cloud

matching.cloud

Functions for performing matching in the cloud.

Functions

Name Description
create_impersonation_credentials Create credentials from an identity pool for impersonating a party.
download_embedder Download and initiate the embedder from those on GCP.
download_party_assets Download the encrypted data and DEK for a party from GCP.
prepare_party_assets Download and decrypt the assets for a party from GCP.
upload_party_results Encrypt and upload a party’s results to GCP.

create_impersonation_credentials

matching.cloud.create_impersonation_credentials(party, operator)

Create credentials from an identity pool for impersonating a party.

Parameters

Name Type Description Default
party str Name of the party to impersonate. required
operator str Name of the workload operator. required

Returns

Type Description
google.google.auth.google.auth.identity_pool.google.auth.identity_pool.Credentials Credentials created using the party attestation verifier.

download_embedder

matching.cloud.download_embedder(parties, operator)

Download and initiate the embedder from those on GCP.

Parameters

Name Type Description Default
parties list[str] List of data-owning party names. required
operator str Name of the workload operator. required

Returns

Type Description
pprl.embedder.embedder.Embedder Reformed embedder instance.

download_party_assets

matching.cloud.download_party_assets(store, party)

Download the encrypted data and DEK for a party from GCP.

Parameters

Name Type Description Default
store google.google.cloud.google.cloud.storage.google.cloud.storage.Client GCP storage client using identity pool credentials. required
party str Name of the party. required

Returns

Type Description
bytes Encrypted data frame for linkage.
bytes Encrypted data encryption key (used to encrypt the data).

prepare_party_assets

matching.cloud.prepare_party_assets(party, operator, location, version)

Download and decrypt the assets for a party from GCP.

To enable these steps, we must first impersonate the party service account via the workload identity pool we created during project set-up.

Parameters

Name Type Description Default
party str Name of the party. required
operator str Name of the workload operator. required
location str Location of the party’s workload identity pool and keyring on GCP. required
version int | str Key version to retrieve for party asymmetric key encryption key. required

Returns

Type Description
pandas.pandas.DataFrame Decrypted data frame for linkage.
bytes Decrypted data encryption key.

upload_party_results

matching.cloud.upload_party_results(output, dek, party, operator)

Encrypt and upload a party’s results to GCP.

Like prepare_party_assets, we must first impersonate the party service account to access their storage bucket.

Parameters

Name Type Description Default
output pandas.pandas.DataFrame Party’s output from the matching. required
dek bytes Data encryption key. required
party str Name of the party whose results are being processed. required
operator str Name of the workload operator. required