TFHE-rs v0.8.4

Summary

TFHE-rs v0.8.4 add a new function to get the size of serialized data before serializing them: safe_serialization::safe_serialized_size.
MSRV has been updated to 1.81.

TFHE-rs v0.8.3

Summary

TFHE-rs v0.8.3 introduces a breaking change regarding parameters for compression, an update was missed before release.

The v0.8.0, v0.8.1 and v0.8.2 crates will be yanked from crates.io and are not considered part of the v0.8.x release family, they should not be used.

TFHE-rs v0.8.2

Summary

TFHE-rs v0.8.2 adds a missing method to create an instance of IntegerProvenCompactCiphertextListConformanceParams.

TFHE-rs v0.8.1

Summary

TFHE-rs v0.8.1 exposes the HlCompressible and HlExpandable traits for compression which could have been hidden from users needing to implement them.

TFHE-rs v0.8.0

Summary

TFHE-rs v0.8.0 includes several enhancements and new features, here are the highlights:

• Array types: Simplify working with vectors and tensors of integer ciphertexts.
• CPU algorithms optimization: integer algorithms have been optimized: the 64 bits multiplication is now 16% faster for the default parameter set.
• Single GPU performance improvement: Thanks to optimizations in the Programmable Bootstrap and the Fast Fourier Transform CUDA implementations, the performance has been improved by approximately 20%.
• Multi-GPU support improvement:
  • All Nvidia GPUs can now be used in the computations, including those connected with PCIe.
  • NVLink connections between GPUs are used for memory transfers when available.
• Default GPU parameters: It's no longer necessary to modify cryptographic parameters when using GPU acceleration with TFHE-rs.
• Compression and decompression on the GPU: Ciphertext compression and decompression are now supported on GPUs, along with new integer operations.

What's Changed

Breaking Changes

Warning

• safe_serialize_versioned/safe_deserialize_versioned have been removed, and safe_serialize/safe_deserialize now adds versioning to the serialized types. For more flexibility, you can use SerializationConfig and DeserializationConfig.
• The CiphertextList trait must be in scope to use the common methods of the CompressedCiphertextList and CompactCiphertextListExpander.
• With the addition of the tagging system for HL API structs, raw parts APIs have been updated to manage the new tag field on relevant structs.
• Expansion of CompactCiphertextList and ProvenCompactCiphertextList now takes a signle IntegerCompactCiphertextListExpansionMode to manage keyswitching and applying lookup tables when required.
• The encrypted pseudo random generation API has changed.
• tfhe-zk-pok and TFHE-rs APIs now support custom metadata passed by users at encryption time.

New features

CPU

• Add array types
• Add a tag system to annotate structs with custom metadata
• Add versioning to the KeySwitchingKey
• Add missing raw parts APIs in the HL API
• Add is_even/is_odd
• Add ability to use safe serialization on key types
• Add random encrypted FheBool generation
• Add conformance to ProvenCompactCiphertextList
• Add key conformance
• Add integer bit slicing
• Add count zeros/ones
• ZK-POK: add ability to associate metadata to a proof
• Add ability to construct a ClientKey from a user provided secret encryption key in shortint

GPU

• Signed integer overflowing add
• Signed integer overflowing sub
• Signed integer overflowing scalar add
• Signed integer overflowing scalar sub
• Log2, trailing and leading zeros and ones
• Signed & unsigned integer is even / is odd
• Ciphertext compression

Improvements

CPU

• Improve carry propagation performance, this positively impacts, add, sub, mul, div and comparisons
• Improve performance in some cases during CompactCiphertextList expansion
• Improve performance of non native modulus operations
• WASM: add ability to encrypt u{512, 1024, 2048} with a CompactPublicKey
• WASM: add ability to read the kind of an encrypted slot in a CompactListExpander
• ZK-POK: improve performance on WASM for browser execution
• ZK-POK: improve performance when proving less bits than what a proof can hold
• ZK-POK: add versioning

GPU

• Configure GPU parameters automatically to GPU multi-bit dedicated parameters
• Optimize integer scalar multiplication memory use on the GPU
• Optimize multiplication memory usage
• Speedup twiddles reads
• Pin bootstrap key host memory to speedup its copy to multiple GPUs
• Multi GPU: dispatch/gather inputs and outputs to the ks/pbs on all GPUs
• Implements FFT with reduced shared memory read/write

Fixes

CPU

• Fix wrong Named implementation for CompressedCiphertextList
• Fix Client/Server Key versioning
• Fix CompactCiphertextList's expand_with_key which could fail to expand lists in certain circumstances
• Remove double carry propagation in sub
• Versioning: fix the bounds added in the derived traits for the Versionize macro which were sometimes unsatisfiable

GPU

• Fix add with 1 block
• Fix a memory error in multiplication
• Fix a memory error in scalar shifts
• Fix full propagation with 1 block
• Fix a memory error in bitnot

Resources

• Documentation:
  • Array

TFHE-rs v0.7.4

Summary

TFHE-rs v0.7.4 fixes web package by bundling files needed to run parallel version of JS API.

TFHE-rs v0.7.3

Summary

TFHE-rs v0.7.3 fixes the CompressedServerKey generation in the High Level API which was generating the inner ServerKey twice.

Additionally following a breaking change due to a change in an AVX512 intrinsics signature in the rust project, we are restricting pulp (0.18.8 <= pulp < 0.18.22) to keep the old intrinsics signature. This means TFHE-rs version 0.7 will not build with nightly toolchains which are too recent. nightly-2024-04-29 is known to be compatible and pass CI builds.

TFHE-rs v0.7.2

Summary

TFHE-rs v0.7.2 adds the versioning of the CompressedCiphertextList

TFHE-rs v0.7.1

Summary

TFHE-rs v0.7.1 adds compression parameters for the default 2_2 parameters from the shortint API.

TFHE-rs v0.7.0

Summary

TFHE-rs v0.7.0 includes several enhancements and new features, here are the highlights:

• Parameters: Probability of failure is now 2^-64 by default. This drastically improves the correctness ratio over a long period of time at a negligible performance cost.
• New vector and array operations: Add new vector and array operations for more efficient data handling, e.g. test equality of two arrays and test whether an array contains another array.
• Compact Public Key encryption parameters: You can now select dedicated parameters for Compact Public Key encryption to reduce size and improve generation time for Zero Knowledge (ZK) proofs.
• Improved Zero-Knowledge Proofs: Through optimizations and dedicated parameter sets for the Compact Public Key Encryption, the commitment size as well as the proof and verification time have been reduced.
• Post-computation compression: Introduce a new form of post-computation compression to limit data size on disk and in transit. This is especially useful for storing encrypted computation results using less storage space.
• Multi-GPU support: The CUDA backend v0.3.0 now supports multi-GPU configurations with more integer operations. It also brings performance improvements across operations.

What's Changed

Breaking Changes

Warning

• The Zero Knowledge proofs CRS format has changed and is not compatible with older CRS formats.
• The encrypted PRF now uses sha3 to generate the random input of the PRF
• CompactFheUintX and CompactFheUintXList are replaced by the new heterogeneous CompactCiphertextList

New features

• High Level API/Integer: allow CompactCiphertextList to store heterogeneous types
• High Level API/Integer: add the ability to use dedicated Compact Public Key parameters and keyswitch to compute parameters upon expand
• High Level API/Integer: add the ability to compress data after computation
• High Level API/Integer/C API: add 512, 1024 and 2048 bits FheUint types
• High Level API/Integer: add boolean select
• Integer/Core crypto/CUDA: compute the PBS and KS on multiple GPUs when possible
• Integer/CUDA: add unsigned div_rem
• Integer/CUDA: add unsigned scalar div
• Integer/CUDA: add unsigned overflowing add
• Integer/CUDA: add unsigned overflowing scalar add
• Integer/CUDA: add signed scalar comparisons
• Integer/CUDA: add cast signed/unsigned and signed/signed
• Integer: add vector match_value/index_of/contains/is_in
• Integer: add an eq_slice function
• Integer: add contains_sub_slice
• Shortint: make the PRF use sha3 as it's random oracle
• Core crypto: add an NTT based PBS
• Core crypto: add keyswitch that changes the scalar type from input to output
• Core crypto: add the ability to change the scalar type from input to output to the PBS
• Core crypto: add support for multi bit to the modulus switch compression
• Core crypto: add (G)lweCiphertextList::from_fn/from_elem methods
• Core crypto/CUDA: use a PBS implementation that makes use of thread block clusters and distributed shared memory on H100
• C API: add C API for some array functions (array_eq, array_contains_sub_slice)
• All: add new evolutive data format to avoid breaking changes of data formats when possible
• ZK: improve performance of the PKE proof

Improvements

• Integer: add packing in carry for modulus switch compression
• Integer/CUDA: change bitnot to not use the PBS
• Core crypto: the non-native decomposer formulas have been updated for use with the NTT PBS
• Core crypto: refactor fallible RNG to have a 2^-128 probability of failing to generate a coefficient
• Core crypto/CUDA: improve keyswitch performance