Heli is a Rust library for private aggregation.

This library was developed as part of the paper "Heli: Heavy-Light Private Aggregation" and is released under the MIT License and the Apache v2 License (see License).

WARNING: This is an academic proof-of-concept prototype, and has not received careful code review. It should NOT be used for production use.

This repository contains several modules that implement the different building blocks of Heli. The high-level structure of the repository is as follows.

• src/crypto: Low-level cryptographic components.

• src/agg_only_enc.rs: Aggregation-only encryption scheme.

• src/proofs.rs: Zero-knowledge proofs for protecting against malicious clients.

• src/system: Network protocol implementation.

• benches: Benchmarks.

• experiments: End-to-end experiments to recreate Table 2 from the Heli paper.

• artifact-eval: Scripts to recreate Figures 4, 5 from the Heli paper.

Ensure that you have a C++ compiler and Rust installed.

On Ubuntu, you can install a C++ compiler via:

sudo apt install g++

You can install Rust by following the directions here.

Next, ensure the following environment variable is set either in your current session (e.g., via export) or in your config file (e.g., in your ~/.bashrc file):

RUSTFLAGS="-C target-cpu=native"

Then, clone this repository and build the project:

cargo build --release

To run the test suite:

cargo test

To reproduce Figures 4 and 5 of the Heli paper, install cargo-criterion via:

cargo install cargo-criterion

download the necessary Python dependencies:

cd artifact-eval/
pip install -r requirements.txt

and run the following script:

python3 run_and_plot.py

Plots will appear in the artifact-eval/plots directory.

The scripts in experiments/bin/ run the aggregator, decryptor, and client with predefined configs. For these to work, ensure that the aggregator and decryptor accept TCP traffic on ports 9000 and 9001.

• run_{aggregator,decryptor,client}.sh runs aggregation over 10,000,000 million clients (with 10% offline) with bit vectors of length 1, 32, and 128. The experiments are specified in experiments/configs/full-{1,32,128}.json.

• run_{aggregator,decryptor,client}_sim.sh runs aggregation over 100,000 clients (with 10% offline) with bit vectors of length 1, 32, and 128. The experiments are specified in experiments/configs/simplified-{1,32,128}.json.

Note: For faster benchmarking, these scripts simulate the one-time setup and run aggregation over a small set of duplicated client reports; this does not effect the servers' aggregation runtimes. To run the system without the simulated steps, replace the sim-setup and sim-generate modes specified in the client scripts to setup and generate. (Note that this requires the client machine to have 250 GB of disk space for writing reports)

Tip: If your aggregator machine runs out of memory during aggregation, lower the max_pending_batches config option.

Experiment configs are JSON files. See the predefined configs in experiments/configs/ as examples of the correct format. The configuration options are specified below:

Heli is licensed under either of the following licenses, at your discretion.

• Apache License Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

Unless you explicitly state otherwise, any contribution submitted for inclusion in Heli by you shall be dual licensed as above (as defined in the Apache v2 License), without any additional terms or conditions.