HPU acceleration

Last updated 27 days ago

Was this helpful?

HPU acceleration

This guide explains how to update your existing program to leverage HPU acceleration, or to start a new program using HPU.

TFHE-rs now supports a HPU backend based on FPGA implementation, enabling integer arithmetic operations on encrypted data.

Prerequisites

An installed on a server running Linux with kernel 5.15.0-*
A HPU bitstream that you can find (or build) in and load in V80 flash and FPGA using its
AMI linux device driver version from this
QDMA linux device driver version from this
Rust version - check this

Importing to your project

To use the TFHE-rs HPU backend in your project, add the following dependency in your Cargo.toml.

tfhe = { version = "~1.2.0", features = ["integer", "hpu-v80"] }

For optimal performance when using TFHE-rs, run your code in release mode with the --release flag.

Supported platforms

TFHE-rs HPU backend is supported on Linux (x86, aarch64).

x86

aarch64

Linux

Supported

Unsupported

macOS

Unsupported

Windows

Unsupported

A first example

Configuring and creating keys.

Here is a full example (combining the client and server parts):

use tfhe::{ConfigBuilder, set_server_key, FheUint8, ClientKey, CompressedServerKey};
use tfhe::prelude::*;
use tfhe::tfhe_hpu_backend::prelude::*;

fn main() {

    // Instantiate HpuDevice --------------------------------------------------
    // HPU configuration knobs are retrieved from a TOML configuration file. Prebuilt configurations could be find in `backends/tfhe-hpu-backend/config_store`
    // For ease of use a setup_hpu.sh script is available in repository root folder and it handle the required environment variables setup and driver initialisation
    // More details are available in `backends/tfhe-hpu-backend/README.md`
    let hpu_device = HpuDevice::from_config(ShellString::new("${HPU_BACKEND_DIR}/config_store/${HPU_CONFIG}/hpu_config.toml".to_string()).expand().as_str());

    // Generate keys ----------------------------------------------------------
    let config = Config::from_hpu_device(&hpu_device);

    let client_key = ClientKey::generate(config);
    let compressed_server_key = CompressedServerKey::new(&client_key);

    // Register HpuDevice and key as thread-local engine
    set_server_key((hpu_device, compressed_server_key));

    let clear_a = 27u8;
    let clear_b = 128u8;

    let a = FheUint8::encrypt(clear_a, &client_key);
    let b = FheUint8::encrypt(clear_b, &client_key);

    // Server-side computation
    let result = a + b;

    // Client-side
    let decrypted_result: u8 = result.decrypt(&client_key);

    let clear_result = clear_a + clear_b;

    assert_eq!(decrypted_result, clear_result);
}

Setting the hpu

An HPU device is built for a given parameter set. At this point, because HPU is still a prototype, the software provided is retrieving this parameter set from an instantiated HpuDevice. Once retrieved, reading some HPU registers, this parameter set is used by the example applications to generate both client and compressed server keys. Server key has then to be decompressed by the server to be converted into the right format and uploaded to the device. Once decompressed, the operations between CPU and HPU are identical.

Encryption

On the client-side, the method to encrypt the data is exactly the same than the CPU one, as shown in the following example:

    let clear_a = 27u8;
    let clear_b = 128u8;
    
    let a = FheUint8::encrypt(clear_a, &client_key);
    let b = FheUint8::encrypt(clear_b, &client_key);

Computation

The server first needs to set up its keys with set_server_key((hpu_device, compressed_server_key)).

    // Server-side
    let result = a + b;

    //Client-side
    let decrypted_result: u8 = result.decrypt(&client_key);

    let clear_result = clear_a + clear_b;

    assert_eq!(decrypted_result, clear_result);

Decryption

Finally, the client decrypts the result using:

    let decrypted_result: u8 = result.decrypt(&client_key);

List of available operations

The HPU backend includes the following operations for unsigned encrypted integers:

name

symbol

Enc/Enc

Enc/ Int

Add

+

Sub

-

Mul

*

BitAnd

&

BitOr

|

BitXor

^

Greater than

gt

Greater or equal than

ge

Lower than

lt

Lower or equal than

le

Equal

eq

Ternary operator

select

PreviousMulti-GPU support NextBenchmark

Last updated 27 days ago

Was this helpful?