Merge main -> dev

.github/workflows/build-all-targets.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Get all test, doc and src files that have changed
         id: changed-files-yaml
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files_yaml: |
             src:
@@ -73,7 +73,7 @@ jobs:
 
       - name: Get all test, doc and src files that have changed
         id: changed-files-yaml
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files_yaml: |
             src:

.github/workflows/cpu-genesis-e2e-tests.yaml

@@ -20,7 +20,7 @@ jobs:
 
       - name: Get all test, doc and src files that have changed
         id: changed-files-yaml
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files_yaml: |
             src:

.github/workflows/cpu-integration-tests.yaml

@@ -20,7 +20,7 @@ jobs:
 
       - name: Get all test, doc and src files that have changed
         id: changed-files-yaml
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files_yaml: |
             src:

.github/workflows/doc.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Get all test, doc and src files that have changed
         id: changed-files-yaml
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files_yaml: |
             src:

.github/workflows/lint-clippy.yaml

@@ -24,7 +24,7 @@ jobs:
 
       - name: Get all test, doc and src files that have changed
         id: changed-files-yaml
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files_yaml: |
             src:

.github/workflows/lint-rustfmt.yaml

@@ -16,7 +16,7 @@ jobs:
 
       - name: Get all test, doc and src files that have changed
         id: changed-files-yaml
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files_yaml: |
             src:

.github/workflows/run-unit-tests.yaml

@@ -32,7 +32,7 @@ jobs:
 
       - name: Get all test, doc and src files that have changed
         id: changed-files-yaml
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files_yaml: |
             src:

.github/workflows/temp-branch-build-and-push-hawk-arm64.yaml

@@ -25,23 +25,23 @@ jobs:
       id-token: write
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Install Docker
         run: |
           curl -fsSL https://get.docker.com | sh
           sudo usermod -aG docker $USER
           sudo apt-get install acl
           sudo setfacl --modify user:$USER:rw /var/run/docker.sock
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
       - name: Log in to the Container registry
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and Push
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
         with:
           context: .
           push: true

.github/workflows/test-gpu.yaml

@@ -2,6 +2,8 @@ name: Rust GPU Tests
 
 on:
   pull_request:
+    branches-ignore:
+      - dev
 
 concurrency:
   group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}"
@@ -17,7 +19,7 @@ jobs:
 
       - name: Get all test, doc and src files that have changed
         id: changed-files-yaml
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files_yaml: |
             src:

deploy/e2e/iris-mpc-0.yaml.tpl

@@ -209,10 +209,10 @@ iris-mpc-0:
       value: "true"
 
     - name: SMPC__ENABLE_REAUTH
-      value: "false"
+      value: "true"
 
     - name: SMPC__ENABLE_RESET
-      value: "false"
+      value: "true"
 
     - name: SMPC__LUC_ENABLED
       value: "true"

deploy/e2e/iris-mpc-1.yaml.tpl

@@ -209,10 +209,10 @@ iris-mpc-1:
       value: "true"
 
     - name: SMPC__ENABLE_REAUTH
-      value: "false"
+      value: "true"
 
     - name: SMPC__ENABLE_RESET
-      value: "false"
+      value: "true"
 
     - name: SMPC__LUC_ENABLED
       value: "true"

deploy/e2e/iris-mpc-2.yaml.tpl

@@ -209,10 +209,10 @@ iris-mpc-2:
       value: "true"
 
     - name: SMPC__ENABLE_REAUTH
-      value: "false"
+      value: "true"
 
     - name: SMPC__ENABLE_RESET
-      value: "false"
+      value: "true"
 
     - name: SMPC__LUC_ENABLED
       value: "true"

iris-mpc-common/src/helpers/smpc_request.rs

@@ -118,6 +118,8 @@ pub struct UniquenessRequest {
     pub or_rule_serial_ids: Option<Vec<u32>>,
     pub skip_persistence: Option<bool>,
     pub full_face_mirror_attacks_detection_enabled: Option<bool>,
+    // If true, do not collect or compute anonymized statistics for this batch.
+    pub disable_anonymized_stats: Option<bool>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone)]

iris-mpc-common/src/job.rs

@@ -117,6 +117,9 @@ pub struct BatchQuery {
 
     // Boolean value for mirror attack detection enabled
     pub full_face_mirror_attacks_detection_enabled: bool,
+
+    // If true, anonymized statistics (1D, 2D, and mirror-orientation) are disabled for this batch.
+    pub disable_anonymized_stats: bool,
 }
 
 impl BatchQuery {

iris-mpc-common/src/test.rs

@@ -1268,14 +1268,14 @@ impl TestCaseGenerator {
                 if let Some(bucket_statistic_parameters) = &self.bucket_statistic_parameters {
                     // Check that normal orientation statistics have is_mirror_orientation set to false
                     assert!(!anonymized_bucket_statistics_left.is_mirror_orientation,
-                        "Normal orientation left statistics should have is_mirror_orientation = false");
+                            "Normal orientation left statistics should have is_mirror_orientation = false");
                     assert!(!anonymized_bucket_statistics_right.is_mirror_orientation,
-                        "Normal orientation right statistics should have is_mirror_orientation = false");
+                            "Normal orientation right statistics should have is_mirror_orientation = false");
                     // Check that mirror orientation statistics have is_mirror_orientation set to true
                     assert!(anonymized_bucket_statistics_left_mirror.is_mirror_orientation,
-                        "Mirror orientation left statistics should have is_mirror_orientation = true");
+                            "Mirror orientation left statistics should have is_mirror_orientation = true");
                     assert!(anonymized_bucket_statistics_right_mirror.is_mirror_orientation,
-                        "Mirror orientation right statistics should have is_mirror_orientation = true");
+                            "Mirror orientation right statistics should have is_mirror_orientation = true");
 
                     // Perform some very basic checks on the bucket statistics, not checking the results here
                     check_bucket_statistics(
@@ -1619,10 +1619,17 @@ pub struct SimpleAnonStatsTestGenerator {
     bucket_statistic_parameters: BucketStatisticParameters,
     rng: StdRng,
     is_cpu: bool,
+    disable_anonymized_stats_batch_percent: f64,
 }
 
 impl SimpleAnonStatsTestGenerator {
-    pub fn new(db: TestDb, internal_seed: u64, num_buckets: usize, is_cpu: bool) -> Self {
+    pub fn new(
+        db: TestDb,
+        internal_seed: u64,
+        num_buckets: usize,
+        is_cpu: bool,
+        disable_anonymized_stats_batch_percent: f64,
+    ) -> Self {
         Self {
             db_state: db,
             bucket_statistic_parameters: BucketStatisticParameters { num_buckets },
@@ -1632,6 +1639,7 @@ impl SimpleAnonStatsTestGenerator {
             plain_distances_right_mirror: vec![],
             rng: StdRng::seed_from_u64(internal_seed),
             is_cpu,
+            disable_anonymized_stats_batch_percent,
         }
     }
 
@@ -1664,13 +1672,22 @@ impl SimpleAnonStatsTestGenerator {
         &mut self,
     ) -> Result<Option<([BatchQuery; 3], HashMap<String, E2ETemplate>)>> {
         tracing::info!("Generating query batch for simple anonymized statistics test");
+
+        let batch_disable_anon_stats = self
+            .rng
+            .gen_bool(self.disable_anonymized_stats_batch_percent);
+
         let mut requests: HashMap<String, E2ETemplate> = HashMap::new();
         let mut batch0 = BatchQuery::default();
         let mut batch1 = BatchQuery::default();
         let mut batch2 = BatchQuery::default();
         batch0.full_face_mirror_attacks_detection_enabled = true;
         batch1.full_face_mirror_attacks_detection_enabled = true;
         batch2.full_face_mirror_attacks_detection_enabled = true;
+        // Apply disable flag across all parties in this batch
+        batch0.disable_anonymized_stats = batch_disable_anon_stats;
+        batch1.disable_anonymized_stats = batch_disable_anon_stats;
+        batch2.disable_anonymized_stats = batch_disable_anon_stats;
 
         let (request_id, e2e_template, message_type) = match self.generate_query() {
             Some((request_id, e2e_template, message_type)) => {
@@ -1776,7 +1793,19 @@ impl SimpleAnonStatsTestGenerator {
                 continue;
             }
 
-            request_counter += batch0.request_ids.len();
+            let disable_anonymized_stats = batch0.disable_anonymized_stats;
+
+            tracing::info!(
+                "Generated batch with {} requests, disable_anonymized_stats: {}",
+                batch0.request_ids.len(),
+                disable_anonymized_stats
+            );
+
+            request_counter += if !disable_anonymized_stats {
+                batch0.request_ids.len()
+            } else {
+                0
+            };
             let e2e_template = requests.values().next().cloned().unwrap();
 
             tracing::info!("sending batch to servers");
@@ -1800,7 +1829,7 @@ impl SimpleAnonStatsTestGenerator {
             // for CPU variant, we calculate the distances here, since it does the bucket calculation after the matching
             // while GPU does it beforehand. GPU branch is at the end of this loop
             if self.is_cpu {
-                self.calculate_gt_distances(&e2e_template);
+                self.calculate_gt_distances(&e2e_template, false);
             }
 
             tracing::info!("checking results");
@@ -1838,12 +1867,12 @@ impl SimpleAnonStatsTestGenerator {
                 if !self.is_cpu {
                     // Check that mirror orientation statistics have is_mirror_orientation set to true
                     assert!(
-                    anonymized_bucket_statistics_left_mirror.is_mirror_orientation,
-                    "Mirror orientation left statistics should have is_mirror_orientation = true"
+                        anonymized_bucket_statistics_left_mirror.is_mirror_orientation,
+                        "Mirror orientation left statistics should have is_mirror_orientation = true"
                     );
                     assert!(
-                    anonymized_bucket_statistics_right_mirror.is_mirror_orientation,
-                    "Mirror orientation right statistics should have is_mirror_orientation = true"
+                        anonymized_bucket_statistics_right_mirror.is_mirror_orientation,
+                        "Mirror orientation right statistics should have is_mirror_orientation = true"
                     );
                 }
 
@@ -1980,13 +2009,19 @@ impl SimpleAnonStatsTestGenerator {
 
             // we can only calculate GT after we the actor has run, since it will try to produce the stats before processing the current item
             if !self.is_cpu {
-                self.calculate_gt_distances(&e2e_template);
+                self.calculate_gt_distances(&e2e_template, disable_anonymized_stats);
             }
         }
         Ok(())
     }
 
-    fn calculate_gt_distances(&mut self, e2e_template: &E2ETemplate) {
+    fn calculate_gt_distances(&mut self, e2e_template: &E2ETemplate, is_disabled: bool) {
+        // if disabled, skip accruing anon plain-text stats, should mirror the MPC behavior
+        if is_disabled {
+            tracing::info!("Skipping accruing plain-text stats since anonymized stats are disabled for this batch");
+            return;
+        }
+
         let span = tracing::span!(Level::INFO, "calculating ground truth distances");
         let guard = span.enter();
         self.plain_distances_left.extend(

iris-mpc-common/tests/smpc_request.rs

@@ -92,6 +92,7 @@ mod tests {
             or_rule_serial_ids: None,
             skip_persistence: None,
             full_face_mirror_attacks_detection_enabled: Some(true),
+            disable_anonymized_stats: None,
         };
 
         let result = get_iris_data_by_party_id(