1 of 75

0.6 Getting Started

Installation

Please note that not all hardware/OS combinations are supported. Determine your platform, OS version, and Python version before referencing the table below.

Depending on your OS, Concrete-ML may be installed with Docker or with pip:

OS / HW

Available on Docker

Available on pip

Linux

Yes

Windows

Yes

Not currently

Windows Subsystem for Linux

Yes

macOS (Intel)

Yes

macOS (Apple Silicon, ie M1, M2 etc)

Yes

Not currently

Also, only some versions of python are supported: in the current release, these are 3.7 (Linux only), 3.8, and 3.9. Moreover, the Concrete-ML Python package requires glibc >= 2.28. On Linux, you can check your glibc version by running ldd --version.

Most of these limits are shared with the rest of the Concrete stack (namely Concrete-Numpy and Concrete-Compiler). Support for more platforms will be added in the future.

Using PyPi

Requirements

Installing on Windows can be done using Docker or WSL. On WSL, Concrete-ML will work as long as the package is not installed in the /mnt/c/ directory, which corresponds to the host OS filesystem.

Installation

To install Concrete-ML from PyPi, run the following:

pip install -U pip wheel setuptools
pip install concrete-ml

This will automatically install all dependencies, notably Concrete-Numpy.

Using Docker

Concrete-ML can be installed using Docker by either pulling the latest image or a specific version:

docker pull zamafhe/concrete-ml:latest
# or
docker pull zamafhe/concrete-ml:v0.4.0

The image can then be used via the following command:

# Without local volume:
docker run --rm -it -p 8888:8888 zamafhe/concrete-ml

# With local volume to save notebooks on host:
docker run --rm -it -p 8888:8888 -v /host/path:/data zamafhe/concrete-ml

This will launch a Concrete-ML enabled Jupyter server in Docker that can be accessed directly from a browser.

Alternatively, a shell can be lauched in Docker, with or without volumes:

docker run --rm -it zamafhe/concrete-ml /bin/bash

Key Concepts

Concrete-ML is built on top of Concrete-Numpy, which enables Numpy programs to be converted into FHE circuits.

Lifecycle of a Concrete-ML model

I. Model development

training: A model is trained using plaintext, non-encrypted, training data.
inference: The compiled model can then be executed on encrypted data, once the proper keys have been generated. The model can also be deployed to a server and used to run private inference on encrypted inputs.

II. Model deployment

client/server deployment: In a client/server setting, the model can be exported in a way that:
- allows the client to generate keys, encrypt, and decrypt.
- provides a compiled model that can run on the server to perform inference on encrypted data.
key generation: The data owner (client) needs to generate a pair of private keys (to encrypt/decrypt their data and results) and a public evaluation key (for the model's FHE evaluation on the server).

Cryptography concepts

Concrete-ML and Concrete-Numpy are tools that hide away the details of the underlying cryptography scheme, called TFHE. However, some cryptography concepts are still useful when using these two toolkits:

encryption/decryption: These operations transform plaintext, i.e. human-readable information, into ciphertext, i.e. data that contains a form of the original plaintext that is unreadable by a human or computer without the proper key to decrypt it. Encryption takes plaintext and an encryption key and produces ciphertext, while decryption is the inverse operation.
encrypted inference: FHE allows a third party to execute (i.e. run inference or predict) a machine learning model on encrypted data (a ciphertext). The result of the inference is also encrypted and can only be read by the person who receives the decryption key.
keys: A key is a series of bits used within an encryption algorithm for encrypting data so that the corresponding ciphertext appears random.
key generation: Cryptographic keys need to be generated using random number generators. Their size may be large and key generation may take a long time. However, keys only need to be generated once for each model used by a client.
guaranteed correctness of encrypted computations: To achieve security, TFHE, the underlying encryption scheme, adds random noise as ciphertexts. This can induce errors during processing of encrypted data, depending on noise parameters. By default, Concrete-ML uses parameters that ensure the correctness of the encrypted computation, so there is no need to account for noise parametrization. Therefore, the results on encrypted data will be the same as the results of simulation on clear data.

Model accuracy considerations under FHE constraints

To respect FHE constraints, all numerical programs that include non-linear operations over encrypted data must have all inputs, constants, and intermediate values represented with integers of a maximum of 16 bits.

Inference in the Cloud

Concrete-ML models can be easily deployed in a client/server setting, enabling the creation of privacy-preserving services in the cloud.

Keys are generated by the user once for each service they use, based on the model the service provides and its cryptographic parameters.

The overall communications protocol to enable cloud deployment of machine learning services can be summarized in the following diagram:

The steps detailed above are as follows:

The model developer deploys the compiled machine learning model to the server. This model includes the cryptographic parameters. The server is now ready to provide private inference.
The client requests the cryptographic parameters (also called "client specs"). Once it receives them from the server, the secret and evaluation keys are generated.
The client sends the evaluation key to the server. The server is now ready to accept requests from this client. The client sends their encrypted data.
The server uses the evaluation key to securely run inference on the user's data and sends back the encrypted result.
The client now decrypts the result and can send back new requests.

Demos and Tutorials

This section lists several demos that apply Concrete-ML to some popular machine learning problems. They show how to build ML models that perform well under FHE constraints, and then how to perform the conversion to FHE.

Built-in Models

Linear Models

Models are also compatible with some of scikit-learn's main workflows, such as Pipeline() and GridSearch().

Quantization parameters

The n_bits parameter controls the bit-width of the inputs and weights of the linear models. When non-linear mapping is applied by the model, such as exp or sigmoid, currently Concrete-ML applies it on the client-side, on clear-text values that are the decrypted output of the linear part of the model. Thus, Linear Models do not use table lookups, and can, therefore, use high precision integers for weight and inputs. The n_bits parameter can be set to 8 or more bits for models with up to 300 input dimensions. When the input has more dimensions, n_bits must be reduced to 6-7. Accuracy and R2 scores are preserved down to n_bits=6, compared to the non-quantized float models from scikit-learn.

Example

The overall accuracy scores are identical (93%) between the scikit-learn model (executed in the clear) and the Concrete-ML one (executed in FHE). In fact, quantization has little impact on the decision boundaries, as linear models are able to consider large precision numbers when quantizing inputs and weights in Concrete-ML. Additionally, as the linear models do not use PBS, the FHE computations are always exact, meaning the FHE predictions are always identical to the quantized clear ones.

Tree-based Models

Example

Quantization parameters

This graph above shows that, when using a sufficiently high bit-width, quantization has little impact on the decision boundaries of the Concrete-ML FHE decision tree models. As the quantization is done individually on each input feature, the impact of quantization is strongly reduced, and, thus, FHE tree-based models reach similar accuracy as their floating point equivalents. Using 6 bits for quantization makes the Concrete-ML model reach or exceed the floating point accuracy. The number of bits for quantization can be adjusted through the n_bits parameter.

When n_bits is set low, the quantization process may sometimes create some artifacts that could lead to a decrease in performance, but the execution speed in FHE decreases. In this way, it is possible to adjust the accuracy/speed trade-off, and some accuracy can be recovered by increasing the n_estimators.

The following graph shows that using 5-6 bits of quantization is usually sufficient to reach the performance of a non-quantized XGBoost model on floating point data. The metrics plotted are accuracy and F1-score on the spambase data-set.

Neural Networks

Concrete-ML provides simple built-in neural networks models with a scikit-learn interface through the NeuralNetClassifier and NeuralNetRegressor classes.

Concrete-ML

Scikit-learn

The Concrete-ML models are multi-layer, fully-connected networks with customizable activation functions and a number of neurons in each layer. This approach is similar to what is available in scikit-learn using the MLPClassifier/MLPRegressor classes. The built-in models train easily with a single call to .fit(), which will automatically quantize the weights and activations. These models use Quantization Aware Training, allowing good performance for low precision (down to 2-3 bit) weights and activations.

Example usage

To create an instance of a Fully Connected Neural Network (FCNN), you need to instantiate one of the NeuralNetClassifier and NeuralNetRegressor classes and configure a number of parameters that are passed to their constructor. Note that some parameters need to be prefixed by module__, while others don't. Basically, the parameters that are related to the model, i.e. the underlying nn.Module, must have the prefix. The parameters that are related to training options do not require the prefix.

from concrete.ml.sklearn import NeuralNetClassifier
import torch.nn as nn

n_inputs = 10
n_outputs = 2
params = {
    "module__n_layers": 2,
    "module__n_w_bits": 2,
    "module__n_a_bits": 2,
    "module__n_accum_bits": 8,
    "module__n_hidden_neurons_multiplier": 1,
    "module__n_outputs": n_outputs,
    "module__input_dim": n_inputs,
    "module__activation_function": nn.ReLU,
    "max_epochs": 10,
}

concrete_classifier = NeuralNetClassifier(**params)

The figure above shows, on the right, the Concrete-ML neural network, trained with Quantization Aware Training, in a FHE-compatible configuration. The figure compares this network to the floating-point equivalent, trained with scikit-learn.

Architecture parameters

module__n_layers: number of layers in the FCNN, must be at least 1. Note that this is the total number of layers. For a single, hidden layer NN model, set module__n_layers=2
module__n_outputs: number of outputs (classes or targets)
module__input_dim: dimensionality of the input

Quantization parameters

n_w_bits (default 3): number of bits for weights
n_a_bits (default 3): number of bits for activations and inputs

Training parameters (from skorch)

max_epochs: The number of epochs to train the network (default 10)
verbose: Whether to log loss/metrics during training (default: False)
lr: Learning rate (default 0.001)

Advanced parameters

Network input/output

When you have training data in the form of a NumPy array, and targets in a NumPy 1D array, you can set:

    classes = np.unique(y_all)
    params["module__input_dim"] = x_train.shape[1]
    params["module__n_outputs"] = len(classes)

Class weights

You can give weights to each class to use in training. Note that this must be supported by the underlying PyTorch loss function.

    from sklearn.utils.class_weight import compute_class_weight
    params["criterion__weight"] = compute_class_weight("balanced", classes=classes, y=y_train)

Overflow errors

The n_hidden_neurons_multiplier parameter influences training accuracy as it controls the number of non-zero neurons that are allowed in each layer. Increasing n_hidden_neurons_multiplier improves accuracy, but should take into account precision limitations to avoid overflow in the accumulator. The default value is a good compromise that avoids overflow in most cases, but you may want to change the value of this parameter to reduce the breadth of the network if you have overflow errors. A value of 1 should be completely safe with respect to overflow.

Pandas

Concrete-ML provides partial support for Pandas, with most available models (linear and tree-based models) usable on Pandas dataframes just as they would be used with NumPy arrays.

The table below summarizes current compatibility:

Methods

Support Pandas dataframe

fit

✓

compile

✗

predict (execute_in_fhe=False)

✓

predict (execute_in_fhe=True)

✓

Example

import numpy as np
import pandas as pd
from concrete.ml.sklearn import LogisticRegression
from sklearn.datasets import make_classification
from sklearn.model_selection import train_test_split

# Create the data set as a Pandas dataframe
X, y = make_classification(
    n_samples=250,
    n_features=30,
    n_redundant=0,
    random_state=2,
)
X, y = pd.DataFrame(X), pd.DataFrame(y)

# Retrieve train and test sets
X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.4, random_state=42)

# Instantiate the model
model = LogisticRegression(n_bits=8)

# Fit the model
model.fit(X_train, y_train)

# Evaluate the model on the test set in clear
y_pred_clear = model.predict(X_test)

# Compile the model
model.compile(X_train.to_numpy())

# Perform the inference in FHE
y_pred_fhe = model.predict(X_test, execute_in_fhe=True)

# Assert that FHE predictions are the same as the clear predictions
print(
    f"{(y_pred_fhe == y_pred_clear).sum()} "
    f"examples over {len(y_pred_fhe)} have a FHE inference equal to the clear inference."
)

# Output:
    # 100 examples over 100 have a FHE inference equal to the clear inference.

Built-in Model Examples

FHE constraints considerations

In Concrete-ML, built-in linear models are exact equivalents to their scikit-learn counterparts. Indeed, since they do not apply any non-linearity during inference, these models are very fast (~1ms FHE inference time) and can use high precision integers (between 20-25 bits).

Tree-based models apply non-linear functions that enable comparisons of inputs and trained thresholds. Thus, they are limited with respect to the number of bits used to represent the inputs. But as these examples show, in practice 5-6 bits are sufficient to exactly reproduce the behavior of their scikit-learn counterpart models.

As shown in the examples below, built-in neural networks can be configured to work with user-specified accumulator sizes, which allow the user to adjust the speed/accuracy tradeoff.

List of examples

1. Linear and logistic regression

These examples show how to use the built-in linear models on synthetic data, which allows for easy visualization of the decision boundaries or trend lines. Executing these 1D and 2D models in FHE takes around 1 millisecond.

2. Generalized linear models

3. Decision tree

4. XGBoost and Random Forest classifier

5. XGBoost regression

6. Fully connected neural network

7. Comparison of classifiers

Based on three different synthetic data-sets, all the built-in classifiers are demonstrated in this notebook, showing accuracies, inference times, accumulator bit-widths, and decision boundaries.

Deep Learning

Using Torch

The following example uses a simple QAT PyTorch model that implements a fully connected neural network with two hidden layers. Due to its small size, making this model respect FHE constraints is relatively easy.

import brevitas.nn as qnn
import torch.nn as nn
import torch

N_FEAT = 12
n_bits = 3

class QATSimpleNet(nn.Module):
    def __init__(self, n_hidden):
        super().__init__()

        self.quant_inp = qnn.QuantIdentity(bit_width=n_bits, return_quant_tensor=True)
        self.fc1 = qnn.QuantLinear(N_FEAT, n_hidden, True, weight_bit_width=n_bits, bias_quant=None)
        self.quant2 = qnn.QuantIdentity(bit_width=n_bits, return_quant_tensor=True)
        self.fc2 = qnn.QuantLinear(n_hidden, n_hidden, True, weight_bit_width=n_bits, bias_quant=None)
        self.quant3 = qnn.QuantIdentity(bit_width=n_bits, return_quant_tensor=True)
        self.fc3 = qnn.QuantLinear(n_hidden, 2, True, weight_bit_width=n_bits, bias_quant=None)

    def forward(self, x):
        x = self.quant_inp(x)
        x = self.quant2(torch.relu(self.fc1(x)))
        x = self.quant3(torch.relu(self.fc2(x)))
        x = self.fc3(x)
        return x

from concrete.ml.torch.compile import compile_brevitas_qat_model
import numpy

torch_input = torch.randn(100, N_FEAT)
torch_model = QATSimpleNet(30)
quantized_numpy_module = compile_brevitas_qat_model(
    torch_model, # our model
    torch_input, # a representative input-set to be used for both quantization and compilation
    n_bits = n_bits,
)

The model can now be used to perform encrypted inference. Next, the test data is quantized:

x_test = numpy.array([numpy.random.randn(N_FEAT)])
x_test_quantized = quantized_numpy_module.quantize_input(x_test)

and the encrypted inference can be run using either:

quantized_numpy_module.forward_and_dequant() to compute predictions in the clear on quantized data, and then de-quantize the result. The return value of this function contains the dequantized (float) output of running the model in the clear. Calling the forward function on the clear data is useful when debugging. The results in FHE will be the same as those on clear quantized data.
quantized_numpy_module.forward_fhe.encrypt_run_decrypt() to perform the FHE inference. In this case, de-quantization is done in a second stage using quantized_numpy_module.dequantize_output().

Generic Quantization Aware Training import

While the example above shows how to import a Brevitas/PyTorch model, Concrete-ML also provides an option to import generic QAT models implemented either in PyTorch or through ONNX. Interestingly, deep learning models made with TensorFlow or Keras should be usable, by preliminary converting them to ONNX.

QAT models contain quantizers in the PyTorch graph. These quantizers ensure that the inputs to the Linear/Dense and Conv layers are quantized.

from concrete.ml.torch.compile import compile_torch_model
n_bits_qat = 3

quantized_numpy_module = compile_torch_model(
    torch_model,
    torch_input,
    import_qat=True,
    n_bits=n_bits_qat,
)

When importing QAT models using this generic pipeline, a representative calibration set should be given as quantization parameters in the model need to be inferred from the statistics of the values encountered during inference.

Supported operators and activations

Concrete-ML supports a variety of PyTorch operators that can be used to build fully connected or convolutional neural networks, with normalization and activation layers. Moreover, many element-wise operators are supported.

Operators

univariate operators

shape modifying operators

operators that take an encrypted input and unencrypted constants

Please note that Concrete-ML supports these operators but also the QAT equivalents from Brevitas.

brevitas.nn.QuantLinear
brevitas.nn.QuantConv2d

operators that can take both encrypted+unencrypted and encrypted+encrypted inputs

Quantizers

brevitas.nn.QuantIdentity

Activations

Note that the equivalent versions from torch.functional are also supported.

Using ONNX

ONNX models can be compiled by directly importing models that are already quantized with Quantization Aware Training (QAT) or by performing Post-Training Quantization (PTQ) with Concrete-ML.

Simple example

The following example shows how to compile an ONNX model using PTQ. The model was initially trained using Keras before being exported to ONNX. The training code is not shown here.

import numpy
import onnx
import tensorflow
import tf2onnx

from concrete.ml.torch.compile import compile_onnx_model
from concrete.numpy.compilation import Configuration


class FC(tensorflow.keras.Model):
    """A fully-connected model."""

    def __init__(self):
        super().__init__()
        hidden_layer_size = 10
        output_size = 5

        self.dense1 = tensorflow.keras.layers.Dense(
            hidden_layer_size,
            activation=tensorflow.nn.relu,
        )
        self.dense2 = tensorflow.keras.layers.Dense(output_size, activation=tensorflow.nn.relu6)
        self.flatten = tensorflow.keras.layers.Flatten()

    def call(self, inputs):
        """Forward function."""
        x = self.flatten(inputs)
        x = self.dense1(x)
        x = self.dense2(x)
        return self.flatten(x)


n_bits = 6
input_output_feature = 2
input_shape = (input_output_feature,)
num_inputs = 1
n_examples = 5000

# Define the Keras model
keras_model = FC()
keras_model.build((None,) + input_shape)
keras_model.compute_output_shape(input_shape=(None, input_output_feature))

# Create random input
input_set = numpy.random.uniform(-100, 100, size=(n_examples, *input_shape))

# Convert to ONNX
tf2onnx.convert.from_keras(keras_model, opset=14, output_path="tmp.model.onnx")

onnx_model = onnx.load("tmp.model.onnx")
onnx.checker.check_model(onnx_model)

# Compile
quantized_numpy_module = compile_onnx_model(
    onnx_model, input_set, n_bits=2
)

# Create test data from the same distribution and quantize using
# learned quantization parameters during compilation
x_test = tuple(numpy.random.uniform(-100, 100, size=(1, *input_shape)) for _ in range(num_inputs))
qtest = quantized_numpy_module.quantize_input(x_test)

y_clear = quantized_numpy_module(*qtest)
y_fhe = quantized_numpy_module.forward_fhe.encrypt_run_decrypt(*qtest)

print("Execution in clear: ", y_clear)
print("Execution in FHE:   ", y_fhe)
print("Equality:           ", numpy.sum(y_clear == y_fhe), "over", numpy.size(y_fhe), "values")

While Keras was used in this example, it is not officially supported as additional work is needed to test all of Keras' types of layer and models.

Quantization Aware Training

QAT models contain quantizers in the ONNX graph. These quantizers ensure that the inputs to the Linear/Dense and Conv layers are quantized. Since these QAT models have quantizers that are configured during training to a specific number of bits, the ONNX graph will need to be imported using the same settings:

n_bits_qat = 3  # number of bits for weights and activations during training

quantized_numpy_module = compile_onnx_model(
    onnx_model,
    input_set,
    n_bits=n_bits_qat,
)

Supported operators

The following operators are supported for evaluation and conversion to an equivalent FHE circuit. Other operators were not implemented, either due to FHE constraints or because they are rarely used in PyTorch activations or scikit-learn models.

Abs
Acos
Acosh
Add
Asin
Asinh
Atan
Atanh
AveragePool
BatchNormalization
Cast
Celu
Clip
Concat
Constant
Conv
Cos
Cosh
Div
Elu
Equal
Erf
Exp
Flatten
Floor
Gemm
Greater
GreaterOrEqual
HardSigmoid
HardSwish
Identity
LeakyRelu
Less
LessOrEqual
Log
MatMul
Max
MaxPool
Min
Mul
Neg
Not
Or
PRelu
Pad
Pow
ReduceSum
Relu
Reshape
Round
Selu
Sigmoid
Sign
Sin
Sinh
Softplus
Sub
Tan
Tanh
ThresholdedRelu
Transpose
Unsqueeze
Where
onnx.brevitas.Quant

Step-by-step Guide

This guide provides a complete example of converting a PyTorch neural network into its FHE-friendly, quantized counterpart. It focuses on Quantization Aware Training a simple network on a synthetic data-set.

In general, quantization can be carried out in two different ways: either during training with Quantization Aware Training (QAT) or after the training phase with Post-Training Quantization (PTQ).

Baseline PyTorch model

In PyTorch, using standard layers, a fully connected neural network would look as follows:

import torch
from torch import nn

IN_FEAT = 2
OUT_FEAT = 2

class SimpleNet(nn.Module):
    """Simple MLP with PyTorch"""

    def __init__(self, n_hidden = 30):
        super().__init__()
        self.fc1 = nn.Linear(in_features=IN_FEAT, out_features=n_hidden)
        self.fc2 = nn.Linear(in_features=n_hidden, out_features=n_hidden)
        self.fc3 = nn.Linear(in_features=n_hidden, out_features=OUT_FEAT)


    def forward(self, x):
        """Forward pass."""
        x = torch.relu(self.fc1(x))
        x = torch.relu(self.fc2(x))
        x = self.fc3(x)
        return x

neurons

100

fp32 accuracy

68.70%

83.32%

88.06%

3-bit accuracy

56.44%

55.54%

56.50%

mean accumulator size

6.6

6.9

7.4

This shows that the fp32 accuracy and accumulator size increases with the number of hidden neurons, while the 3-bit accuracy remains low irrespective of the number of neurons. While all the configurations tried here were FHE-compatible (accumulator < 16 bits), it is often preferable to have a lower accumulator size in order to speed up the inference time.

The accumulator size is determined by Concrete-Numpy as being the maximum bit-width encountered anywhere in the encrypted circuit.

Quantization Aware Training:

Brevitas provides a quantized version of almost all PyTorch layers (Linear layer becomes QuantLinear, ReLU layer becomes QuantReLU and so one), plus some extra quantization parameters, such as :

bit_width: precision quantization bits for activations
act_quant: quantization protocol for the activations
weight_bit_width: precision quantization bits for weights
weight_quant: quantization protocol for the weights

In order to use FHE, the network must be quantized from end to end, and thanks to the Brevitas's QuantIdentity layer, it is possible to quantize the input by placing it at the entry point of the network. Moreover, it is also possible to combine PyTorch and Brevitas layers, provided that a QuantIdentity is placed after this PyTorch layer. The following table gives the replacements to be made to convert a PyTorch NN for Concrete-ML compatibility.

Pytorch fp32 layer

Concrete-ML model with Pytorch/Brevitas

torch.nn.Linear

brevitas.quant.QuantLinear

torch.nn.Conv2d

brevitas.quant.Conv2d

torch.nn.AvgPool2d

torch.nn.AvgPool2d + brevitas.quant.QuantIdentity

torch.nn.ReLU

brevitas.quant.QuantReLU

Furthermore, some PyTorch operators (from the PyTorch functional API), require a brevitas.quant.QuantIdentity to be applied on their inputs.

PyTorch ops that require QuantIdentity

torch.transpose

torch.add (between two activation tensors)

torch.reshape

torch.flatten

The QAT import tool in Concrete-ML is a work in progress. While it has been tested with some networks built with Brevitas, it is possible to use other tools to obtain QAT networks.

For instance, with Brevitas, the network above becomes :

from brevitas import nn as qnn
from brevitas.core.quant import QuantType
from brevitas.quant import Int8ActPerTensorFloat, Int8WeightPerTensorFloat

N_BITS = 3
IN_FEAT = 2
OUT_FEAT = 2

class QuantSimpleNet(nn.Module):
    def __init__(
        self,
        n_hidden,
        qlinear_args={
            "weight_bit_width": N_BITS,
            "weight_quant": Int8WeightPerTensorFloat,
            "bias": True,
            "bias_quant": None,
            "narrow_range": True
        },
        qidentity_args={"bit_width": N_BITS, "act_quant": Int8ActPerTensorFloat},
    ):
        super().__init__()

        self.quant_inp = qnn.QuantIdentity(**qidentity_args)
        self.fc1 = qnn.QuantLinear(IN_FEAT, n_hidden, **qlinear_args)
        self.relu1 = qnn.QuantReLU(bit_width=qidentity_args["bit_width"])
        self.fc2 = qnn.QuantLinear(n_hidden, n_hidden, **qlinear_args)
        self.relu2 = qnn.QuantReLU(bit_width=qidentity_args["bit_width"])
        self.fc3 = qnn.QuantLinear(n_hidden, OUT_FEAT, **qlinear_args)

        for m in self.modules():
            if isinstance(m, qnn.QuantLinear):
                torch.nn.init.uniform_(m.weight.data, -1, 1)

    def forward(self, x):
        x = self.quant_inp(x)
        x = self.relu1(self.fc1(x))
        x = self.relu2(self.fc2(x))
        x = self.fc3(x)
        return x

Note that in the network above, biases are used for linear layers but are not quantized ("bias": True, "bias_quant": None). The addition of the bias is an univariate operation and is fused into the activation function.

Training this network with pruning (see below) with 30 out of 100 total non-zero neurons gives good accuracy while keeping the accumulator size low.

Non-zero neurons

3-bit accuracy brevitas

95.4%

3-bit accuracy in Concrete-ML

95.4%

Accumulator size

The PyTorch QAT training loop is the same as the standard floating point training loop, but hyper-parameters such as learning rate might need to be adjusted.

Quantization Aware Training is somewhat slower than normal training. QAT introduces quantization during both the forward and backward passes. The quantization process is inefficient on GPUs as its computational intensity is low with respect to data transfer time.

Pruning using torch

Considering that FHE only works with limited integer precision, there is a risk of overflowing in the accumulator, which will make Concrete-ML raise an error.

To understand how to overcome this limitation, consider a scenario where 2 bits are used for weights and layer inputs/outputs. The Linear layer computes a dot product between weights and inputs $y = \sum_i w_i x_i$ . With 2 bits, no overflow can occur during the computation of the Linear layer as long the number of neurons does not exceed 14, i.e. the sum of 14 products of 2-bit numbers does not exceed 7 bits.

By default, Concrete-ML uses symmetric quantization for model weights, with values in the interval $\left[-2^{n_{bits}-1}, 2^{n_{bits}-1}-1\right]$ . For example, for $n_{bits}=2$ the possible values are $[-2, -1, 0, 1]$ , for $n_{bits}=3$ the values can be $[-4,-3,-2,-1,0,1,2,3]$ .

However, in a typical setting, the weights will not all have the maximum or minimum values (e.g. $-2^{n_{bits}-1}$ ). Instead, weights typically have a normal distribution around 0, which is one of the motivating factors for their symmetric quantization. A symmetric distribution and many zero-valued weights are desirable because opposite sign weights can cancel each other out and zero weights do not increase the accumulator size.

The following code shows how to use pruning in the previous example:

import torch.nn.utils.prune as prune

class PrunedQuantNet(SimpleNet):
    """Simple MLP with PyTorch"""

    pruned_layers = set()

    def prune(self, max_non_zero):
        # Linear layer weight has dimensions NumOutputs x NumInputs
        for name, layer in self.named_modules():
            if isinstance(layer, nn.Linear):
                print(name, layer)
                num_zero_weights = (layer.weight.shape[1] - max_non_zero) * layer.weight.shape[0]
                if num_zero_weights <= 0:
                    continue
                print(f"Pruning layer {name} factor {num_zero_weights}")
                prune.l1_unstructured(layer, "weight", amount=num_zero_weights)
                self.pruned_layers.add(name)

    def unprune(self):
        for name, layer in self.named_modules():
            if name in self.pruned_layers:
                prune.remove(layer, "weight")
                self.pruned_layers.remove(name)

Results with PrunedQuantNet, a pruned version of the QuantSimpleNet with 100 neurons on the hidden layers, are given below, showing a mean accumulator size measured over 10 runs of the experiment:

Non-zero neurons

3-bit accuracy

82.50%

88.06%

Mean accumulator size

6.6

6.8

This shows that the fp32 accuracy has been improved while maintaining constant mean accumulator size.

When pruning a larger neural network during training, it is easier to obtain a low bit-width accumulator while maintaining better final accuracy. Thus, pruning is more robust than training a similar, smaller network.

Deep Learning Examples

FHE constraints considerations

Some examples constrain accumulators to 7-8 bits, which can be sufficient for simple data-sets. Up to 16-bit accumulators can be used, but this introduces a slowdown of 4-5x compared to 8-bit accumulators.

List of Examples

1. Step-by-step guide to building a custom NN

Shows how to use Quantization Aware Training and pruning when starting out from a classical PyTorch network. This example uses a simple data-set and a small NN, which achieves good accuracy with low accumulator size.

Debugging Models

This section provides a set of tools and guidelines to help users build optimized FHE-compatible models.

Virtual Library

The Virtual Lib can be useful when developing and iterating on an ML model implementation. For example, you can check that your model is compatible in terms of operands (all integers) with the Virtual Lib compilation. Then, you can check how many bits your ML model would require, which can give you hints about ways it could be modified to compile it to an actual FHE Circuit. As FHE non-linear models work with integers up to 16 bits, with a tradeoff between number of bits and FHE execution speed, the Virtual Lib can help to find the optimal model design.

The following example shows how to use the Virtual Lib in Concrete-ML. Simply add use_virtual_lib = True and enable_unsafe_features = True in a Configuration. The result of the compilation will then be a simulated circuit that allows for more precision or simulated FHE execution.

from sklearn.datasets import fetch_openml, make_circles
from concrete.ml.sklearn import RandomForestClassifier
from concrete.numpy import Configuration

debug_config = Configuration(
    enable_unsafe_features=True,
    use_insecure_key_cache=True,
    insecure_key_cache_location="~/.cml_keycache",
    p_error=None,
    global_p_error=None,
)

n_bits = 2
X, y = make_circles(n_samples=1000, noise=0.1, factor=0.6, random_state=0)
concrete_clf = RandomForestClassifier(
    n_bits=n_bits, n_estimators=10, max_depth=5
)
concrete_clf.fit(X, y)

concrete_clf.compile(X, debug_config, use_virtual_lib=True)

y_preds_clear = concrete_clf.predict(X)

Compilation debugging

The following example produces a neural network that is not FHE-compatible:

import numpy
import torch

from torch import nn
from concrete.ml.torch.compile import compile_torch_model

N_FEAT = 2
class SimpleNet(nn.Module):
    """Simple MLP with PyTorch"""

    def __init__(self, n_hidden=30):
        super().__init__()
        self.fc1 = nn.Linear(in_features=N_FEAT, out_features=n_hidden)
        self.fc2 = nn.Linear(in_features=n_hidden, out_features=n_hidden)
        self.fc3 = nn.Linear(in_features=n_hidden, out_features=2)


    def forward(self, x):
        """Forward pass."""
        x = torch.relu(self.fc1(x))
        x = torch.relu(self.fc2(x))
        x = self.fc3(x)
        return x


torch_input = torch.randn(100, N_FEAT)
torch_model = SimpleNet(120)
try:
    quantized_numpy_module = compile_torch_model(
        torch_model,
        torch_input,
        n_bits=7,
    )
except RuntimeError as err:
    print(err)

Upon execution, the compiler will raise the following error within the graph representation:

Function you are trying to compile cannot be converted to MLIR:

%0 = _onnx__Gemm_0                    # EncryptedTensor<int7, shape=(1, 2)>        ∈ [-64, 63]
%1 = [[ 33 -27  ...   22 -29]]        # ClearTensor<int7, shape=(2, 120)>          ∈ [-63, 62]
%2 = matmul(%0, %1)                   # EncryptedTensor<int14, shape=(1, 120)>     ∈ [-4973, 4828]
%3 = subgraph(%2)                     # EncryptedTensor<uint7, shape=(1, 120)>     ∈ [0, 126]
%4 = [[ 16   6  ...   10  54]]        # ClearTensor<int7, shape=(120, 120)>        ∈ [-63, 63]
%5 = matmul(%3, %4)                   # EncryptedTensor<int17, shape=(1, 120)>     ∈ [-45632, 43208]
%6 = subgraph(%5)                     # EncryptedTensor<uint7, shape=(1, 120)>     ∈ [0, 126]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ table lookups are only supported on circuits with up to 16-bit integers
%7 = [[ -7 -52] ... [-12  62]]        # ClearTensor<int7, shape=(120, 2)>          ∈ [-63, 62]
%8 = matmul(%6, %7)                   # EncryptedTensor<int16, shape=(1, 2)>       ∈ [-26971, 29843]
return %8

Knowing that a linear/dense layer is implemented as a matrix multiplication, it can determine which parts of the op-graph listing in the exception message above correspond to which layers.

Layer weights initialization:

%1 = [[ 33 -27  ...   22 -29]]        # ClearTensor<int7, shape=(2, 120)>         
%4 = [[ 16   6  ...   10  54]]        # ClearTensor<int7, shape=(120, 120)>   
%7 = [[ -7 -52] ... [-12  62]]        # ClearTensor<int7, shape=(120, 2)>

Input data:

%0 = _onnx__Gemm_0                    # EncryptedTensor<int7, shape=(1, 2)>

First dense layer and activation function:

%2 = matmul(%0, %1)                   # EncryptedTensor<int14, shape=(1, 120)>    
%3 = subgraph(%2)                     # EncryptedTensor<uint7, shape=(1, 120)>

Second dense layer and activation function:

%5 = matmul(%3, %4)                   # EncryptedTensor<int17, shape=(1, 120)>    
%6 = subgraph(%5)                     # EncryptedTensor<uint7, shape=(1, 120)>  
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ table lookups are only supported on circuits with up to 16-bit integers

Third dense layer:

%8 = matmul(%6, %7)                   # EncryptedTensor<int16, shape=(1, 2)> 
return %8

We can see here that the error is in the second layer because the product has exceeded the 16-bit precision limit. This error is only detected when the PBS operations are actually applied.

However, reducing the number of neurons in this layer resolves the error and makes the network FHE-compatible:

torch_model = SimpleNet(10)

quantized_numpy_module = compile_torch_model(
    torch_model,
    torch_input,
    n_bits=7,
)

Complexity analysis

In FHE, univariate functions are encoded as table lookups, which are then implemented using Programmable Bootstrapping (PBS). PBS is a powerful technique but will require significantly more computing resources, and thus time, than simpler encrypted operations such as matrix multiplications, convolution, or additions.

Furthermore, the cost of PBS will depend on the bit-width of the compiled circuit. Every additional bit in the maximum bit-width raises the complexity of the PBS by a significant factor. It may be of interest to the model developer, then, to determine the bit-width of the circuit and the amount of PBS it performs.

This can be done by inspecting the MLIR code produced by the compiler:

Concrete-ML model

torch_model = SimpleNet(10)

quantized_numpy_module = compile_torch_model(
    torch_model,
    torch_input,
    n_bits=7,
    show_mlir=True,
)

Compiled MLIR model

MLIR
--------------------------------------------------------------------------------
module {
  func.func @main(%arg0: tensor<1x2x!FHE.eint<15>>) -> tensor<1x2x!FHE.eint<15>> {
    %cst = arith.constant dense<16384> : tensor<1xi16>
    %0 = "FHELinalg.sub_eint_int"(%arg0, %cst) : (tensor<1x2x!FHE.eint<15>>, tensor<1xi16>) -> tensor<1x2x!FHE.eint<15>>
    %cst_0 = arith.constant dense<[[-13, 43], [-31, 63], [1, -44], [-61, 20], [31, 2]]> : tensor<5x2xi16>
    %cst_1 = arith.constant dense<[[-45, 57, 19, 50, -63], [32, 37, 2, 52, -60], [-41, 25, -1, 31, -26], [-51, -40, -53, 0, 4], [20, -25, 56, 54, -23]]> : tensor<5x5xi16>
    %cst_2 = arith.constant dense<[[-56, -50, 57, 37, -22], [14, -1, 57, -63, 3]]> : tensor<2x5xi16>
    %c16384_i16 = arith.constant 16384 : i16
    %1 = "FHELinalg.matmul_eint_int"(%0, %cst_2) : (tensor<1x2x!FHE.eint<15>>, tensor<2x5xi16>) -> tensor<1x5x!FHE.eint<15>>
    %cst_3 = tensor.from_elements %c16384_i16 : tensor<1xi16>
    %cst_4 = tensor.from_elements %c16384_i16 : tensor<1xi16>
    %2 = "FHELinalg.add_eint_int"(%1, %cst_4) : (tensor<1x5x!FHE.eint<15>>, tensor<1xi16>) -> tensor<1x5x!FHE.eint<15>>
    %cst_5 = arith.constant

: tensor<5x32768xi64>
    %cst_6 = arith.constant dense<[[0, 1, 2, 3, 4]]> : tensor<1x5xindex>
    %3 = "FHELinalg.apply_mapped_lookup_table"(%2, %cst_5, %cst_6) : (tensor<1x5x!FHE.eint<15>>, tensor<5x32768xi64>, tensor<1x5xindex>) -> tensor<1x5x!FHE.eint<15>>
    %4 = "FHELinalg.matmul_eint_int"(%3, %cst_1) : (tensor<1x5x!FHE.eint<15>>, tensor<5x5xi16>) -> tensor<1x5x!FHE.eint<15>>
    %5 = "FHELinalg.add_eint_int"(%4, %cst_3) : (tensor<1x5x!FHE.eint<15>>, tensor<1xi16>) -> tensor<1x5x!FHE.eint<15>>
    %cst_7 = arith.constant

: tensor<5x32768xi64>
    %6 = "FHELinalg.apply_mapped_lookup_table"(%5, %cst_7, %cst_6) : (tensor<1x5x!FHE.eint<15>>, tensor<5x32768xi64>, tensor<1x5xindex>) -> tensor<1x5x!FHE.eint<15>>
    %7 = "FHELinalg.matmul_eint_int"(%6, %cst_0) : (tensor<1x5x!FHE.eint<15>>, tensor<5x2xi16>) -> tensor<1x2x!FHE.eint<15>>
    return %7 : tensor<1x2x!FHE.eint<15>>

  }
}
--------------------------------------------------------------------------------

There are several calls to FHELinalg.apply_mapped_lookup_table and FHELinalg.apply_lookup_table. These calls apply PBS to the cells of their input tensors. Their inputs in the listing above are: tensor<1x2x!FHE.eint<8>> for the first and last call and tensor<1x50x!FHE.eint<8>> for the two calls in the middle. Thus, PBS is applied 104 times.

Retrieving the bit-width of the circuit is then simply:

print(quantized_numpy_module.forward_fhe.graph.maximum_integer_bit_width())

Decreasing the number of bits and the number of PBS applications induces large reductions in the computation time of the compiled circuit.

Advanced topics

Quantization

Quantization is the process of constraining an input from a continuous or otherwise large set of values (such as real numbers) to a discrete set (such as integers).

This means that some accuracy in the representation is lost (e.g. a simple approach is to eliminate least-significant bits). However, in many cases in machine learning, it is possible to adapt the models to give meaningful results while using these smaller data types. This significantly reduces the number of bits necessary for intermediary results during the execution of these machine learning models.

Since FHE is currently limited to 16-bit integers, it is necessary to quantize models to make them compatible. As a general rule, the smaller the bit-width of integer values used in models, the better the FHE performance. This trade-off should be taken into account when designing models, especially neural networks.

Overview of quantization in Concrete ML

Quantization implemented in Concrete-ML is applied in two ways:

Built-in models apply quantization internally and the user only needs to configure some quantization parameters. This approach requires little work by the user but may not be a one-size-fits-all solution for all types of models. The final quantized model is FHE-friendly and ready to predict over encrypted data. In this setting, Post-Training Quantization (PTQ) is for linear models, data quantization is used for tree-based models and, finally, Quantization Aware Training (QAT) is included in the built-in neural network models.

While Concrete-ML quantizes machine learning models, the data the client has is often in floating point. The Concrete-ML models provide APIs to quantize inputs and de-quantize outputs.

Please note that the floating point input is quantized in the clear, i.e. it is converted to integers before being encrypted. Moreover, the model's output are also integers and are decrypted before de-quantization.

Basics of quantization

Let $[\alpha, \beta ]$ be the range of a value to quantize where $\alpha$ is the minimum and $\beta$ is the maximum. To quantize a range of floating point values (in $\mathbb{R}$ ) to integer values (in $\mathbb{Z}$ ), the first step is to choose the data type that is going to be used. Many ML models work with weights and activations represented as 8-bit integers, so this will be the value used in this example. Knowing the number of bits that can be used for a value in the range $[\alpha, \beta ]$ , the scale $S$ can be computed :

$S = \frac{\beta - \alpha}{2^n - 1}$

where $n$ is the number of bits ( $n \leq 8$ ). For the sake of example, let's take $n = 8$ .

In practice, the quantization scale is then $S = \frac{\beta - \alpha}{255}$ . This means the gap between consecutive representable values cannot be smaller than $S$ , which, in turn, means there can be a substantial loss of precision. Every interval of length $S$ will be represented by a value within the range $[0..255]$ .

The other important parameter from this quantization schema is the zero point $Z_p$ value. This essentially brings the 0 floating point value to a specific integer. If the quantization scheme is asymmetric (quantized values are not centered in 0), the resulting $Z_p$ will be in $\mathbb{Z}$ .

$Z_p = \mathtt{round} \left(- \frac{\alpha}{S} \right)$

Configuring model quantization parameters

Built-in models provide a simple interface for configuring quantization parameters, most notably the number of bits used for inputs, model weights, intermediary values, and output values.

For linear models, n_bits is used to quantize both model inputs and weights. Depending on the number of features, you can use a single integer value for the n_bits parameter (e.g. a value between 2 and 7). When the number of features is high, the n_bits parameter should be decreased if you encounter compilation errors. It is also possible to quantize inputs and weights with different numbers of bits by passing a dictionary to n_bits containing the op_inputs and op_weights keys.

Tree-based models can directly control the accumulator bit-width used. However, if 6 or 7 bits are not sufficient to obtain good accuracy on your data-set, one option is to use an ensemble model (RandomForest or XGBoost) and increase the number of trees in the ensemble. This, however, will have a detrimental impact on FHE execution speed.

Note that for built-in neural networks, the maximum accumulator bit-width cannot be precisely controlled. To use many input features and a high number of bits is beneficial for model accuracy, but it can conflict with the 16-bit accumulator constraint. Finding the best quantization parameters to maximize accuracy, while keeping the accumulator size down, can only be accomplished through experimentation.

Quantizing model inputs and outputs

The models implemented in Concrete-ML provide features to let the user quantize the input data and de-quantize the output data.

Here is a simple example showing how to perform inference, starting from float values and ending up with float values. Note that the FHE engine that is compiled for the ML models does not support data batching.

# Assume quantized_module : QuantizedModule
#        data: numpy.ndarray of float

# Quantization is done in the clear
x_test_q = quantized_module.quantize_input(data)

for i in range(x_test_q.shape[0]):
    # Inputs must have size (1 x N) or (1 x C x H x W), we add the batch dimension with N=1
    x_q = np.expand_dims(x_test_q[i, :], 0)

    # Execute the model in FHE
    out_fhe = quantized_module.forward_fhe.encrypt_run_decrypt(x_q)

    # Dequantization is done in the clear
    output = quantized_module.dequantize_output(out_fhe)

    # For classifiers with multi-class outputs, the arg max is done in the clear
    y_pred = np.argmax(output, 1)

Resources

Pruning

Overview of pruning in Concrete ML

Pruning is used in Concrete-ML for two types of neural networks:

Basics of pruning

In neural networks, a neuron computes a linear combination of inputs and learned weights, then applies an activation function.

The neuron computes:

$y_k = \phi\left(\sum_i w_ix_i\right)$

When building a full neural network, each layer will contain multiple neurons, which are connected to the inputs or to the neuron outputs of a previous layer.

For every neuron shown in each layer of the figure above, the linear combinations of inputs and learned weights are computed. Depending on the values of the inputs and weights, the sum $v_k = \sum_i w_ix_i$ - which for Concrete-ML neural networks is computed with integers - can take a range of different values.

Pruning a neural network entails fixing some of the weights $w_k$ to be zero during training. This is advantageous to meet FHE constraints, as irrespective of the distribution of $x_i$ , multiplying these input values by 0 does not increase the accumulator value.

Fixing some of the weights to 0 makes the network graph look more similar to the following:

Pruning in practice

In the formula above, in the worst case, the maximum number of the input and weights that can make the result exceed $n$ bits is given by:

$\Omega = \mathsf{floor} \left( \frac{2^{n_{\mathsf{max}}} - 1}{(2^{n_{\mathsf{weights}}} - 1)(2^{n_{\mathsf{inputs}}} - 1)} \right)$

Here, $n_{\mathsf{max}} = 16$ is the maximum precision allowed.

For example, if $n_{\mathsf{weights}} = 2$ and $n_{\mathsf{inputs}} = 2$ with $n_{\mathsf{max}} = 16$ , the worst case is where all inputs and weights are equal to their maximal value $2^2-1=3$ . In this case, there can be at most $\Omega = 7281$ elements in the multi-sums.

In practice, the distribution of the weights of a neural network is Gaussian, with many weights either 0 or having a small value. This enables exceeding the worst-case number of active neurons without having to risk overflowing the bit-width. In built-in neural networks, the parameter n_hidden_neurons_multiplier is multiplied with $\Omega$ to determine the total number of non-zero weights that should be kept in a neuron.

Compilation

Compilation of a model produces machine code that executes the model on encrypted data. In some cases, notably in the client/server setting, the compilation can be done by the server when loading the model for serving.

As FHE execution is much slower than execution on non-encrypted data, Concrete-ML has a simulation mode, using an execution mode named the Virtual Library. Since, by default, the cryptographic parameters are chosen such that the results obtained in FHE are the same as those on clear data, the Virtual Library allows you to benchmark models quickly during development.

Compilation

From the perspective of the Concrete-ML user, the compilation process performed by Concrete-Numpy can be broken up into 3 steps:

tracing the Numpy program and creating a Concrete-Numpy op-graph
checking the op-graph for FHE compatability
producing machine code for the op-graph (this step automatically determines cryptographic parameters)

Simulation with the Virtual Library

The result of this single step of the compilation pipeline allows the:

verification of the maximum bit-width of the op-graph, to determine FHE compatibility, without actually compiling the circuit to machine code.

Enabling Virtual Library execution requires the definition of a compilation Configuration. As simulation does not execute in FHE, this can be considered unsafe:

Next, the following code uses the simulation mode for built-in models:

And finally, for custom models, it is possible to enable simulation using the following syntax:

Obtaining the simulated predictions of the models using the Virtual Library has the same syntax as execution in FHE:

Moreover, the maximum accumulator bit-width is determined as follows:

A simple Concrete-Numpy example

Production Deployment

Concrete-ML provides functionality to deploy FHE machine learning models in a client/server setting. The deployment workflow and model serving pattern is as follows:

Deployment

The diagram above shows the steps that a developer goes through to prepare a model for encrypted inference in a client/server setting. The training of the model and its compilation to FHE are performed on a development machine. Three different files are created when saving the model:

client.zip contains client.specs.json which lists the secure cryptographic parameters needed for the client to generate private and evaluation keys.
serialized_processing.json describes the pre-processing and post-processing required by the machine learning model, such as quantization parameters to quantize the input and de-quantize the output. It should be deployed in the same way as client.zip.
server.zip contains the compiled model. This file is sufficient to run the model on a server. The compiled model is machine-architecture specific (i.e. a model compiled on x86 cannot run on ARM).

The compiled model (server.zip) is deployed to a server and the cryptographic parameters (client.zip), along with the model metadata (serialized_processing.json), are shared with the clients. In some settings, such as a phone application, the client.zip can be directly deployed on the client device and the server does not need to host it.

Serving

The client-side deployment of a secured inference machine learning model follows the schema above. First, the client obtains the cryptographic parameters (stored in client.zip) and generates a private encryption/decryption key as well as a set of public evaluation keys. The public evaluation keys are then sent to the server, while the secret key remains on the client.

The private data is then encrypted by the client as described in serialized_processing.json, and it is then sent to the server. Server-side, the FHE model inference is run on encrypted inputs using the public evaluation keys.

The encrypted result is then returned by the server to the client, which decrypts it using its private key. Finally, the client performs any necessary post-processing of the decrypted result as specified in serialized_processing.json.

The server-side implementation of a Concrete-ML model follows the diagram above. The public evaluation keys sent by clients are stored. They are then retrieved for the client that is querying the service and used to evaluate the machine learning model stored in server.zip. Finally, the server sends the encrypted result of the computation back to the client.

Example notebook

Advanced Features

Concrete-ML offers some features for advanced users that wish to adjust the cryptographic parameters that are generated by the Concrete stack for a certain machine learning model.

Approximate computations

Probability of errors

Concrete-ML makes use of table lookups (TLUs) to represent any non-linear operation (e.g. sigmoid). TLUs are implemented through the Programmable Bootstrapping (PBS) operation which will apply a non-linear operation in the cryptographic realm.

The result of TLU operations is obtained with a specific error probability. Concrete-ML offers the possibility to set this error probability, which influences the cryptographic parameters. The higher the success rate, the more restrictive the parameters become. This can affect both key generation and, more significantly, FHE execution time.

In Concrete-ML, there are three different ways to define the error probability:

p_error and global_p_error are somehow two concurrent parameters, in the sense they both have an impact on the choice of cryptographic parameters. To avoid a mistake, it is forbidden in Concrete-ML to set both p_error and global_p_errorsimultaneously.

An error probability for an individual TLU

The first way to set error probabilities in Concrete-ML is at the local level, by directly setting the probability of error of each individual TLU. This probability is referred to as p_error. A given PBS operation has a 1 - p_error chance of being successful. The successful evaluation here means that the value decrypted after FHE evaluation is exactly the same as the one that one would compute in the clear.

Here is a visualization of the effect of the p_error on a neural network model with a p_error = 0.1 compared to execution in the clear (i.e. no error):

Varying the p_error in the one hidden-layer neural network above produces the following inference times. Increasing p_error to 0.1 halves the inference time with respect to a p_error of 0.001. Note, in the graph above, that the decision boundary becomes noisier with higher p_error.

The speedup is dependent on model complexity, but, in an iterative approach, it is possible to search for a good value of p_error to obtain a speedup while maintaining good accuracy. Currently, no heuristic has been proposed to find a good value a priori.

Users have the possibility to change this p_error as they see fit, by passing an argument to the compile function of any of the models. Here is an example:

A global error probability for the entire model

A global_p_error is also available and defines the probability of success for the entire model. Here, the p_error for every PBS is computed internally in Concrete-Numpy such that the global_p_error is reached.

There might be cases where the user encounters a No cryptography parameter found error message. In such a case, increasing the p_error or the global_p_error might help.

Usage is similar to the p_error parameter:

In the above example, XGBoostClassifier in FHE has a 1/10 probability to have a shifted output value compared to the expected value. Note that the shift is relative to the expected value, so even if the result is different, it should be around the expected value.

The global_p_error parameter is only used for FHE evaluation and has no effect on VL simulation (unlike the p_error). Fixing it is in our roadmap.

Using default error probability

If neither p_error or global_p_error are set, Concrete-ML takes a default global_p_error = 0.01.

Seeing compilation information

By using verbose_compilation = True and show_mlir = True during compilation, the user receives a lot of information from the compiler and its inner optimizer. These options are, however, mainly meant for power-users, so they may be hard to understand.

Here, one will see:

the computation graph, typically

the MLIR, produced by Concrete-Numpy and given to the compiler

information from the optimizer (including cryptographic parameters):

In this latter optimization, the following information will be provided:

The bit-width ("6 bits integers") used in the program: for the moment, the compiler only supports a single precision (i.e. that all PBS are promoted to the same bit-width - the largest one). Therefore, this bit-width predominantly drives the speed of the program, and it is essential to attempt to reduce it as much as possible for fast execution.
The maximal norm2 ("7 manp"), which has an impact on the crypto parameters: The larger this norm2, the slower PBS will be. The norm2 is related to the norm of some constants appearing in your program, in a way which will be clarified in the compiler documentation.
The probability of error of an individual PBS, which was requested by the user ("3.300000e-02 error per pbs call" in User Config)
The probability of error of the full circuit, which was requested by the user ("1.000000e+00 error per circuit call" in User Config): Here, the probability 1 stands for "not used", since we had set the individual probability.
The probability of error of an individual PBS, which is found by the optimizer ("1/30 errors (3.234529e-02)"
The probability of error of the full circuit which is found by the optimizer ("1/10 errors (9.390887e-02)")
An estimation of the cost of the circuit ("4.214000e+02 Millions Operations"): Large values indicate a circuit that will execute more slowly.

and, for cryptographers only, some information about cryptographic parameters:

1x glwe_dimension
2**11 polynomial (2048)
762 lwe dimension
keyswitch l,b=5,3
blindrota l,b=2,15
wopPbs : false

Once again, this optimizer feedback is a work in progress and will be modified and improved in future releases.

Developer Guide

Workflow

Set Up the Project

Concrete-ML is a Python library, so Python should be installed to develop Concrete-ML. v3.8 and v3.9 are the only supported versions. Concrete-ML also uses Poetry and Make.

First of all, you need to git clone the project:

Automatic installation

For Windows users, the setup_os_deps.sh script does not install dependencies because of how many different installation methods there are due to the lack of a single package manager.

Manual installation

Python

Poetry

As there is no concrete-compiler package for Windows, only the dev dependencies can be installed. This requires Poetry >= 1.2.

make

The dev tools use make to launch various commands.

On Linux, you can install make from your distribution's preferred package manager.

On macOS, you can install a more recent version of make via brew:

In the following sections, be sure to use the proper make tool for your system: make, gmake, or other.

Cloning the repository

To get the source code of Concrete-ML, clone the code repository using the link for your favorite communication protocol (ssh or https).

Setting up environment on your host OS

We are going to make use of virtual environments. This helps to keep the project isolated from other Python projects in the system. The following commands will create a new virtual environment under the project directory and install dependencies to it.

The following command will not work on Windows if you don't have Poetry >= 1.2.

Activating the environment

Finally, activate the newly created environment using the following command:

macOS or Linux

Windows

Setting up environment on Docker

Docker automatically creates and sources a venv in ~/dev_venv/

The venv persists thanks to volumes. It also creates a volume for ~/.cache to speedup later reinstallations. You can check which Docker volumes exist with:

You can still run all make commands inside Docker (to update the venv, for example). Be mindful of the current venv being used (the name in parentheses at the beginning of your command prompt).

Leaving the environment

After your work is done, you can simply run the following command to leave the environment:

Syncing environment with the latest changes

From time to time, new dependencies will be added to the project or the old ones will be removed. The command below will make sure the project has the proper environment, so run it regularly!

Troubleshooting your environment

in your OS

If you are having issues, consider using the dev Docker exclusively (unless you are working on OS-specific bug fixes or features).

Here are the steps you can take on your OS to try and fix issues:

in Docker

Here are the steps you can take in your Docker to try and fix issues:

If the problem persists at this point, you should ask for help. We're here and ready to assist!

Set Up Docker

Building the image

Once you do that, you can get inside the Docker environment using the following command:

make docker_start

# or build and start at the same time
make docker_build_and_start

# or equivalently but shorter
make docker_bas

After you finish your work, you can leave Docker by using the exit command or by pressing CTRL + D.

Documentation

Using GitBook

Documentation with GitBook is done mainly by pushing content on GitHub. GitBook then pulls the docs from the repository and publishes. In most cases, GitBook is just a mirror of what is available in GitHub.

There are, however, some use-cases where documentation can be modified directly in GitBook (and, then, push the modifications to GitHub), for example when the documentation is modified by a person outside of Zama. In this case, a GitHub branch is created, and a GitHub space is associated to it: modifications are done in this space and automatically pushed to the branch. Once the modifications have been completed, one can simply create a pull-request, to finally merge modifications on the main branch.

Using Sphinx

Documentation can alternatively be built using Sphinx:

The documentation contains both files written by hand by developers (the .md files) and files automatically created by parsing the source files.

Then to open it, go to docs/_build/html/index.html or use the follwing command:

To build and open the docs at the same time, use:

Contributing

There are three ways to contribute to Concrete-ML:

You can open issues to report bugs and typos and to suggest ideas.
You can also provide new tutorials or use-cases, showing what can be done with the library. The more examples we have, the better and clearer it is for the other users.

1. Creating a new branch

To create your branch, you have to use the issue ID somewhere in the branch name:

e.g.

2. Before committing

2.1 Conformance

Each commit to Concrete-ML should conform to the standards of the project. You can let the development tools fix some issues automatically with the following command:

Conformance can be checked using the following command:

2.2 Testing

Your code must be well documented, containing tests and not breaking other tests:

You need to make sure you get 100% code coverage. The make pytest command checks that by default and will fail with a coverage report at the end should some lines of your code not be executed during testing.

If your coverage is below 100%, you should write more tests and then create the pull request. If you ignore this warning and create the PR, GitHub actions will fail and your PR will not be merged.

There may be cases where covering your code is not possible (an exception that cannot be triggered in normal execution circumstances). In those cases, you may be allowed to disable coverage for some specific lines. This should be the exception rather than the rule, and reviewers will ask why some lines are not covered. If it appears they can be covered, then the PR won't be accepted in that state.

3. Committing

Concrete-ML uses a consistent commit naming scheme, and you are expected to follow it as well (the CI will make sure you do). The accepted format can be printed to your terminal by running:

e.g.

4. Rebasing

You should rebase on top of the main branch before you create your pull request. Merge commits are not allowed, so rebasing on main before pushing gives you the best chance of to avoid rewriting parts of your PR later if conflicts arise with other PRs being merged. After you commit changes to your new branch, you can use the following commands to rebase:

Inner Workings

Importing ONNX

As ONNX is becoming the standard exchange format for neural networks, this allows Concrete-ML to be flexible while also making model representation manipulation easy. In addition, it allows for straight-forward mapping to NumPy operators, supported by Concrete-Numpy to use Concrete stack's FHE-conversion capabilities.

Torch to NumPy conversion using ONNX

The diagram below gives an overview of the steps involved in the conversion of an ONNX graph to a FHE-compatible format (i.e. a format that can be compiled to FHE through Concrete-Numpy).

All Concrete-ML built-in models follow the same pattern for FHE conversion:

The models are trained with sklearn or PyTorch.
The Concrete-ML ONNX parser checks that all the operations in the ONNX graph are supported and assigns reference NumPy operations to them. This step produces a NumpyModule.
Once the QuantizedModule is built, Concrete-Numpy is used to trace the ._forward() function of the QuantizedModule.

Once an ONNX model is imported, it is converted to a NumpyModule, then to a QuantizedModule and, finally, to a FHE circuit. However, as the diagram shows, it is perfectly possible to stop at the NumpyModule level if you just want to run the PyTorch model as NumPy code without doing quantization.

Inspecting the ONNX models

concrete.ml.pytest.torch_models.md

x: the input of the NN

Returns: the output of the NN

class `NetWithLoops`

Torch model, where we reuse some elements in a loop.

Torch model, where we reuse some elements in a loop in the forward and don't expect the user to define these elements in a particular order.

method `init`

method `forward`

Forward pass.

Args:

x: the input of the NN

Returns: the output of the NN

class `MultiInputNN`

Torch model to test multiple inputs forward.

method `init`

method `forward`

Forward pass.

Args:

x: the first input of the NN
y: the second input of the NN

Returns: the output of the NN

class `BranchingModule`

Torch model with some branching and skip connections.

method `init`

method `forward`

Forward pass.

Args:

x: the input of the NN

Returns: the output of the NN

class `BranchingGemmModule`

Torch model with some branching and skip connections.

method `init`

method `forward`

Forward pass.

Args:

x: the input of the NN

Returns: the output of the NN

class `UnivariateModule`

Torch model that calls univariate and shape functions of torch.

method `init`

method `forward`

Forward pass.

Args:

x: the input of the NN

Returns: the output of the NN

class `StepActivationModule`

Torch model implements a step function that needs Greater, Cast and Where.

method `init`

method `forward`

Forward pass with a quantizer built into the computation graph.

Args:

x: the input of the NN

Returns: the output of the NN

class `NetWithConcatUnsqueeze`

Torch model to test the concat and unsqueeze operators.

method `init`

method `forward`

Forward pass.

Args:

x: the input of the NN

Returns: the output of the NN

class `MultiOpOnSingleInputConvNN`

Network that applies two quantized operations on a single input.

method `init`

method `forward`

Forward pass.

Args:

x: the input of the NN

Returns: the output of the NN

class `FCSeq`

Torch model that should generate MatMul->Add ONNX patterns.

This network generates additions with a constant scalar

method `init`

method `forward`

Forward pass.

Args:

x: the input of the NN

Returns: the output of the NN

class `FCSeqAddBiasVec`

Torch model that should generate MatMul->Add ONNX patterns.

This network tests the addition with a constant vector

method `init`

method `forward`

Forward pass.

Args:

x: the input of the NN

Returns: the output of the NN

class `TinyCNN`

A very small CNN.

method `init`

Create the tiny CNN with two conv layers.

Args:

n_classes: number of classes
act: the activation

method `forward`

Forward the two layers with the chosen activation function.

Args:

x: the input of the NN

Returns: the output of the NN

class `TinyQATCNN`

A very small QAT CNN to classify the sklearn digits dataset.

This class also allows pruning to a maximum of 10 active neurons, which should help keep the accumulator bit-width low.

method `init`

Construct the CNN with a configurable number of classes.

Args:

n_classes (int): number of outputs of the neural net
n_bits (int): number of weight and activation bits for quantization
n_active (int): number of active (non-zero weight) neurons to keep
signed (bool): whether quantized integer values are signed
narrow (bool): whether the range of quantized integer values is narrow/symmetric

method `forward`

Run inference on the tiny CNN, apply the decision layer on the reshaped conv output.

Args:

x: the input to the NN

Returns: the output of the NN

method `test_torch`

Test the network: measure accuracy on the test set.

Args:

test_loader: the test loader

Returns:

res: the number of correctly classified test examples

method `toggle_pruning`

Enable or remove pruning.

Args:

enable: if we enable the pruning or not

class `SimpleQAT`

Torch model implements a step function that needs Greater, Cast and Where.

method `init`

method `forward`

Forward pass with a quantizer built into the computation graph.

Args:

x: the input of the NN

Returns: the output of the NN

class `QATTestModule`

Torch model that implements a simple non-uniform quantizer.

method `init`

method `forward`

Forward pass with a quantizer built into the computation graph.

Args:

x: the input of the NN

Returns: the output of the NN

class `SingleMixNet`

Torch model that with a single conv layer that produces the output, e.g. a blur filter.

method `init`

method `forward`

Execute the single convolution.

Args:

x: the input of the NN

Returns: the output of the NN

class `TorchSum`

Torch model to test the ReduceSum ONNX operator in a leveled circuit.

method `init`

Initialize the module.

Args:

dim (Tuple[int]): The axis along which the sum should be executed
keepdim (bool): If the output should keep the same dimension as the input or not

method `forward`

Forward pass.

Args:

x (torch.tensor): The input of the model

Returns:

torch_sum (torch.tensor): The sum of the input's tensor elements along the given axis

class `TorchSumMod`

Torch model to test the ReduceSum ONNX operator in a circuit containing a PBS.

method `init`

Initialize the module.

Args:

dim (Tuple[int]): The axis along which the sum should be executed
keepdim (bool): If the output should keep the same dimension as the input or not

method `forward`

Forward pass.

Args:

x (torch.tensor): The input of the model

Returns:

torch_sum (torch.tensor): The sum of the input's tensor elements along the given axis

concrete.ml.onnx.ops_impl.md

module `concrete.ml.onnx.ops_impl`

ONNX ops implementation in python + numpy.

function `cast_to_float`

Cast values to floating points.

Args:

inputs (Tuple[numpy.ndarray]): The values to consider.

Returns:

Tuple[numpy.ndarray]: The float values.

function `onnx_func_raw_args`

Decorate a numpy onnx function to flag the raw/non quantized inputs.

Args:

*args (tuple[Any]): function argument names

Returns:

result (ONNXMixedFunction): wrapped numpy function with a list of mixed arguments

function `numpy_where_body`

Compute the equivalent of numpy.where.

This function is not mapped to any ONNX operator (as opposed to numpy_where). It is usable by functions which are mapped to ONNX operators, e.g. numpy_div or numpy_where.

Args:

c (numpy.ndarray): Condition operand.
t (numpy.ndarray): True operand.
f (numpy.ndarray): False operand.

Returns:

numpy.ndarray: numpy.where(c, t, f)

function `numpy_where`

Compute the equivalent of numpy.where.

Args:

c (numpy.ndarray): Condition operand.
t (numpy.ndarray): True operand.
f (numpy.ndarray): False operand.

Returns:

numpy.ndarray: numpy.where(c, t, f)

function `numpy_add`

Compute add in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Add-13

Args:

a (numpy.ndarray): First operand.
b (numpy.ndarray): Second operand.

Returns:

Tuple[numpy.ndarray]: Result, has same element type as two inputs

function `numpy_constant`

Return the constant passed as a kwarg.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Constant-13

Args:

**kwargs: keyword arguments

Returns:

Any: The stored constant.

function `numpy_matmul`

Compute matmul in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#MatMul-13

Args:

a (numpy.ndarray): N-dimensional matrix A
b (numpy.ndarray): N-dimensional matrix B

Returns:

Tuple[numpy.ndarray]: Matrix multiply results from A * B

function `numpy_relu`

Compute relu in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Relu-14

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_sigmoid`

Compute sigmoid in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Sigmoid-13

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_softmax`

Compute softmax in numpy according to ONNX spec.

Softmax is currently not supported in FHE.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#softmax-13

Args:

x (numpy.ndarray): Input tensor
axis (None, int, tuple of int): Axis or axes along which a softmax's sum is performed. If None, it will sum all of the elements of the input array. If axis is negative it counts from the last to the first axis. Default to 1.
keepdims (bool): If True, the axes which are reduced along the sum are left in the result as dimensions with size one. Default to True.

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_cos`

Compute cos in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Cos-7

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_cosh`

Compute cosh in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Cosh-9

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_sin`

Compute sin in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Sin-7

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_sinh`

Compute sinh in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Sinh-9

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_tan`

Compute tan in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Tan-7

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_tanh`

Compute tanh in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Tanh-13

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_acos`

Compute acos in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Acos-7

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_acosh`

Compute acosh in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Acosh-9

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_asin`

Compute asin in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Asin-7

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_asinh`

Compute sinh in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Asinh-9

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_atan`

Compute atan in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Atan-7

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_atanh`

Compute atanh in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Atanh-9

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_elu`

Compute elu in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Elu-6

Args:

x (numpy.ndarray): Input tensor
alpha (float): Coefficient

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_selu`

Compute selu in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Selu-6

Args:

x (numpy.ndarray): Input tensor
alpha (float): Coefficient
gamma (float): Coefficient

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_celu`

Compute celu in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Celu-12

Args:

x (numpy.ndarray): Input tensor
alpha (float): Coefficient

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_leakyrelu`

Compute leakyrelu in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#LeakyRelu-6

Args:

x (numpy.ndarray): Input tensor
alpha (float): Coefficient

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_thresholdedrelu`

Compute thresholdedrelu in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#ThresholdedRelu-10

Args:

x (numpy.ndarray): Input tensor
alpha (float): Coefficient

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_hardsigmoid`

Compute hardsigmoid in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#HardSigmoid-6

Args:

x (numpy.ndarray): Input tensor
alpha (float): Coefficient
beta (float): Coefficient

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_softplus`

Compute softplus in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Softplus-1

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_abs`

Compute abs in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Abs-13

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_div`

Compute div in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Div-14

Args:

a (numpy.ndarray): Input tensor
b (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_mul`

Compute mul in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Mul-14

Args:

a (numpy.ndarray): Input tensor
b (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_sub`

Compute sub in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Sub-14

Args:

a (numpy.ndarray): Input tensor
b (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_log`

Compute log in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Log-13

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_erf`

Compute erf in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Erf-13

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_hardswish`

Compute hardswish in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#hardswish-14

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_exp`

Compute exponential in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Exp-13

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: The exponential of the input tensor computed element-wise

function `numpy_equal`

Compute equal in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Equal-11

Args:

x (numpy.ndarray): Input tensor
y (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_not`

Compute not in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Not-1

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_not_float`

Compute not in numpy according to ONNX spec and cast outputs to floats.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Not-1

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_greater`

Compute greater in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Greater-13

Args:

x (numpy.ndarray): Input tensor
y (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_greater_float`

Compute greater in numpy according to ONNX spec and cast outputs to floats.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Greater-13

Args:

x (numpy.ndarray): Input tensor
y (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_greater_or_equal`

Compute greater or equal in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#GreaterOrEqual-12

Args:

x (numpy.ndarray): Input tensor
y (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_greater_or_equal_float`

Compute greater or equal in numpy according to ONNX specs and cast outputs to floats.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#GreaterOrEqual-12

Args:

x (numpy.ndarray): Input tensor
y (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_less`

Compute less in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Less-13

Args:

x (numpy.ndarray): Input tensor
y (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_less_float`

Compute less in numpy according to ONNX spec and cast outputs to floats.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Less-13

Args:

x (numpy.ndarray): Input tensor
y (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_less_or_equal`

Compute less or equal in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#LessOrEqual-12

Args:

x (numpy.ndarray): Input tensor
y (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_less_or_equal_float`

Compute less or equal in numpy according to ONNX spec and cast outputs to floats.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#LessOrEqual-12

Args:

x (numpy.ndarray): Input tensor
y (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_identity`

Compute identity in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Identity-14

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_transpose`

Transpose in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Transpose-13

Args:

x (numpy.ndarray): Input tensor
perm (numpy.ndarray): Permutation of the axes

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_avgpool`

Compute Average Pooling using Torch.

Currently supports 2d average pooling with torch semantics. This function is ONNX compatible.

See: https://github.com/onnx/onnx/blob/main/docs/Operators.md#AveragePool

Args:

x (numpy.ndarray): input data (many dtypes are supported). Shape is N x C x H x W for 2d
ceil_mode (int): ONNX rounding parameter, expected 0 (torch style dimension computation)
kernel_shape (Tuple[int, ...]): shape of the kernel. Should have 2 elements for 2d conv
pads (Tuple[int, ...]): padding in ONNX format (begin, end) on each axis
strides (Tuple[int, ...]): stride of the convolution on each axis

Returns:

res (numpy.ndarray): a tensor of size (N x InChannels x OutHeight x OutWidth).
See https: //pytorch.org/docs/stable/generated/torch.nn.AvgPool2d.html

Raises:

AssertionError: if the pooling arguments are wrong

function `numpy_maxpool`

Compute Max Pooling using Torch.

Currently supports 2d max pooling with torch semantics. This function is ONNX compatible.

See: https://github.com/onnx/onnx/blob/main/docs/Operators.md#MaxPool

Args:

x (numpy.ndarray): the input
kernel_shape (Union[Tuple[int, ...], List[int]]): shape of the kernel
strides (Optional[Union[Tuple[int, ...], List[int]]]): stride along each spatial axis set to 1 along each spatial axis if not set
auto_pad (str): padding strategy, default = "NOTSET"
pads (Optional[Union[Tuple[int, ...], List[int]]]): padding for the beginning and ending along each spatial axis (D1_begin, D2_begin, ..., D1_end, D2_end, ...) set to 0 along each spatial axis if not set
dilations (Optional[Union[Tuple[int, ...], List[int]]]): dilation along each spatial axis set to 1 along each spatial axis if not set
ceil_mode (int): ceiling mode, default = 1
storage_order (int): storage order, 0 for row major, 1 for column major, default = 0

Returns:

res (numpy.ndarray): a tensor of size (N x InChannels x OutHeight x OutWidth).
See https: //pytorch.org/docs/stable/generated/torch.nn.AvgPool2d.html

function `numpy_cast`

Execute ONNX cast in Numpy.

Supports only booleans for now, which are converted to integers.

See: https://github.com/onnx/onnx/blob/main/docs/Operators.md#Cast

Args:

data (numpy.ndarray): Input encrypted tensor
to (int): integer value of the onnx.TensorProto DataType enum

Returns:

result (numpy.ndarray): a tensor with the required data type

function `numpy_batchnorm`

Compute the batch normalization of the input tensor.

This can be expressed as:

Y = (X - input_mean) / sqrt(input_var + epsilon) * scale + B

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#BatchNormalization-14

Args:

x (numpy.ndarray): tensor to normalize, dimensions are in the form of (N,C,D1,D2,...,Dn), where N is the batch size, C is the number of channels.
scale (numpy.ndarray): scale tensor of shape (C,)
bias (numpy.ndarray): bias tensor of shape (C,)
input_mean (numpy.ndarray): mean values to use for each input channel, shape (C,)
input_var (numpy.ndarray): variance values to use for each input channel, shape (C,)
epsilon (float): avoids division by zero
momentum (float): momentum used during training of the mean/variance, not used in inference
training_mode (int): if the model was exported in training mode this is set to 1, else 0

Returns:

numpy.ndarray: Normalized tensor

function `numpy_flatten`

Flatten a tensor into a 2d array.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Flatten-13.

Args:

x (numpy.ndarray): tensor to flatten
axis (int): axis after which all dimensions will be flattened (axis=0 gives a 1D output)

Returns:

result: flattened tensor

function `numpy_or`

Compute or in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Or-7

Args:

a (numpy.ndarray): Input tensor
b (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_or_float`

Compute or in numpy according to ONNX spec and cast outputs to floats.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Or-7

Args:

a (numpy.ndarray): Input tensor
b (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_round`

Compute round in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Round-11 Remark that ONNX Round operator is actually a rint, since the number of decimals is forced to be 0

Args:

a (numpy.ndarray): Input tensor whose elements to be rounded.

Returns:

Tuple[numpy.ndarray]: Output tensor with rounded input elements.

function `numpy_pow`

Compute pow in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Pow-13

Args:

a (numpy.ndarray): Input tensor whose elements to be raised.
b (numpy.ndarray): The power to which we want to raise.

Returns:

Tuple[numpy.ndarray]: Output tensor.

function `numpy_floor`

Compute Floor in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Floor-1

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_max`

Compute Max in numpy according to ONNX spec.

Computes the max between the first input and a float constant.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Max-1

Args:

a (numpy.ndarray): Input tensor
b (numpy.ndarray): Constant tensor to compare to the first input

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_min`

Compute Min in numpy according to ONNX spec.

Computes the minimum between the first input and a float constant.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Max-1

Args:

a (numpy.ndarray): Input tensor
b (numpy.ndarray): Constant tensor to compare to the first input

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_sign`

Compute Sign in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Sign-9

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_neg`

Compute Negative in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#Sign-9

Args:

x (numpy.ndarray): Input tensor

Returns:

Tuple[numpy.ndarray]: Output tensor

function `numpy_concatenate`

Apply concatenate in numpy according to ONNX spec.

See https://github.com/onnx/onnx/blob/main/docs/Changelog.md#concat-13

Args:

*x (numpy.ndarray): Input tensors to be concatenated.
axis (int): Which axis to concat on.

Returns:

Tuple[numpy.ndarray]: Output tensor.

class `ONNXMixedFunction`

A mixed quantized-raw valued onnx function.

ONNX functions will take inputs which can be either quantized or float. Some functions only take quantized inputs, but some functions take both types. For mixed functions we need to tag the parameters that do not need quantization. Thus quantized ops can know which inputs are not QuantizedArray and we avoid unnecessary wrapping of float values as QuantizedArrays.

method `init`

Create the mixed function and raw parameter list.

Args:

function (Any): function to be decorated
non_quant_params: Set[str]: set of parameters that will not be quantized (stored as numpy.ndarray)

concrete.ml.quantization.post_training.md

module `concrete.ml.quantization.post_training`

Post Training Quantization methods.

Global Variables

ONNX_OPS_TO_NUMPY_IMPL
DEFAULT_MODEL_BITS
ONNX_OPS_TO_QUANTIZED_IMPL

function `get_n_bits_dict`

get_n_bits_dict(n_bits: Union[int, Dict[str, int]]) → Dict[str, int]

Convert the n_bits parameter into a proper dictionary.

Args:

n_bits (int, Dict[str, int]): number of bits for quantization, can be a single value or a dictionary with the following keys : - "op_inputs" and "op_weights" (mandatory) - "model_inputs" and "model_outputs" (optional, default to 5 bits). When using a single integer for n_bits, its value is assigned to "op_inputs" and "op_weights" bits. The maximum between this value and a default value (5) is then assigned to the number of "model_inputs" "model_outputs". This default value is a compromise between model accuracy and runtime performance in FHE. "model_outputs" gives the precision of the final network's outputs, while "model_inputs" gives the precision of the network's inputs. "op_inputs" and "op_weights" both control the quantization for inputs and weights of all layers.

Returns:

n_bits_dict (Dict[str, int]): A dictionary properly representing the number of bits to use for quantization.

class `ONNXConverter`

Base ONNX to Concrete ML computation graph conversion class.

This class provides a method to parse an ONNX graph and apply several transformations. First, it creates QuantizedOps for each ONNX graph op. These quantized ops have calibrated quantizers that are useful when the operators work on integer data or when the output of the ops is the output of the encrypted program. For operators that compute in float and will be merged to TLUs, these quantizers are not used. Second, this converter creates quantized tensors for initializer and weights stored in the graph.

This class should be sub-classed to provide specific calibration and quantization options depending on the usage (Post-training quantization vs Quantization Aware training).

Arguments:

n_bits (int, Dict[str, int]): number of bits for quantization, can be a single value or a dictionary with the following keys : - "op_inputs" and "op_weights" (mandatory) - "model_inputs" and "model_outputs" (optional, default to 5 bits). When using a single integer for n_bits, its value is assigned to "op_inputs" and "op_weights" bits. The maximum between this value and a default value (5) is then assigned to the number of "model_inputs" "model_outputs". This default value is a compromise between model accuracy and runtime performance in FHE. "model_outputs" gives the precision of the final network's outputs, while "model_inputs" gives the precision of the network's inputs. "op_inputs" and "op_weights" both control the quantization for inputs and weights of all layers.
y_model (NumpyModule): Model in numpy.
is_signed (bool): Whether the weights of the layers can be signed. Currently, only the weights can be signed.

method `init`

__init__(
    n_bits: Union[int, Dict],
    numpy_model: NumpyModule,
    is_signed: bool = False
)

property n_bits_model_inputs

Get the number of bits to use for the quantization of the first layer's output.

Returns:

n_bits (int): number of bits for input quantization

property n_bits_model_outputs

Get the number of bits to use for the quantization of the last layer's output.

Returns:

n_bits (int): number of bits for output quantization

property n_bits_op_inputs

Get the number of bits to use for the quantization of any operators' inputs.

Returns:

n_bits (int): number of bits for the quantization of the operators' inputs

property n_bits_op_weights

Get the number of bits to use for the quantization of any constants (usually weights).

Returns:

n_bits (int): number of bits for quantizing constants used by operators

method `quantize_module`

quantize_module(*calibration_data: ndarray) → QuantizedModule

Quantize numpy module.

Following https://arxiv.org/abs/1712.05877 guidelines.

Args:

*calibration_data (numpy.ndarray): Data that will be used to compute the bounds, scales and zero point values for every quantized object.

Returns:

QuantizedModule: Quantized numpy module

class `PostTrainingAffineQuantization`

Post-training Affine Quantization.

Create the quantized version of the passed numpy module.

Args:

n_bits (int, Dict): Number of bits to quantize the model. If an int is passed for n_bits, the value will be used for activation, inputs and weights. If a dict is passed, then it should contain "model_inputs", "op_inputs", "op_weights" and "model_outputs" keys with corresponding number of quantization bits for: - model_inputs : number of bits for model input - op_inputs : number of bits to quantize layer input values - op_weights: learned parameters or constants in the network - model_outputs: final model output quantization bits
numpy_model (NumpyModule): Model in numpy.
is_signed: Whether the weights of the layers can be signed. Currently, only the weights can be signed.

Returns:

QuantizedModule: A quantized version of the numpy model.

method `init`

__init__(
    n_bits: Union[int, Dict],
    numpy_model: NumpyModule,
    is_signed: bool = False
)

property n_bits_model_inputs

Get the number of bits to use for the quantization of the first layer's output.

Returns:

n_bits (int): number of bits for input quantization

property n_bits_model_outputs

Get the number of bits to use for the quantization of the last layer's output.

Returns:

n_bits (int): number of bits for output quantization

property n_bits_op_inputs

Get the number of bits to use for the quantization of any operators' inputs.

Returns:

n_bits (int): number of bits for the quantization of the operators' inputs

property n_bits_op_weights

Get the number of bits to use for the quantization of any constants (usually weights).

Returns:

n_bits (int): number of bits for quantizing constants used by operators

method `quantize_module`

quantize_module(*calibration_data: ndarray) → QuantizedModule

Quantize numpy module.

Following https://arxiv.org/abs/1712.05877 guidelines.

Args:

*calibration_data (numpy.ndarray): Data that will be used to compute the bounds, scales and zero point values for every quantized object.

Returns:

QuantizedModule: Quantized numpy module

class `PostTrainingQATImporter`

Converter of Quantization Aware Training networks.

This class provides specific configuration for QAT networks during ONNX network conversion to Concrete ML computation graphs.

method `init`

__init__(
    n_bits: Union[int, Dict],
    numpy_model: NumpyModule,
    is_signed: bool = False
)

property n_bits_model_inputs

Get the number of bits to use for the quantization of the first layer's output.

Returns:

n_bits (int): number of bits for input quantization

property n_bits_model_outputs

Get the number of bits to use for the quantization of the last layer's output.

Returns:

n_bits (int): number of bits for output quantization

property n_bits_op_inputs

Get the number of bits to use for the quantization of any operators' inputs.

Returns:

n_bits (int): number of bits for the quantization of the operators' inputs

property n_bits_op_weights

Get the number of bits to use for the quantization of any constants (usually weights).

Returns:

n_bits (int): number of bits for quantizing constants used by operators

method `quantize_module`

quantize_module(*calibration_data: ndarray) → QuantizedModule

Quantize numpy module.

Following https://arxiv.org/abs/1712.05877 guidelines.

Args:

*calibration_data (numpy.ndarray): Data that will be used to compute the bounds, scales and zero point values for every quantized object.

Returns:

QuantizedModule: Quantized numpy module

concrete.ml.quantization.quantizers.md

module `concrete.ml.quantization.quantizers`

Quantization utilities for a numpy array/tensor.

Global Variables

STABILITY_CONST

function `fill_from_kwargs`

fill_from_kwargs(obj, klass, **kwargs)

Fill a parameter set structure from kwargs parameters.

Args:

obj: an object of type klass, if None the object is created if any of the type's members appear in the kwargs
klass: the type of object to fill
kwargs: parameter names and values to fill into an instance of the klass type

Returns:

obj: an object of type klass
kwargs: remaining parameter names and values that were not filled into obj

Raises:

TypeError: if the types of the parameters in kwargs could not be converted to the corresponding types of members of klass

class `QuantizationOptions`

Options for quantization.

Determines the number of bits for quantization and the method of quantization of the values. Signed quantization allows negative quantized values. Symmetric quantization assumes the float values are distributed symmetrically around x=0 and assigns signed values around 0 to the float values. QAT (quantization aware training) quantization assumes the values are already quantized, taking a discrete set of values, and assigns these values to integers, computing only the scale.

method `init`

__init__(
    n_bits,
    is_signed: bool = False,
    is_symmetric: bool = False,
    is_qat: bool = False
) → None

property quant_options

Get a copy of the quantization parameters.

Returns:

UniformQuantizationParameters: a copy of the current quantization parameters

method `copy_opts`

copy_opts(opts)

Copy the options from a different structure.

Args:

opts (QuantizationOptions): structure to copy parameters from.

method `is_equal`

is_equal(opts, ignore_sign_qat: bool = False) → bool

Compare two quantization options sets.

Args:

opts (QuantizationOptions): options to compare this instance to
ignore_sign_qat (bool): ignore sign comparison for QAT options

Returns:

bool: whether the two quantization options compared are equivalent

class `MinMaxQuantizationStats`

Calibration set statistics.

This class stores the statistics for the calibration set or for a calibration data batch. Currently we only store min/max to determine the quantization range. The min/max are computed from the calibration set.

property quant_stats

Get a copy of the calibration set statistics.

Returns:

MinMaxQuantizationStats: a copy of the current quantization stats

method `check_is_uniform_quantized`

check_is_uniform_quantized(options: QuantizationOptions) → bool

Check if these statistics correspond to uniformly quantized values.

Determines whether the values represented by this QuantizedArray show a quantized structure that allows to infer the scale of quantization.

Args:

options (QuantizationOptions): used to quantize the values in the QuantizedArray

Returns:

bool: check result.

method `compute_quantization_stats`

compute_quantization_stats(values: ndarray) → None

Compute the calibration set quantization statistics.

Args:

values (numpy.ndarray): Calibration set on which to compute statistics.

method `copy_stats`

copy_stats(stats) → None

Copy the statistics from a different structure.

Args:

stats (MinMaxQuantizationStats): structure to copy statistics from.

class `UniformQuantizationParameters`

Quantization parameters for uniform quantization.

This class stores the parameters used for quantizing real values to discrete integer values. The parameters are computed from quantization options and quantization statistics.

property quant_params

Get a copy of the quantization parameters.

Returns:

UniformQuantizationParameters: a copy of the current quantization parameters

method `compute_quantization_parameters`

compute_quantization_parameters(
    options: QuantizationOptions,
    stats: MinMaxQuantizationStats
) → None

Compute the quantization parameters.

Args:

options (QuantizationOptions): quantization options set
stats (MinMaxQuantizationStats): calibrated statistics for quantization

method `copy_params`

copy_params(params) → None

Copy the parameters from a different structure.

Args:

params (UniformQuantizationParameters): parameter structure to copy

class `UniformQuantizer`

Uniform quantizer.

Contains all information necessary for uniform quantization and provides quantization/dequantization functionality on numpy arrays.

Args:

options (QuantizationOptions): Quantization options set
stats (Optional[MinMaxQuantizationStats]): Quantization batch statistics set
params (Optional[UniformQuantizationParameters]): Quantization parameters set (scale, zero-point)

method `init`

__init__(
    options: QuantizationOptions = None,
    stats: Optional[MinMaxQuantizationStats] = None,
    params: Optional[UniformQuantizationParameters] = None,
    **kwargs
)

property quant_options

Get a copy of the quantization parameters.

Returns:

UniformQuantizationParameters: a copy of the current quantization parameters

property quant_params

Get a copy of the quantization parameters.

Returns:

UniformQuantizationParameters: a copy of the current quantization parameters

property quant_stats

Get a copy of the calibration set statistics.

Returns:

MinMaxQuantizationStats: a copy of the current quantization stats

method `check_is_uniform_quantized`

check_is_uniform_quantized(options: QuantizationOptions) → bool

Check if these statistics correspond to uniformly quantized values.

Determines whether the values represented by this QuantizedArray show a quantized structure that allows to infer the scale of quantization.

Args:

options (QuantizationOptions): used to quantize the values in the QuantizedArray

Returns:

bool: check result.

method `compute_quantization_parameters`

compute_quantization_parameters(
    options: QuantizationOptions,
    stats: MinMaxQuantizationStats
) → None

Compute the quantization parameters.

Args:

options (QuantizationOptions): quantization options set
stats (MinMaxQuantizationStats): calibrated statistics for quantization

method `compute_quantization_stats`

compute_quantization_stats(values: ndarray) → None

Compute the calibration set quantization statistics.

Args:

values (numpy.ndarray): Calibration set on which to compute statistics.

method `copy_opts`

copy_opts(opts)

Copy the options from a different structure.

Args:

opts (QuantizationOptions): structure to copy parameters from.

method `copy_params`

copy_params(params) → None

Copy the parameters from a different structure.

Args:

params (UniformQuantizationParameters): parameter structure to copy

method `copy_stats`

copy_stats(stats) → None

Copy the statistics from a different structure.

Args:

stats (MinMaxQuantizationStats): structure to copy statistics from.

method `dequant`

dequant(qvalues: ndarray) → ndarray

Dequantize values.

Args:

qvalues (numpy.ndarray): integer values to dequantize

Returns:

numpy.ndarray: Dequantized float values.

method `is_equal`

is_equal(opts, ignore_sign_qat: bool = False) → bool

Compare two quantization options sets.

Args:

opts (QuantizationOptions): options to compare this instance to
ignore_sign_qat (bool): ignore sign comparison for QAT options

Returns:

bool: whether the two quantization options compared are equivalent

method `quant`

quant(values: ndarray) → ndarray

Quantize values.

Args:

values (numpy.ndarray): float values to quantize

Returns:

numpy.ndarray: Integer quantized values.

class `QuantizedArray`

Abstraction of quantized array.

Contains float values and their quantized integer counter-parts. Quantization is performed by the quantizer member object. Float and int values are kept in sync. Having both types of values is useful since quantized operators in Concrete ML graphs might need one or the other depending on how the operator works (in float or in int). Moreover, when the encrypted function needs to return a value, it must return integer values.

See https://arxiv.org/abs/1712.05877.

Args:

values (numpy.ndarray): Values to be quantized.
n_bits (int): The number of bits to use for quantization.
value_is_float (bool, optional): Whether the passed values are real (float) values or not. If False, the values will be quantized according to the passed scale and zero_point. Defaults to True.
options (QuantizationOptions): Quantization options set
stats (Optional[MinMaxQuantizationStats]): Quantization batch statistics set
params (Optional[UniformQuantizationParameters]): Quantization parameters set (scale, zero-point)
kwargs: Any member of the options, stats, params sets as a key-value pair. The parameter sets need to be completely parametrized if their members appear in kwargs.

method `init`

__init__(
    n_bits,
    values: Optional[ndarray],
    value_is_float: bool = True,
    options: QuantizationOptions = None,
    stats: Optional[MinMaxQuantizationStats] = None,
    params: Optional[UniformQuantizationParameters] = None,
    **kwargs
)

method `dequant`

dequant() → ndarray

Dequantize self.qvalues.

Returns:

numpy.ndarray: Dequantized values.

method `quant`

quant() → Union[ndarray, NoneType]

Quantize self.values.

Returns:

numpy.ndarray: Quantized values.

method `update_quantized_values`

update_quantized_values(qvalues: ndarray) → ndarray

Update qvalues to get their corresponding values using the related quantized parameters.

Args:

qvalues (numpy.ndarray): Values to replace self.qvalues

Returns:

values (numpy.ndarray): Corresponding values

method `update_values`

update_values(values: ndarray) → ndarray

Update values to get their corresponding qvalues using the related quantized parameters.

Args:

values (numpy.ndarray): Values to replace self.values

Returns:

qvalues (numpy.ndarray): Corresponding qvalues

concrete.ml.quantization.quantized_ops.md

module `concrete.ml.quantization.quantized_ops`

Quantized versions of the ONNX operators for post training quantization.

class `QuantizedSigmoid`

Quantized sigmoid op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedHardSigmoid`

Quantized HardSigmoid op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedRelu`

Quantized Relu op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedPRelu`

Quantized PRelu op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedLeakyRelu`

Quantized LeakyRelu op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedHardSwish`

Quantized Hardswish op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedElu`

Quantized Elu op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedSelu`

Quantized Selu op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedCelu`

Quantized Celu op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedClip`

Quantized clip op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedRound`

Quantized round op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedPow`

Quantized pow op.

Only works for a float constant power. This operation will be fused to a (potentially larger) TLU.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedGemm`

Quantized Gemm op.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

class `QuantizedMatMul`

Quantized MatMul op.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

class `QuantizedAdd`

Quantized Addition operator.

Can add either two variables (both encrypted) or a variable and a constant

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `can_fuse`

can_fuse() → bool

Determine if this op can be fused.

Add operation can be computed in float and fused if it operates over inputs produced by a single integer tensor. For example the expression x + x * 1.75, where x is an encrypted tensor, can be computed with a single TLU.

Returns:

bool: Whether the number of integer input tensors allows computing this op as a TLU

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

class `QuantizedTanh`

Quantized Tanh op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedSoftplus`

Quantized Softplus op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedExp`

Quantized Exp op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedLog`

Quantized Log op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedAbs`

Quantized Abs op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedIdentity`

Quantized Identity op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

class `QuantizedReshape`

Quantized Reshape op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Reshape the input integer encrypted tensor.

Args:

q_inputs: an encrypted integer tensor at index 0 and one constant shape at index 1
attrs: additional optional reshape options

Returns:

result (QuantizedArray): reshaped encrypted integer tensor

class `QuantizedConv`

Quantized Conv op.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

Construct the quantized convolution operator and retrieve parameters.

Args:

n_bits_output: number of bits for the quantization of the outputs of this operator
int_input_names: names of integer tensors that are taken as input for this operation
constant_inputs: the weights and activations
input_quant_opts: options for the input quantizer
attrs: convolution options
dilations (Tuple[int]): dilation of the kernel. Default to 1 on all dimensions.
group (int): number of convolution groups. Default to 1.
kernel_shape (Tuple[int]): shape of the kernel. Should have 2 elements for 2d conv
pads (Tuple[int]): padding in ONNX format (begin, end) on each axis
strides (Tuple[int]): stride of the convolution on each axis

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Compute the quantized convolution between two quantized tensors.

Allows an optional quantized bias.

Args:

q_inputs: input tuple, contains
x (numpy.ndarray): input data. Shape is N x C x H x W for 2d
w (numpy.ndarray): weights tensor. Shape is (O x I x Kh x Kw) for 2d
b (numpy.ndarray, Optional): bias tensor, Shape is (O,)
attrs: convolution options handled in constructor

Returns:

res (QuantizedArray): result of the quantized integer convolution

class `QuantizedAvgPool`

Quantized Average Pooling op.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

class `QuantizedMaxPool`

Quantized Max Pooling op.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `can_fuse`

can_fuse() → bool

Determine if this op can be fused.

Max Pooling operation can not be fused since it must be performed over integer tensors and it combines different elements of the input tensors.

Returns:

bool: False, this operation can not be fused as it adds different encrypted integers

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

class `QuantizedPad`

Quantized Padding op.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `can_fuse`

can_fuse() → bool

Determine if this op can be fused.

Pad operation cannot be fused since it must be performed over integer tensors.

Returns:

bool: False, this operation cannot be fused as it is manipulates integer tensors

class `QuantizedWhere`

Where operator on quantized arrays.

Supports only constants for the results produced on the True/False branches.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedCast`

Cast the input to the required data type.

In FHE we only support a limited number of output types. Booleans are cast to integers.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedGreater`

Comparison operator >.

Only supports comparison with a constant.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedGreaterOrEqual`

Comparison operator >=.

Only supports comparison with a constant.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedLess`

Comparison operator <.

Only supports comparison with a constant.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedLessOrEqual`

Comparison operator <=.

Only supports comparison with a constant.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: QuantizationOptions = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedOr`

Or operator ||.

This operation is not really working as a quantized operation. It just works when things got fused, as in e.g. Act(x) = x || (x + 42))

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedDiv`

Div operator /.

This operation is not really working as a quantized operation. It just works when things got fused, as in e.g. Act(x) = 1000 / (x + 42))

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedMul`

Multiplication operator.

Only multiplies an encrypted tensor with a float constant for now. This operation will be fused to a (potentially larger) TLU.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedSub`

Subtraction operator.

This works the same as addition on both encrypted - encrypted and on encrypted - constant.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `can_fuse`

can_fuse() → bool

Determine if this op can be fused.

Returns:

bool: Whether the number of integer input tensors allows computing this op as a TLU

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

class `QuantizedBatchNormalization`

Quantized Batch normalization with encrypted input and in-the-clear normalization params.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedFlatten`

Quantized flatten for encrypted inputs.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `can_fuse`

can_fuse() → bool

Determine if this op can be fused.

Flatten operation cannot be fused since it must be performed over integer tensors.

Returns:

bool: False, this operation cannot be fused as it is manipulates integer tensors.

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Flatten the input integer encrypted tensor.

Args:

q_inputs: an encrypted integer tensor at index 0
attrs: contains axis attribute

Returns:

result (QuantizedArray): reshaped encrypted integer tensor

class `QuantizedReduceSum`

ReduceSum with encrypted input.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: Optional[QuantizationOptions] = None,
    **attrs
) → None

Construct the quantized ReduceSum operator and retrieve parameters.

Args:

n_bits_output (int): Number of bits for the operator's quantization of outputs.
int_input_names (Optional[Set[str]]): Names of input integer tensors. Default to None.
constant_inputs (Optional[Dict]): Input constant tensor.
axes (Optional[numpy.ndarray]): Array of integers along which to reduce. The default is to reduce over all the dimensions of the input tensor if 'noop_with_empty_axes' is false, else act as an Identity op when 'noop_with_empty_axes' is true. Accepted range is [-r, r-1] where r = rank(data). Default to None.
input_quant_opts (Optional[QuantizationOptions]): Options for the input quantizer. Default to None.
attrs (dict): RecuseSum options.
keepdims (int): Keep the reduced dimension or not, 1 means keeping the input dimension, 0 will reduce it along the given axis. Default to 1.
noop_with_empty_axes (int): Defines behavior if 'axes' is empty or set to None. Default behavior with 0 is to reduce all axes. When axes is empty and this attribute is set to true 1, input tensor will not be reduced, and the output tensor would be equivalent to input tensor. Default to 0.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `calibrate`

calibrate(*inputs: ndarray) → ndarray

Create corresponding QuantizedArray for the output of the activation function.

Args:

*inputs (numpy.ndarray): Calibration sample inputs.

Returns:

numpy.ndarray: The output values for the provided calibration samples.

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Sum the encrypted tensor's values along the given axes.

Args:

q_inputs (QuantizedArray): An encrypted integer tensor at index 0.
attrs (Dict): Options are handled in constructor.

Returns:

(QuantizedArray): The sum of all values along the given axes.

class `QuantizedErf`

Quantized erf op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedNot`

Quantized Not op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedBrevitasQuant`

Brevitas uniform quantization with encrypted input.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Set[str] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: Optional[QuantizationOptions] = None,
    **attrs
) → None

Construct the Brevitas quantization operator.

Args:

n_bits_output (int): Number of bits for the operator's quantization of outputs. Not used, will be overridden by the bit_width in ONNX
int_input_names (Optional[Set[str]]): Names of input integer tensors. Default to None.
constant_inputs (Optional[Dict]): Input constant tensor.
scale (float): Quantizer scale
zero_point (float): Quantizer zero-point
bit_width (int): Number of bits of the integer representation
input_quant_opts (Optional[QuantizationOptions]): Options for the input quantizer. Default to None. attrs (dict):
rounding_mode (str): Rounding mode (default and only accepted option is "ROUND")
signed (int): Whether this op quantizes to signed integers (default 1),
narrow (int): Whether this op quantizes to a narrow range of integers e.g. [-2n_bits-1 .. 2n_bits-1] (default 0),

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `calibrate`

calibrate(*inputs: ndarray) → ndarray

Create corresponding QuantizedArray for the output of Quantization function.

Args:

*inputs (numpy.ndarray): Calibration sample inputs.

Returns:

numpy.ndarray: the output values for the provided calibration samples.

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Quantize values.

Args:

q_inputs: an encrypted integer tensor at index 0 and one constant shape at index 1
attrs: additional optional reshape options

Returns:

result (QuantizedArray): reshaped encrypted integer tensor

class `QuantizedTranspose`

Transpose operator for quantized inputs.

This operator performs quantization, transposes the encrypted data, then dequantizes again.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Reshape the input integer encrypted tensor.

Args:

q_inputs: an encrypted integer tensor at index 0 and one constant shape at index 1
attrs: additional optional reshape options

Returns:

result (QuantizedArray): reshaped encrypted integer tensor

class `QuantizedFloor`

Quantized Floor op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedMax`

Quantized Max op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedMin`

Quantized Min op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedNeg`

Quantized Neg op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedSign`

Quantized Neg op.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

class `QuantizedUnsqueeze`

Unsqueeze operator.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Unsqueeze the input tensors on a given axis.

Args:

q_inputs: an encrypted integer tensor
attrs: additional optional unsqueeze options

Returns:

result (QuantizedArray): unsqueezed encrypted integer tensor

class `QuantizedConcat`

Concatenate operator.

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Concatenate the input tensors on a giver axis.

Args:

q_inputs: an encrypted integer tensor
attrs: additional optional concatenate options

Returns:

result (QuantizedArray): concatenated encrypted integer tensor

concrete.ml.quantization.base_quantized_op.md

module `concrete.ml.quantization.base_quantized_op`

Base Quantized Op class that implements quantization for a float numpy op.

Global Variables

ONNX_OPS_TO_NUMPY_IMPL
ALL_QUANTIZED_OPS
ONNX_OPS_TO_QUANTIZED_IMPL
DEFAULT_MODEL_BITS

class `QuantizedOp`

Base class for quantized ONNX ops implemented in numpy.

Args:

n_bits_output (int): The number of bits to use for the quantization of the output
int_input_names (Set[str]): The set of names of integer tensors that are inputs to this op
constant_inputs (Optional[Union[Dict[str, Any], Dict[int, Any]]]): The constant tensors that are inputs to this op
input_quant_opts (QuantizationOptions): Input quantizer options, determine the quantization that is applied to input tensors (that are not constants)

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Optional[Set[str]] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: Optional[QuantizationOptions] = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `calibrate`

calibrate(*inputs: ndarray) → ndarray

Create corresponding QuantizedArray for the output of the activation function.

Args:

*inputs (numpy.ndarray): Calibration sample inputs.

Returns:

numpy.ndarray: the output values for the provided calibration samples.

method `call_impl`

call_impl(*inputs: Optional[ndarray, QuantizedArray], **attrs) → ndarray

Call self.impl to centralize mypy bug workaround.

Args:

*inputs (numpy.ndarray): real valued inputs.
**attrs: the QuantizedOp attributes.

Returns:

numpy.ndarray: return value of self.impl

method `can_fuse`

can_fuse() → bool

Determine if the operator impedes graph fusion.

This function shall be overloaded by inheriting classes to test self._int_input_names, to determine whether the operation can be fused to a TLU or not. For example an operation that takes inputs produced by a unique integer tensor can be fused to a TLU. Example: f(x) = x * (x + 1) can be fused. A function that does f(x) = x * (x @ w + 1) can't be fused.

Returns:

bool: whether this instance of the QuantizedOp produces Concrete Numpy code that can be fused to TLUs

classmethod `must_quantize_input`

must_quantize_input(input_name_or_idx: int) → bool

Determine if an input must be quantized.

Quantized ops and numpy onnx ops take inputs and attributes. Inputs can be either constant or variable (encrypted). Note that this does not handle attributes, which are handled by QuantizedOp classes separately in their constructor.

Args:

input_name_or_idx (int): Index of the input to check.

Returns:

result (bool): Whether the input must be quantized (must be a QuantizedArray) or if it stays as a raw numpy.array read from ONNX.

classmethod `op_type`

op_type()

Get the type of this operation.

Returns:

op_type (str): The type of this operation, in the ONNX referential

method `prepare_output`

prepare_output(qoutput_activation: ndarray) → QuantizedArray

Quantize the output of the activation function.

The calibrate method needs to be called with sample data before using this function.

Args:

qoutput_activation (numpy.ndarray): Output of the activation function.

Returns:

QuantizedArray: Quantized output.

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Execute the quantized forward.

Args:

*q_inputs (QuantizedArray): Quantized inputs.
**attrs: the QuantizedOp attributes.

Returns:

QuantizedArray: The returned quantized value.

class `QuantizedOpUnivariateOfEncrypted`

An univariate operator of an encrypted value.

This operation is not really operating as a quantized operation. It is useful when the computations get fused into a TLU, as in e.g. Act(x) = x || (x + 42)).

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Optional[Set[str]] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: Optional[QuantizationOptions] = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `calibrate`

calibrate(*inputs: ndarray) → ndarray

Create corresponding QuantizedArray for the output of the activation function.

Args:

*inputs (numpy.ndarray): Calibration sample inputs.

Returns:

numpy.ndarray: the output values for the provided calibration samples.

method `call_impl`

call_impl(*inputs: Optional[ndarray, QuantizedArray], **attrs) → ndarray

Call self.impl to centralize mypy bug workaround.

Args:

*inputs (numpy.ndarray): real valued inputs.
**attrs: the QuantizedOp attributes.

Returns:

numpy.ndarray: return value of self.impl

method `can_fuse`

can_fuse() → bool

Determine if this op can be fused.

This operation can be fused and computed in float when a single integer tensor generates both the operands. For example in the formula: f(x) = x || (x + 1) where x is an integer tensor.

Returns:

bool: Can fuse

classmethod `must_quantize_input`

must_quantize_input(input_name_or_idx: int) → bool

Determine if an input must be quantized.

Args:

input_name_or_idx (int): Index of the input to check.

Returns:

result (bool): Whether the input must be quantized (must be a QuantizedArray) or if it stays as a raw numpy.array read from ONNX.

classmethod `op_type`

op_type()

Get the type of this operation.

Returns:

op_type (str): The type of this operation, in the ONNX referential

method `prepare_output`

prepare_output(qoutput_activation: ndarray) → QuantizedArray

Quantize the output of the activation function.

The calibrate method needs to be called with sample data before using this function.

Args:

qoutput_activation (numpy.ndarray): Output of the activation function.

Returns:

QuantizedArray: Quantized output.

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Execute the quantized forward.

Args:

*q_inputs (QuantizedArray): Quantized inputs.
**attrs: the QuantizedOp attributes.

Returns:

QuantizedArray: The returned quantized value.

class `QuantizedMixingOp`

An operator that mixes (adds or multiplies) together encrypted inputs.

Mixing operators cannot be fused to TLUs.

method `init`

__init__(
    n_bits_output: int,
    int_input_names: Optional[Set[str]] = None,
    constant_inputs: Optional[Dict[str, Any], Dict[int, Any]] = None,
    input_quant_opts: Optional[QuantizationOptions] = None,
    **attrs
) → None

property int_input_names

Get the names of encrypted integer tensors that are used by this op.

Returns:

List[str]: the names of the tensors

method `calibrate`

calibrate(*inputs: ndarray) → ndarray

Create corresponding QuantizedArray for the output of the activation function.

Args:

*inputs (numpy.ndarray): Calibration sample inputs.

Returns:

numpy.ndarray: the output values for the provided calibration samples.

method `call_impl`

call_impl(*inputs: Optional[ndarray, QuantizedArray], **attrs) → ndarray

Call self.impl to centralize mypy bug workaround.

Args:

*inputs (numpy.ndarray): real valued inputs.
**attrs: the QuantizedOp attributes.

Returns:

numpy.ndarray: return value of self.impl

method `can_fuse`

can_fuse() → bool

Determine if this op can be fused.

Mixing operations cannot be fused since it must be performed over integer tensors and it combines different encrypted elements of the input tensors. Mixing operations are Conv, MatMul, etc.

Returns:

bool: False, this operation cannot be fused as it adds different encrypted integers

method `make_output_quant_parameters`

make_output_quant_parameters(
    q_values: Union[ndarray, Any],
    scale: float64,
    zero_point: Union[int, float, ndarray]
) → QuantizedArray

Build a quantized array from quantized integer results of the op and quantization params.

Args:

q_values (Union[numpy.ndarray, Any]): the quantized integer values to wrap in the QuantizedArray
scale (float): the pre-computed scale of the quantized values
zero_point (Union[int, float, numpy.ndarray]): the pre-computed zero_point of the q_values

Returns:

QuantizedArray: the quantized array that will be passed to the QuantizedModule output.

classmethod `must_quantize_input`

must_quantize_input(input_name_or_idx: int) → bool

Determine if an input must be quantized.

Args:

input_name_or_idx (int): Index of the input to check.

Returns:

result (bool): Whether the input must be quantized (must be a QuantizedArray) or if it stays as a raw numpy.array read from ONNX.

classmethod `op_type`

op_type()

Get the type of this operation.

Returns:

op_type (str): The type of this operation, in the ONNX referential

method `prepare_output`

prepare_output(qoutput_activation: ndarray) → QuantizedArray

Quantize the output of the activation function.

The calibrate method needs to be called with sample data before using this function.

Args:

qoutput_activation (numpy.ndarray): Output of the activation function.

Returns:

QuantizedArray: Quantized output.

method `q_impl`

q_impl(*q_inputs: QuantizedArray, **attrs) → QuantizedArray

Execute the quantized forward.

Args:

*q_inputs (QuantizedArray): Quantized inputs.
**attrs: the QuantizedOp attributes.

Returns:

QuantizedArray: The returned quantized value.

concrete.ml.sklearn.protocols.md

module `concrete.ml.sklearn.protocols`

Protocols.

Protocols are used to mix type hinting with duck-typing. Indeed we don't always want to have an abstract parent class between all objects. We are more interested in the behavior of such objects. Implementing a Protocol is a way to specify the behavior of objects.

To read more about Protocol please read: https://peps.python.org/pep-0544

class `Quantizer`

Quantizer Protocol.

To use to type hint a quantizer.

method `dequant`

dequant(X: 'ndarray') → ndarray

Dequantize some values.

Args:

X (numpy.ndarray): Values to dequantize

.. # noqa: DAR202

Returns:

numpy.ndarray: Dequantized values

method `quant`

quant(values: 'ndarray') → ndarray

Quantize some values.

Args:

values (numpy.ndarray): Values to quantize

.. # noqa: DAR202

Returns:

numpy.ndarray: The quantized values

class `ConcreteBaseEstimatorProtocol`

A Concrete Estimator Protocol.

property onnx_model

onnx_model.

.. # noqa: DAR202

Results: onnx.ModelProto

property quantize_input

Quantize input function.

method `compile`

compile(
    X: 'ndarray',
    configuration: 'Optional[Configuration]',
    compilation_artifacts: 'Optional[DebugArtifacts]',
    show_mlir: 'bool',
    use_virtual_lib: 'bool',
    p_error: 'float',
    global_p_error: 'float',
    verbose_compilation: 'bool'
) → Circuit

Compiles a model to a FHE Circuit.

Args:

X (numpy.ndarray): the dequantized dataset
configuration (Optional[Configuration]): the options for compilation
compilation_artifacts (Optional[DebugArtifacts]): artifacts object to fill during compilation
show_mlir (bool): whether or not to show MLIR during the compilation
use_virtual_lib (bool): whether to compile using the virtual library that allows higher bitwidths
p_error (float): probability of error of a single PBS
global_p_error (float): probability of error of the full circuit. Not simulated by the VL, i.e., taken as 0
verbose_compilation (bool): whether to show compilation information

.. # noqa: DAR202

Returns:

Circuit: the compiled Circuit.

method `fit`

fit(X: 'ndarray', y: 'ndarray', **fit_params) → ConcreteBaseEstimatorProtocol

Initialize and fit the module.

Args:

X : training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): labels associated with training data
**fit_params: additional parameters that can be used during training

.. # noqa: DAR202

Returns:

ConcreteBaseEstimatorProtocol: the trained estimator

method `fit_benchmark`

fit_benchmark(
    X: 'ndarray',
    y: 'ndarray',
    *args,
    **kwargs
) → Tuple[ConcreteBaseEstimatorProtocol, BaseEstimator]

Fit the quantized estimator and return reference estimator.

This function returns both the quantized estimator (itself), but also a wrapper around the non-quantized trained NN. This is useful in order to compare performance between the quantized and fp32 versions of the classifier

Args:

X : training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): labels associated with training data
*args: The arguments to pass to the underlying model.
**kwargs: The keyword arguments to pass to the underlying model.

.. # noqa: DAR202

Returns:

self: self fitted
model: underlying estimator

method `post_processing`

post_processing(y_preds: 'ndarray') → ndarray

Post-process models predictions.

Args:

y_preds (numpy.ndarray): predicted values by model (clear-quantized)

.. # noqa: DAR202

Returns:

numpy.ndarray: the post-processed predictions

class `ConcreteBaseClassifierProtocol`

Concrete classifier protocol.

property onnx_model

onnx_model.

.. # noqa: DAR202

Results: onnx.ModelProto

property quantize_input

Quantize input function.

method `compile`

compile(
    X: 'ndarray',
    configuration: 'Optional[Configuration]',
    compilation_artifacts: 'Optional[DebugArtifacts]',
    show_mlir: 'bool',
    use_virtual_lib: 'bool',
    p_error: 'float',
    global_p_error: 'float',
    verbose_compilation: 'bool'
) → Circuit

Compiles a model to a FHE Circuit.

Args:

X (numpy.ndarray): the dequantized dataset
configuration (Optional[Configuration]): the options for compilation
compilation_artifacts (Optional[DebugArtifacts]): artifacts object to fill during compilation
show_mlir (bool): whether or not to show MLIR during the compilation
use_virtual_lib (bool): whether to compile using the virtual library that allows higher bitwidths
p_error (float): probability of error of a single PBS
global_p_error (float): probability of error of the full circuit. Not simulated by the VL, i.e., taken as 0
verbose_compilation (bool): whether to show compilation information

.. # noqa: DAR202

Returns:

Circuit: the compiled Circuit.

method `fit`

fit(X: 'ndarray', y: 'ndarray', **fit_params) → ConcreteBaseEstimatorProtocol

Initialize and fit the module.

Args:

X : training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): labels associated with training data
**fit_params: additional parameters that can be used during training

.. # noqa: DAR202

Returns:

ConcreteBaseEstimatorProtocol: the trained estimator

method `fit_benchmark`

fit_benchmark(
    X: 'ndarray',
    y: 'ndarray',
    *args,
    **kwargs
) → Tuple[ConcreteBaseEstimatorProtocol, BaseEstimator]

Fit the quantized estimator and return reference estimator.

Args:

X : training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): labels associated with training data
*args: The arguments to pass to the underlying model.
**kwargs: The keyword arguments to pass to the underlying model.

.. # noqa: DAR202

Returns:

self: self fitted
model: underlying estimator

method `post_processing`

post_processing(y_preds: 'ndarray') → ndarray

Post-process models predictions.

Args:

y_preds (numpy.ndarray): predicted values by model (clear-quantized)

.. # noqa: DAR202

Returns:

numpy.ndarray: the post-processed predictions

method `predict`

predict(X: 'ndarray', execute_in_fhe: 'bool') → ndarray

Predicts for each sample the class with highest probability.

Args:

X (numpy.ndarray): Features
execute_in_fhe (bool): Whether the inference should be done in fhe or not.

.. # noqa: DAR202

Returns: numpy.ndarray

method `predict_proba`

predict_proba(X: 'ndarray', execute_in_fhe: 'bool') → ndarray

Predicts for each sample the probability of each class.

Args:

X (numpy.ndarray): Features
execute_in_fhe (bool): Whether the inference should be done in fhe or not.

.. # noqa: DAR202

Returns: numpy.ndarray

class `ConcreteBaseRegressorProtocol`

Concrete regressor protocol.

property onnx_model

onnx_model.

.. # noqa: DAR202

Results: onnx.ModelProto

property quantize_input

Quantize input function.

method `compile`

compile(
    X: 'ndarray',
    configuration: 'Optional[Configuration]',
    compilation_artifacts: 'Optional[DebugArtifacts]',
    show_mlir: 'bool',
    use_virtual_lib: 'bool',
    p_error: 'float',
    global_p_error: 'float',
    verbose_compilation: 'bool'
) → Circuit

Compiles a model to a FHE Circuit.

Args:

X (numpy.ndarray): the dequantized dataset
configuration (Optional[Configuration]): the options for compilation
compilation_artifacts (Optional[DebugArtifacts]): artifacts object to fill during compilation
show_mlir (bool): whether or not to show MLIR during the compilation
use_virtual_lib (bool): whether to compile using the virtual library that allows higher bitwidths
p_error (float): probability of error of a single PBS
global_p_error (float): probability of error of the full circuit. Not simulated by the VL, i.e., taken as 0
verbose_compilation (bool): whether to show compilation information

.. # noqa: DAR202

Returns:

Circuit: the compiled Circuit.

method `fit`

fit(X: 'ndarray', y: 'ndarray', **fit_params) → ConcreteBaseEstimatorProtocol

Initialize and fit the module.

Args:

X : training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): labels associated with training data
**fit_params: additional parameters that can be used during training

.. # noqa: DAR202

Returns:

ConcreteBaseEstimatorProtocol: the trained estimator

method `fit_benchmark`

fit_benchmark(
    X: 'ndarray',
    y: 'ndarray',
    *args,
    **kwargs
) → Tuple[ConcreteBaseEstimatorProtocol, BaseEstimator]

Fit the quantized estimator and return reference estimator.

Args:

X : training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): labels associated with training data
*args: The arguments to pass to the underlying model.
**kwargs: The keyword arguments to pass to the underlying model.

.. # noqa: DAR202

Returns:

self: self fitted
model: underlying estimator

method `post_processing`

post_processing(y_preds: 'ndarray') → ndarray

Post-process models predictions.

Args:

y_preds (numpy.ndarray): predicted values by model (clear-quantized)

.. # noqa: DAR202

Returns:

numpy.ndarray: the post-processed predictions

method `predict`

predict(X: 'ndarray', execute_in_fhe: 'bool') → ndarray

Predicts for each sample the expected value.

Args:

X (numpy.ndarray): Features
execute_in_fhe (bool): Whether the inference should be done in fhe or not.

.. # noqa: DAR202

Returns: numpy.ndarray

concrete.ml.sklearn.qnn.md

module `concrete.ml.sklearn.qnn`

Scikit-learn interface for concrete quantized neural networks.

Global Variables

MAX_BITWIDTH_BACKWARD_COMPATIBLE

class `SparseQuantNeuralNetImpl`

Sparse Quantized Neural Network classifier.

This class implements an MLP that is compatible with FHE constraints. The weights and activations are quantized to low bitwidth and pruning is used to ensure accumulators do not surpass an user-provided accumulator bit-width. The number of classes and number of layers are specified by the user, as well as the breadth of the network

method `init`

__init__(
    input_dim,
    n_layers,
    n_outputs,
    n_hidden_neurons_multiplier=4,
    n_w_bits=3,
    n_a_bits=3,
    n_accum_bits=8,
    activation_function=<class 'torch.nn.modules.activation.ReLU'>,
    quant_narrow=False,
    quant_signed=True
)

Sparse Quantized Neural Network constructor.

Args:

input_dim: Number of dimensions of the input data
n_layers: Number of linear layers for this network
n_outputs: Number of output classes or regression targets
n_w_bits: Number of weight bits
n_a_bits: Number of activation and input bits
n_accum_bits: Maximal allowed bitwidth of intermediate accumulators
n_hidden_neurons_multiplier: A factor that is multiplied by the maximal number of active (non-zero weight) neurons for every layer. The maximal number of neurons in the worst case scenario is: 2^n_max-1 max_active_neurons(n_max, n_w, n_a) = floor(---------------------) (2^n_w-1)*(2^n_a-1) ) The worst case scenario for the bitwidth of the accumulator is when all weights and activations are maximum simultaneously. We set, for each layer, the total number of neurons to be: n_hidden_neurons_multiplier * max_active_neurons(n_accum_bits, n_w_bits, n_a_bits) Through experiments, for typical distributions of weights and activations, the default value for n_hidden_neurons_multiplier, 4, is safe to avoid overflow.
activation_function: a torch class that is used to construct activation functions in the network (e.g. torch.ReLU, torch.SELU, torch.Sigmoid, etc)
quant_narrow : whether this network should use narrow range quantized integer values
quant_signed : whether to use signed quantized integer values

Raises:

ValueError: if the parameters have invalid values or the computed accumulator bitwidth is zero

method `enable_pruning`

enable_pruning()

Enable pruning in the network. Pruning must be made permanent to recover pruned weights.

Raises:

ValueError: if the quantization parameters are invalid

method `forward`

forward(x)

Forward pass.

Args:

x (torch.Tensor): network input

Returns:

x (torch.Tensor): network prediction

method `make_pruning_permanent`

make_pruning_permanent()

Make the learned pruning permanent in the network.

method `max_active_neurons`

max_active_neurons()

Compute the maximum number of active (non-zero weight) neurons.

The computation is done using the quantization parameters passed to the constructor. Warning: With the current quantization algorithm (asymmetric) the value returned by this function is not guaranteed to ensure FHE compatibility. For some weight distributions, weights that are 0 (which are pruned weights) will not be quantized to 0. Therefore the total number of active quantized neurons will not be equal to max_active_neurons.

Returns:

n (int): maximum number of active neurons

method `on_train_end`

on_train_end()

Call back when training is finished, can be useful to remove training hooks.

class `QuantizedSkorchEstimatorMixin`

Mixin class that adds quantization features to Skorch NN estimators.

property base_estimator_type

Get the sklearn estimator that should be trained by the child class.

property base_module_to_compile

Get the module that should be compiled to FHE. In our case this is a torch nn.Module.

Returns:

module (nn.Module): the instantiated torch module

property fhe_circuit

Get the FHE circuit.

Returns:

Circuit: the FHE circuit

property input_quantizers

Get the input quantizers.

Returns:

List[Quantizer]: the input quantizers

property n_bits_quant

Return the number of quantization bits.

This is stored by the torch.nn.module instance and thus cannot be retrieved until this instance is created.

Returns:

n_bits (int): the number of bits to quantize the network

Raises:

ValueError: with skorch estimators, the module_ is not instantiated until .fit() is called. Thus this estimator needs to be .fit() before we get the quantization number of bits. If it is not trained we raise an exception

property onnx_model

Get the ONNX model.

.. # noqa: DAR201

Returns:

_onnx_model_ (onnx.ModelProto): the ONNX model

property output_quantizers

Get the input quantizers.

Returns:

List[QuantizedArray]: the input quantizers

property quantize_input

Get the input quantization function.

Returns:

Callable : function that quantizes the input

method `get_params_for_benchmark`

get_params_for_benchmark()

Get parameters for benchmark when cloning a skorch wrapped NN.

We must remove all parameters related to the module. Skorch takes either a class or a class instance for the module parameter. We want to pass our trained model, a class instance. But for this to work, we need to remove all module related constructor params. If not, skorch will instantiate a new class instance of the same type as the passed module see skorch net.py NeuralNet::initialize_instance

Returns:

params (dict): parameters to create an equivalent fp32 sklearn estimator for benchmark

method `infer`

infer(x, **fit_params)

Perform a single inference step on a batch of data.

This method is specific to Skorch estimators.

Args:

x (torch.Tensor): A batch of the input data, produced by a Dataset
**fit_params (dict) : Additional parameters passed to the forward method of the module and to the self.train_split call.

Returns: A torch tensor with the inference results for each item in the input

method `on_train_end`

on_train_end(net, X=None, y=None, **kwargs)

Call back when training is finished by the skorch wrapper.

Check if the underlying neural net has a callback for this event and, if so, call it.

Args:

net: estimator for which training has ended (equal to self)
X: data
y: targets
kwargs: other arguments

class `FixedTypeSkorchNeuralNet`

A mixin with a helpful modification to a skorch estimator that fixes the module type.

method `get_params`

get_params(deep=True, **kwargs)

Get parameters for this estimator.

Args:

deep (bool): If True, will return the parameters for this estimator and contained subobjects that are estimators.
**kwargs: any additional parameters to pass to the sklearn BaseEstimator class

Returns:

params : dict, Parameter names mapped to their values.

class `NeuralNetClassifier`

Scikit-learn interface for quantized FHE compatible neural networks.

This class wraps a quantized NN implemented using our Torch tools as a scikit-learn Estimator. It uses the skorch package to handle training and scikit-learn compatibility, and adds quantization and compilation functionality. The neural network implemented by this class is a multi layer fully connected network trained with Quantization Aware Training (QAT).

The datatypes that are allowed for prediction by this wrapper are more restricted than standard scikit-learn estimators as this class needs to predict in FHE and network inference executor is the NumpyModule.

method `init`

__init__(
    *args,
    criterion=<class 'torch.nn.modules.loss.CrossEntropyLoss'>,
    classes=None,
    optimizer=<class 'torch.optim.adam.Adam'>,
    **kwargs
)

property base_estimator_type

property base_module_to_compile

Get the module that should be compiled to FHE. In our case this is a torch nn.Module.

Returns:

module (nn.Module): the instantiated torch module

property classes_

property fhe_circuit

Get the FHE circuit.

Returns:

Circuit: the FHE circuit

property history

property input_quantizers

Get the input quantizers.

Returns:

List[Quantizer]: the input quantizers

property n_bits_quant

Return the number of quantization bits.

This is stored by the torch.nn.module instance and thus cannot be retrieved until this instance is created.

Returns:

n_bits (int): the number of bits to quantize the network

Raises:

ValueError: with skorch estimators, the module_ is not instantiated until .fit() is called. Thus this estimator needs to be .fit() before we get the quantization number of bits. If it is not trained we raise an exception

property onnx_model

Get the ONNX model.

.. # noqa: DAR201

Returns:

_onnx_model_ (onnx.ModelProto): the ONNX model

property output_quantizers

Get the input quantizers.

Returns:

List[QuantizedArray]: the input quantizers

property quantize_input

Get the input quantization function.

Returns:

Callable : function that quantizes the input

method `fit`

fit(X, y, **fit_params)

method `get_params`

get_params(deep=True, **kwargs)

Get parameters for this estimator.

Args:

deep (bool): If True, will return the parameters for this estimator and contained subobjects that are estimators.
**kwargs: any additional parameters to pass to the sklearn BaseEstimator class

Returns:

params : dict, Parameter names mapped to their values.

method `get_params_for_benchmark`

get_params_for_benchmark()

Get parameters for benchmark when cloning a skorch wrapped NN.

Returns:

params (dict): parameters to create an equivalent fp32 sklearn estimator for benchmark

method `infer`

infer(x, **fit_params)

Perform a single inference step on a batch of data.

This method is specific to Skorch estimators.

Args:

x (torch.Tensor): A batch of the input data, produced by a Dataset
**fit_params (dict) : Additional parameters passed to the forward method of the module and to the self.train_split call.

Returns: A torch tensor with the inference results for each item in the input

method `on_train_end`

on_train_end(net, X=None, y=None, **kwargs)

Call back when training is finished by the skorch wrapper.

Check if the underlying neural net has a callback for this event and, if so, call it.

Args:

net: estimator for which training has ended (equal to self)
X: data
y: targets
kwargs: other arguments

method `predict`

predict(X, execute_in_fhe=False)

Predict on user provided data.

Predicts using the quantized clear or FHE classifier

Args:

X : input data, a numpy array of raw values (non quantized)
execute_in_fhe : whether to execute the inference in FHE or in the clear

Returns:

y_pred : numpy ndarray with predictions

class `NeuralNetRegressor`

Scikit-learn interface for quantized FHE compatible neural networks.

method `init`

__init__(*args, optimizer=<class 'torch.optim.adam.Adam'>, **kwargs)

property base_estimator_type

property base_module_to_compile

Get the module that should be compiled to FHE. In our case this is a torch nn.Module.

Returns:

module (nn.Module): the instantiated torch module

property fhe_circuit

Get the FHE circuit.

Returns:

Circuit: the FHE circuit

property history

property input_quantizers

Get the input quantizers.

Returns:

List[Quantizer]: the input quantizers

property n_bits_quant

Return the number of quantization bits.

This is stored by the torch.nn.module instance and thus cannot be retrieved until this instance is created.

Returns:

n_bits (int): the number of bits to quantize the network

Raises:

ValueError: with skorch estimators, the module_ is not instantiated until .fit() is called. Thus this estimator needs to be .fit() before we get the quantization number of bits. If it is not trained we raise an exception

property onnx_model

Get the ONNX model.

.. # noqa: DAR201

Returns:

_onnx_model_ (onnx.ModelProto): the ONNX model

property output_quantizers

Get the input quantizers.

Returns:

List[QuantizedArray]: the input quantizers

property quantize_input

Get the input quantization function.

Returns:

Callable : function that quantizes the input

method `fit`

fit(X, y, **fit_params)

method `get_params`

get_params(deep=True, **kwargs)

Get parameters for this estimator.

Args:

deep (bool): If True, will return the parameters for this estimator and contained subobjects that are estimators.
**kwargs: any additional parameters to pass to the sklearn BaseEstimator class

Returns:

params : dict, Parameter names mapped to their values.

method `get_params_for_benchmark`

get_params_for_benchmark()

Get parameters for benchmark when cloning a skorch wrapped NN.

Returns:

params (dict): parameters to create an equivalent fp32 sklearn estimator for benchmark

method `infer`

infer(x, **fit_params)

Perform a single inference step on a batch of data.

This method is specific to Skorch estimators.

Args:

x (torch.Tensor): A batch of the input data, produced by a Dataset
**fit_params (dict) : Additional parameters passed to the forward method of the module and to the self.train_split call.

Returns: A torch tensor with the inference results for each item in the input

method `on_train_end`

on_train_end(net, X=None, y=None, **kwargs)

Call back when training is finished by the skorch wrapper.

Check if the underlying neural net has a callback for this event and, if so, call it.

Args:

net: estimator for which training has ended (equal to self)
X: data
y: targets
kwargs: other arguments

concrete.ml.sklearn.base.md

module `concrete.ml.sklearn.base`

Module that contains base classes for our libraries estimators.

Global Variables

OPSET_VERSION_FOR_ONNX_EXPORT

function `get_sklearn_models`

Return the list of available models in Concrete-ML.

Returns: the lists of models in Concrete-ML

function `get_sklearn_linear_models`

Return the list of available linear models in Concrete-ML.

Args:

classifier (bool): whether you want classifiers or not
regressor (bool): whether you want regressors or not
str_in_class_name (str): if not None, only return models with this as a substring in the class name

Returns: the lists of linear models in Concrete-ML

function `get_sklearn_tree_models`

Return the list of available tree models in Concrete-ML.

Args:

classifier (bool): whether you want classifiers or not
regressor (bool): whether you want regressors or not
str_in_class_name (str): if not None, only return models with this as a substring in the class name

Returns: the lists of tree models in Concrete-ML

function `get_sklearn_neural_net_models`

Return the list of available neural net models in Concrete-ML.

Args:

classifier (bool): whether you want classifiers or not
regressor (bool): whether you want regressors or not
str_in_class_name (str): if not None, only return models with this as a substring in the class name

Returns: the lists of neural net models in Concrete-ML

class `QuantizedTorchEstimatorMixin`

Mixin that provides quantization for a torch module and follows the Estimator API.

This class should be mixed in with another that provides the full Estimator API. This class only provides modifiers for .fit() (with quantization) and .predict() (optionally in FHE)

method `init`

property base_estimator_type

Get the sklearn estimator that should be trained by the child class.

property base_module_to_compile

Get the Torch module that should be compiled to FHE.

property fhe_circuit

Get the FHE circuit.

Returns:

Circuit: the FHE circuit

property input_quantizers

Get the input quantizers.

Returns:

List[Quantizer]: the input quantizers

property n_bits_quant

Get the number of quantization bits.

property onnx_model

Get the ONNX model.

.. # noqa: DAR201

Returns:

_onnx_model_ (onnx.ModelProto): the ONNX model

property output_quantizers

Get the input quantizers.

Returns:

List[QuantizedArray]: the input quantizers

property quantize_input

Get the input quantization function.

Returns:

Callable : function that quantizes the input

method `compile`

Compile the model.

Args:

X (numpy.ndarray): the dequantized dataset
configuration (Optional[Configuration]): the options for compilation
compilation_artifacts (Optional[DebugArtifacts]): artifacts object to fill during compilation
show_mlir (bool): whether or not to show MLIR during the compilation
use_virtual_lib (bool): whether to compile using the virtual library that allows higher bitwidths
p_error (Optional[float]): probability of error of a single PBS
global_p_error (Optional[float]): probability of error of the full circuit. Not simulated by the VL, i.e., taken as 0
verbose_compilation (bool): whether to show compilation information

Returns:

Circuit: the compiled Circuit.

Raises:

ValueError: if called before the model is trained

method `fit`

Initialize and fit the module.

If the module was already initialized, by calling fit, the module will be re-initialized (unless warm_start is True). In addition to the torch training step, this method performs quantization of the trained torch model.

Args:

X : training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): labels associated with training data
**fit_params: additional parameters that can be used during training, these are passed to the torch training interface

Returns:

self: the trained quantized estimator

method `fit_benchmark`

Fit the quantized estimator as well as its equivalent float estimator.

This function returns both the quantized estimator (itself) as well as its non-quantized (float) equivalent, which are both trained separately. This is useful in order to compare performances between quantized and fp32 versions.

Args:

X : The training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): The labels associated with the training data
*args: The arguments to pass to the sklearn linear model.
**kwargs: The keyword arguments to pass to the sklearn linear model.

Returns:

self: The trained quantized estimator
fp32_model: The trained float equivalent estimator

method `get_params_for_benchmark`

Get the parameters to instantiate the sklearn estimator trained by the child class.

Returns:

params (dict): dictionary with parameters that will initialize a new Estimator

method `post_processing`

Post-processing the output.

Args:

y_preds (numpy.ndarray): the output to post-process

Raises:

ValueError: if unknown post-processing function

Returns:

numpy.ndarray: the post-processed output

method `predict`

Predict on user provided data.

Predicts using the quantized clear or FHE classifier

Args:

X : input data, a numpy array of raw values (non quantized)
execute_in_fhe : whether to execute the inference in FHE or in the clear

Returns:

y_pred : numpy ndarray with predictions

method `predict_proba`

Predict on user provided data, returning probabilities.

Predicts using the quantized clear or FHE classifier

Args:

X : input data, a numpy array of raw values (non quantized)
execute_in_fhe : whether to execute the inference in FHE or in the clear

Returns:

y_pred : numpy ndarray with probabilities (if applicable)

Raises:

ValueError: if the estimator was not yet trained or compiled

class `BaseTreeEstimatorMixin`

Mixin class for tree-based estimators.

A place to share methods that are used on all tree-based estimators.

method `init`

Initialize the TreeBasedEstimatorMixin.

Args:

n_bits (int): number of bits used for quantization

property onnx_model

Get the ONNX model.

.. # noqa: DAR201

Returns:

onnx.ModelProto: the ONNX model

method `compile`

Compile the model.

Args:

X (numpy.ndarray): the dequantized dataset
configuration (Optional[Configuration]): the options for compilation
compilation_artifacts (Optional[DebugArtifacts]): artifacts object to fill during compilation
show_mlir (bool): whether or not to show MLIR during the compilation
use_virtual_lib (bool): set to True to use the so called virtual lib simulating FHE computation. Defaults to False
p_error (Optional[float]): probability of error of a single PBS
global_p_error (Optional[float]): probability of error of the full circuit. Not simulated by the VL, i.e., taken as 0
verbose_compilation (bool): whether to show compilation information

Returns:

Circuit: the compiled Circuit.

method `dequantize_output`

Dequantize the integer predictions.

Args:

y_preds (numpy.ndarray): the predictions

Returns: the dequantized predictions

method `fit_benchmark`

Fit the sklearn tree-based model and the FHE tree-based model.

Args:

X (numpy.ndarray): The input data.
y (numpy.ndarray): The target data. random_state (Optional[Union[int, numpy.random.RandomState, None]]): The random state. Defaults to None.
*args: args for super().fit
**kwargs: kwargs for super().fit

Returns: Tuple[ConcreteEstimators, SklearnEstimators]: The FHE and sklearn tree-based models.

method `quantize_input`

Quantize the input.

Args:

X (numpy.ndarray): the input

Returns: the quantized input

class `BaseTreeRegressorMixin`

Mixin class for tree-based regressors.

A place to share methods that are used on all tree-based regressors.

method `init`

Initialize the TreeBasedEstimatorMixin.

Args:

n_bits (int): number of bits used for quantization

property onnx_model

Get the ONNX model.

.. # noqa: DAR201

Returns:

onnx.ModelProto: the ONNX model

method `compile`

Compile the model.

Args:

X (numpy.ndarray): the dequantized dataset
configuration (Optional[Configuration]): the options for compilation
compilation_artifacts (Optional[DebugArtifacts]): artifacts object to fill during compilation
show_mlir (bool): whether or not to show MLIR during the compilation
use_virtual_lib (bool): set to True to use the so called virtual lib simulating FHE computation. Defaults to False
p_error (Optional[float]): probability of error of a single PBS
global_p_error (Optional[float]): probability of error of the full circuit. Not simulated by the VL, i.e., taken as 0
verbose_compilation (bool): whether to show compilation information

Returns:

Circuit: the compiled Circuit.

method `dequantize_output`

Dequantize the integer predictions.

Args:

y_preds (numpy.ndarray): the predictions

Returns: the dequantized predictions

method `fit`

Fit the tree-based estimator.

Args:

X : training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): The target data.
**kwargs: args for super().fit

Returns:

Any: The fitted model.

method `fit_benchmark`

Fit the sklearn tree-based model and the FHE tree-based model.

Args:

X (numpy.ndarray): The input data.
y (numpy.ndarray): The target data. random_state (Optional[Union[int, numpy.random.RandomState, None]]): The random state. Defaults to None.
*args: args for super().fit
**kwargs: kwargs for super().fit

Returns: Tuple[ConcreteEstimators, SklearnEstimators]: The FHE and sklearn tree-based models.

method `post_processing`

Apply post-processing to the predictions.

Args:

y_preds (numpy.ndarray): The predictions.

Returns:

numpy.ndarray: The post-processed predictions.

method `predict`

Predict the probability.

Args:

X (numpy.ndarray): The input data.
execute_in_fhe (bool): Whether to execute in FHE. Defaults to False.

Returns:

numpy.ndarray: The predicted probabilities.

method `quantize_input`

Quantize the input.

Args:

X (numpy.ndarray): the input

Returns: the quantized input

class `BaseTreeClassifierMixin`

Mixin class for tree-based classifiers.

A place to share methods that are used on all tree-based classifiers.

method `init`

Initialize the TreeBasedEstimatorMixin.

Args:

n_bits (int): number of bits used for quantization

property onnx_model

Get the ONNX model.

.. # noqa: DAR201

Returns:

onnx.ModelProto: the ONNX model

method `compile`

Compile the model.

Args:

X (numpy.ndarray): the dequantized dataset
configuration (Optional[Configuration]): the options for compilation
compilation_artifacts (Optional[DebugArtifacts]): artifacts object to fill during compilation
show_mlir (bool): whether or not to show MLIR during the compilation
use_virtual_lib (bool): set to True to use the so called virtual lib simulating FHE computation. Defaults to False
p_error (Optional[float]): probability of error of a single PBS
global_p_error (Optional[float]): probability of error of the full circuit. Not simulated by the VL, i.e., taken as 0
verbose_compilation (bool): whether to show compilation information

Returns:

Circuit: the compiled Circuit.

method `dequantize_output`

Dequantize the integer predictions.

Args:

y_preds (numpy.ndarray): the predictions

Returns: the dequantized predictions

method `fit`

Fit the tree-based estimator.

Args:

X : training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): The target data.
**kwargs: args for super().fit

Returns:

Any: The fitted model.

method `fit_benchmark`

Fit the sklearn tree-based model and the FHE tree-based model.

Args:

X (numpy.ndarray): The input data.
y (numpy.ndarray): The target data. random_state (Optional[Union[int, numpy.random.RandomState, None]]): The random state. Defaults to None.
*args: args for super().fit
**kwargs: kwargs for super().fit

Returns: Tuple[ConcreteEstimators, SklearnEstimators]: The FHE and sklearn tree-based models.

method `post_processing`

Apply post-processing to the predictions.

Args:

y_preds (numpy.ndarray): The predictions.

Returns:

numpy.ndarray: The post-processed predictions.

method `predict`

Predict the class with highest probability.

Args:

X (numpy.ndarray): The input data.
execute_in_fhe (bool): Whether to execute in FHE. Defaults to False.

Returns:

numpy.ndarray: The predicted target values.

method `predict_proba`

Predict the probability.

Args:

X (numpy.ndarray): The input data.
execute_in_fhe (bool): Whether to execute in FHE. Defaults to False.

Returns:

numpy.ndarray: The predicted probabilities.

method `quantize_input`

Quantize the input.

Args:

X (numpy.ndarray): the input

Returns: the quantized input

class `SklearnLinearModelMixin`

A Mixin class for sklearn linear models with FHE.

method `init`

Initialize the FHE linear model.

Args:

n_bits (int, Dict[str, int]): Number of bits to quantize the model. If an int is passed for n_bits, the value will be used for quantizing inputs and weights. If a dict is passed, then it should contain "op_inputs" and "op_weights" as keys with corresponding number of quantization bits so that: - op_inputs : number of bits to quantize the input values - op_weights: number of bits to quantize the learned parameters Default to 8.
*args: The arguments to pass to the sklearn linear model.
**kwargs: The keyword arguments to pass to the sklearn linear model.

method `clean_graph`

Clean the graph of the onnx model.

This will remove the Cast node in the model's onnx.graph since they have no use in quantized or FHE models.

method `compile`

Compile the FHE linear model.

Args:

X (numpy.ndarray): The input data.
configuration (Optional[Configuration]): Configuration object to use during compilation
compilation_artifacts (Optional[DebugArtifacts]): Artifacts object to fill during compilation
show_mlir (bool): If set, the MLIR produced by the converter and which is going to be sent to the compiler backend is shown on the screen, e.g., for debugging or demo. Defaults to False.
use_virtual_lib (bool): Whether to compile using the virtual library that allows higher bitwidths with simulated FHE computation. Defaults to False
p_error (Optional[float]): Probability of error of a single PBS
global_p_error (Optional[float]): probability of error of the full circuit. Not simulated by the VL, i.e., taken as 0
verbose_compilation (bool): whether to show compilation information

Returns:

Circuit: The compiled Circuit.

method `dequantize_output`

Dequantize the output.

Args:

q_y_preds (numpy.ndarray): The quantized output to dequantize

Returns:

numpy.ndarray: The dequantized output

method `fit`

Fit the FHE linear model.

Args:

X : Training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): The target data.
*args: The arguments to pass to the sklearn linear model.
**kwargs: The keyword arguments to pass to the sklearn linear model.

Returns: Any

method `fit_benchmark`

Fit the sklearn linear model and the FHE linear model.

Args:

X (numpy.ndarray): The input data.
y (numpy.ndarray): The target data. random_state (Optional[Union[int, numpy.random.RandomState, None]]): The random state. Defaults to None.
*args: The arguments to pass to the sklearn linear model. or not (False). Default to False.
*args: Arguments for super().fit
**kwargs: Keyword arguments for super().fit

Returns: Tuple[SklearnLinearModelMixin, sklearn.linear_model.LinearRegression]: The FHE and sklearn LinearRegression.

method `post_processing`

Post-processing the quantized output.

For linear models, post-processing only considers a dequantization step.

Args:

y_preds (numpy.ndarray): The quantized outputs to post-process

Returns:

numpy.ndarray: The post-processed output

method `predict`

Predict on user data.

Predict on user data using either the quantized clear model, implemented with tensors, or, if execute_in_fhe is set, using the compiled FHE circuit

Args:

X (numpy.ndarray): The input data
execute_in_fhe (bool): Whether to execute the inference in FHE

Returns:

numpy.ndarray: The prediction as ordinals

method `quantize_input`

Quantize the input.

Args:

X (numpy.ndarray): The input to quantize

Returns:

numpy.ndarray: The quantized input

class `SklearnLinearClassifierMixin`

A Mixin class for sklearn linear classifiers with FHE.

method `init`

Initialize the FHE linear model.

Args:

n_bits (int, Dict[str, int]): Number of bits to quantize the model. If an int is passed for n_bits, the value will be used for quantizing inputs and weights. If a dict is passed, then it should contain "op_inputs" and "op_weights" as keys with corresponding number of quantization bits so that: - op_inputs : number of bits to quantize the input values - op_weights: number of bits to quantize the learned parameters Default to 8.
*args: The arguments to pass to the sklearn linear model.
**kwargs: The keyword arguments to pass to the sklearn linear model.

method `clean_graph`

Clean the graph of the onnx model.

Any operators following gemm, including the sigmoid, softmax and argmax operators, are removed from the graph. They will be executed in clear in the post-processing method.

method `compile`

Compile the FHE linear model.

Args:

X (numpy.ndarray): The input data.
configuration (Optional[Configuration]): Configuration object to use during compilation
compilation_artifacts (Optional[DebugArtifacts]): Artifacts object to fill during compilation
show_mlir (bool): If set, the MLIR produced by the converter and which is going to be sent to the compiler backend is shown on the screen, e.g., for debugging or demo. Defaults to False.
use_virtual_lib (bool): Whether to compile using the virtual library that allows higher bitwidths with simulated FHE computation. Defaults to False
p_error (Optional[float]): Probability of error of a single PBS
global_p_error (Optional[float]): probability of error of the full circuit. Not simulated by the VL, i.e., taken as 0
verbose_compilation (bool): whether to show compilation information

Returns:

Circuit: The compiled Circuit.

method `decision_function`

Predict confidence scores for samples.

Args:

X (numpy.ndarray): Samples to predict.
execute_in_fhe (bool): If True, the inference will be executed in FHE. Default to False.

Returns:

numpy.ndarray: Confidence scores for samples.

method `dequantize_output`

Dequantize the output.

Args:

q_y_preds (numpy.ndarray): The quantized output to dequantize

Returns:

numpy.ndarray: The dequantized output

method `fit`

Fit the FHE linear model.

Args:

X : Training data By default, you should be able to pass: * numpy arrays * torch tensors * pandas DataFrame or Series
y (numpy.ndarray): The target data.
*args: The arguments to pass to the sklearn linear model.
**kwargs: The keyword arguments to pass to the sklearn linear model.

Returns: Any

method `fit_benchmark`

Fit the sklearn linear model and the FHE linear model.

Args:

X (numpy.ndarray): The input data.
y (numpy.ndarray): The target data. random_state (Optional[Union[int, numpy.random.RandomState, None]]): The random state. Defaults to None.
*args: The arguments to pass to the sklearn linear model. or not (False). Default to False.
*args: Arguments for super().fit
**kwargs: Keyword arguments for super().fit

Returns: Tuple[SklearnLinearModelMixin, sklearn.linear_model.LinearRegression]: The FHE and sklearn LinearRegression.

method `post_processing`

Post-processing the predictions.

This step may include a dequantization of the inputs if not done previously, in particular within the client-server workflow.

Args:

y_preds (numpy.ndarray): The predictions to post-process.
already_dequantized (bool): Whether the inputs were already dequantized or not. Default to False.

Returns:

numpy.ndarray: The post-processed predictions.

method `predict`

Predict on user data.

Predict on user data using either the quantized clear model, implemented with tensors, or, if execute_in_fhe is set, using the compiled FHE circuit.

Args:

X (numpy.ndarray): Samples to predict.
execute_in_fhe (bool): If True, the inference will be executed in FHE. Default to False.

Returns:

numpy.ndarray: The prediction as ordinals.

method `predict_proba`

Predict class probabilities for samples.

Args:

X (numpy.ndarray): Samples to predict.
execute_in_fhe (bool): If True, the inference will be executed in FHE. Default to False.

Returns:

numpy.ndarray: Class probabilities for samples.

method `quantize_input`

Quantize the input.

Args:

X (numpy.ndarray): The input to quantize

Returns:

numpy.ndarray: The quantized input