Struct UpgradeKeyChain 

pub struct UpgradeKeyChain { /* private fields */ }

This struct is meant to provide a mean to change the parameters under which ciphertexts are encrypted in.

This is to help applications which will change parameters used to keep good security or to be able to target new hardware and still be able to easily load and update old ciphertexts (with old parameters). Provided an upgrade path exists.

Parameters are identified by 3 components:

• The Tag
• The Device
• The CiphertextKind

To register parameters, add a key

• Self::add_key_set
• Self::add_key_set_gpu

Then upgrade keys that allow to go from one parameter set to another should be added with Self::add_upgrade_key

Example

use tfhe::prelude::*;
use tfhe::shortint::parameters::{
    COMP_PARAM_MESSAGE_2_CARRY_2, PARAM_KEYSWITCH_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128,
    PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128,
};
use tfhe::upgrade::UpgradeKeyChain;
use tfhe::{
    set_server_key, ClientKey, ConfigBuilder, Device, FheUint32, KeySwitchingKey, ServerKey,
};

let compute_params = PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128;
let compression_parameters = COMP_PARAM_MESSAGE_2_CARRY_2;

let config = ConfigBuilder::with_custom_parameters(compute_params)
    .enable_compression(compression_parameters)
    .build();

let mut ck1 = ClientKey::generate(config);
ck1.tag_mut().set_u64(1);
let sk1 = ServerKey::new(&ck1);
assert_eq!(sk1.tag().as_u64(), 1);

let mut ck2 = ClientKey::generate(config);
ck2.tag_mut().set_u64(2);
let sk2 = ServerKey::new(&ck2);
assert_eq!(sk2.tag().as_u64(), 2);

let ksk = KeySwitchingKey::with_parameters(
    (&ck1, &sk1),
    (&ck2, &sk2),
    PARAM_KEYSWITCH_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128,
);

let mut upgrader = UpgradeKeyChain::new();
upgrader.add_key_set(&sk1);
upgrader.add_key_set(&sk2);
upgrader.add_upgrade_key(ksk).unwrap();

let clear_a = 23428u32;
let clear_b = 985427u32;

let a = FheUint32::encrypt(clear_a, &ck1);
let b = FheUint32::encrypt(clear_b, &ck1);

let upgraded_a = upgrader.upgrade(&a, ck2.tag(), Device::Cpu).unwrap();
let upgraded_b = upgrader.upgrade(&b, ck2.tag(), Device::Cpu).unwrap();

set_server_key(sk2);

let c = upgraded_a + upgraded_b;
let dc: u32 = c.decrypt(&ck2);
assert_eq!(dc, clear_a.wrapping_add(clear_b));

Implementations

impl UpgradeKeyChain

pub fn new() -> Self

Creates a new and empty upgrader

pub fn add_key_set(&mut self, sks: &ServerKey)

Adds the CPU server key into the upgrade system

• It adds the compute parameters
• It adds the compression parameters (if they exist)
• It adds a path to go from compression parameters to compute parameters

pub fn add_key_set_gpu(&mut self, sks: &CudaServerKey)

Adds the GPU server key into the upgrade system

• It adds the compute parameters
• It adds the compression parameters (if they exist)

pub fn add_upgrade_key(&mut self, key: impl Into<UpgradeKey>) -> Result<()>

Adds an upgrade key to the system

There are 2 types of UpgradeKey

• KeySwitchKey: to go from compute params to other compute params
• Decompression: to go from compressed params to some compute params

pub fn upgrade<T>( &self, ct: &T, dest_tag: &Tag, dest_device: Device, ) -> Result<T>

where T: Tagged + Clone, KeySwitchingKey: FheKeyswitch<T>,

Upgrades the input ciphertext to the compute params of the selected tag and device

Returns an error if no upgrade path could be found

pub fn upgrade_from_compressed<T>( &self, input: &CompressedCiphertextList, index: usize, dest_tag: &Tag, dest_device: Device, ) -> Result<T>

where KeySwitchingKey: FheKeyswitch<T>, T: HlExpandable + Tagged + Clone,

Upgrades the input compressed ciphertext to the compute params of the selected tag and device

Returns an error if no upgrade path could be found

Trait Implementations

impl Default for UpgradeKeyChain

fn default() -> Self

Returns the “default value” for a type.