diff --git a/tfhe/src/c_api/shortint/parameters.rs b/tfhe/src/c_api/shortint/parameters.rs index 7be86247aa..9caba110c0 100644 --- a/tfhe/src/c_api/shortint/parameters.rs +++ b/tfhe/src/c_api/shortint/parameters.rs @@ -176,6 +176,7 @@ pub struct ShortintCompactPublicKeyEncryptionParameters { // these parameters will always require casting, as they always require casting we add a field // for the casting parameters here. pub casting_parameters: ShortintCompactCiphertextListCastingParameters, + pub zk_scheme: SupportedCompactPkeZkScheme, } impl TryFrom @@ -196,6 +197,7 @@ impl TryFrom )?, expansion_kind: crate::shortint::parameters::CompactCiphertextListExpansionKind::RequiresCasting, + zk_scheme: c_params.zk_scheme, }) } } @@ -233,6 +235,7 @@ impl ShortintCompactPublicKeyEncryptionParameters { casting_parameters: ShortintCompactCiphertextListCastingParameters::convert( casting_parameters, ), + zk_scheme: compact_pke_params.zk_scheme, } } } diff --git a/tfhe/src/integer/ciphertext/compact_list.rs b/tfhe/src/integer/ciphertext/compact_list.rs index b73085b359..b7910ff567 100644 --- a/tfhe/src/integer/ciphertext/compact_list.rs +++ b/tfhe/src/integer/ciphertext/compact_list.rs @@ -1164,9 +1164,7 @@ mod tests { .checked_pow(num_blocks as u32) .unwrap(); - let crs = - CompactPkeCrs::from_shortint_params_legacy_v1(pke_params, LweCiphertextCount(512)) - .unwrap(); + let crs = CompactPkeCrs::from_shortint_params(pke_params, LweCiphertextCount(512)).unwrap(); let cks = ClientKey::new(fhe_params); let sk = ServerKey::new_radix_server_key(&cks); let compact_private_key = CompactPrivateKey::new(pke_params); diff --git a/tfhe/src/js_on_wasm_api/shortint.rs b/tfhe/src/js_on_wasm_api/shortint.rs index 3436c6d6f7..8d9fa6d05b 100644 --- a/tfhe/src/js_on_wasm_api/shortint.rs +++ b/tfhe/src/js_on_wasm_api/shortint.rs @@ -258,7 +258,8 @@ impl ShortintCompactPublicKeyEncryptionParameters { CarryModulus(carry_modulus), ciphertext_modulus, // These parameters always requires casting - crate::shortint::parameters::CompactCiphertextListExpansionKind::RequiresCasting + crate::shortint::parameters::CompactCiphertextListExpansionKind::RequiresCasting, + crate::shortint::parameters::SupportedCompactPkeZkScheme::ZkNotSupported ).map_err(into_js_error)?; let casting_parameters = diff --git a/tfhe/src/shortint/backward_compatibility/parameters/compact_public_key_only.rs b/tfhe/src/shortint/backward_compatibility/parameters/compact_public_key_only.rs index 86c850eb50..4ab5382f15 100644 --- a/tfhe/src/shortint/backward_compatibility/parameters/compact_public_key_only.rs +++ b/tfhe/src/shortint/backward_compatibility/parameters/compact_public_key_only.rs @@ -1,14 +1,47 @@ -use tfhe_versionable::VersionsDispatch; +use std::convert::Infallible; + +use tfhe_versionable::{Upgrade, Version, VersionsDispatch}; use super::parameters::compact_public_key_only::CompactPublicKeyEncryptionParameters; -use super::parameters::CompactCiphertextListExpansionKind; +use super::parameters::{ + CompactCiphertextListExpansionKind, DynamicDistribution, SupportedCompactPkeZkScheme, +}; +use super::prelude::*; #[derive(VersionsDispatch)] pub enum CompactCiphertextListExpansionKindVersions { V0(CompactCiphertextListExpansionKind), } +#[derive(Version)] +pub struct CompactPublicKeyEncryptionParametersV0 { + pub encryption_lwe_dimension: LweDimension, + pub encryption_noise_distribution: DynamicDistribution, + pub message_modulus: MessageModulus, + pub carry_modulus: CarryModulus, + pub ciphertext_modulus: CiphertextModulus, + pub expansion_kind: CompactCiphertextListExpansionKind, +} + +impl Upgrade for CompactPublicKeyEncryptionParametersV0 { + type Error = Infallible; + + fn upgrade(self) -> Result { + Ok(CompactPublicKeyEncryptionParameters { + encryption_lwe_dimension: self.encryption_lwe_dimension, + encryption_noise_distribution: self.encryption_noise_distribution, + message_modulus: self.message_modulus, + carry_modulus: self.carry_modulus, + ciphertext_modulus: self.ciphertext_modulus, + expansion_kind: self.expansion_kind, + // TFHE-rs v0.10 and before used only the v1 zk scheme + zk_scheme: SupportedCompactPkeZkScheme::V1, + }) + } +} + #[derive(VersionsDispatch)] pub enum CompactPublicKeyEncryptionParametersVersions { - V0(CompactPublicKeyEncryptionParameters), + V0(CompactPublicKeyEncryptionParametersV0), + V1(CompactPublicKeyEncryptionParameters), } diff --git a/tfhe/src/shortint/backward_compatibility/parameters/mod.rs b/tfhe/src/shortint/backward_compatibility/parameters/mod.rs index 62bc632c79..9d1cc537bf 100644 --- a/tfhe/src/shortint/backward_compatibility/parameters/mod.rs +++ b/tfhe/src/shortint/backward_compatibility/parameters/mod.rs @@ -4,7 +4,7 @@ pub mod list_compression; use tfhe_versionable::VersionsDispatch; -use crate::shortint::parameters::ShortintParameterSetInner; +use crate::shortint::parameters::*; use crate::shortint::*; #[derive(VersionsDispatch)] @@ -47,3 +47,8 @@ pub enum MultiBitPBSParametersVersions { pub enum WopbsParametersVersions { V0(WopbsParameters), } + +#[derive(VersionsDispatch)] +pub enum SupportedCompactPkeZkSchemeVersions { + V0(SupportedCompactPkeZkScheme), +} diff --git a/tfhe/src/shortint/ciphertext/zk.rs b/tfhe/src/shortint/ciphertext/zk.rs index 92ebca740c..21cb3dfffe 100644 --- a/tfhe/src/shortint/ciphertext/zk.rs +++ b/tfhe/src/shortint/ciphertext/zk.rs @@ -7,13 +7,14 @@ use crate::shortint::ciphertext::CompactCiphertextList; use crate::shortint::parameters::{ CarryModulus, CiphertextListConformanceParams, CiphertextModulus, CompactCiphertextListExpansionKind, CompactPublicKeyEncryptionParameters, LweDimension, - MessageModulus, ShortintCompactCiphertextListCastingMode, + MessageModulus, ShortintCompactCiphertextListCastingMode, SupportedCompactPkeZkScheme, }; use crate::shortint::{Ciphertext, CompactPublicKey}; use crate::zk::{ CompactPkeCrs, CompactPkeProof, CompactPkeZkScheme, ZkMSBZeroPaddingBitCount, ZkVerificationOutcome, }; + use rayon::prelude::*; use serde::{Deserialize, Serialize}; use tfhe_versionable::Versionize; @@ -21,7 +22,8 @@ use tfhe_versionable::Versionize; impl CompactPkeCrs { /// Construct the CRS that corresponds to the given parameters /// - /// max_num_message is how many message a single proof can prove + /// max_num_message is how many message a single proof can prove. + /// The version of the zk scheme is based on the [`CompactPkeZkScheme`] value in the params. pub fn from_shortint_params( params: P, max_num_message: LweCiphertextCount, @@ -43,51 +45,29 @@ impl CompactPkeCrs { // 1 padding bit for the PBS // Note that if we want to we can prove carry bits are 0 should we need it crate::shortint::engine::ShortintEngine::with_thread_local_mut(|engine| { - Self::new( - size, - max_num_message, - noise_distribution, - params.ciphertext_modulus, - plaintext_modulus, - ZkMSBZeroPaddingBitCount(1), - &mut engine.random_generator, - ) - }) - } - - /// Construct the CRS for the legacy V1 zk scheme that corresponds to the given parameters - /// - /// max_num_message is how many message a single proof can prove - pub fn from_shortint_params_legacy_v1( - params: P, - max_num_message: LweCiphertextCount, - ) -> crate::Result - where - P: TryInto, - crate::Error: From, - { - let params: CompactPublicKeyEncryptionParameters = params.try_into()?; - let (size, noise_distribution) = ( - params.encryption_lwe_dimension, - params.encryption_noise_distribution, - ); - - let mut plaintext_modulus = params.message_modulus.0 * params.carry_modulus.0; - // Our plaintext modulus does not take into account the bit of padding - plaintext_modulus *= 2; - - // 1 padding bit for the PBS - // Note that if we want to we can prove carry bits are 0 should we need it - crate::shortint::engine::ShortintEngine::with_thread_local_mut(|engine| { - Self::new_legacy_v1( - size, - max_num_message, - noise_distribution, - params.ciphertext_modulus, - plaintext_modulus, - ZkMSBZeroPaddingBitCount(1), - &mut engine.random_generator, - ) + match params.zk_scheme { + SupportedCompactPkeZkScheme::V1 => Self::new_legacy_v1( + size, + max_num_message, + noise_distribution, + params.ciphertext_modulus, + plaintext_modulus, + ZkMSBZeroPaddingBitCount(1), + &mut engine.random_generator, + ), + SupportedCompactPkeZkScheme::V2 => Self::new( + size, + max_num_message, + noise_distribution, + params.ciphertext_modulus, + plaintext_modulus, + ZkMSBZeroPaddingBitCount(1), + &mut engine.random_generator, + ), + SupportedCompactPkeZkScheme::ZkNotSupported => { + Err("Zk proof of encryption is not supported by the provided parameters".into()) + } + } }) } } diff --git a/tfhe/src/shortint/parameters/compact_public_key_only/mod.rs b/tfhe/src/shortint/parameters/compact_public_key_only/mod.rs index 115bb1b8e3..282a11a1e0 100644 --- a/tfhe/src/shortint/parameters/compact_public_key_only/mod.rs +++ b/tfhe/src/shortint/parameters/compact_public_key_only/mod.rs @@ -7,9 +7,10 @@ use crate::shortint::backward_compatibility::parameters::compact_public_key_only }; use crate::shortint::parameters::{ CarryModulus, ClassicPBSParameters, MessageModulus, MultiBitPBSParameters, PBSParameters, - ShortintParameterSet, + ShortintParameterSet, SupportedCompactPkeZkScheme, }; use crate::shortint::KeySwitchingKeyView; + use crate::Error; use serde::{Deserialize, Serialize}; use tfhe_versionable::Versionize; @@ -50,6 +51,8 @@ pub struct CompactPublicKeyEncryptionParameters { pub carry_modulus: CarryModulus, pub ciphertext_modulus: CiphertextModulus, pub expansion_kind: CompactCiphertextListExpansionKind, + // Version of the PKE zk scheme compatible with these parameters + pub zk_scheme: SupportedCompactPkeZkScheme, } impl CompactPublicKeyEncryptionParameters { @@ -60,6 +63,7 @@ impl CompactPublicKeyEncryptionParameters { carry_modulus: CarryModulus, ciphertext_modulus: CiphertextModulus, output_ciphertext_kind: CompactCiphertextListExpansionKind, + zk_scheme: SupportedCompactPkeZkScheme, ) -> Result { let parameters = Self { encryption_lwe_dimension, @@ -68,6 +72,7 @@ impl CompactPublicKeyEncryptionParameters { carry_modulus, ciphertext_modulus, expansion_kind: output_ciphertext_kind, + zk_scheme, }; if !parameters.is_valid() { @@ -126,6 +131,8 @@ impl TryFrom for CompactPublicKeyEncryptionParameters { carry_modulus, ciphertext_modulus, output_ciphertext_kind, + // Zk needs specific pke parameters + SupportedCompactPkeZkScheme::ZkNotSupported, ) } } diff --git a/tfhe/src/shortint/parameters/compact_public_key_only/p_fail_2_minus_64/ks_pbs.rs b/tfhe/src/shortint/parameters/compact_public_key_only/p_fail_2_minus_64/ks_pbs.rs index d5fe19103d..6ba5847aa7 100644 --- a/tfhe/src/shortint/parameters/compact_public_key_only/p_fail_2_minus_64/ks_pbs.rs +++ b/tfhe/src/shortint/parameters/compact_public_key_only/p_fail_2_minus_64/ks_pbs.rs @@ -3,7 +3,7 @@ use crate::core_crypto::commons::parameters::{ }; use crate::shortint::parameters::{ CarryModulus, CompactCiphertextListExpansionKind, CompactPublicKeyEncryptionParameters, - MessageModulus, + MessageModulus, SupportedCompactPkeZkScheme, }; /// This parameter set should be used when doing zk proof of public key encryption @@ -19,6 +19,7 @@ pub const V0_11_PARAM_PKE_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64_ZKV2: carry_modulus: CarryModulus(4), ciphertext_modulus: CiphertextModulus::new_native(), expansion_kind: CompactCiphertextListExpansionKind::RequiresCasting, + zk_scheme: SupportedCompactPkeZkScheme::V2, } .validate(); @@ -33,6 +34,7 @@ pub const V0_11_PARAM_PKE_TO_SMALL_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64_ZKV1: carry_modulus: CarryModulus(4), ciphertext_modulus: CiphertextModulus::new_native(), expansion_kind: CompactCiphertextListExpansionKind::RequiresCasting, + zk_scheme: SupportedCompactPkeZkScheme::V1, } .validate(); @@ -46,5 +48,6 @@ pub const V0_11_PARAM_PKE_TO_BIG_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64_ZKV1: carry_modulus: CarryModulus(4), ciphertext_modulus: CiphertextModulus::new_native(), expansion_kind: CompactCiphertextListExpansionKind::RequiresCasting, + zk_scheme: SupportedCompactPkeZkScheme::V1, } .validate(); diff --git a/tfhe/src/shortint/parameters/mod.rs b/tfhe/src/shortint/parameters/mod.rs index 33b34fd7a1..79813318ea 100644 --- a/tfhe/src/shortint/parameters/mod.rs +++ b/tfhe/src/shortint/parameters/mod.rs @@ -17,6 +17,8 @@ use crate::core_crypto::prelude::{ LweCiphertextListParameters, LweCiphertextParameters, MsDecompressionType, }; use crate::shortint::backward_compatibility::parameters::*; +#[cfg(feature = "zk-pok")] +use crate::zk::CompactPkeZkScheme; use serde::{Deserialize, Serialize}; use tfhe_versionable::Versionize; @@ -793,3 +795,30 @@ pub const COMP_PARAM_MESSAGE_2_CARRY_2: CompressionParameters = COMP_PARAM_MESSA // GPU pub const PARAM_GPU_MULTI_BIT_MESSAGE_2_CARRY_2_GROUP_3_KS_PBS: MultiBitPBSParameters = PARAM_GPU_MULTI_BIT_GROUP_3_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64; + +/// The Zk scheme for compact private key encryption supported by these parameters. +/// +/// The Zk Scheme is available in 2 versions. In case of doubt, you should prefer the V2 which is +/// more efficient. +#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize, Versionize)] +#[repr(C)] +#[versionize(SupportedCompactPkeZkSchemeVersions)] +pub enum SupportedCompactPkeZkScheme { + /// The given parameters do not support zk proof of encryption + ZkNotSupported, + V1, + V2, +} + +#[cfg(feature = "zk-pok")] +impl TryFrom for CompactPkeZkScheme { + type Error = (); + + fn try_from(value: SupportedCompactPkeZkScheme) -> Result { + match value { + SupportedCompactPkeZkScheme::ZkNotSupported => Err(()), + SupportedCompactPkeZkScheme::V1 => Ok(Self::V1), + SupportedCompactPkeZkScheme::V2 => Ok(Self::V2), + } + } +} diff --git a/tfhe/src/shortint/parameters/v0_10/compact_public_key_only/p_fail_2_minus_64/ks_pbs.rs b/tfhe/src/shortint/parameters/v0_10/compact_public_key_only/p_fail_2_minus_64/ks_pbs.rs index d83f0e3aef..86fd66971e 100644 --- a/tfhe/src/shortint/parameters/v0_10/compact_public_key_only/p_fail_2_minus_64/ks_pbs.rs +++ b/tfhe/src/shortint/parameters/v0_10/compact_public_key_only/p_fail_2_minus_64/ks_pbs.rs @@ -3,7 +3,7 @@ use crate::core_crypto::commons::parameters::{ }; use crate::shortint::parameters::{ CarryModulus, CompactCiphertextListExpansionKind, CompactPublicKeyEncryptionParameters, - MessageModulus, + MessageModulus, SupportedCompactPkeZkScheme, }; /// This legacy parameter set were used with the v1 pke zk scheme on TFHE-rs v0.10 and lower @@ -15,5 +15,6 @@ pub const V0_10_PARAM_PKE_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64_ZKV1: carry_modulus: CarryModulus(4), ciphertext_modulus: CiphertextModulus::new_native(), expansion_kind: CompactCiphertextListExpansionKind::RequiresCasting, + zk_scheme: SupportedCompactPkeZkScheme::V1, } .validate();