feat(tfhe): plug padding bit API from ZKs

tfhe/src/core_crypto/algorithms/test/lwe_encryption.rs

@@ -1006,6 +1006,7 @@ fn lwe_compact_public_encrypt_prove_verify_decrypt_custom_mod<Scalar>(
     u64: CastFrom<Scalar> + CastInto<Scalar::Signed>,
     rand_distr::Standard: rand_distr::Distribution<Scalar>,
 {
+    use crate::zk::ZkMSBZeroPaddingBitCount;
     let lwe_dimension = LweDimension(params.polynomial_size.0);
     let glwe_noise_distribution = TUniform::new(9);
     let ciphertext_modulus = params.ciphertext_modulus;
@@ -1027,6 +1028,7 @@ fn lwe_compact_public_encrypt_prove_verify_decrypt_custom_mod<Scalar>(
         glwe_noise_distribution,
         ciphertext_modulus,
         msg_modulus * Scalar::TWO,
+        ZkMSBZeroPaddingBitCount(1),
         &mut random_generator,
     )
     .unwrap();
@@ -1109,6 +1111,7 @@ create_parametrized_test!(lwe_compact_public_encrypt_prove_verify_decrypt_custom
 #[cfg(feature = "zk-pok")]
 #[test]
 fn test_par_compact_lwe_list_public_key_encryption_and_proof() {
+    use crate::zk::ZkMSBZeroPaddingBitCount;
     use rand::Rng;
 
     let lwe_dimension = LweDimension(2048);
@@ -1119,7 +1122,8 @@ fn test_par_compact_lwe_list_public_key_encryption_and_proof() {
 
     let delta_log = 59;
     let delta = 1u64 << delta_log;
-    let message_modulus = 1u64 << (64 - (delta_log + 1));
+    let msb_zero_padding_bit_count = ZkMSBZeroPaddingBitCount(1);
+    let message_modulus = 1u64 << (64 - (delta_log + msb_zero_padding_bit_count.0));
     let plaintext_modulus = 1u64 << (64 - delta_log);
     let mut thread_rng = rand::thread_rng();
 
@@ -1130,6 +1134,7 @@ fn test_par_compact_lwe_list_public_key_encryption_and_proof() {
         glwe_noise_distribution,
         ciphertext_modulus,
         plaintext_modulus,
+        msb_zero_padding_bit_count,
         &mut thread_rng,
     )
     .unwrap();

tfhe/src/shortint/ciphertext/zk.rs

@@ -4,7 +4,10 @@ use crate::shortint::parameters::{
     CompactPublicKeyEncryptionParameters, MessageModulus, ShortintCompactCiphertextListCastingMode,
 };
 use crate::shortint::{Ciphertext, CompactPublicKey};
-use crate::zk::{CompactPkeCrs, CompactPkeProof, CompactPkePublicParams, ZkVerificationOutCome};
+use crate::zk::{
+    CompactPkeCrs, CompactPkeProof, CompactPkePublicParams, ZkMSBZeroPaddingBitCount,
+    ZkVerificationOutCome,
+};
 use rayon::prelude::*;
 use serde::{Deserialize, Serialize};
 
@@ -27,13 +30,16 @@ impl CompactPkeCrs {
         // Our plaintext modulus does not take into account the bit of padding
         plaintext_modulus *= 2;
 
+        // 1 padding bit for the PBS
+        // Note that if we want to we can prove carry bits are 0 should we need it
         crate::shortint::engine::ShortintEngine::with_thread_local_mut(|engine| {
             Self::new(
                 size,
                 max_num_message,
                 noise_distribution,
                 params.ciphertext_modulus,
                 plaintext_modulus,
+                ZkMSBZeroPaddingBitCount(1),
                 &mut engine.random_generator,
             )
         })

tfhe/src/zk.rs

@@ -34,6 +34,9 @@ pub struct CompactPkeCrs {
     public_params: CompactPkePublicParams,
 }
 
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub struct ZkMSBZeroPaddingBitCount(pub u64);
+
 impl CompactPkeCrs {
     /// Prepare and check the CRS parameters.
     ///
@@ -140,6 +143,7 @@ impl CompactPkeCrs {
         noise_distribution: NoiseDistribution,
         ciphertext_modulus: CiphertextModulus<Scalar>,
         plaintext_modulus: Scalar,
+        msbs_zero_padding_bit_count: ZkMSBZeroPaddingBitCount,
         rng: &mut impl RngCore,
     ) -> crate::Result<Self>
     where
@@ -153,7 +157,15 @@ impl CompactPkeCrs {
             ciphertext_modulus,
             plaintext_modulus,
         )?;
-        let public_params = crs_gen(d.0, k, b.cast_into(), q, t.cast_into(), rng);
+        let public_params = crs_gen(
+            d.0,
+            k,
+            b.cast_into(),
+            q,
+            t.cast_into(),
+            msbs_zero_padding_bit_count.0,
+            rng,
+        );
 
         Ok(Self { public_params })
     }