Merge pull request #4 from capeprivacy/justin/deploy-script

Justin/deploy script
capeprivacy · Mar 7, 2023 · be9f5ee · be9f5ee
2 parents 90b2b5f + 3cd05b3
commit be9f5ee
Show file tree

Hide file tree

Showing 5 changed files with 103 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -22,7 +22,7 @@ $ export TARGET="onnx_resnet_deploy"
 $ mkdir $TARGET
 # Add function script
 $ cp app.py $TARGET
-# Add ONNX resnet model 
+# Add ONNX resnet model
 $ cp -r onnx_model $TARGET
 # Add imagenet classes file
 $ cp imagenet_classes.txt $TARGET
@@ -57,4 +57,40 @@ Labrador retriever: 7.1%
 tennis ball: 1.3%
 clumber: 0.9%
 Brittany spaniel: 0.7%
-```
+```
+
+### Run Secure Prediction with Encryption
+
+You can encrypt data before sending it to Cape to be processed in your function. You can encrypt
+to yourself or you can encrypt for another person. If you encrypt for yourself only you can decrypt the
+data and if you encrypt for another person only they can decrypt it.
+
+There are three examples for testing this out:
+
+Returns the encrypted string for you.
+
+```
+$ python encrypt.py
+Encrypted: cape:KTTGfoNTQu....
+```
+
+Returns the encrypted string for the capedocs user. (Note: the capedocs user is a user we use to deploy example functions).
+
+```
+$ python encrypt_for_user.py capedocs
+Encrypted: cape:MQrGNmp6V1im7cu.....
+```
+
+`run_encrypt.py` is just like `run_prediction.py` except it encrypts the data before sending it. The
+output is the same as the input is decrypted securely inside the enclave before processing.
+
+```
+$ python run_encrypt.py
+golden retriever: 39.7%
+Labrador retriever: 7.1%
+tennis ball: 1.3%
+clumber: 0.9%
+Brittany spaniel: 0.7%
+```
+
+See [here](https://docs.capeprivacy.com/concepts/encrypt) for more details.
diff --git a/deploy.py b/deploy.py
@@ -0,0 +1,9 @@
+import pathlib
+import pycape
+from pycape.experimental import cli
+
+cape = pycape.Cape()
+
+function_ref = cli.deploy("onnx_resnet_deploy")
+
+print(function_ref.id)
diff --git a/encrypt.py b/encrypt.py
@@ -0,0 +1,8 @@
+from pycape import Cape
+
+cape = Cape()
+
+ciphertext = cape.encrypt(b"hello world")
+
+print("Encrypted:", ciphertext.decode())
+
diff --git a/encrypt_for_user.py b/encrypt_for_user.py
@@ -0,0 +1,12 @@
+import sys
+from pycape import Cape
+
+if len(sys.argv) < 2:
+    print("expected user to be passed")
+    quit()
+
+cape = Cape()
+
+ciphertext = cape.encrypt(f"hi {sys.argv[1]}".encode(), username=sys.argv[1])
+
+print("Encrypted:", ciphertext.decode())
diff --git a/run_encrypt.py b/run_encrypt.py
@@ -0,0 +1,36 @@
+import json
+import os
+
+from torchvision.io import read_image
+from torchvision.models import ResNet50_Weights
+
+from pycape import Cape
+
+token_env = os.environ.get("TOKEN")
+function_id_env = os.environ.get("FUNCTION_ID")
+
+
+def process_image(file):
+    img = read_image(file)
+    weights = ResNet50_Weights.DEFAULT
+    preprocess = weights.transforms()
+    batch = preprocess(img).unsqueeze(0)
+    batch_numpy = batch.detach().numpy()
+    batch_numpy_bytes = batch_numpy.tobytes()
+    return batch_numpy_bytes
+
+
+if __name__ == "__main__":
+    cape = Cape()
+    f = cape.function(function_id_env)
+    t = cape.token(token_env)
+
+    input_bytes = process_image("./images_sample/dog.jpeg")
+
+    input_bytes = cape.encrypt(input_bytes)
+
+    top5_classes = cape.run(f, t, input_bytes)
+
+    top5_classes = json.loads(top5_classes)
+    for category_name, score in top5_classes.items():
+        print(f"{category_name}: {100 * score:.1f}%")