Skip to content
/ zk-fhe Public

Zk proving the correct execution of encryption operation under BFV Fully Homomorphic Encryption scheme

License

MIT license
110 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

enricobottazzi/zk-fhe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
configs
configs
 
 
data/bfv
data/bfv
 
 
examples
examples
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
rust-toolchain
rust-toolchain
 
 

Repository files navigation

zk-fhe

Important

This library has been discontinued in favour of Greco

Zk proving the correct execution of encryption operation under BFV Fully Homomorphic Encryption scheme

Implementation based on Revisiting Homomorphic Encryption Schemes for Finite Fields

Disclaimer

This is a research project and is not meant to be used in production. The code is not audited.

Quick Start

Mock Prover

cargo run --example bfv -- --name bfv -k 13 --input bfv/bfv.in mock

The MockProver does not run the cryptographic prover on your circuit, but instead directly checks if constraints are satisfied. This is useful for testing purposes, and runs faster than the actual prover.

  • bfv is the name of the circuit located in examples/bfv.rs
  • bfv/bfv.in is the input file for the circuit located in data/bfv/bfv.in. A different test vector file can be generated using bfv-py
  • -k is the DEGREE of the circuit as you specify to set the circuit to have 2^k number of rows. The number of rows is determined by the number of constraints in the circuit. Working with larger data inputs will require a larger degree.

Key Generation

cargo run --example bfv -- --name bfv -k 13 --input bfv/bfv_empty.in keygen

To generate a random universal trusted setup (for testing only!) and the proving and verifying keys for your circuit.

For technical reasons (related to axiom Halo2-scaffold), keygen still requires an input file of the correct format. In this case, the input file is empty as the the actual input data are not encoded in the key generation.

This will generate a proving key data/bfv.pk and a verifying key data/bfv.vk. It will also generate a file configs/bfv.json which describes (and pins down) the configuration of the circuit. This configuration file is later read by the prover.

Proof Generation

cargo run --example bfv -- --name bfv -k 13 --input bfv/bfv.in prove

Note: during proof generation we must pass an input file containing the actual input data.

Proof Verification

cargo run --example bfv -- --name bfv -k 13 --input bfv/bfv_empty.in verify

Note: during proof verification we can pass an empty input file.

Benchmarks

  • Proving time: 10.2s
  • Verification time: 299ms

Benches run on M2 Macbook Air with 8 cores and 8GB of RAM.

N and Q Parameters of the BFV encryption scheme should be chosen according to TABLES of RECOMMENDED PARAMETERS for 128-bits security level => https://homomorphicencryption.org/wp-content/uploads/2018/11/HomomorphicEncryptionStandardv1.1.pdf.

Warning: Overflow

Many polynomial operations performed inside the circuit involve careful handling of coefficients in order to avoid overflows on the prime field. This guide is recommended to understand the bit growth of the coefficients when performing polynomial operations. N and DEG must be provided at keygen time. Certain combinations of N and DEG can potentially lead to the risk of overflow during proof generation, which is something that can be maliciously exploited by the prover. keygen will fail if this is these cases.

About

Zk proving the correct execution of encryption operation under BFV Fully Homomorphic Encryption scheme

Resources

Readme

License

MIT license
Activity

Stars

110 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages