Encrypted pseudo random values
This document explains the mechanism and steps to generate an oblivious encrypted random value using only server keys.
The goal is to give to the server the possibility to generate a random value, which will be obtained in an encrypted format and will remain unknown to the server. The implementation is based on this article.
This is possible through two methods on FheUint
and FheInt
:
generate_oblivious_pseudo_random
which return an integer taken uniformly in the full integer range ([0; 2^N[
for aFheUintN
and[-2^(N-1); 2^(N-1)[
for aFheIntN
).generate_oblivious_pseudo_random_bounded
which return an integer taken uniformly in[0; 2^random_bits_count[
. For aFheUintN
, we must haverandom_bits_count <= N
. For aFheIntN
, we must haverandom_bits_count <= N - 1
.
Both methods functions take a seed Seed
as input, which could be any u128
value. They both rely on the use of the usual server key. The output is reproducible, i.e., the function is deterministic from the inputs: assuming the same hardware, seed and server key, this function outputs the same random encrypted value.
Here is an example of the usage:
Last updated