feat(tfhe): add zk-pok code base #1050
Conversation
IceTDrinker
commented
Apr 4, 2024
IceTDrinker
commented
- integration of work done by Sarah in the repo
IceTDrinker
force-pushed
the
am/feat/zk-proofs
branch
from
12a3adf to
ccbd64d
Compare
tmontaigu
force-pushed
the
am/feat/zk-proofs
branch
6 times, most recently
from
480907d to
24a579e
Compare
|
cuda C API tests likely need the ZK pok feature @tmontaigu |
tmontaigu
force-pushed
the
am/feat/zk-proofs
branch
from
24a579e to
e337007
Compare
tfhe/Cargo.toml
Outdated
| @@ -69,6 +69,8 @@ paste = "1.0.7" | |||
| fs2 = { version = "0.4.3", optional = true } | |||
| # While we wait for repeat_n in rust standard library | |||
| itertools = "0.11.0" | |||
| rand_core = { version = "0.6.4", features = ["std"] } | |||
| tfhe-zk-pok = { version = "0.1.0", path = "../tfhe-zk-pok", optional = true} | |||
There was a problem hiding this comment.
formatting, missing space before } , we'll add toml formatter at some point I guess but I don't think I found one that's easy to setup with e.g. rust
tfhe/Cargo.toml
Outdated
| @@ -270,6 +273,10 @@ required-features = ["boolean", "shortint", "internal-keycache"] | |||
|
|
|||
| # Real use-case examples | |||
|
|
|||
| [[example]] | |||
| name = "demo" | |||
| @@ -241,6 +241,7 @@ impl ServerKey { | |||
| let counter_num_blocks = ((num_bits_in_ciphertext - 1).ilog2() + 1 + 1) | |||
| .div_ceil(self.message_modulus().0.ilog2()) as usize; | |||
|
|
|||
| // 11111000 | |||
There was a problem hiding this comment.
I was explaining something via zoom and used that file as a whiteboard
tmontaigu
force-pushed
the
am/feat/zk-proofs
branch
from
e337007 to
88cbc2f
Compare
There was a problem hiding this comment.
in the core part there are some confusions between parallel and non parallel variants it seems, and some debug code is still there, I marked the biggest ones.
Also the private param of the CRS should not be available in the CRS structure otherwise I believe the security of the ZK falls, ping me if you need help
| fn next_u32(&mut self) -> u32 { | ||
| let mut bytes = [0u8; std::mem::size_of::<u32>()]; | ||
| bytes.iter_mut().for_each(|b| *b = self.generate_next()); | ||
| u32::from_ne_bytes(bytes) |
There was a problem hiding this comment.
use the uniform generation from the already implemented Uniform distribution if needed or use from_le_bytes, I believe from_le_bytes was preferred to avoid endianness issues cross platform
tfhe/src/core_crypto/commons/math/random/uniform.rs
| fn next_u64(&mut self) -> u64 { | ||
| let mut bytes = [0u8; std::mem::size_of::<u64>()]; | ||
| bytes.iter_mut().for_each(|b| *b = self.generate_next()); | ||
| u64::from_ne_bytes(bytes) | ||
| } |
| } | ||
| } | ||
|
|
||
| impl<T> BoundedDistribution<T, T::Signed> for TUniform<T> |
There was a problem hiding this comment.
isn't low supposed to be equal to high given the trait definition above ?
There was a problem hiding this comment.
No, Low = High in the trait definition is just to set Low as by default being the same type as High, we it can be anything else
There was a problem hiding this comment.
ok got it, we may want to be consistent here and have everything with a single type wdyt ?
| fn low_bound(&self) -> Bound<T::Signed> { | ||
| Bound::Included(self.min_value_inclusive()) | ||
| } | ||
|
|
||
| fn high_bound(&self) -> Bound<T> { | ||
| Bound::Included(self.max_value_inclusive().into_unsigned()) | ||
| } |
There was a problem hiding this comment.
any reason here to have different signedness for both bounds ?
| <input | ||
| type="button" | ||
| id="compactPublicKeyZeroKnowledgeBench" | ||
| value="Compact zk bench" |
There was a problem hiding this comment.
I think nit needs bench with a capital B to be picked up by our filter and I had issues with that last week
you adjusted time outs right ?
| slice_wrapping_add_assign(output_mask.as_mut(), mask_noise); | ||
|
|
||
| // Fill the body chunk afterward manually as it most likely will be smaller than | ||
| // the full convolution result. b convolved r + Delta * m + e2 |
There was a problem hiding this comment.
careful with the comment and the reverse we did, as we can see above I added a rev at some point in the comment to match the zk order, the comment seems to be missing this ?
| // Fill the temp buffer with b convolved with r | ||
| // // Fill the temp buffer with b convolved with r |
| let zk_body_convolved = polymul_rev(pk_body.as_ref(), binary_random_slice); | ||
|
|
||
| assert_eq!(&pk_body_convolved, &zk_body_convolved); |
| // Fill the body chunk afterwards manually as it most likely will be smaller than | ||
| // the full convolution result. rev(b convolved r) + Delta * m + e2 |
There was a problem hiding this comment.
I believe we should keep this comment here ?
There was a problem hiding this comment.
The comment is still here I believe
| ); | ||
| } | ||
|
|
||
| /// Encrypt and generates a zero-knowledge proof of an input cleartext list in an output |
tmontaigu
force-pushed
the
am/feat/zk-proofs
branch
from
c6cfc6e to
efd9efb
Compare
tmontaigu
force-pushed
the
am/feat/zk-proofs
branch
from
efd9efb to
6177cf4
Compare
| >( | ||
| lwe_compact_public_key: &LweCompactPublicKey<KeyCont>, | ||
| output: &mut LweCompactCiphertextList<OutputCont>, | ||
| messages: &InputCont, |
There was a problem hiding this comment.
missed that during review
https://github.com/zama-ai/tfhe-rs-internal/issues/520
don't want to break things now, too late to make small fixes, but I think we should stick to plaintexts
There was a problem hiding this comment.
or whatever type + encoding information
IceTDrinker
force-pushed
the
am/feat/zk-proofs
branch
from
f4727ea to
6175668
Compare
IceTDrinker
force-pushed
the
am/feat/zk-proofs
branch
from
6175668 to
a67f6a6
Compare
- integration of work done by Sarah in the repo Co-authored-by: sarah el kazdadi <[email protected]>
IceTDrinker
force-pushed
the
am/feat/zk-proofs
branch
from
a67f6a6 to
7151550
Compare
