable length value from a vector in a vector map. -
GLM and linear regression functionality now allows to pass an empty matrix as the variables argument to specify a model with just the intercept.
Sharemind Analytics
-
Added float support to
mean
,median
,min
,max
,mad
,stdDev
,variance
,summary
,heatmap
, histogram, outlier detection, t-tests and linear regression. -
Changed the output format of
freq
in Rmind to include a list ofvalues
andfrequencies
vectors that can be written to a file. -
Added support for Hosmer–Lemeshow test.
-
Added support for Fisher’s exact test. Currently the functionality is limited to 2x2 contingency tables. It leaks one cell of the contingency table but without prior information it is not known which cell it is.
-
Added support for ROC AUC (area under the receiver operating characteristic curve). Possible privacy leak must be taken into consideration when visualising the ROC curve. If necessary, disable the ROC functionality in the Sharemind Analytics Engine configuration.
-
Added support for GLM and linear regression without independent variables.
2018.06
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
The IController
class was removed from Sharemind C client library
(`libcontroller`) version 0.3.0 and its members moved to
`SystemController` class. All custom C client applications should make
this change in order to be linked against the new version of
libcontroller
. Custom Haskell, Java and NodeJS (Sharemind Web
Application Gateway) applications should be rebuilt with the 2018.06
release versions of the corresponding client libraries where this change
is already incorporated.
Features
Encrypted Computing Engine
-
In order to improve traceability of SecreC bytecode executions, Sharemind Application Server logs now contain user ID, SecreC process ID and hash on the same line.
-
JavaScript client library now uses the AES implementation provided by the aes-js library (MIT license) in its pseudo-random number generator (PRNG). This replaces the previously used jsaes AES implementation (GNU GPL license).
-
Sharemind Web Application Gateway and JavaScript client library support intercept handlers in order to allow modification of individual shares before they are sent to or received from another component. Sharemind Web Application gateway now emits the beforeSendResults and afterSendResults messages before and after sending the result shares back to the JavaScript library. The previously available beforeStartMpcProcess handler together with the added beforeSendResults handler can be used to modify individual input or output shares, respectively. The JavaScript client library provides a way to pass optional beforeResults and afterResults handlers to the
runMpcComputation
call, the first of which can be used in order to modify individual result shares before they are reconstructed by the library. -
Disabled TLS session resumption by default in both the Sharemind Application Server and client applications as storing TLS session resumption tickets is known to defeat Perfect Forward Secrecy. The enabled cipher suites can be modified by changing the
IncomingTlsPriorities
andOutgoingTlsPriorities
properties in Application Server and client application main configurations.
SecreC compiler and standard library
-
SecreC now allows numeric literals to be annotated by type,
- e.g. instead of `0
-
uint64` it’s now also possible to directly write
0u64
. Supported numeric literal suffixes are:
| Suffix | Type | +--------+---------+ | u8 | uint8 | | u16 | uint16 | | u32 | uint32 | | u64 | uint64 | | i8 | int8 | | i16 | int16 | | i32 | int32 | | i64 | int64 | | f32 | float32 | | f64 | float64 |
-
Improved leakage information in the documentation of several SecreC standard library functions.
-
Significantly improved the performance of SecreC assembler when compiling large programs. As a trade-off, memory usage is increased.
Fixed issues
-
Fixed an issue where SecreC programs compiled in heterogeneous environments could not be invoked as they had differing hash values. As a result of this fix, SecreC bytecode runtime error messages now only contain basename of the relevant SecreC source file and not the full path. To go back to the old behaviour for more convenient debugging, use the
--runtime-error-path-style=fullpath
option in the SecreC compiler command-line. -
If Sharemind Application Server fails to open a file for logging, it now also displays the file name in the error message.
-
Fixed a bug in Rmind and Sharemind Analytics Engine t-test functionality. Sometimes the Welch–Satterthwaite equation was not used when the
varEqual
parameter was true. -
Fixed a bug in Sharemind Analytics Engine that caused SecreC program to crash when using empty input tables for
aggregate
(in Rmind) orsetDifference
functions.
2018.03
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
Features
Encrypted Computing Engine
-
The whitelisting based access control system is replaced by new access control system that manages access on three levels: authorized users, which users can run which SecreC programs and, as a new level, which SecreC programs have access to which data resources. All three levels of this access policy are configured in a single access policy configuration file, referenced by the
AccessControl.PoliciesFile
property in the Sharemind Application Server main configuration file. This replaces theClient.WhiteListEnabled
andClient.WhiteListFile
properties. Look for new syntax and examples in/usr/share/doc/sharemind/examples/server-access-control.conf
. -
The
Server.ScriptPrefix
property for setting SecreC bytecode search path is replaced by theServer.ProgramPaths
property that also accepts a list of multiple search paths separated with semicolons. SecreC bytecode lookup on server side now also supports subdirectories, i.e. the file path passed to the Sharemind client library is appended to each of the paths listed inServer.ProgramPaths
. The file path components passed to client library may contain ASCII alphanumeric characters, dashes (-
), underscores (_
), space characters and periods (.
). The only exception is that no such component can consist only of periods (e.g..
or..
or…
etc are not allowed as components). The default value ofServer.ProgramPaths
is changed from/var/lib/sharemind/scripts/
to/var/lib/sharemind/programs/
. -
The
mod_keydb
key-value storage now exclusively depends on hiredis library for Redis server support and dropped thecpp_redis
as a dependency. -
Log verbosity of
sharemind-runscript
andhdf5csvexporter
client applications is configurable by the--logLevel
command-line argument. Allowed log levels are fatal, error, warn(ing), info (normal), debug and fulldebug.
Sharemind Analytics
-
If the file
~/.rmind_profile
exists, it is executed every time Rmind is started. This can be used to add convenience functions to Rmind environment. -
Rmind and CSV Importer also support the above mentioned
--logLevel
command-line argument. Furthermore, it is possible to save Sharemind client library log to a separate file by passing the log filename with the--logFile
(for Rmind) or with the--clientLog
(for CSV Importer) command-line argument.
Fixed issues
-
Rmind Studio binary (
rmind-service
) now supports the--init
command line argument to initialize Analytics Engine on Sharemind hosts. -
Sharemind Web Application Gateway now has timestamps in it’s log.
-
Rmind Studio and CSV Importer web interface now bundle the necessary fonts and Material Design icons in order to not leak user’s IP address.
-
Fixed two SecreC type checking bugs, where expressions like
float32 a = (float32)0.1
and(bool) (1 + 0)
failed to compile. -
The profile logfile is now truncated so that when a script does not have profiling sections, the old results from a previous profiling run are not left into the profile log.
-
Sharemind JavaScript client library (sharemind-web-client) is now distributed so that it can also be used from NodeJS command-line applications and not only from web browsers.
-
SecreC code with protection domain that was never used failed to run with proper configuration. Sharemind expected the program to be run on a single machine.
-
Fixed a crash in Rmind caused by passing a mix of list and non-list arguments to the
c
function. -
Sharemind Analytics Engine now gives an error when trying to cast private Booleans to bl_string. Before this failed silently.
-
Fixed a bug in Sharemind Analytics Engine where key columns names had unneeded prefix in join (merge) operation output.
Known issues
-
For debugging purposes, SecreC compiler embeds full paths of input SecreC source files to the output bytecode. This may lead to different SecreC bytecode because of differing file paths on Sharemind hosts. Such SecreC programs cannot be run as MPC application as Sharemind Application Servers check for bytecode hash equality on process start. We are working on a solution to this problem. As a temporary workaround, make sure that SecreC source code paths are the same on all three Sharemind hosts, e.g. use the system-wide SecreC standard library installed to a known location.
2017.12
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
Features
Encrypted Computing Engine
-
On platforms, where hiredis is available from a package, the
mod_keydb
key-value storage engine now uses hiredis C client library for connecting to the Redis backend. This replaces the cpp_redis dependency on these platforms.
Sharemind Analytics
-
Added principal component analysis (PCA) to Rmind. Available with commands
prcomp
andsummary.prcomp
. You can usescreeplot
to plot the variance (or cumulative proportion of total variance) of each principal component computed byprcomp
. -
Rmind and CSV Importer now use standard Sharemind configuration parser. They look for their configuration according to the XDG Base Directory Specification, i.e. from
$XDG_CONFIG_HOME/sharemind/client.conf
. If not defined in the environment,$XDG_CONFIG_HOME
defaults to$HOME/.config:/etc/xdg
. The configuration file location can be overridden by the--conf
command-line parameter.
Stability and usability improvements
-
Improved error messages concerning Sharemind Application Server license file.
-
Improved error message for a missing
argument
to a SecreC program. -
The log verbosity of Sharemind Application Server (
Server.LogLevel
) is now configurable by textual levels: fatal, error, warn(ing), info (normal), debug, (full)debug. -
Improved descriptions for several SecreC standard library functions.
Fixed issues
-
Fixed a critical bug in Sharemind MPC JavaScript client library that resulted in leaking the user input values to one of the Sharemind hosts. This bug was a result of a data structure incompatibility between the
sharemind-web-client
and the third-party JavaScript AES implementation we are using and affects values (user input) that were secret shared in the web browser by the JavaScript client library (versions 2017.03 up to 2017.09). Keep in mind that values already secret shared with versions affected by this bug and stored on Sharemind hosts do not get automatically reshared with random shares by upgrading the JavaScript client library version.
2017.09
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Client API, including on the network protocols, configuration and API/ABI levels.
Features
Encrypted Computing Engine
-
It is now possible to set log verbosity in
sharemind-server
configuration file. Look forServer.LogLevel
and comments in example file. -
Implemented batching for the
declassify
protocol.
Client API
-
Created Java (JNI) bindings for building stand-alone Sharemind MPC client applications with Java.
Sharemind Analytics
-
Sharemind Analytics Engine now also supports binary operations on strings where one of the operands is public.
-
Reduced memory use of Sharemind Analytics Engine when working with strings.
-
Added support for
sqrt
,ln
,log
,log10
,exp
,erf
,sin
in Rmind. -
Rmind GLM output (
summary.glm
) now includes Wald test for testing statistical significance of the model coefficients. -
Rmind GLM output (
summary.glm
) now includes Akaike information criterion (AIC) for comparing models. -
Added lists (dictionaries) with named elements support to Rmind.
-
Rmind tries to load its documentation from
$XDG_DATA_DIRS/doc/rmind/man
if$RMIND_DOCS_PATH
is not defined. -
Created web-based user interfaces for Rmind (called Rmind Studio) and CSV Importer. These are only alternative user interfaces where secret sharing is done in the backend service. Therefore, they must be deployed on premises for the end user. All Rmind statistical functionality is also available in Rmind Studio.
Fixed issues
-
Fixed a API/ABI mismatch in Sharemind’s logging component that caused Sharemind Application Server crashes.
-
SecreC compiler now disallows infinite types in SecreC code. Previously they caused segfaults in the compiler.
-
Fixed incorrect handling of closed network streams.
-
Fixed a network connection hang during opening of network streams.
-
Fixed a network connection hang related to saturated input buffers on the remote peer.
-
Improved network stream memory usage and buffer sizes in the networking layer.
-
Fixed SecreC global struct initialisation bugs.
-
Fixed SecreC typechecker to catch an issue where a scalar is used as an array. Previously they caused segfaults in the compiler.
-
Fixed SecreC typechecker to catch an issue where a wrong operator (e.g.
+
) was used for Booleans. Previously they caused segfaults in the compiler. -
Decreased Sharemind Web Application Gateway logging polling frequency to make it less CPU-intensive.
-
Fixed a segfault in
mod_tabledb_hdf5
by making sure that HDF5 is built with thread-safety support. -
Convert integers to floats in SecreC standard library chi-squared test to avoid possible overflows.
-
Fixed a bug in Rmind REPL incremental parsing.
2017.06
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Controller library, including on the network protocols, configuration and API/ABI levels.
-
Sharemind Application Server depends on GnuTLS >=3.4.2.
Features
General
-
Different Sharemind components no longer search for their configuration from the shell’s working directory. Sharemind Application Server looks for its default configuration from
/etc/sharemind/server.conf
. Client applications look for their configuration according to the XDG Base Directory Specification, i.e. from$XDG_CONFIG_HOME/sharemind/applicationname.conf
, whereapplicationname
isclient
for general purpose client applications,proxy
for proxies (e.g. used with Sharemind Web Application Gateway) andemulator
for Sharemind stand-alone Emulator. If not defined in the environment,$XDG_CONFIG_HOME
defaults to$HOME/.config:/etc/xdg
. Both Sharemind Application Server and client applications support the--conf
command-line parameter override these defaults. -
Files referenced in Sharemind configuration files are loaded relative the shell’s working directory. Use the
%{CurrentFileDirectory}
placeholder that is replaced with the absolute path of the current configuration file. -
Several Sharemind binaries have been renamed:
-
Miner
→sharemind-server
-
CSVImporter
→sharemind-csv-importer
-
ScriptBenchmark
→sharemind-runscript
-
Emulator
→sharemind-emulator
-
HDF5CSVExporter
→sharemind-hdf5-csv-exporter
-
SecreCTestRunner
→sharemind-secrec-test-runner
-
Encrypted Computing Engine
-
It is possible to authorise Sharemind clients by the granularity of deployed SecreC programs. Look for examples in the Sharemind Application Server whitelist file. It is possible to reload this configuration without restarting the whole Sharemind Application Server, by sending the
USR1
signal to the runningsharemind-server
process. -
Sharemind Application Server now requires a valid license file to run. The license limits the number of SecreC programs that can run in parallel. The path to license file can be configured with the
LicenseFile
option in the main configuration file. -
Reduced communication in integer division protocol by public divisor by 30% and in floating point protocols by up to 10%.
Sharemind Analytics
-
Rmind Read–Eval–Print Loop (REPL) supports partial input, i.e. the whole expression does not have to be on a single line.
-
Rmind supports commands to work with private dates:
difftime
,add.days
. -
Rmind supports casting private vectors to another type with
cast
. -
Rmind supports concatenation of values to string with
cat
. -
The
subset
command now discards non-matching rows instead of just marking them as unavailable in the private mask vector. -
Added default value parameter to
rm.missing
in Rmind. -
Rmind saves command history between sessions.
-
Added
ls
andrm
for listing and removing variables from the Rmind environment. -
Added
ls.tables
to Rmind for listing available data tables in a data store. -
Rmind’s
unique
function now supports strings. -
Sharemind Analytics Engine has a configurable threshold that sets the smallest dataset size allowed as input to procedures that publish aggregate results to the client. Look for details in the provided
ae_configuration.sc
file. -
Sharemind Analytics Engine (SAE) allows Sharemind Application Server hosts to enable or disable individual SAE functions. Look for details in the provided
ae_configuration.sc
file.
2017.03
Compatibility notes
This version of the Sharemind Application Server is not compatible with older versions of the Sharemind Application Server and Sharemind Controller library, including on the network protocols, configuration and API/ABI levels.
Features
-
Added support for web-based client applications. HTTP interface is enabled by the new Sharemind Web Application Gateway component. A gateway is deployed in front of each Sharemind Application Server, which mediates communication between the Sharemind server and web-browser. The Sharemind Web Application Gateway component is available as a Node.js module. Node.js versions 4.x and 6.x are supported.
-
mod_tabledb_hdf5
: Fixed a crash that occured when the number of rows was queried for a non-existing HDF5 database table. -
ScriptBenchmark now shows information about Sharemind servers (e.g. UUID) at startup.
SecreC standard library
-
Method
quicksort
now uses C++ syscall instead of SecreC-only implementation for better performance. Deprecated methodquickquicksort
. -
Standard library functions now use
quicksort
in place of slower sorting networks. -
Added a sort order flag for stable sorting algorithms
quicksort
andunsafeSort
. -
Added
log
,log10
andpow
functions for shared3p protection domain.