TFHE-rs
WebsiteLibrariesProduct & ServicesDevelopersSupport
1.1
1.1
  • Welcome to TFHE-rs
  • Get Started
    • What is TFHE-rs?
    • Installation
    • Quick start
    • Benchmarks
      • CPU Benchmarks
        • Integer
        • Programmable bootstrapping
      • GPU Benchmarks
        • Integer
        • Programmable bootstrapping
      • Zero-knowledge proof benchmarks
    • Security and cryptography
  • FHE Computation
    • Types
      • Integer
      • Strings
      • Array
    • Operations
      • Arithmetic operations
      • Bitwise operations
      • Comparison operations
      • Min/Max operations
      • Ternary conditional operations
      • Casting operations
      • Boolean operations
      • String operations
      • Dot product
    • Core workflow
      • Configuration and key generation
      • Server key
      • Encryption
      • Decryption
      • Parameters
    • Data handling
      • Compressing ciphertexts/keys
      • Serialization/deserialization
      • Data versioning
    • Advanced features
      • Encrypted pseudo random values
      • Overflow detection
      • Public key encryption
      • Trivial ciphertexts
      • Zero-knowledge proofs
      • Multi-threading with Rayon crate
    • Tooling
      • PBS statistics
      • Generic trait bounds
      • Debugging
  • Configuration
    • Advanced Rust setup
    • GPU acceleration
      • Operations
      • Benchmark
      • Compressing ciphertexts
      • Array types
      • Multi-GPU support
    • Parallelized PBS
  • Integration
    • JS on WASM API
    • High-level API in C
  • Tutorials
    • Homomorphic parity bit
    • Homomorphic case changing on Ascii string
    • SHA256 with Boolean API
    • All tutorials
  • References
    • API references
    • Fine-grained APIs
      • Quick start
      • Boolean
        • Operations
        • Cryptographic parameters
        • Serialization/Deserialization
      • Shortint
        • Operations
        • Cryptographic parameters
        • Serialization/Deserialization
      • Integer
        • Operations
        • Cryptographic parameters
        • Serialization/Deserialization
    • Core crypto API
      • Quick start
      • Tutorial
  • Explanations
    • TFHE deep dive
  • Developers
    • Contributing
    • Release note
    • Feature request
    • Bug report
Powered by GitBook

Libraries

  • TFHE-rs
  • Concrete
  • Concrete ML
  • fhEVM

Developers

  • Blog
  • Documentation
  • Github
  • FHE resources

Company

  • About
  • Introduction to FHE
  • Media
  • Careers
On this page
  • Default parameters
  • Parameters versioning and naming scheme
  • How to choose the parameter sets

Was this helpful?

Export as PDF
  1. FHE Computation
  2. Core workflow

Parameters

PreviousDecryptionNextData handling

Last updated 1 month ago

Was this helpful?

This document explains how the choice of cryptographic parameters impacts both the security and efficiency of FHE algorithms. The chosen parameters determine the error probability (sometimes referred to failure probability) and overall performance of computations using fully homomorphic encryption. This error probability is due to the noisy nature of FHE computations (see for more details about the encryption process).

All parameter sets provide at least 128-bits of security according to the .

Default parameters

Currently, the default parameters use blocks that contain 2 bits of message and 2 bits of carry - a tweaked uniform (TUniform, defined ) noise distribution, and have a bootstrapping failure probability perror≤2−128p_{error} \le 2^{-128}perror​≤2−128. These are particularly suitable for applications that need to be secure in the IND-CPA^D model (see for more details). The GPU backend still uses an error probability smaller than 2−642^{-64}2−64 by default. Those will be updated soon.

When using the high-level API of TFHE-rs, you can create a key pair using the default recommended set of parameters. For example:

use tfhe::{ConfigBuilder, generate_keys};

fn main() {
    let config = ConfigBuilder::default().build();

    // Client-side
    let (client_key, server_key) = generate_keys(config);

    // encryption and FHE operations
}

These default parameters may be updated with in future releases of TFHE-rs, potentially causing incompatibilities between versions. For production systems, it is therefore recommended to specify a fixed parameter set.

Parameters versioning and naming scheme

Parameter sets are versioned for backward compatibility. This means that each set of parameters can be tied to a specific version of TFHE-rs, so that they remain unchanged and compatible after an upgrade.

All parameter sets are stored as variables inside the tfhe::shortint::parameters module, with submodules named after the versions of TFHE-rs in which these parameters where added. For example, parameters added in TFHE-rs v1.0 can be found inside tfhe::shortint::parameters::v1_1.

The naming convention of these parameters indicates their capabilities. Taking tfhe::parameters::v1_1::V1_1_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M128 as an example:

  • V1_1: these parameters were introduced in TFHE-rs v1.0

  • MESSAGE_2: LWE blocks include 2 bits of message

  • CARRY_2: LWE blocks include 2 bits of carry

  • KS_PBS: the keyswitch is computed before the bootstrap

  • TUNIFORM: the tweaked uniform noise distribution is used

  • 2M128: the probability of failure for the bootstrap is 2−1282^{-128}2−128

For convenience, aliases are provided for the most used sets of parameters and stored in the module tfhe::shortint::parameters::aliases. Note, however, that these parameters are not stable over time and are always updated to the latest TFHE-rs version. For this reason, they should only be used for prototyping and are not suitable for production use cases.

How to choose the parameter sets

You can override the default parameters with the with_custom_parameters(block_parameters) method of the Config object. For example, to use a Gaussian distribution instead of the TUniform one, you can modify your configuration as follows:

use tfhe::{ConfigBuilder, generate_keys};
use tfhe::shortint::parameters::v1_1::V1_1_PARAM_MESSAGE_2_CARRY_2_KS_PBS_GAUSSIAN_2M128;

fn main() {
    let config =
        ConfigBuilder::with_custom_parameters(V1_1_PARAM_MESSAGE_2_CARRY_2_KS_PBS_GAUSSIAN_2M128)
            .build();

    // Client-side
    let (client_key, server_key) = generate_keys(config);

    // encryption and FHE operations
}
here
Lattice-Estimator
here
here