1 of 1

Parameter compatibility with restrictions

This document explains how to use restrictions to limit the possible crypto-parameters used for the keys.

When compiling a module, the optimizer analyzes the circuits and the expected probability of error, to identify the fastest crypto-parameters that meet the specific constraints. The chosen crypto-parameters determine the size of the keys and the ciphertexts. This means that if an existing module is used in production with a specific set of crypto-parameters, there is no guarantee that a compilation of a second, different module will yield compatible crypto-parameters.

With restrictions, Concrete provides a way to ensure that a compilation generates compatible crypto-parameters. Restrictions will limit the search-space walked by the optimizer to ensure that only compatible parameters can be returned. As of now, we support two major restrictions:

Keyset restriction : Restricts the crypto-parameters to an existing keyset.
Ranges restriction : Restricts the crypto-parameters ranges allowed in the optimizer.

Keyset restriction

You can generate keyset restriction directly form an existing keyset:

@fhe.module()
class Big:
    @fhe.function({"x": "encrypted"})
    def inc(x):
        return (x + 1) % 200

big_inputset = [np.random.randint(1, 200, size=()) for _ in range(100)]
big_module = Big.compile(
    {"inc": big_inputset},
)
big_keyset_info = big_module.keys.specs.program_info.get_keyset_info()
big_module.keygen()

# We get the restriction from the existing keyset
restriction = big_keyset_info.get_restriction()

@fhe.module()
class Small:
    @fhe.function({"x": "encrypted"})
    def inc(x):
        return (x + 1) % 20

small_inputset = [np.random.randint(1, 20, size=()) for _ in range(100)]
small_module = Small.compile(
    {"inc": small_inputset},
    # We pass the keyset restriction as an extra compilation option
    keyset_restriction=restriction
)
restricted_keyset_info = restricted_module.keys.specs.program_info.get_keyset_info()
assert big_keyset_info == restricted_keyset_info

small_module.keys = big_module.keys

x = 5
x_enc = small_module.inc.encrypt(x)

Ranges restriction

You can build a ranges restriction by adding available values:

@fhe.module()
class Module:
    @fhe.function({"x": "encrypted"})
    def inc(x):
        return (x + 1) % 20

inputset = [np.random.randint(1, 20, size=()) for _ in range(100)]

## We generate a range restriction
range_restriction = RangeRestriction()

## Make 999 and 200 available as internal lwe dimensions
range_restriction.add_available_internal_lwe_dimension(999)
range_restriction.add_available_internal_lwe_dimension(200)

## Setting other restrictions
range_restriction.add_available_glwe_log_polynomial_size(12)
range_restriction.add_available_glwe_dimension(2)
range_restriction.add_available_pbs_level_count(3)
range_restriction.add_available_pbs_base_log(11)
range_restriction.add_available_ks_level_count(3)
range_restriction.add_available_ks_base_log(6)

module = Module.compile(
    {"inc": inputset},
    # We pass the range restriction as an extra compilation option.
    range_restriction=range_restriction
)

Note that if no available parameters are set for one of the parameter ranges (say ks_base_log), it is assumed that the default range is available.