Noise squashing

In the context of confidential blockchain protocols, like the Zama protocol, for security reasons the threshold decryption requires to hide the intrinsic noise of FHE operations. This can be achieved by the MPC nodes by adding large amounts of random noise before they perform the actual decryption. In order to have enough room for that large noise that needs to be added before decryption, the noise squashing operation is performed.

TFHE-rs' High Level API provides APIs to do just that, here is how one would use those primitives:

use tfhe::prelude::*;
use tfhe::shortint::parameters::{
    NOISE_SQUASHING_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128,
    PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128,
};
use tfhe::*;

// We use an identity function to verify FHE operations, it is fine in this context
#[allow(clippy::eq_op)]
pub fn main() {
    // Configure computations enabling the noise squashing capability.
    let config =
        ConfigBuilder::with_custom_parameters(PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128)
            .enable_noise_squashing(NOISE_SQUASHING_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128)
            .build();

    // Generate the keys
    let (cks, sks) = generate_keys(config);

    // Set the key once for our various examples
    set_server_key(sks);

    // FheUint32 case
    let clear: u32 = 42;
    // Encrypt
    let enc = FheUint32::encrypt(clear, &cks);
    // Simulate a bitand on the blockchain
    let bitand = &enc & &enc;
    // Perform the noise squashing
    let squashed = bitand.squash_noise().unwrap();

    // We don't perform the noise flooding, but here verify that the noise squashing preserves our
    // data
    let recovered: u32 = squashed.decrypt(&cks);

    assert_eq!(clear, recovered);

    // FheInt16 case
    let clear: i16 = -42;
    let enc = FheInt10::encrypt(clear, &cks);
    let bitand = &enc & &enc;
    let squashed = bitand.squash_noise().unwrap();

    let recovered: i16 = squashed.decrypt(&cks);
    assert_eq!(clear, recovered);

    // Boolean case
    for clear in [false, true] {
        let enc = FheBool::encrypt(clear, &cks);
        let bitand = &enc & &enc;
        let squashed = bitand.squash_noise().unwrap();

        let recovered: bool = squashed.decrypt(&cks);
        assert_eq!(clear, recovered);
    }
}

Compression

Like regular ciphertexts, squashed noise ciphertexts can be stored into a list and compressed to reduce their size.

To do that, use CompressedSquashedNoiseCiphertextList::builder:

use tfhe::prelude::*;
use tfhe::shortint::parameters::{
    NOISE_SQUASHING_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128,
    NOISE_SQUASHING_COMP_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128,
    PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128,
};
use tfhe::*;

// We use an identity function to verify FHE operations, it is fine in this context
#[allow(clippy::eq_op)]
pub fn main() {
    // Configure computations enabling the noise squashing capability.
    let config =
        ConfigBuilder::with_custom_parameters(PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128)
            .enable_noise_squashing(NOISE_SQUASHING_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128)
            .enable_noise_squashing_compression(NOISE_SQUASHING_COMP_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128)
            .build();

    // Generate the keys
    let (cks, sks) = generate_keys(config);

    // Set the key once for our various examples
    set_server_key(sks);

    // Encrypt some values
    let clear_a: i32 = -42;
    let clear_b: u32 = 1025;
    let clear_c = false;

    let a = FheInt32::encrypt(clear_a, &cks);
    let b = FheUint32::encrypt(clear_b, &cks);
    let c = FheBool::encrypt(clear_c, &cks);

    // Squash the noise
    let squashed_a = a.squash_noise().unwrap();
    let squashed_b = b.squash_noise().unwrap();
    let squashed_c = c.squash_noise().unwrap();

    // Store ciphertexts into a list and compress them
    let list = CompressedSquashedNoiseCiphertextList::builder()
        .push(squashed_a)
        .push(squashed_b)
        .push(squashed_c)
        .build()
        .unwrap();

    // Extract and decompress the ciphertexts
    let squashed_a: SquashedNoiseFheInt = list.get(0).unwrap().unwrap();
    let squashed_b: SquashedNoiseFheUint = list.get(1).unwrap().unwrap();
    let squashed_c: SquashedNoiseFheBool = list.get(2).unwrap().unwrap();

    // Decrypt them
    let decrypted: i32 = squashed_a.decrypt(&cks);
    assert_eq!(decrypted, clear_a);

    let decrypted: u32 = squashed_b.decrypt(&cks);
    assert_eq!(decrypted, clear_b);

    let decrypted: bool = squashed_c.decrypt(&cks);
    assert_eq!(decrypted, clear_c);
}

Last updated

Was this helpful?