sunscreen_runtime 0.8.1

This crate provides a runtime for performing various FHE operations within Sunscreen.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191

use crate::serialization::WithContext;

use seal_fhe::{
    GaloisKeys, PublicKey as SealPublicKey, RelinearizationKeys, SecretKey as SealSecretKey,
};
use serde::{Deserialize, Serialize};

#[derive(Clone, Deserialize, PartialEq, Serialize)]
/**
 * A bundle of public keys. These may be freely shared with other parties without
 * risk of compromising data security.
 *
 * # Remarks
 * In traditional asymmetric cryptography (e.g. RSA, ECC), schemes contain only public
 * and private keys. The public key is used for encryption and the private key is used to
 * decrypt data.
 *
 * In addition to the tradtional public key, homomorphic cryptographic schemes may have
 * additional keys to facilitate certain homomorphic operations. These keys are "public"
 * in the sense that they may be freely shared without compromising data privacy, but
 * they are generally used for operations other than encryption. For example,
 * [`RelinearizationKeys`] are used in the BFV and CKKS schemes to reduce noise growth
 * and prevent ciphertext size growth after multiplication.
 */
pub struct PublicKey {
    /**
     * The public key used for encryption operations.
     */
    pub public_key: WithContext<SealPublicKey>,

    /**
     * Galois keys are used in BFV and CKKS schemes to rotate Batched vectors.
     *
     * FhePrograms that don't feature rotations have no use for these keys.
     */
    pub galois_key: Option<WithContext<GaloisKeys>>,

    /**
     * Relinearization keys are used in the BFV and CKKS schemes during relinearization
     * operations. Relinearization reduces noise growth and prevents ciphertext size growth
     * resulting from multiplication. Sunscreen automatically inserts relinearization operations,
     * and hence they are an implementation detail.
     *
     * FhePrograms without multiplications don't have relinearizations and thus don't need these keys.
     */
    pub relin_key: Option<WithContext<RelinearizationKeys>>,
}

#[derive(Serialize, Deserialize, Clone, PartialEq)]
/**
 * The private key used to decrypt ciphertexts.
 */
pub struct PrivateKey(pub(crate) WithContext<SealSecretKey>);

#[cfg(test)]
mod tests {
    use super::*;
    use crate::*;
    use seal_fhe::{CoefficientModulus, PlainModulus, SecurityLevel, ToBytes};
    use sunscreen_fhe_program::SchemeType;

    #[test]
    fn can_roundtrip_seal_public_key() {
        let runtime = Runtime::new_fhe(&Params {
            lattice_dimension: 8192,
            security_level: SecurityLevel::TC128,
            plain_modulus: 1234,
            scheme_type: SchemeType::Bfv,
            coeff_modulus: CoefficientModulus::bfv_default(8192, SecurityLevel::TC128)
                .unwrap()
                .iter()
                .map(|x| x.value())
                .collect(),
        })
        .unwrap();

        let (public_key, _) = runtime.generate_keys().unwrap();

        let data = bincode::serialize(&public_key.public_key).unwrap();
        let enc_key: WithContext<SealPublicKey> = bincode::deserialize(&data).unwrap();

        let public_2 = PublicKey {
            public_key: enc_key,
            ..public_key
        };

        assert_eq!(
            public_key.public_key.data.as_bytes(),
            public_2.public_key.data.as_bytes()
        );
    }

    #[test]
    fn can_roundtrip_seal_galois_keys() {
        let runtime = Runtime::new_fhe(&Params {
            lattice_dimension: 8192,
            security_level: SecurityLevel::TC128,
            plain_modulus: PlainModulus::batching(8192, 20).unwrap().value(),
            scheme_type: SchemeType::Bfv,
            coeff_modulus: CoefficientModulus::bfv_default(8192, SecurityLevel::TC128)
                .unwrap()
                .iter()
                .map(|x| x.value())
                .collect(),
        })
        .unwrap();

        let (public_key, _) = runtime.generate_keys().unwrap();

        let data = bincode::serialize(&public_key.galois_key.as_ref().unwrap()).unwrap();
        let galois_key: WithContext<GaloisKeys> = bincode::deserialize(&data).unwrap();

        let public_2 = PublicKey {
            galois_key: Some(galois_key),
            ..public_key
        };

        assert_eq!(
            public_key.galois_key.unwrap().data.as_bytes(),
            public_2.galois_key.unwrap().data.as_bytes()
        );
    }

    #[test]
    fn can_roundtrip_seal_relin_keys() {
        let runtime = Runtime::new_fhe(&Params {
            lattice_dimension: 8192,
            security_level: SecurityLevel::TC128,
            plain_modulus: PlainModulus::batching(8192, 20).unwrap().value(),
            scheme_type: SchemeType::Bfv,
            coeff_modulus: CoefficientModulus::bfv_default(8192, SecurityLevel::TC128)
                .unwrap()
                .iter()
                .map(|x| x.value())
                .collect(),
        })
        .unwrap();

        let (public_key, _) = runtime.generate_keys().unwrap();

        let data = serde_json::to_string(&public_key.relin_key.as_ref().unwrap()).unwrap();
        let relin_keys: WithContext<RelinearizationKeys> = serde_json::from_str(&data).unwrap();

        let public_2 = PublicKey {
            relin_key: Some(relin_keys),
            ..public_key
        };

        assert_eq!(
            public_key.relin_key.unwrap().data.as_bytes(),
            public_2.relin_key.unwrap().data.as_bytes()
        );
    }

    #[test]
    fn can_roundtrip_all_keys() {
        let runtime = Runtime::new_fhe(&Params {
            lattice_dimension: 8192,
            security_level: SecurityLevel::TC128,
            plain_modulus: PlainModulus::batching(8192, 20).unwrap().value(),
            scheme_type: SchemeType::Bfv,
            coeff_modulus: CoefficientModulus::bfv_default(8192, SecurityLevel::TC128)
                .unwrap()
                .iter()
                .map(|x| x.value())
                .collect(),
        })
        .unwrap();

        let (public_key, private_key) = runtime.generate_keys().unwrap();

        let data = serde_json::to_string(&public_key).unwrap();
        let sk_data = serde_json::to_string(&private_key).unwrap();
        let public_2: PublicKey = serde_json::from_str(&data).unwrap();
        let private_2: PrivateKey = serde_json::from_str(&sk_data).unwrap();

        assert_eq!(
            public_key.relin_key.unwrap().data.as_bytes(),
            public_2.relin_key.unwrap().data.as_bytes()
        );
        assert_eq!(
            public_key.galois_key.unwrap().data.as_bytes(),
            public_2.galois_key.unwrap().data.as_bytes()
        );
        assert_eq!(
            public_key.public_key.data.as_bytes(),
            public_2.public_key.data.as_bytes()
        );
        assert_eq!(private_key.0.as_bytes(), private_2.0.as_bytes());
    }
}