.. -*- coding: utf-8 -*-

=================================================
 VIFF, the Virtual Ideal Functionality Framework
=================================================

.. raw:: html

  <div id="links">
    <a class="green" href="#releases">Download VIFF 1.0</a>
    <a class="blue" href="doc/contact.html">Contact</a>
    <a class="orange" href="doc/index.html">Documentation</a>
    <a class="red" href="http://tracker.viff.dk">Report bugs</a>
  </div>

.. raw:: html
   :file: news.html

.. raw:: html

   <!-- Preload rollover image. -->
   <script type="text/javascript">
     dog = new Image();
     dog.src = "images/viff-dog-alert.png";
   </script>

   <img src="images/viff-dog.png" name="dog" alt="The VIFF dog"
        class="align-right" align="right"
        onmouseover="javascript:dog.src='images/viff-dog-alert.png'"
        onmouseout="javascript:dog.src='images/viff-dog.png'" />

.. |Zp| replace:: **Z**\ *p*
.. |GF256| replace:: **GF**\ (2\ :sup:`8`)

VIFF is a framework which allows you to specify `secure multi-party
computations`_ in a clean and easy way. Current features include:

* arithmetic with shares from |Zp| or |GF256|.

* secret sharing based on Shamir and pseudo-random secret sharing
  (PRSS).

* secure addition, multiplication, and exclusive-or of shares.

* comparison of secret shared |Zp| inputs, with secret |Zp| or |GF256|
  output.

* automatic parallel (asynchronous) execution.

* secure communication using SSL.

* cute mascot :-)

VIFF is implemented in Python_ using Twisted_ and should run on any
platform where Python runs (succesfully tested on Linux, Windows, and
Mac OS X). Please see the `installation guide`_ for details on the
requirements.

VIFF is Free Software, licensed under the `GNU LGPL`_. This means that
you can download and use it for free and modify it to suit your needs.
You are free to redistribute your modifications as long as you do it
together with the modified source. You are allowed to build
applications (commercial or not) that use VIFF without having to
license them under the LGPL.

.. _secure multi-party computations: http://en.wikipedia.org/wiki/
                                     Secure_multiparty_computation
.. _Python: http://python.org/
.. _Twisted: http://twistedmatrix.com/
.. _installation guide: doc/install.html
.. _GNU LGPL: http://hg.viff.dk/viff/raw-file/tip/COPYING.LIB

Use Cases
~~~~~~~~~

VIFF allows you to do secure multi-party computations, in which a
number of parties (three or more at the moment) execute a
cryptographic protocol to do some joint computation. The computation
could be anything, but elections and auctions are good examples of
what you would want to do with secure multi-party computations (SMPC
or simply MPC if it is implied that the protocol is secure).

Using VIFF your protocol is run without the players revealing anything
about their inputs. So three millionaires can determine among
themselves who has, say, the most money *without revealing how much
they are worth* to one another. So they all learn who is richest, but
nothing else.

The techniques for doing this involves computations on secret shared
values, but the programmer can mostly ignore this when using VIFF.
Please see the example programs included in the distribution below.

Releases
~~~~~~~~

The latest version of the VIFF source code can be obtained using
Mercurial_ by the command::

  hg clone http://hg.viff.dk/viff/

or by `browsing the repository online`__. There you can also subscribe to
a RSS_ or Atom_ feed with updates.

.. __: http://hg.viff.dk/viff/
.. _Mercurial: http://www.selenic.com/mercurial/
.. _RSS: http://hg.viff.dk/viff/rss-log
.. _Atom: http://hg.viff.dk/viff/atom-log

The repository should be mostly stable (you can check the BuildBot_ if
you are unsure) and a snapshot can be downloaded here:

.. _BuildBot: http://buildbot.viff.dk/waterfall

* **viff-tip**: tar.bz2__, tar.gz__, zip__.

.. __: http://hg.viff.dk/viff/archive/tip.tar.bz2
.. __: http://hg.viff.dk/viff/archive/tip.tar.gz
.. __: http://hg.viff.dk/viff/archive/tip.zip

You can also download a release below:

* **viff-1.0**: tar.bz2__, tar.gz__, zip__, exe__,
  released on December 14th, 2009.

  .. __: http://viff.dk/release/viff-1.0.tar.bz2
  .. __: http://viff.dk/release/viff-1.0.tar.gz
  .. __: http://viff.dk/release/viff-1.0.zip
  .. __: http://viff.dk/release/viff-1.0.win32.exe

  We are happy to declare that we have reached **VIFF version 1.0**.
  The current code is useful, flexible and unlikely to change
  radically. The largest changes since 0.7.1 are summarized below.

  The central class named Runtime was renamed to PassiveRuntime. All
  runtime classes now uses the common method names input and output
  for providing data to and retrieving data from the computation. A
  multiparty version of AES was added: it allows parties to encrypt a
  Shamir secret shared message under a secret shared AES key to obtain
  a secret shared ciphertext.

  See the NEWS__ file for more details.

  .. __: http://hg.viff.dk/viff/raw-file/1.0/NEWS

* **viff-0.7.1**: tar.bz2__, tar.gz__, zip__, exe__,
  released on October 9th 2008.

  .. __: http://viff.dk/release/viff-0.7.1.tar.bz2
  .. __: http://viff.dk/release/viff-0.7.1.tar.gz
  .. __: http://viff.dk/release/viff-0.7.1.zip
  .. __: http://viff.dk/release/viff-0.7.1.win32.exe

  A major bug was fixed in the passive multiplication protocol in the
  case where 2t + 1 != n. Unit tests were updated for Python 2.6.

  See the NEWS__ file for more details.

  .. __: http://hg.viff.dk/viff/raw-file/0.7.1/NEWS

* **viff-0.7**: tar.bz2__, tar.gz__, zip__, exe__,
  released on September 21st 2008.

  .. __: http://viff.dk/release/viff-0.7.tar.bz2
  .. __: http://viff.dk/release/viff-0.7.tar.gz
  .. __: http://viff.dk/release/viff-0.7.zip
  .. __: http://viff.dk/release/viff-0.7.win32.exe

  PyOpenSSL is now used instead of GnuTLS and this enables secure
  connections on Windows. The code dealing with starting a player has
  been made much more robust and players can now be started in any
  order. Players can now also be reliably shutdown. A new runtime
  based on homomorphic Paillier encryption supports just two players.
  Added a new protocol for equality testing with secret shared result.

  See the NEWS__ file for more details.

  .. __: http://hg.viff.dk/viff/raw-file/0.7/NEWS

* **viff-0.6**: tar.bz2__, tar.gz__, zip__, exe__,
  released on May 28th 2008.

  .. __: http://viff.dk/release/viff-0.6.tar.bz2
  .. __: http://viff.dk/release/viff-0.6.tar.gz
  .. __: http://viff.dk/release/viff-0.6.zip
  .. __: http://viff.dk/release/viff-0.6.win32.exe

  The average time for a secure comparison was reduced by 60-70%.
  Comparisons now work with an actively secure multiplication
  protocol. A memory leak was fixed. Converted documentation to new
  Sphinx format.

  See the NEWS__ file for more details.

  .. __: http://hg.viff.dk/viff/raw-file/0.6/NEWS

* **viff-0.5**: tar.bz2__, tar.gz__, zip__, exe__,
  released on April 28th 2008.

  .. __: http://viff.dk/release/viff-0.5.tar.bz2
  .. __: http://viff.dk/release/viff-0.5.tar.gz
  .. __: http://viff.dk/release/viff-0.5.zip
  .. __: http://viff.dk/release/viff-0.5.win32.exe

  Added preliminary support for preprocessing and an efficient
  multiplication protocol which is secure against active adversaries.
  The Runtime class has been split into several parts and two new
  mixin classes provide different comparison protocols. Several
  coercion problems were fixed. The ``Runtime.callback`` method was
  renamed to ``Runtime.schedule_callback``. VIFF was tested on Python
  2.6 and some small problems were fixed. If python-gnutls is
  unavailable, players now automatically fallback to TCP connections.
  The installation guide was updated for Windows Vista. A new example
  program was added and the documentation was updated.

  See the NEWS__ file for more details.

  .. __: http://hg.viff.dk/viff/raw-file/0.5/NEWS

* **viff-0.4**: tar.bz2__, tar.gz__, zip__, exe__,
  released on March 12th 2008.

  .. __: http://viff.dk/release/viff-0.4.tar.bz2
  .. __: http://viff.dk/release/viff-0.4.tar.gz
  .. __: http://viff.dk/release/viff-0.4.zip
  .. __: http://viff.dk/release/viff-0.4.win32.exe

  Implemented a reliable Bracha broadcast which is secure against
  active adversaries. Shamir sharings, pseudo-random as well as
  standard, can now be asymmetric which means that only a subset of
  the parties provide input. The open protocol is now also asymmetric,
  in the sense that only a subset of the parties receive the opened
  result. The behavior of field elements in Boolean expressions has
  been fixed. This means that ``GF256(0) and GF256(1)`` now returns
  ``GF256(0)`` instead of ``GF256(1)``. Added a modern implementation
  of the classic Yao millionaires example from 1982 which started this
  field of research.

  See the NEWS__ file for more details.

  .. __: http://hg.viff.dk/viff/raw-file/0.4/NEWS

* **viff-0.3**: tar.bz2__, tar.gz__, zip__,
  released on December 27th 2007.

  .. __: http://viff.dk/release/viff-0.3.tar.bz2
  .. __: http://viff.dk/release/viff-0.3.tar.gz
  .. __: http://viff.dk/release/viff-0.3.zip

  Changes since 0.2: Secure communication between the players were
  implemented using TLS_ (the successor to SSL). An included Makefile
  can generate the needed certificates. The network layer was
  completely reimplemented, this breaks compatibility with programs
  written for VIFF version 0.2 or earlier.

  .. _TLS: http://en.wikipedia.org/wiki/Transport_Layer_Security

* **viff-0.2**: tar.bz2__, tar.gz__, zip__,
  released on November 14th 2007.

  .. __: http://viff.dk/release/viff-0.2.tar.bz2
  .. __: http://viff.dk/release/viff-0.2.tar.gz
  .. __: http://viff.dk/release/viff-0.2.zip

  Changes since 0.1.1: Implemented overloaded arithmetic operators, so
  ``w = x + y * z`` now adds and multiplies the three shares as expected.
  Updated API documentation. Released using a Distutils setup.py
  script.

* **viff-0.1.1**: tar.bz2__, tar.gz__, zip__,
  released on October 23rd 2007.

  .. __: http://viff.dk/release/viff-0.1.1.tar.bz2
  .. __: http://viff.dk/release/viff-0.1.1.tar.gz
  .. __: http://viff.dk/release/viff-0.1.1.zip

  Changes since 0.1: Added API documentation and updated the
  installation instructions.

* **viff-0.1**: tar.bz2__, tar.gz__, zip__,
  released on October 16th 2007.

  .. __: http://viff.dk/release/viff-0.1.tar.bz2
  .. __: http://viff.dk/release/viff-0.1.tar.gz
  .. __: http://viff.dk/release/viff-0.1.zip

  First public release. Implements basic functionality including
  addition, multiplication, exclusive-or, and comparison of shares.
  Shares can be made using Shamir sharing or PRSS. Includes a suite of
  unit tests and example programs.

Please see the `installation guide`_ and the `VIFF API
documentation`__ in addition to the documentation included in the
files above.

.. __: http://viff.dk/api/index.html

Contact
~~~~~~~

Please post your questions and comments on VIFF to the `VIFF-devel
mailing list`_. Any question can be sent there — VIFF is still a
little rough around the edges, so please ask for help if you cannot
get VIFF working! The list is archived locally_, at Gmane_ (where you
can read/post over `NNTP using a newsreader`__) and at `The Mail
Archive`__.

VIFF is developed by a small `development team`_. Other contributors
are very welcome! Please come to the `mailing list`_ and talk to us if
you want to help in any way.

.. _mailing list:
.. _VIFF-devel mailing list: http://lists.viff.dk/listinfo.cgi/
                             viff-devel-viff.dk
.. _locally: http://lists.viff.dk/pipermail/viff-devel-viff.dk/
.. _Gmane: http://dir.gmane.org/gmane.comp.cryptography.viff.devel
.. __: nntp://news.gmane.org/gmane.comp.cryptography.viff.devel
.. __: http://www.mail-archive.com/viff-devel@viff.dk/

.. _development team: doc/authors.html

.. include:: layout.rst