TFHE-rs v0.8.1

Summary

TFHE-rs v0.8.1 exposes the HlCompressible and HlExpandable traits for compression which could have been hidden from users needing to implement them.

TFHE-rs v0.8.0

Summary

TFHE-rs v0.8.0 includes several enhancements and new features, here are the highlights:

• Array types: Simplify working with vectors and tensors of integer ciphertexts.
• CPU algorithms optimization: integer algorithms have been optimized: the 64 bits multiplication is now 16% faster for the default parameter set.
• Single GPU performance improvement: Thanks to optimizations in the Programmable Bootstrap and the Fast Fourier Transform CUDA implementations, the performance has been improved by approximately 20%.
• Multi-GPU support improvement:
  • All Nvidia GPUs can now be used in the computations, including those connected with PCIe.
  • NVLink connections between GPUs are used for memory transfers when available.
• Default GPU parameters: It's no longer necessary to modify cryptographic parameters when using GPU acceleration with TFHE-rs.
• Compression and decompression on the GPU: Ciphertext compression and decompression are now supported on GPUs, along with new integer operations.

What's Changed

Breaking Changes

Warning

• safe_serialize_versioned/safe_deserialize_versioned have been removed, and safe_serialize/safe_deserialize now adds versioning to the serialized types. For more flexibility, you can use SerializationConfig and DeserializationConfig.
• The CiphertextList trait must be in scope to use the common methods of the CompressedCiphertextList and CompactCiphertextListExpander.
• With the addition of the tagging system for HL API structs, raw parts APIs have been updated to manage the new tag field on relevant structs.
• Expansion of CompactCiphertextList and ProvenCompactCiphertextList now takes a signle IntegerCompactCiphertextListExpansionMode to manage keyswitching and applying lookup tables when required.
• The encrypted pseudo random generation API has changed.
• tfhe-zk-pok and TFHE-rs APIs now support custom metadata passed by users at encryption time.

New features

CPU

• Add array types
• Add a tag system to annotate structs with custom metadata
• Add versioning to the KeySwitchingKey
• Add missing raw parts APIs in the HL API
• Add is_even/is_odd
• Add ability to use safe serialization on key types
• Add random encrypted FheBool generation
• Add conformance to ProvenCompactCiphertextList
• Add key conformance
• Add integer bit slicing
• Add count zeros/ones
• ZK-POK: add ability to associate metadata to a proof
• Add ability to construct a ClientKey from a user provided secret encryption key in shortint

GPU

• Signed integer overflowing add
• Signed integer overflowing sub
• Signed integer overflowing scalar add
• Signed integer overflowing scalar sub
• Log2, trailing and leading zeros and ones
• Signed & unsigned integer is even / is odd
• Ciphertext compression

Improvements

CPU

• Improve carry propagation performance, this positively impacts, add, sub, mul, div and comparisons
• Improve performance in some cases during CompactCiphertextList expansion
• Improve performance of non native modulus operations
• WASM: add ability to encrypt u{512, 1024, 2048} with a CompactPublicKey
• WASM: add ability to read the kind of an encrypted slot in a CompactListExpander
• ZK-POK: improve performance on WASM for browser execution
• ZK-POK: improve performance when proving less bits than what a proof can hold
• ZK-POK: add versioning

GPU

• Configure GPU parameters automatically to GPU multi-bit dedicated parameters
• Optimize integer scalar multiplication memory use on the GPU
• Optimize multiplication memory usage
• Speedup twiddles reads
• Pin bootstrap key host memory to speedup its copy to multiple GPUs
• Multi GPU: dispatch/gather inputs and outputs to the ks/pbs on all GPUs
• Implements FFT with reduced shared memory read/write

Fixes

CPU

• Fix wrong Named implementation for CompressedCiphertextList
• Fix Client/Server Key versioning
• Fix CompactCiphertextList's expand_with_key which could fail to expand lists in certain circumstances
• Remove double carry propagation in sub
• Versioning: fix the bounds added in the derived traits for the Versionize macro which were sometimes unsatisfiable

GPU

• Fix add with 1 block
• Fix a memory error in multiplication
• Fix a memory error in scalar shifts
• Fix full propagation with 1 block
• Fix a memory error in bitnot

Resources

• Documentation:
  • Array

TFHE-rs v0.7.4

Summary

TFHE-rs v0.7.4 fixes web package by bundling files needed to run parallel version of JS API.

TFHE-rs v0.7.3

Summary

TFHE-rs v0.7.3 fixes the CompressedServerKey generation in the High Level API which was generating the inner ServerKey twice.

Additionally following a breaking change due to a change in an AVX512 intrinsics signature in the rust project, we are restricting pulp (0.18.8 <= pulp < 0.18.22) to keep the old intrinsics signature. This means TFHE-rs version 0.7 will not build with nightly toolchains which are too recent. nightly-2024-04-29 is known to be compatible and pass CI builds.

TFHE-rs v0.7.2

Summary

TFHE-rs v0.7.2 adds the versioning of the CompressedCiphertextList

TFHE-rs v0.7.1

Summary

TFHE-rs v0.7.1 adds compression parameters for the default 2_2 parameters from the shortint API.

TFHE-rs v0.7.0

Summary

TFHE-rs v0.7.0 includes several enhancements and new features, here are the highlights:

• Parameters: Probability of failure is now 2^-64 by default. This drastically improves the correctness ratio over a long period of time at a negligible performance cost.
• New vector and array operations: Add new vector and array operations for more efficient data handling, e.g. test equality of two arrays and test whether an array contains another array.
• Compact Public Key encryption parameters: You can now select dedicated parameters for Compact Public Key encryption to reduce size and improve generation time for Zero Knowledge (ZK) proofs.
• Improved Zero-Knowledge Proofs: Through optimizations and dedicated parameter sets for the Compact Public Key Encryption, the commitment size as well as the proof and verification time have been reduced.
• Post-computation compression: Introduce a new form of post-computation compression to limit data size on disk and in transit. This is especially useful for storing encrypted computation results using less storage space.
• Multi-GPU support: The CUDA backend v0.3.0 now supports multi-GPU configurations with more integer operations. It also brings performance improvements across operations.

What's Changed

Breaking Changes

Warning

• The Zero Knowledge proofs CRS format has changed and is not compatible with older CRS formats.
• The encrypted PRF now uses sha3 to generate the random input of the PRF
• CompactFheUintX and CompactFheUintXList are replaced by the new heterogeneous CompactCiphertextList

New features

• High Level API/Integer: allow CompactCiphertextList to store heterogeneous types
• High Level API/Integer: add the ability to use dedicated Compact Public Key parameters and keyswitch to compute parameters upon expand
• High Level API/Integer: add the ability to compress data after computation
• High Level API/Integer/C API: add 512, 1024 and 2048 bits FheUint types
• High Level API/Integer: add boolean select
• Integer/Core crypto/CUDA: compute the PBS and KS on multiple GPUs when possible
• Integer/CUDA: add unsigned div_rem
• Integer/CUDA: add unsigned scalar div
• Integer/CUDA: add unsigned overflowing add
• Integer/CUDA: add unsigned overflowing scalar add
• Integer/CUDA: add signed scalar comparisons
• Integer/CUDA: add cast signed/unsigned and signed/signed
• Integer: add vector match_value/index_of/contains/is_in
• Integer: add an eq_slice function
• Integer: add contains_sub_slice
• Shortint: make the PRF use sha3 as it's random oracle
• Core crypto: add an NTT based PBS
• Core crypto: add keyswitch that changes the scalar type from input to output
• Core crypto: add the ability to change the scalar type from input to output to the PBS
• Core crypto: add support for multi bit to the modulus switch compression
• Core crypto: add (G)lweCiphertextList::from_fn/from_elem methods
• Core crypto/CUDA: use a PBS implementation that makes use of thread block clusters and distributed shared memory on H100
• C API: add C API for some array functions (array_eq, array_contains_sub_slice)
• All: add new evolutive data format to avoid breaking changes of data formats when possible
• ZK: improve performance of the PKE proof

Improvements

• Integer: add packing in carry for modulus switch compression
• Integer/CUDA: change bitnot to not use the PBS
• Core crypto: the non-native decomposer formulas have been updated for use with the NTT PBS
• Core crypto: refactor fallible RNG to have a 2^-128 probability of failing to generate a coefficient
• Core crypto/CUDA: improve keyswitch performance

TFHE-rs 0.6.4

Summary

TFHE-rs v0.6.4 adds versioning to data structure to avoid breaking changes during serialization with future TFHE-rs versions. See https://docs.zama.ai/tfhe-rs/v/0.6-3/guides/data_versioning for more information

What's Changed

New features

• Add data versioning to structures for forward compatible data serialization

TFHE-rs v0.6.3

Summary

TFHE-rs v0.6.3 adds a missing encryption primitive for the CompactFheUintList2048 for the C API

What's Changed

New features

• High Level API/C API: add the encryption primitive for CompactFheUintList2048

TFHE-rs v0.6.2

Summary

TFHE-rs v0.6.2 introduces some QoL changes, a new 2048 bits type and a few array operations

What's Changed

New features

• High Level API: add the ability to get raw parts from an FheBool
• High Level API/C API: add an unsigned 2048 bits type
• High Level API/C API: add support for array operations: eq/ne, contains