tfhe 1.6.1

TFHE-rs is a fully homomorphic encryption (FHE) library that implements Zama's variant of TFHE.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369

//! A module containing random sampling functions.
//!
//! This module contains a [`RandomGenerator`] type, which exposes methods to sample numeric values
//! randomly according to a given distribution, for instance:
//!
//! + [`RandomGenerator::random_uniform`] samples a random unsigned integer with uniform probability
//!   over the set of representable values.
//! + [`RandomGenerator::random_gaussian`] samples a random float with using a gaussian
//!   distribution.
//!
//! The implementation relies on the [`RandomGenerable`] trait, which gives a type the ability to
//! be randomly generated according to a given distribution. The module contains multiple
//! implementations of this trait, for different distributions. Note, though, that instead of
//! using the [`RandomGenerable`] methods, you should use the various methods exposed by
//! [`RandomGenerator`] instead.
use crate::core_crypto::backward_compatibility::commons::math::random::DynamicDistributionVersions;
use crate::core_crypto::commons::dispersion::{DispersionParameter, StandardDev, Variance};
use crate::core_crypto::commons::numeric::{FloatingPoint, UnsignedInteger};
use serde::{Deserialize, Serialize};
use std::ops::Bound;

use crate::core_crypto::prelude::{CastInto, Numeric};
pub use gaussian::*;
pub use generator::*;
pub use t_uniform::*;
pub use tfhe_csprng::generators::DefaultRandomGenerator;
use tfhe_versionable::Versionize;
pub use uniform::*;
pub use uniform_binary::*;
pub use uniform_ternary::*;

#[cfg(test)]
pub(crate) mod tests;

mod gaussian;
mod generator;
mod t_uniform;
mod uniform;
mod uniform_binary;
mod uniform_ternary;

/// A trait giving a type the ability to be randomly generated according to a given distribution.
pub trait RandomGenerable<D: Distribution>
where
    Self: Sized,
{
    // This is required as e.g. Gaussian can generate pairs of Torus elements and we can't use a
    // pair of elements as custom modulus
    type CustomModulus: Copy;

    /// Generate a value from `distribution`.
    fn generate_one<G: ByteRandomGenerator>(
        generator: &mut RandomGenerator<G>,
        distribution: D,
    ) -> Self;

    /// Generate a value from `distribution` modulo the given `custom_modulus`.
    ///
    /// This `custom_modulus` must be able to represent all possible values from `distribution`.
    ///
    /// Implementations are allowed to panic if the given `custom_modulus` cannot represent all
    /// possible values from `distribution` as the effective distribution would differ from the
    /// desired distribution.
    fn generate_one_custom_modulus<G: ByteRandomGenerator>(
        generator: &mut RandomGenerator<G>,
        distribution: D,
        custom_modulus: Self::CustomModulus,
    ) -> Self {
        let _ = generator;
        let _ = distribution;
        let _ = custom_modulus;
        todo!("This distribution does not support custom modulus generation at this time.");
    }

    fn fill_slice<G: ByteRandomGenerator>(
        generator: &mut RandomGenerator<G>,
        distribution: D,
        slice: &mut [Self],
    ) {
        for s in slice.iter_mut() {
            *s = Self::generate_one(generator, distribution);
        }
    }

    fn fill_slice_custom_mod<G: ByteRandomGenerator>(
        generator: &mut RandomGenerator<G>,
        distribution: D,
        slice: &mut [Self],
        custom_modulus: Self::CustomModulus,
    ) {
        for s in slice.iter_mut() {
            *s = Self::generate_one_custom_modulus(generator, distribution, custom_modulus);
        }
    }

    /// Return the probability to successfully generate a sample from the given distribution for the
    /// type the trait is implemented on.
    ///
    /// If the generation can never fail it should return 1.0, otherwise it returns a value in
    /// ]0; 1[.
    ///
    /// If None is passed for modulus, then the native modulus of the type (e.g. $2^{64}$ for u64)
    /// or no modulus for floating points values is used.
    ///
    /// Otherwise the given modulus is interpreted as being the one used for a call to
    /// [`RandomGenerable::generate_one_custom_modulus`].
    fn single_sample_success_probability(
        distribution: D,
        modulus: Option<Self::CustomModulus>,
    ) -> f64;

    /// Return how many bytes coming from a CSPRNG are required to generate one sample even if that
    /// generation can fail.
    ///
    /// If None is passed for modulus, then the native modulus of the type (e.g. $2^{64}$ for u64)
    /// or no modulus for floating points values is used.
    ///
    /// Otherwise the given modulus is interpreted as being the one used for a call to
    /// [`RandomGenerable::generate_one_custom_modulus`].
    fn single_sample_required_random_byte_count(
        distribution: D,
        modulus: Option<Self::CustomModulus>,
    ) -> usize;
}

/// A marker trait for types representing distributions.
pub trait Distribution: seal::Sealed + Copy {}
mod seal {
    use crate::core_crypto::commons::numeric::{FloatingPoint, UnsignedInteger};

    pub trait Sealed {}
    impl Sealed for super::Uniform {}
    impl Sealed for super::UniformBinary {}
    impl Sealed for super::UniformTernary {}
    impl<T: FloatingPoint> Sealed for super::Gaussian<T> {}
    impl<T: UnsignedInteger> Sealed for super::TUniform<T> {}
    impl<T: UnsignedInteger> Sealed for super::DynamicDistribution<T> {}
}
impl Distribution for Uniform {}
impl Distribution for UniformBinary {}
impl Distribution for UniformTernary {}
impl<T: FloatingPoint> Distribution for Gaussian<T> {}
impl<T: UnsignedInteger> Distribution for TUniform<T> {}

pub trait BoundedDistribution<T>: Distribution {
    fn low_bound(&self) -> Bound<T>;
    fn high_bound(&self) -> Bound<T>;

    fn contains(self, value: T) -> bool
    where
        T: Numeric,
    {
        {
            match self.low_bound() {
                Bound::Included(inclusive_low) => {
                    if value < inclusive_low {
                        return false;
                    }
                }
                Bound::Excluded(exclusive_low) => {
                    if value <= exclusive_low {
                        return false;
                    }
                }
                Bound::Unbounded => {}
            }
        }

        {
            match self.high_bound() {
                Bound::Included(inclusive_high) => {
                    if value > inclusive_high {
                        return false;
                    }
                }
                Bound::Excluded(exclusive_high) => {
                    if value >= exclusive_high {
                        return false;
                    }
                }
                Bound::Unbounded => {}
            }
        }

        true
    }
}

impl<T> BoundedDistribution<T::Signed> for TUniform<T>
where
    T: UnsignedInteger,
{
    fn low_bound(&self) -> Bound<T::Signed> {
        Bound::Included(self.min_value_inclusive())
    }

    fn high_bound(&self) -> Bound<T::Signed> {
        Bound::Included(self.max_value_inclusive())
    }
}

impl<T> BoundedDistribution<T::Signed> for DynamicDistribution<T>
where
    T: UnsignedInteger,
{
    fn low_bound(&self) -> Bound<T::Signed> {
        match self {
            Self::Gaussian(_) => Bound::Unbounded,
            Self::TUniform(tu) => tu.low_bound(),
        }
    }

    fn high_bound(&self) -> Bound<T::Signed> {
        match self {
            Self::Gaussian(_) => Bound::Unbounded,
            Self::TUniform(tu) => tu.high_bound(),
        }
    }
}

#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Versionize)]
#[versionize(DynamicDistributionVersions)]
pub enum DynamicDistribution<T: UnsignedInteger> {
    Gaussian(Gaussian<f64>),
    TUniform(TUniform<T>),
}

impl<T: UnsignedInteger> DynamicDistribution<T> {
    pub const fn new_gaussian_from_std_dev(std: StandardDev) -> Self {
        Self::Gaussian(Gaussian::from_standard_dev(std, 0.0))
    }

    pub fn new_gaussian(dispersion: impl DispersionParameter) -> Self {
        Self::Gaussian(Gaussian::from_dispersion_parameter(dispersion, 0.0))
    }

    #[track_caller]
    pub const fn new_t_uniform(bound_log2: u32) -> Self {
        Self::TUniform(TUniform::new(bound_log2))
    }

    #[track_caller]
    pub const fn try_new_t_uniform(bound_log2: u32) -> Result<Self, &'static str> {
        match TUniform::try_new(bound_log2) {
            Ok(ok) => Ok(Self::TUniform(ok)),
            Err(e) => Err(e),
        }
    }

    #[track_caller]
    pub const fn gaussian_std_dev(&self) -> StandardDev {
        match self {
            Self::Gaussian(gaussian) => StandardDev(gaussian.std),
            Self::TUniform(_) => {
                panic!("Tried to get gaussian variance from a non gaussian distribution")
            }
        }
    }

    #[track_caller]
    pub fn gaussian_variance(&self) -> Variance {
        match self {
            Self::Gaussian(gaussian) => StandardDev::from_standard_dev(gaussian.std).get_variance(),
            Self::TUniform(_) => {
                panic!("Tried to get gaussian variance from a non gaussian distribution")
            }
        }
    }
}

impl DynamicDistribution<u32> {
    pub const fn to_u64_distribution(self) -> DynamicDistribution<u64> {
        // Depending on how the Scalar type is used, converting it from u32 to u64
        // might affect the underlying distribution in subtle ways. When adding support for
        // new distributions, make sure that the result is still correct.
        match self {
            Self::Gaussian(gaussian) => DynamicDistribution::Gaussian(gaussian),
            Self::TUniform(tuniform) => {
                // Ok because an u32 bound is always also a valid u64 bound
                DynamicDistribution::new_t_uniform(tuniform.bound_log2())
            }
        }
    }
}

impl<T: UnsignedInteger> std::fmt::Display for DynamicDistribution<T> {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Gaussian(Gaussian { std, mean }) => {
                write!(f, "Gaussian(ยต={mean},sigma={std})")
            }
            Self::TUniform(t_uniform) => {
                write!(f, "TUniform({})", t_uniform.bound_log2())
            }
        }
    }
}

impl<T: UnsignedInteger> Distribution for DynamicDistribution<T> {}

impl<
        T: UnsignedInteger
            + RandomGenerable<Gaussian<f64>, CustomModulus = T>
            + RandomGenerable<TUniform<T>, CustomModulus = T>,
    > RandomGenerable<DynamicDistribution<T>> for T
{
    type CustomModulus = Self;

    fn generate_one<G: ByteRandomGenerator>(
        generator: &mut RandomGenerator<G>,
        distribution: DynamicDistribution<T>,
    ) -> Self {
        match distribution {
            DynamicDistribution::Gaussian(gaussian) => Self::generate_one(generator, gaussian),
            DynamicDistribution::TUniform(t_uniform) => Self::generate_one(generator, t_uniform),
        }
    }

    fn generate_one_custom_modulus<G: ByteRandomGenerator>(
        generator: &mut RandomGenerator<G>,
        distribution: DynamicDistribution<T>,
        custom_modulus: Self::CustomModulus,
    ) -> Self {
        match distribution {
            DynamicDistribution::Gaussian(gaussian) => {
                Self::generate_one_custom_modulus(generator, gaussian, custom_modulus)
            }
            DynamicDistribution::TUniform(t_uniform) => {
                Self::generate_one_custom_modulus(generator, t_uniform, custom_modulus)
            }
        }
    }

    fn single_sample_success_probability(
        distribution: DynamicDistribution<T>,
        modulus: Option<Self::CustomModulus>,
    ) -> f64 {
        match distribution {
            DynamicDistribution::Gaussian(gaussian) => {
                <Self as RandomGenerable<Gaussian<f64>>>::single_sample_success_probability(
                    gaussian, modulus,
                )
            }
            DynamicDistribution::TUniform(t_uniform) => {
                <Self as RandomGenerable<TUniform<T>>>::single_sample_success_probability(
                    t_uniform, modulus,
                )
            }
        }
    }

    fn single_sample_required_random_byte_count(
        distribution: DynamicDistribution<T>,
        modulus: Option<Self::CustomModulus>,
    ) -> usize {
        match distribution {
            DynamicDistribution::Gaussian(gaussian) => {
                <Self as RandomGenerable<Gaussian<f64>>>::single_sample_required_random_byte_count(
                    gaussian, modulus,
                )
            }
            DynamicDistribution::TUniform(t_uniform) => {
                <Self as RandomGenerable<TUniform<T>>>::single_sample_required_random_byte_count(
                    t_uniform, modulus,
                )
            }
        }
    }
}