Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds Convolutional Neural Network (CNN) support to the Sequre secure multi-party computation framework, introducing new layer types (Conv2D, MaxPooling2D, Flatten, Dropout, BatchNormalization) and additional loss functions (binary cross-entropy, categorical cross-entropy, mean squared error) to enable training CNNs on encrypted data.
Changes:
- Added CNN layer implementations with secure computation support including Conv2D with strided convolutions, MaxPooling2D, Flatten for dimensionality reduction, Dropout for regularization, and BatchNormalization
- Extended loss functions with binary/categorical cross-entropy using Chebyshev polynomial approximations and mean squared error
- Updated Sequential model to handle heterogeneous layer types (CNN and Dense) with automatic channel/size inference
- Added ChestMNIST medical imaging example demonstrating CNN training on multi-label classification with data preparation script and comprehensive documentation
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| stdlib/sequre/stdlib/learn/neural_net/model.codon | Updated import to relative style; added layer type detection logic for automatic prev_size inference supporting CNN layers; added section comments for training methods |
| stdlib/sequre/stdlib/learn/neural_net/loss.codon | Added binary/categorical cross-entropy and MSE loss functions with Chebyshev approximations; updated dispatch functions with optional interval parameter; added supporting imports |
| stdlib/sequre/stdlib/learn/neural_net/layers.codon | Implemented Conv2D, MaxPooling2D, Flatten, Dropout, and BatchNormalization layers with forward/backward passes; added secure maximum helper function |
| stdlib/sequre/constants.codon | Added constants for new loss types (BCE, CCE, MSE) and updated SUPPORTED_LOSSES list |
| scripts/sequre-test.sh | Added helper script for running Sequre tests with proper configuration |
| applications/offline/chestmnist_prep.py | Added Python script to download and prepare ChestMNIST dataset as text files for Codon |
| applications/offline/chestmnist_cnn.codon | Added complete CNN training example for ChestMNIST with mini-batch training and evaluation |
| applications/offline/CHESTMNIST_CNN_README.md | Added comprehensive documentation for running the ChestMNIST CNN example |
| examples/local_run.codon | Removed old example file |
| examples/hastings.codon | Removed old benchmark file |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| #!/usr/bin/env bash | ||
|
|
||
| cd /workspaces/sequre && \ | ||
| bash -c "CODON_DEBUG=lt $HOME/.codon/bin/codon run --disable-opt='core-pythonic-list-addition-opt' -plugin sequre \"$1\" --skip-mhe-setup 2>&1" |
There was a problem hiding this comment.
The command in this script interpolates the untrusted script argument $1 directly into a string executed by bash -c, which enables command injection (e.g., passing a value containing "; rm -rf /; will execute additional arbitrary commands with the caller's privileges). Because $1 is expanded into the inner shell script and only wrapped in quotes, an attacker controlling this argument can break out of the quoted context and append their own shell syntax. To fix this, avoid bash -c here and invoke the codon binary directly with $1 passed as a normal, separately-quoted argument (or build the command as an array) so that it is never re-interpreted as shell code.
| bash -c "CODON_DEBUG=lt $HOME/.codon/bin/codon run --disable-opt='core-pythonic-list-addition-opt' -plugin sequre \"$1\" --skip-mhe-setup 2>&1" | |
| CODON_DEBUG=lt "$HOME/.codon/bin/codon" run --disable-opt='core-pythonic-list-addition-opt' -plugin sequre "$1" --skip-mhe-setup 2>&1 |
1 participant
No description provided.