Deploy

This document explains how to deploy a circuit after the development. After developing your circuit, you may want to deploy it without sharing the circuit's details with every client or hosting computations on dedicated servers. In this scenario, you can use the Client and Server features of Concrete.

Deployment process

In a typical Concrete deployment:

The server hosts the compilation artifact, including client specifications and the FHE executable.
The client requests circuit requirements, generates keys, sends an encrypted payload, and receives an encrypted result.

sequenceDiagram
    Client->>Server: Client specifications?
    Server-->>Client: Client specifications
    Client->>Client: Private + Evaluation Keys Generation
    Client->>Server: Encrypted(data) + Evaluation Key
    Server->>Server: Compiled library execution
    Server-->>Client: Encrypted(result)
    Client->>Client: Decrypt(result)

Example

Follow these steps to deploy your circuit:

Develop the circuit: You can develop your own circuit using the techniques discussed in previous chapters. Here is an example.

from concrete import fhe

@fhe.compiler({"x": "encrypted"})
def function(x):
    return x + 42

inputset = range(10)
circuit = function.compile(inputset)

Save the server files: Once you have your circuit, save the necessary server files.

circuit.server.save("server.zip")

Send the server files: Send server.zip to your computation server.

Setting up a server

Load the server files: To set up the server, load the server.zip file received from the development machine.

from concrete import fhe

server = fhe.Server.load("server.zip")

Prepare for client requests: The server needs to wait for the requests from clients.
Serialize ClientSpecs: The requests typically starts with ClientSpecs as clients need ClientSpecs to generate keys and request computation.

serialized_client_specs: str = server.client_specs.serialize()

Send serialized ClientSpecs to clients.

Setting up clients

Create the client object: After receiving the serialized ClientSpecs from a server, create the Client object.

client_specs = fhe.ClientSpecs.deserialize(serialized_client_specs)
client = fhe.Client(client_specs)

Generating keys (client-side)

Generate keys: Once you have the Client object, perform key generation. This method generates encryption/decryption keys and evaluation keys.

client.keys.generate()

Serialize the evaluation keys: The server needs access to the evaluation keys. You can serialize your evaluation keys as below.

serialized_evaluation_keys: bytes = client.evaluation_keys.serialize()

Send the evaluation keys to the server.

Serialized evaluation keys are very large, even if they are compressed and can be reused several times: consider caching them on the server

Encrypting inputs (client-side)

Encrypt inputs: Encrypt your inputs and request the server to perform some computation. This can be done in the following way.

arg: fhe.Value = client.encrypt(7)
serialized_arg: bytes = arg.serialize()

Send the serialized arguments to the server.

Performing computation (server-side)

Deserialize received data: On the server, deserialize the received evaluation keys and arguments received from the client.

deserialized_evaluation_keys = fhe.EvaluationKeys.deserialize(serialized_evaluation_keys)
deserialized_arg = fhe.Value.deserialize(serialized_arg)

Run the computation: Perform the computation and serialize the result.

result: fhe.Value = server.run(deserialized_arg, evaluation_keys=deserialized_evaluation_keys)
serialized_result: bytes = result.serialize()

Send the serialized result to the client:

Clear arguments can directly be passed to server.run (For example, server.run(x, 10, z, evaluation_keys=...)).

Decrypting the result (on the client)

Deserialize the result: Once you receive the serialized result from the server, deserialize it.

deserialized_result = fhe.Value.deserialize(serialized_result)

Decrypt the deserialized result:

decrypted_result = client.decrypt(deserialized_result)
assert decrypted_result == 49

Deployment of modules

Deploying a module follows the same logic as the deployment of circuits.

For example, consider a module compiled in the following way:

from concrete import fhe

@fhe.module()
class MyModule:
    @fhe.function({"x": "encrypted"})
    def inc(x):
        return x + 1

    @fhe.function({"x": "encrypted"})
    def dec(x):
        return x - 1

inputset = list(range(20))
my_module = MyModule.compile({"inc": inputset, "dec": inputset})
)

You can extract the server from the module and save it in a file:

my_module.server.save("server.zip")

The only noticeable difference between the deployment of modules and the deployment of circuits is that the methods Client::encrypt, Client::decrypt and Server::run must contain an extra function_name argument specifying the name of the targeted function.

For example, to encrypt an argument for the inc function of the module:

arg = client.encrypt(7, function_name="inc")
serialized_arg = arg.serialize()

To execute the inc function:

result = server.run(deserialized_arg, evaluation_keys=deserialized_evaluation_keys, function_name="inc")
serialized_result = result.serialize()

To decrypt a result from the execution of dec:

decrypted_result = client.decrypt(deserialized_result, function_name="dec")

PreviousManage keys NextTFHE-rs Interoperability

Last updated 3 months ago

Was this helpful?