Skip to content

Latest commit

 

History

History
67 lines (40 loc) · 3.33 KB

README.md

File metadata and controls

67 lines (40 loc) · 3.33 KB

zk-fhe

Important

This library has been discontinued in favour of Greco

Zk proving the correct execution of encryption operation under BFV Fully Homomorphic Encryption scheme

Implementation based on Revisiting Homomorphic Encryption Schemes for Finite Fields

Disclaimer

This is a research project and is not meant to be used in production. The code is not audited.

Quick Start

Mock Prover

cargo run --example bfv -- --name bfv -k 13 --input bfv/bfv.in mock

The MockProver does not run the cryptographic prover on your circuit, but instead directly checks if constraints are satisfied. This is useful for testing purposes, and runs faster than the actual prover.

  • bfv is the name of the circuit located in examples/bfv.rs
  • bfv/bfv.in is the input file for the circuit located in data/bfv/bfv.in. A different test vector file can be generated using bfv-py
  • -k is the DEGREE of the circuit as you specify to set the circuit to have 2^k number of rows. The number of rows is determined by the number of constraints in the circuit. Working with larger data inputs will require a larger degree.

Key Generation

cargo run --example bfv -- --name bfv -k 13 --input bfv/bfv_empty.in keygen

To generate a random universal trusted setup (for testing only!) and the proving and verifying keys for your circuit.

For technical reasons (related to axiom Halo2-scaffold), keygen still requires an input file of the correct format. In this case, the input file is empty as the the actual input data are not encoded in the key generation.

This will generate a proving key data/bfv.pk and a verifying key data/bfv.vk. It will also generate a file configs/bfv.json which describes (and pins down) the configuration of the circuit. This configuration file is later read by the prover.

Proof Generation

cargo run --example bfv -- --name bfv -k 13 --input bfv/bfv.in prove

Note: during proof generation we must pass an input file containing the actual input data.

Proof Verification

cargo run --example bfv -- --name bfv -k 13 --input bfv/bfv_empty.in verify

Note: during proof verification we can pass an empty input file.

Benchmarks

  • Proving time: 10.2s
  • Verification time: 299ms

Benches run on M2 Macbook Air with 8 cores and 8GB of RAM.

N and Q Parameters of the BFV encryption scheme should be chosen according to TABLES of RECOMMENDED PARAMETERS for 128-bits security level => https://homomorphicencryption.org/wp-content/uploads/2018/11/HomomorphicEncryptionStandardv1.1.pdf.

Warning: Overflow

Many polynomial operations performed inside the circuit involve careful handling of coefficients in order to avoid overflows on the prime field. This guide is recommended to understand the bit growth of the coefficients when performing polynomial operations. N and DEG must be provided at keygen time. Certain combinations of N and DEG can potentially lead to the risk of overflow during proof generation, which is something that can be maliciously exploited by the prover. keygen will fail if this is these cases.