With modules
This document explains how to compile Fully Homomorphic Encryption (FHE) modules containing multiple functions using Concrete.
Deploying a server that contains many compatible functions is important for some use cases. With Concrete, you can compile FHE modules containing as many functions as needed.
These modules support the composition of different functions, meaning that the encrypted result of one function can be used as the input for another function without needing to decrypt it first. Additionally, a module is deployed in a single artifact, making it as simple to use as a single-function project.
Single inputs / outputs
The following example demonstrates how to create an FHE module:
Then, to compile the Counter
module, use the compile
method with a dictionary of input-sets for each function:
After the module is compiled, you can encrypt and call the different functions as follows:
You can generate the keyset beforehand by calling keygen()
method on the compiled module:
Multi inputs / outputs
Composition is not limited to single input / single output. Here is an example that computes the 10 first elements of the Fibonacci sequence in FHE:
Executing this script will provide the following output:
Iterations
Modules support iteration with cleartext iterands to some extent, particularly for loops structured like this:
Unbounded loops or complex dynamic conditions are also supported, as long as these conditions are computed in pure cleartext in Python. The following example computes the Collatz sequence:
This script prints the following output:
In this example, a while loop iterates until the decrypted value equals 1. The loop body is implemented in FHE, but the iteration control must be in cleartext.
Runtime optimization
By default, when using modules, all inputs and outputs of every function are compatible, sharing the same precision and crypto-parameters. This approach applies the crypto-parameters of the most costly code path to all code paths. This simplicity may be costly and unnecessary for some use cases.
To optimize runtime, we provide finer-grained control over the composition policy via the composition
module attribute. Here is an example:
You have 3 options for the composition
attribute:
fhe.AllComposable
(default): This policy ensures that all ciphertexts used in the module are compatible. It is the least restrictive policy but the most costly in terms of performance.fhe.NotComposable
: This policy is the most restrictive but the least costly. It is suitable when you do not need any composition and only want to pack multiple functions in a single artifact.fhe.Wired
: This policy allows you to define custom composition rules. You can specify which outputs of a function can be forwarded to which inputs of another function.
Note that, in case of complex composition logic another option is to rely on [[composing_functions_with_modules#Automatic module tracing]] to automatically derive the composition from examples.
In this case, the policy states that the first output of the collatz
function can be forwarded to the first input of collatz
, but not the second output (which is decrypted every time, and used for control flow).
You can use the fhe.Wire
between any two functions. It is also possible to define wires with fhe.AllInputs
and fhe.AllOutputs
ends. For instance, in the previous example:
This policy would be equivalent to using the fhe.AllComposable
policy.
Automatic module tracing
When a module's composition logic is static and straightforward, declaratively defining a Wired
policy is usually the simplest approach. However, in cases where modules have more complex or dynamic composition logic, deriving an accurate list of Wire
components to be used in the policy can become challenging.
Another related problem is defining different function input-sets. When the composition logic is simple, these can be provided manually. But as the composition gets more convoluted, computing a consistent ensemble of inputsets for a module may become intractable.
For those advanced cases, you can derive the composition rules and the input-sets automatically from user-provided examples. Consider the following module:
You can use the wire_pipeline
context manager to activate the module tracing functionality:
Note that any dynamic branching is possible during module tracing. However, for complex runtime logic, ensure that the input set provides sufficient examples to cover all potential code paths.
Current Limitations
Depending on the functions, composition may add a significant overhead compared to a non-composable version.
To be composable, a function must meet the following condition: every output that can be forwarded as input (according to the composition policy) must contain a noise-refreshing operation. Since adding a noise refresh has a noticeable impact on performance, Concrete does not automatically include it.
For instance, to implement a function that doubles an encrypted value, you might write:
This function is valid with the fhe.NotComposable
policy. However, if compiled with the fhe.AllComposable
policy, it will raise a RuntimeError: Program cannot be composed: ...
, indicating that an extra Programmable Bootstrapping (PBS) step must be added.
To resolve this and make the circuit valid, add a PBS at the end of the circuit:
Last updated