# Operations

## How shortint is represented

In `shortint`

, the encrypted data is stored in an LWE ciphertext.

Conceptually, the message stored in an LWE ciphertext is divided into a **carry buffer** and a **message buffer**.

The message buffer is the space where the actual message is stored. This represents the modulus of the input messages (denoted by `MessageModulus`

in the code). When doing computations on a ciphertext, the encrypted message can overflow the message modulus: the exceeding information is stored in the carry buffer. The size of the carry buffer is defined by another modulus, called `CarryModulus`

.

Together, the message modulus and the carry modulus form the plaintext space that is available in a ciphertext. This space cannot be overflowed, otherwise the computation may result in incorrect outputs.

In order to ensure the correctness of the computation, we keep track of the maximum value encrypted in a ciphertext via an associated attribute called the **degree**. When the degree reaches a defined threshold, the carry buffer may be emptied to safely resume the computations. Therefore, in `shortint`

the carry modulus is mainly considered as a means to do more computations.

## Types of operations

The operations available via a `ServerKey`

may come in different variants:

operations that take their inputs as encrypted values.

scalar operations that take at least one non-encrypted value as input.

For example, the addition has both variants:

`ServerKey::unchecked_add`

which takes two encrypted values and adds them.`ServerKey::unchecked_scalar_add`

which takes an encrypted value and a clear value (the so-called scalar) and adds them.

Each operation may come in different 'flavors':

`unchecked`

: Always does the operation, without checking if the result may exceed the capacity of the plaintext space. Using this operation might have an impact on the correctness of the following operations;`checked`

: Checks are done before computing the operation, returning an error if operation cannot be done safely;`smart`

: Always does the operation - if the operation cannot be computed safely, the smart operation will clear the carry modulus to make the operation possible.

Not all operations have these 3 flavors, as some of them are implemented in a way that the operation is always possible without ever exceeding the plaintext space capacity.

## How to use operation types

Let's try to do a circuit evaluation using the different flavours of operations we already introduced. For a very small circuit, the `unchecked`

flavour may be enough to do the computation correctly. Otherwise, the `checked`

and `smart`

are the best options.

As an example, let's do a scalar multiplication, a subtraction, and a multiplication.

During this computation, the carry buffer has been overflowed and, as all the operations were `unchecked`

, the output may be incorrect.

If we redo this same circuit with the `checked`

flavour, a panic will occur.

Therefore, the `checked`

flavour permits manual management of the overflow of the carry buffer by raising an error if the correctness is not guaranteed.

Lastly, using the `smart`

flavour will output the correct result all the time. However, the computation may be slower as the carry buffer may be cleaned during the computations.

#List of available operations

Currently, certain operations can only be used if the parameter set chosen is compatible with the bivariate programmable bootstrapping, meaning the carry buffer is larger than or equal to the message buffer. These operations are marked with a star (*).

The list of implemented operations for shortint is:

addition between two ciphertexts

addition between a ciphertext and an unencrypted scalar

comparisons

`<`

,`<=`

,`>`

,`>=`

,`==`

between a ciphertext and an unencrypted scalardivision of a ciphertext by an unencrypted scalar

LSB multiplication between two ciphertexts returning the result truncated to fit in the

`message buffer`

multiplication of a ciphertext by an unencrypted scalar

bitwise shift

`<<`

,`>>`

subtraction of a ciphertext by another ciphertext

subtraction of a ciphertext by an unencrypted scalar

negation of a ciphertext

bitwise and, or and xor (*)

comparisons

`<`

,`<=`

,`>`

,`>=`

,`==`

between two ciphertexts (*)division between two ciphertexts (*)

MSB multiplication between two ciphertexts returning the part overflowing the

`message buffer`

(*)

In what follows, some simple code examples are given.

### Public key encryption.

TFHE-rs supports both private and public key encryption methods. Note that the only difference between both lies into the encryption step: in this case, the encryption method is called using `public_key`

instead of `client_key`

.

Here is a small example on how to use public encryption:

In what follows, all examples are related to private key encryption.

### Arithmetic operations.

Classical arithmetic operations are supported by shortint:

#### bitwise operations

Short homomorphic integer types support some bitwise operations.

A simple example on how to use these operations:

#### comparisons

Short homomorphic integer types support comparison operations.

A simple example on how to use these operations:

#### univariate function evaluations

A simple example on how to use this operation to homomorphically compute the hamming weight (i.e., the number of bits equal to one) of an encrypted number.

#### bi-variate function evaluations

Using the shortint types offers the possibility to evaluate bi-variate functions, i.e., functions that takes two ciphertexts as input. This requires choosing a parameter set such that the carry buffer size is at least as large as the message one i.e., PARAM_MESSAGE_X_CARRY_Y with X <= Y.

Here is a simple code example:

Last updated