Concrete generates keys for you implicitly when they are needed and if they are not generated already. This is useful for development, but it's not flexible (or secure!) for production. Explicit key management API is introduced to be used in such cases to easily generate and re-use keys.
Let's start by defining a circuit:
Circuits have a property called keys
of type fhe.Keys
, which has several utility functions dedicated to key management!
To explicitly generate keys for a circuit, you can use:
Generated keys are stored in memory upon generation, unencrypted.
And it's possible to set a custom seed for reproducibility:
Do not specify the seed manually in a production environment!
To serialize keys, say to send it across the network:
Keys are not serialized encrypted! Please make sure you keep them in a safe environment, or encrypt them manually after serialization.
To deserialize the keys back, after receiving serialized keys:
Once you have a valid fhe.Keys
object, you can directly assign it to the circuit:
If assigned keys are generated for a different circuit, an exception would be raised.
You can also use the filesystem to store the keys directly, without needing to deal with serialization and file management yourself:
Keys are not saved encrypted! Please make sure you store them in a safe environment, or encrypt them manually after saving.
After keys are saved to disk, you can load them back anytime:
Lastly, if you want to generate keys in the first run and reuse the keys in consecutive runs: