tfhe 1.6.0

TFHE-rs is a fully homomorphic encryption (FHE) library that implements Zama's variant of TFHE.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

#[cfg(feature = "experimental")]
use crate::integer::wopbs::WopbsKey;
use crate::integer::{ClientKey, IntegerKeyKind, ServerKey};
use crate::shortint::atomic_pattern::AtomicPatternParameters;
#[cfg(feature = "experimental")]
use crate::shortint::{PBSParameters, WopbsParameters};

#[cfg(feature = "hpu")]
use std::sync::{Mutex, OnceLock};
#[cfg(feature = "hpu")]
use tfhe_hpu_backend::prelude::*;

#[derive(Default)]
pub struct IntegerKeyCache {
    #[cfg(feature = "hpu")]
    hpu_device: OnceLock<Mutex<HpuDevice>>,
}

impl IntegerKeyCache {
    pub const fn new() -> Self {
        Self {
            #[cfg(feature = "hpu")]
            hpu_device: OnceLock::new(),
        }
    }

    pub fn get_from_params<P>(&self, params: P, key_kind: IntegerKeyKind) -> (ClientKey, ServerKey)
    where
        P: Into<AtomicPatternParameters>,
    {
        let cache = &crate::shortint::keycache::KEY_CACHE;

        let keys = cache.get_from_param(params);
        let (client_key, server_key) = (keys.client_key(), keys.server_key());

        let client_key = ClientKey::from(client_key.clone());
        let server_key = match key_kind {
            IntegerKeyKind::Radix => {
                ServerKey::new_radix_server_key_from_shortint(server_key.clone())
            }
            IntegerKeyKind::CRT => ServerKey::new_crt_server_key_from_shortint(server_key.clone()),
        };

        // For cargo nextest which runs in separate processes we load keys once per process, this
        // allows to remove the copy loaded in the keycache to avoid OOM errors, the nice effect of
        // linux file caching is that the keys will still be in RAM most likely, not requiring re
        // re-reading from file for all processes.
        if let Ok(val) = std::env::var("TFHE_RS_CLEAR_IN_MEMORY_KEY_CACHE") {
            if val == "1" {
                cache.clear_in_memory_cache()
            }
        }

        (client_key, server_key)
    }

    #[cfg(feature = "hpu")]
    pub fn get_hpu_device<P>(&self, param: P) -> &Mutex<HpuDevice>
    where
        P: Into<crate::shortint::AtomicPatternParameters> + crate::keycache::NamedParam + Clone,
    {
        let hpu_device = self.hpu_device.get_or_init(|| {
            // Instantiate HpuDevice --------------------------------------------------
            let hpu_device = {
                let config_file = ShellString::new(
                    "${HPU_BACKEND_DIR}/config_store/${HPU_CONFIG}/hpu_config.toml".to_string(),
                );
                HpuDevice::from_config(&config_file.expand())
            };
            // Check compatibility with key
            let hpu_pbs_params =
                crate::shortint::parameters::KeySwitch32PBSParameters::from(hpu_device.params());
            assert_eq!(
                param.clone().into(),
                crate::shortint::AtomicPatternParameters::from(hpu_pbs_params),
                "Error: Current Hpu device isn't compatible with {}",
                param.name()
            );

            // Get current client key
            let (cks, _) = self.get_from_params(param, IntegerKeyKind::Radix);
            // Generate associated compressed ServerKey
            let sks_compressed = super::CompressedServerKey::new_radix_compressed_server_key(&cks);

            // Init Hpu device with server key and firmware
            crate::integer::hpu::init_device(&hpu_device, sks_compressed).expect("Invalid key");
            Mutex::new(hpu_device)
        });

        // Sanitize memory to prevent side-effect between tests
        hpu_device.lock().unwrap().mem_sanitizer();

        hpu_device
    }
}

#[derive(Default)]
#[cfg(feature = "experimental")]
pub struct WopbsKeyCache;

#[cfg(feature = "experimental")]
impl WopbsKeyCache {
    pub fn get_from_params<P>(&self, (pbs_params, wopbs_params): (P, WopbsParameters)) -> WopbsKey
    where
        P: Into<PBSParameters>,
    {
        let cache = &crate::shortint::keycache::KEY_CACHE_WOPBS;
        let shortint_wops_key = cache.get_from_param((pbs_params, wopbs_params));

        // For cargo nextest which runs in separate processes we load keys once per process, this
        // allows to remove the copy loaded in the keycache to avoid OOM errors, the nice effect of
        // linux file caching is that the keys will still be in RAM most likely, not requiring re
        // re-reading from file for all processes.
        if let Ok(val) = std::env::var("TFHE_RS_CLEAR_IN_MEMORY_KEY_CACHE") {
            if val == "1" {
                cache.clear_in_memory_cache()
            }
        }

        WopbsKey::from(shortint_wops_key.wopbs_key().clone())
    }
}

pub static KEY_CACHE: IntegerKeyCache = IntegerKeyCache::new();
#[cfg(feature = "experimental")]
pub static KEY_CACHE_WOPBS: WopbsKeyCache = WopbsKeyCache;