Ma'atara FHE/MPC Library

Encrypted compute primitives for edge deployment - Secret Sharing, Additive MPC, and optional Full Homomorphic Encryption.

Overview

This crate provides cryptographic primitives for privacy-preserving computation:

| Module | Description | WASM Size | Use Case | |--------|-------------|-----------|----------| | MPC - Secret Sharing | Shamir's (k,n) threshold scheme | ~50KB | Key management, backup recovery | | MPC - Additive | Simple additive sharing | ~30KB | Secure aggregation, voting | | MPC - Comparison | Private equality testing | ~40KB | Fingerprint verification | | FHE | Full homomorphic encryption | ~5MB | Encrypted computation |

Architecture

┌─────────────────────────────────────────────────────────────────────────────┐
│                      MA'ATARA CRYPTOGRAPHIC STACK                          │
├─────────────────────────────────────────────────────────────────────────────┤
│                                                                             │
│  Layer 4: ENCRYPTED COMPUTE                                                 │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐                         │
│  │    FHE      │  │    MPC      │  │   TEE       │                         │
│  │  (tfhe-rs)  │  │  (This lib) │  │ (External)  │                         │
│  └─────────────┘  └─────────────┘  └─────────────┘                         │
│                                                                             │
│  Layer 3: ZERO-KNOWLEDGE (POD/0xPARC integration)                          │
│  Layer 2: POST-QUANTUM SIGNATURES (ML-DSA / Dilithium)                     │
│  Layer 1: IMMUTABLE HASHING (SHA3-384)                                     │
│                                                                             │
└─────────────────────────────────────────────────────────────────────────────┘

Quick Start

Installation

# Cargo.toml

# Lightweight MPC only (recommended for edge)
[dependencies]
maatara-fhe = { path = "../rust/maatara-fhe", default-features = true }

# With FHE support (larger binary)
[dependencies]
maatara-fhe = { path = "../rust/maatara-fhe", features = ["fhe"] }

Secret Sharing (Shamir's Scheme)

Split secrets into shares where any k-of-n can reconstruct:

use maatara_fhe::mpc::secret_sharing::ShamirSecretSharing;

// Create (3, 5) threshold: need 3 of 5 shares to recover
let sss = ShamirSecretSharing::new(3, 5).unwrap();

// Split a secret key
let secret_key = b"my-pqc-private-key-material";
let shares = sss.split(secret_key).unwrap();

// Distribute shares to 5 guardians...

// Later, any 3 guardians can recover
let recovered = sss.reconstruct(&shares[0..3]).unwrap();
assert_eq!(secret_key.to_vec(), recovered);

Secure Aggregation

Sum values without revealing individual contributions:

use maatara_fhe::mpc::additive::{AdditiveMpc, SecureAggregation};

let agg = SecureAggregation::new(3);

// Each party creates shares of their value
let party_values = vec![100u64, 200, 300];
let all_shares: Vec<_> = party_values.iter()
    .map(|&v| agg.create_input_shares(v).unwrap())
    .collect();

// Redistribute shares to parties...
// Each party sums their local shares
// Combine all party sums to get total

// Result: 600 (100 + 200 + 300) without revealing individual values

Private Fingerprint Comparison

Verify content matches without revealing the content:

use maatara_fhe::mpc::comparison::FingerprintMatcher;

// Prover has content
let fingerprint = sha3_384(my_content);
let matcher = FingerprintMatcher::new(&fingerprint);
let challenge = matcher.get_challenge();

// Send challenge to verifier...

// Verifier computes response with their fingerprint
let response = FingerprintMatcher::compute_response(&their_fingerprint, &challenge);

// Prover verifies (reveals only match/no-match)
let matches = matcher.verify_response(&response);

WASM Build

Build for Cloudflare Workers or browser:

# Install wasm-pack
cargo install wasm-pack

# Build WASM (MPC only - small)
wasm-pack build --target web --features wasm

# Build WASM (with FHE - large)
wasm-pack build --target web --features full

JavaScript Usage

import init, { 
    WasmSecretSharing,
    WasmPrivateComparison,
    health_check 
} from './pkg/maatara_fhe.js';

await init();
console.log(health_check()); // "maatara-fhe WASM module loaded successfully"

// Secret sharing
const sss = new WasmSecretSharing(3, 5);
const shares = sss.split(new TextEncoder().encode("secret"));
const recovered = sss.reconstruct(shares);

// Private comparison
const pc = new WasmPrivateComparison(myFingerprint);
const hash = pc.compute_value_hash(sharedNonce);

Feature Flags

| Feature | Description | Default | |---------|-------------|---------| | mpc | MPC primitives (secret sharing, additive, comparison) | ✅ | | std | Standard library support | ✅ | | fhe | Full Homomorphic Encryption via tfhe-rs | ❌ | | wasm | WASM bindings for browser/edge | ❌ | | full | All features | ❌ |

Benchmarks

Run benchmarks (requires nightly for some features):

cargo bench

Security Considerations

1. Secret Sharing: Shares should be distributed to independent custodians
2. Random Number Generation: Uses ChaCha20Rng seeded from OS entropy
3. Memory Safety: Secrets are zeroized on drop
4. Side Channels: Not hardened against timing attacks (use in trusted environments)

Integration with Ma'atara

This library is designed to complement Ma'atara's post-quantum cryptography:

• Key Backup: Split PQC private keys across multiple guardians
• Threshold Signing: Require k-of-n parties to approve sensitive operations
• Privacy Queries: Check provenance without revealing content
• Confidential Aggregation: Aggregate analytics without exposing individual records

License

Proprietary - Ma'atara Engineering

References

• Shamir's Secret Sharing
• TFHE-rs
• Ma'atara Whitepaper