Algorithm Tutorials
Cocos supports running various types of algorithms within a secure enclave environment. This document provides streamlined tutorials for setting up and executing binary algorithms, Python scripts, Docker images, and WebAssembly (Wasm) modules.
Important Note on Order of Execution: The Cocos system involves several components that must be started and interacted with in a specific sequence. Pay close attention to the order of commands and the expected outputs at each step.
Core Concepts & Initial Setup
Before diving into specific algorithm types, understand these fundamental steps applicable to all Cocos computations:
- Enclave: A secure, isolated environment on the host machine where computations run.
- Manager: Responsible for creating and managing Virtual Machines (CVMs) that host the enclaves.
- Agent: Runs inside the CVM, executing the algorithm and communicating with the outside world.
- CVMS Server (Computation Management Server): A server that the CVM connects to, providing the algorithm and datasets.
- cocos-cli: The command-line interface tool used to interact with the Manager and Agent.
Prerequisites
-
Clone the cocos repository:
git clone https://github.com/ultravioletrs/cocos.git
cd cocos -
Clone the ai repository (for example algorithms):
git clone https://github.com/ultravioletrs/ai.git
-
Rust Installation: Ensure Rust is installed if you plan to build binary or Wasm examples. Follow instructions here.
-
Terminate Previous Computations: Always ensure any previous computations are terminated before starting a new one to avoid conflicts.
Finding Your Host IP Address
The CVMS server needs to be reachable from the virtual machine. Avoid using localhost for the CVMS host address.
To find your host machine's IP address:
ip a
Look for your network interface (e.g., wlan0 for WiFi, eth0 for Ethernet) and note the inet address. For example:
2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 12:34:56:78:9a:bc brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0
In this example, 192.168.1.100
is the IP address to use.
Starting Core Services
These services must be running before you can create a CVM or upload algorithms.
Start the Computation Management Server (CVMS)
Navigate to the cocos directory and start the CVMS server. Replace 192.168.1.100
with your actual host IP address.
cd cocos
HOST=<YOUR_HOST_IP> go run ./test/cvms/main.go -public-key-path public.pem -attested-tls-bool false -algo-path <ALGORITHM_PATH> [-data-paths <DATASET_PATH>]
Note:
-
<ALGORITHM_PATH>
and[-data-paths <DATASET_PATH>]
will be specific to the algorithm type you are running. We'll specify these in the respective sections below. -
Expected output:
{"time":"...","level":"INFO","msg":"cvms_test_server service gRPC server listening at 192.168.1.100:7001 without TLS"}
Start the Manager
Navigate to the cocos/cmd/manager directory and start the Manager. This requires sudo.
cd cocos/cmd/manager
sudo \
MANAGER_QEMU_SMP_MAXCPUS=4 \
MANAGER_GRPC_HOST=localhost \
MANAGER_GRPC_PORT=7002 \
MANAGER_LOG_LEVEL=debug \
MANAGER_QEMU_ENABLE_SEV_SNP=false \
MANAGER_QEMU_OVMF_CODE_FILE=/usr/share/edk2/x64/OVMF_CODE.fd \
MANAGER_QEMU_OVMF_VARS_FILE=/usr/share/edk2/x64/OVMF_VARS.fd \
go run main.go
Expected output (look for the gRPC server listening message):
{"time":"...","level":"INFO","msg":"Manager started without confidential computing support"}
{"time":"...","level":"INFO","msg":"manager service gRPC server listening at localhost:7002 without TLS"}
Running Binary Algorithms
Binary algorithms are compiled to run directly on the enclave.
Without Datasets (Addition Example)
Build the Addition Algorithm
-
Navigate to the ai/burn-algorithms directory:
cd ../ai/burn-algorithms
-
Build the addition-cocos binary:
cargo build --release --bin addition-cocos --features cocos
-
Copy the compiled binary to your cocos directory:
cp ./target/release/addition-cocos ../../cocos/
Start CVMS for Addition Binary
From your cocos directory, start the CVMS server, specifying the addition-cocos binary:
cd cocos
HOST=<YOUR_HOST_IP> go run ./test/cvms/main.go -algo-path ./addition-cocos -public-key-path public.pem -attested-tls-bool false
Create CVM for Addition
From your cocos directory:
export MANAGER_GRPC_URL=localhost:7002
./build/cocos-cli create-vm --log-level debug --server-url "<YOUR_HOST_IP>:7001"
Important: Note the id and port from the cocos-cli output. The port (default 6100) is for the Agent's gRPC URL.
Expected cocos-cli output:
🔗 Connected to manager using without TLS
🔗 Creating a new virtual machine
✅ Virtual machine created successfully with id <CVM_ID> and port <AGENT_PORT>
Expected CVMS server output (showing CVM connection):
&{message:"Method InitComputation for computation id 1 took ... to complete without errors" computation_id:"1" level:"INFO" timestamp:{...}}
&{event_type:"ReceivingAlgorithm" timestamp:{...} computation_id:"1" originator:"agent" status:"InProgress"}
&{message:"agent service gRPC server listening at 10.0.2.15:<AGENT_PORT> without TLS" computation_id:"1" level:"INFO" timestamp:{...}}
Export Agent gRPC URL for Addition
Set the AGENT_GRPC_URL using the port noted in the previous step (default 6100):
export AGENT_GRPC_URL=localhost:6100
Upload the Addition Algorithm
From your cocos directory:
./build/cocos-cli algo ./addition-cocos ./private.pem
Expected output:
🔗 Connected to agent without TLS
Uploading algorithm file: ./addition-cocos
🚀 Uploading algorithm [██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ █████████████████████████████████████████████████████████████████████████████████] [100%]
Successfully uploaded algorithm! ✔
Since this is a binary algorithm and the addition example, no requirements file or dataset upload is needed.
Download Addition Results
From your cocos directory:
./build/cocos-cli result ./private.pem
Expected output:
🔗 Connected to agent without TLS
⏳ Retrieving computation result file