Skip to content

Comments

feat: Complete CNN#35

Open
sdivyanshu90 wants to merge 6 commits into0xTCG:developfrom
sdivyanshu90:feature/mpc-cnn
Open

feat: Complete CNN#35
sdivyanshu90 wants to merge 6 commits into0xTCG:developfrom
sdivyanshu90:feature/mpc-cnn

Conversation

@sdivyanshu90
Copy link

No description provided.

Copilot AI review requested due to automatic review settings February 16, 2026 15:04
@sdivyanshu90 sdivyanshu90 changed the title Feature: CNN feat: Complete CNN Feb 16, 2026
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds Convolutional Neural Network (CNN) support to the Sequre secure multi-party computation framework, introducing new layer types (Conv2D, MaxPooling2D, Flatten, Dropout, BatchNormalization) and additional loss functions (binary cross-entropy, categorical cross-entropy, mean squared error) to enable training CNNs on encrypted data.

Changes:

  • Added CNN layer implementations with secure computation support including Conv2D with strided convolutions, MaxPooling2D, Flatten for dimensionality reduction, Dropout for regularization, and BatchNormalization
  • Extended loss functions with binary/categorical cross-entropy using Chebyshev polynomial approximations and mean squared error
  • Updated Sequential model to handle heterogeneous layer types (CNN and Dense) with automatic channel/size inference
  • Added ChestMNIST medical imaging example demonstrating CNN training on multi-label classification with data preparation script and comprehensive documentation

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 12 comments.

Show a summary per file
File Description
stdlib/sequre/stdlib/learn/neural_net/model.codon Updated import to relative style; added layer type detection logic for automatic prev_size inference supporting CNN layers; added section comments for training methods
stdlib/sequre/stdlib/learn/neural_net/loss.codon Added binary/categorical cross-entropy and MSE loss functions with Chebyshev approximations; updated dispatch functions with optional interval parameter; added supporting imports
stdlib/sequre/stdlib/learn/neural_net/layers.codon Implemented Conv2D, MaxPooling2D, Flatten, Dropout, and BatchNormalization layers with forward/backward passes; added secure maximum helper function
stdlib/sequre/constants.codon Added constants for new loss types (BCE, CCE, MSE) and updated SUPPORTED_LOSSES list
scripts/sequre-test.sh Added helper script for running Sequre tests with proper configuration
applications/offline/chestmnist_prep.py Added Python script to download and prepare ChestMNIST dataset as text files for Codon
applications/offline/chestmnist_cnn.codon Added complete CNN training example for ChestMNIST with mini-batch training and evaluation
applications/offline/CHESTMNIST_CNN_README.md Added comprehensive documentation for running the ChestMNIST CNN example
examples/local_run.codon Removed old example file
examples/hastings.codon Removed old benchmark file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

#!/usr/bin/env bash

cd /workspaces/sequre && \
bash -c "CODON_DEBUG=lt $HOME/.codon/bin/codon run --disable-opt='core-pythonic-list-addition-opt' -plugin sequre \"$1\" --skip-mhe-setup 2>&1"
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The command in this script interpolates the untrusted script argument $1 directly into a string executed by bash -c, which enables command injection (e.g., passing a value containing "; rm -rf /; will execute additional arbitrary commands with the caller's privileges). Because $1 is expanded into the inner shell script and only wrapped in quotes, an attacker controlling this argument can break out of the quoted context and append their own shell syntax. To fix this, avoid bash -c here and invoke the codon binary directly with $1 passed as a normal, separately-quoted argument (or build the command as an array) so that it is never re-interpreted as shell code.

Suggested change
bash -c "CODON_DEBUG=lt $HOME/.codon/bin/codon run --disable-opt='core-pythonic-list-addition-opt' -plugin sequre \"$1\" --skip-mhe-setup 2>&1"
CODON_DEBUG=lt "$HOME/.codon/bin/codon" run --disable-opt='core-pythonic-list-addition-opt' -plugin sequre "$1" --skip-mhe-setup 2>&1

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant