doc: ZK updates

zama-ai · Jun 21, 2024 · c36c414 · c36c414
1 parent 307f344
commit c36c414
Showing 1 changed file with 20 additions and 10 deletions.
diff --git a/tfhe/docs/guides/zk-pok.md b/tfhe/docs/guides/zk-pok.md
@@ -4,10 +4,6 @@ This document explains how to implement the zero-knowledge proofs function for c
 
 **TFHE-rs** can generate zero-knowledge proofs to verify that the compact public key encryption process is correct. In other words, **TFHE-rs** generates the proof without revealing any information other than the already known range of the encrypted message. This technique is derived from [Libert’s work](https://eprint.iacr.org/2023/800).
 
-{% hint style="info" %}
-You can enable this feature using the flag: `--features=zk-pok-experimental` when building **TFHE-rs**.
-{% endhint %}
-
 Using this feature is straightforward: during encryption, the client generates the proof, and the server validates it before conducting any homomorphic computations. The following example demonstrates how a client can encrypt and prove a ciphertext, and how a server can verify the ciphertext and compute it:
 
 ```rust
@@ -58,11 +54,6 @@ pub fn main() -> Result<(), Box<dyn std::error::Error>> {
 }
 ```
 
-In terms of performance one can expect the following numbers:
-
-* Encrypting and proving a `CompactFheUint64` takes **6.9 s** on a `Dell XPS 15 9500` (simulating a client machine).
-* Verification takes **123 ms** on an `hpc7a.96xlarge` AWS instances.
-
 Performance can be improved by setting `lto="fat"` in `Cargo.toml`
 ```toml
 [profile.release]
@@ -76,7 +67,8 @@ You can choose a more costly proof with `ZkComputeLoad::Proof`, which has a fast
 
 ## Using dedicated Compact Public Key parameters
 
-You can use dedicated parameters for the Compact Public Key encryption to reduce the size of encrypted data and speed up the zero-knowledge proof computation.
+### A first example
+You can use dedicated parameters for the compact public key encryption to reduce the size of encrypted data and speed up the zero-knowledge proof computation.
 
 This works essentially in the same way as before. Additionally, you need to indicate the dedicated parameters to use:
 
@@ -133,3 +125,21 @@ pub fn main() -> Result<(), Box<dyn std::error::Error>> {
     Ok(())
 }
 ```
+
+### Benchmarks
+Benchmarks for the proofs have been run on a `m6i.4xlarge` with 16 cores to simulate an usual client configuration.  The verification are done on a `hpc7a.96xlarge` AWS instances to mimic a powerful server. 
+
+Timings in the case where the workload is mainly on the prover, i.e., with the  `ZkComputeLoad::Proof` option.
+
+| Inputs       | Proving | Verifying |
+|--------------|---------|-----------|
+| 1xFheUint64  | 2.79s   | 197ms    |
+| 10xFheUint64 | 3.68s   | 251ms    |
+
+
+Timings in the case where the workload is mainly on the verifier, i.e., with the  `ZkComputeLoad::Verify` option.
+
+| Inputs       | Proving | Verifying |
+|--------------|---------|-----------|
+| 1xFheUint64  | 730ms    | 522ms     |
+| 10xFheUint64 | 1.08s   | 682ms     |