docs: describe how to enable using the secure CRG (#97)

Signed-off-by: Sven Trieflinger <[email protected]>
carbynestack · Sep 4, 2023 · 059c521 · 059c521
1 parent 5f8d20f
commit 059c521
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 12 deletions.
diff --git a/docs/getting-started/deployment/index.md b/docs/getting-started/deployment/index.md
@@ -6,8 +6,10 @@ your local machine using [kind](https://kind.sigs.k8s.io/) clusters.
 We support two distinct deployment methods:
 
 1. [Manual deployment](manual) using mainly `kubectl` and the shell is presently
-   the most instructive and thoroughly tested method for deploying Carbyne
-   Stack.
+   the most instructive, thoroughly tested, and flexible method for deploying
+   Carbyne Stack.
 2. [Automated deployment](infrastructure-as-code) using Terraform CDKTF is a
    very convenient way to deploy Carbyne Stack, but the implementation
-   is still early stage and should be considered experimental.
+   is still early stage and should be considered experimental. Not all
+   configuration options are supported as of today, e.g., using a secure offline
+   phase implementation.
diff --git a/docs/getting-started/deployment/infrastructure-as-code/local.md b/docs/getting-started/deployment/infrastructure-as-code/local.md
@@ -17,10 +17,10 @@ onto local [kind](https://kind.sigs.k8s.io/) cluster using CDKTF.
     cd carbynestack
     ```
 
-1. Checkout the tag `sdk-v0.4.0`
+1. Checkout the tag `sdk-v0.5.0`
 
     ```shell
-    git checkout tags/sdk-v0.4.0
+    git checkout tags/sdk-v0.5.0
     ```
 
 1. Change directory to the `deployments` folder

diff --git a/docs/getting-started/deployment/manual/stack.md b/docs/getting-started/deployment/manual/stack.md
@@ -1,10 +1,5 @@
 # Stack Deployment Guide
 
-!!! danger
-    Klyshko currently supports insecure offline material generation only. Using
-    this material is not secure at all. **_DO NOT DO THIS IN A PRODUCTION
-    SETTING_**.
-
 This guide describes how to set up a Carbyne Stack Virtual Cloud (VC) consisting
 of two Virtual Cloud Providers (VCP).
 
@@ -63,10 +58,10 @@ clusters using the kind tool as described in the
         cd carbynestack/deployments
         ```
 
-1. Checkout Carbyne Stack SDK version 0.4.0 using:
+1. Checkout Carbyne Stack SDK version 0.5.0 using:
 
     ```shell
-    git checkout sdk-v0.4.0
+    git checkout sdk-v0.5.0
     ```
 
 1. Before deploying the virtual cloud providers make some common configuration
@@ -85,6 +80,38 @@ clusters using the kind tool as described in the
     export NO_SSL_VALIDATION=true
     ```
 
+1. Configure the _Correlated Randomness Generator_ (CRG) used by Klyshko
+
+    === "Insecure"
+
+        !!! danger
+            **_DO NOT USE THIS IN A PRODUCTION SETTING_**.
+
+        By default, correlated randomness is generated using a cheap but
+        *insecure* fake offline phase implementation. Using this CRG is
+        recommended for development and demo purposes only.
+
+    === "Secure"
+
+        !!! warning
+            In this configuration, CR generation will consume a substantial
+            amount of resources (CPU and bandwidth). In addition, the offline
+            phase docker container used is platform-dependent. This means
+            execution may fail on your platform (see 
+            [here](https://github.com/carbynestack/klyshko/issues/78) for more 
+            information).
+
+        Carbyne Stack comes with an *experimental* correlated randomness
+        generator based on the MP-SPDZ CowGear offline phase implementation. To
+        enable this CRG, invoke
+
+        ```shell
+        export KLYSHKO_GENERATOR_IMAGE_REPOSITORY=carbynestack/klyshko-mp-spdz-cowgear
+        export KLYSHKO_GENERATOR_IMAGE_TAG=0.2.0
+        ```
+
+        before you proceed.
+
 1. Launch the `starbuck` VCP using:
 
     ```shell