Blog
 / 
Announcements
TFHE-rs

Announcing TFHE-rs v0.2.0

April 13, 2023
  -  
Jean-Baptiste Orfila
This is also a heading
This is a heading
This is also a heading

TFHE-rs v0.2.0 adds support for large homomorphic unsigned integers up to 256 bits. A high-level API, along with booleans and shortints, have been added to make your builds easier. The new update also integrates a parallelized version of Programmable Bootstrapping (PBS), improving its latency.

Large precision integers

TFHE-rs now offers you the possibility to work with unsigned integers up to 256 bits. Additions, subtractions, multiplications, and some common programming-related operations—like shifting and bitwise operations—have been added. 

Using RadixCiphertext or CRTCiphertext, the ‘integer’ API lets you choose one of two possibilities to represent large messages: Radix decomposition or Residue Number Systems (RNS). Your choice will depend on the relevant use case. Radix includes more operators while the RNS decomposition offers faster arithmetic operators.

Here is an example which first computes a min between two Radix-based ciphertexts, then performs a multiplication between two CRT-based ciphertexts:

let param = PARAM_MESSAGE_2_CARRY_2;

//Radix-based integers over 8 bits
let num_block = 4;
let (cks, sks) = gen_keys_radix(&param, num_block);

let clear_0 = 157;
let clear_1 = 127;

let mut ct_0 = cks.encrypt(clear_0);
let mut ct_1 = cks.encrypt(clear_1);

let ct_res = sks.smart_min_parallelized(&mut ct_0, &mut ct_1);

let dec_res = cks.decrypt(&ct_res);

assert_eq!(u64::min(clear_0, clear_1), dec_res)
//CRT-based integer modulus 3*4*5*7 = 420
//To work with homomorphic unsigned integers > 8 bits
let basis = vec![3,4,5,7];
let modulus = 420;

let param = PARAM_MESSAGE_3_CARRY_3;
let (cks, sks) = gen_keys_crt(&param, basis.clone());


let clear_0 = 234;
let clear_1 = 123;


// encryption of an integer
let mut ct_zero = cks.encrypt(clear_0);
let mut ct_one = cks.encrypt(clear_1);


// mul the two ciphertexts
let ct_res = sks.smart_crt_mul(&mut ct_zero, &mut ct_one);

// decryption of ct_res
let dec_res = cks.decrypt(&ct_res);

assert_eq!((clear_0*clear_1) % modulus, dec_res % modulus);

High-level API

TFHE-rs now includes a high-level API. This mimics the Rust approach by defining types related to homomorphic unsigned integers. Arithmetic operators are wrapped so that they are called in the same manner as clear operations, for instance, an addition between two ciphertexts is done using the ‘+’ symbol. Since comparison operators cannot be overloaded in Rust, they are called using a simple function (e.g.,--“.eq()” for an equality). Complex cryptographic operations have been eliminated. Radix is the default decomposition used to represent large integers.

This example shows how to compute a shift, a multiplication, and an addition over encrypted unsigned integers of 16 bits:

// Client-side
let config = ConfigBuilder::all_disabled()
   .enable_default_uint16()
   .build();

let (client_key, server_key) = generate_keys(config);

let clear_a = 12345u16;
let clear_b = 6789u16;
let clear_c = 1011u16;

let a = FheUint16::encrypt(clear_a, &client_key);
let b = FheUint16::encrypt(clear_b, &client_key);
let c = FheUint16::encrypt(clear_c, &client_key);

// Server-side
set_server_key(server_key);
let result = ((a << 2u16) * b) + c;

// Client-side
let decrypted_result: u16 = result.decrypt(&client_key);
let clear_result = ((clear_a << 2) * clear_b) + clear_c;
assert_eq!(decrypted_result, clear_result);

To help integrate TFHE-rs in existing applications, a C API is also included.

Additional Features

The latest update of TFHE-rs also includes:

  • The choice of encryption key: At key generation, the client obtains two secret keys: a large one and a small one. To maximize performance when computing a PBS, the larger key became the default. You now have the choice between the two secret keys;
  • A smaller public encryption key: As a consequence of choosing an encryption key, a smaller secret encryption key implies a smaller public key. The size has been reduced from several GB to less than one GB;
  • The ability to compute a PBS over 128-bit ciphertext: The new version of Concrete-FFT has been integrated, so it is now possible to compute PBS over 128-bit ciphertexts; 
  • The choice of the ciphertext modulus: For cryptographers using the lower API (namely, core-crypto), the modulus ciphertext can be modified to use any powers of two smaller than 2^128;
  • Parallel Programmable Bootstrapping: The lower API of TFHE-rs now includes a parallel implementation of PBS, based on research conducted by Joye-Paillier in [JP22]. A dedicated blog post will be soon published about relevant performance enhancements.

What’s next?

The next version of TFHE-rs will include faster arithmetic operators by including the CRT decomposition in the high-level API by default. Overall, performance will improve through standardizing parallel bootstrapping within the process. Further cryptographic features will also be integrated, so stay tuned for news on future updates. 

Additional links

[JP22]: Joye, M., Paillier, P. (2022). Blind Rotation in Fully Homomorphic Encryption with Extended Keys. In: Dolev, S., Katz, J., Meisels, A. (eds) Cyber Security, Cryptology, and Machine Learning. CSCML 2022. Lecture Notes in Computer Science, vol 13301. Springer, Cham. https://doi.org/10.1007/978-3-031-07689-3_1

Read more related posts

Zama Product Announcement - April 2023

With these releases, Zama continues to build its suite of products to make homomorphic encryption accessible, easy, and fast

April 13, 2023
 - 
The Zama Team
Announcements

Announcing Concrete v1.0.0

Our TFHE Compiler is now fully open source.

April 13, 2023
 - 
Alexandre Quint
Announcements
Concrete

Announcing Concrete ML v1.0.0

Concrete ML v1.0.0 features a stable API, better inference performance, and user-friendly error reporting.

April 13, 2023
 - 
Benoit Chevallier-Mames
Announcements
Concrete ML
The Zama Team
April 13, 2023

Zama Product Announcement - April 2023

With these releases, Zama continues to build its suite of products to make homomorphic encryption accessible, easy, and fast

Read Article
Alexandre Quint
April 13, 2023

Announcing Concrete v1.0.0

Our TFHE Compiler is now fully open source.

Read Article
Benoit Chevallier-Mames
April 13, 2023

Announcing Concrete ML v1.0.0

Concrete ML v1.0.0 features a stable API, better inference performance, and user-friendly error reporting.

Read Article
Back to Blog
Announcements
TFHE-rs
Libraries
TFHE-rs Concrete Concrete ML FHEVM
Developers
BlogDOCUMENTATION GITHUB FHE resources Research papers CommunityBounty Program Confidential AIConfidential blockchainThreshold key management Service
Company
Aboutintroduction to fheEventsMediaCareers Newsletter LegalContact us
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature.We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.Onward. By Eric Hughes. 9 March 1993.