Rweber/bug fixes (#374)

Fix bug when users tried to reuse LWE ciphertexts across encryptions
Sunscreen-tech · Apr 4, 2024 · bf99f21 · bf99f21
1 parent 2d53ef4
commit bf99f21
Show file tree

Hide file tree

Showing 30 changed files with 119 additions and 47 deletions.
diff --git a/benchmarks/cannonical_norm_noise_model/src/main.rs b/benchmarks/cannonical_norm_noise_model/src/main.rs
@@ -61,6 +61,7 @@ impl Results {
     pub fn new() -> Self {
         let mut output_file = File::options()
             .create(true)
+            .truncate(true)
             .write(true)
             .open("Results.csv")
             .unwrap();

diff --git a/benchmarks/cannonical_norm_noise_model/src/ops.rs b/benchmarks/cannonical_norm_noise_model/src/ops.rs
@@ -1,5 +1,4 @@
 use seal_fhe::*;
-use std::sync::Mutex;
 use sunscreen_backend::{Error, Result};
 use sunscreen_fhe_program::SchemeType;
 

diff --git a/logproof/src/bfv_statement.rs b/logproof/src/bfv_statement.rs
@@ -757,8 +757,8 @@ mod tests {
     use merlin::Transcript;
     use rand::Rng;
     use seal_fhe::{
-        BfvEncryptionParametersBuilder, CoefficientModulus, Context, Encryptor, KeyGenerator,
-        PlainModulus, SecurityLevel, SymAsym,
+        BfvEncryptionParametersBuilder, CoefficientModulus, Encryptor, KeyGenerator, PlainModulus,
+        SecurityLevel, SymAsym,
     };
 
     use crate::{

diff --git a/logproof/src/inner_product.rs b/logproof/src/inner_product.rs
@@ -10,7 +10,7 @@ use log::trace;
 use merlin::Transcript;
 use rayon::prelude::*;
 use serde::{Deserialize, Serialize};
-use sha3::{self, digest::Update, Shake256};
+use sha3::{digest::Update, Shake256};
 
 use sunscreen_math::{RistrettoPointVec, ScalarVec};
 

diff --git a/logproof/src/linear_algebra.rs b/logproof/src/linear_algebra.rs
@@ -803,7 +803,7 @@ where
 
 #[cfg(test)]
 mod tests {
-    use crate::rings::{ZqRistretto, ZqSeal128_8192};
+    use crate::rings::ZqSeal128_8192;
 
     use super::*;
     use bitvec::vec::BitVec;

diff --git a/logproof/src/linear_relation.rs b/logproof/src/linear_relation.rs
@@ -1356,7 +1356,7 @@ mod test {
         // bounds with different bound sums over each column works properly. We
         // use 16 to promote different b_1 values after taking the log of the
         // column bound sum.
-        let s_coeff = vec![
+        let s_coeff = [
             (0..(k))
                 .map(|x| {
                     [1i64, 2, 3, 4, 5, 6, 7, 8]

diff --git a/seal_fhe/src/encryption_parameters.rs b/seal_fhe/src/encryption_parameters.rs
@@ -324,7 +324,6 @@ impl Drop for EncryptionParameters {
 
 #[cfg(test)]
 mod tests {
-    use crate::CoefficientModulus;
     use crate::*;
 
     #[test]

diff --git a/sunscreen/src/types/bfv/rational.rs b/sunscreen/src/types/bfv/rational.rs
@@ -1,9 +1,8 @@
 use crate as sunscreen;
 use crate::fhe::{with_fhe_ctx, FheContextOps};
 use crate::types::{
-    bfv::Signed, intern::FheProgramNode, ops::*, BfvType, Cipher, FheType, GraphCipherAdd,
-    GraphCipherDiv, GraphCipherMul, GraphCipherSub, NumCiphertexts, TryFromPlaintext,
-    TryIntoPlaintext, TypeName,
+    bfv::Signed, intern::FheProgramNode, ops::*, BfvType, Cipher, FheType, NumCiphertexts,
+    TryFromPlaintext, TryIntoPlaintext, TypeName,
 };
 use crate::{FheProgramInputTrait, InnerPlaintext, Params, Plaintext, TypeName};
 use std::cmp::Eq;

diff --git a/sunscreen/src/types/mod.rs b/sunscreen/src/types/mod.rs
@@ -74,8 +74,6 @@ mod ops;
  */
 pub mod zkp;
 
-use crate::types::ops::*;
-
 pub use sunscreen_runtime::{
     BfvType, FheType, NumCiphertexts, TryFromPlaintext, TryIntoPlaintext, Type, TypeName,
     TypeNameInstance, Version,

diff --git a/sunscreen/src/types/zkp/bfv_plaintext.rs b/sunscreen/src/types/zkp/bfv_plaintext.rs
@@ -270,9 +270,8 @@ mod tests {
 
     use sunscreen_runtime::ZkpRuntime;
     use sunscreen_zkp_backend::bulletproofs::BulletproofsBackend;
-    use sunscreen_zkp_backend::FieldSpec;
 
-    use crate::types::zkp::{BulletproofsField, Field};
+    use crate::types::zkp::BulletproofsField;
     use crate::{self as sunscreen, Compiler, PlainModulusConstraint};
     use crate::{fhe_program, zkp_program};
 

diff --git a/sunscreen/src/types/zkp/gadgets/arithmetic.rs b/sunscreen/src/types/zkp/gadgets/arithmetic.rs
@@ -188,7 +188,7 @@ mod tests {
     use sunscreen_zkp_backend::{bulletproofs::BulletproofsBackend, ZkpBackend};
 
     use crate::types::zkp::Field;
-    use crate::{self as sunscreen, invoke_gadget, Compiler};
+    use crate::{self as sunscreen, Compiler};
 
     use super::*;
 

diff --git a/sunscreen/src/types/zkp/gadgets/binary.rs b/sunscreen/src/types/zkp/gadgets/binary.rs
@@ -156,7 +156,7 @@ mod tests {
     use sunscreen_zkp_backend::{FieldSpec, ZkpBackend};
 
     use crate::types::zkp::{Field, ToBinary};
-    use crate::{self as sunscreen, invoke_gadget};
+    use crate::{self as sunscreen};
     use crate::{zkp_program, Compiler};
 
     use super::*;

diff --git a/sunscreen_backend/src/transforms/insert_relinearizations.rs b/sunscreen_backend/src/transforms/insert_relinearizations.rs
@@ -63,11 +63,7 @@ pub fn apply_insert_relinearizations(ir: &mut FheProgram) {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use petgraph::stable_graph::NodeIndex;
-    use sunscreen_compiler_common::GraphQuery;
-    use sunscreen_fhe_program::{
-        FheProgramTrait, Literal as FheProgramLiteral, Operation, SchemeType,
-    };
+    use sunscreen_fhe_program::{FheProgramTrait, Literal as FheProgramLiteral, SchemeType};
 
     fn create_test_dag() -> FheProgram {
         let mut ir = FheProgram::new(SchemeType::Bfv);

diff --git a/sunscreen_compiler_common/src/macros/mod.rs b/sunscreen_compiler_common/src/macros/mod.rs
@@ -337,7 +337,6 @@ pub fn emit_signature(args: &[Type], return_types: &[Type]) -> TokenStream2 {
 #[cfg(test)]
 mod test {
     use super::*;
-    use quote::ToTokens;
     use syn::parse_quote;
 
     fn assert_syn_eq<T, U>(a: &T, b: &U)

diff --git a/sunscreen_compiler_macros/src/fhe_program_transforms.rs b/sunscreen_compiler_macros/src/fhe_program_transforms.rs
@@ -210,7 +210,6 @@ pub fn emit_signature(args: &[Type], return_types: &[Type]) -> TokenStream2 {
 #[cfg(test)]
 mod test {
     use super::*;
-    use quote::ToTokens;
     use syn::parse_quote;
 
     fn assert_syn_eq<T, U>(a: &T, b: &U)

diff --git a/sunscreen_math/Cargo.toml b/sunscreen_math/Cargo.toml
@@ -4,7 +4,7 @@ version = "0.8.1"
 edition = "2021"
 
 authors = ["Sunscreen"]
-rust-version = "1.56.0"
+rust-version = "1.67.0"
 license = "AGPL-3.0-only"
 description = "This crate contains GPU implementations that support the Sunscreen compiler."
 homepage = "https://sunscreen.tech"

diff --git a/sunscreen_math/src/ring/barrett.rs b/sunscreen_math/src/ring/barrett.rs
@@ -222,8 +222,6 @@ mod tests_one_limb {
         }
     }
 
-    use sunscreen_math::ring::BarrettConfig;
-
     #[test]
     fn can_mul_largish_single_limb_modulus() {
         #[derive(DeriveBarrettConfig)]

diff --git a/sunscreen_runtime/src/linked.rs b/sunscreen_runtime/src/linked.rs
@@ -369,6 +369,7 @@ impl_from!(ZqSeal128_8192, LP4);
 macro_rules! seq_zq {
     ($block:tt) => (
         seq!(N in 1..=4 {
+            #[allow(unused_braces)]
             $block
         })
     )

diff --git a/sunscreen_runtime/src/run.rs b/sunscreen_runtime/src/run.rs
@@ -547,7 +547,7 @@ where
 mod tests {
     use super::*;
     use seal_fhe::*;
-    use sunscreen_fhe_program::{FheProgramTrait, SchemeType};
+    use sunscreen_fhe_program::SchemeType;
 
     fn setup_scheme(
         degree: u64,

diff --git a/sunscreen_runtime/src/runtime.rs b/sunscreen_runtime/src/runtime.rs
@@ -9,9 +9,9 @@ use crate::ProofBuilder;
 use crate::VerificationBuilder;
 use crate::ZkpProgramInput;
 use crate::{
-    run_program_unchecked, serialization::WithContext, Ciphertext, CompiledZkpProgram,
-    FheProgramInput, InnerCiphertext, InnerPlaintext, Plaintext, PrivateKey, PublicKey,
-    SealCiphertext, SealData, SealPlaintext, TryFromPlaintext, TryIntoPlaintext, TypeNameInstance,
+    run_program_unchecked, serialization::WithContext, Ciphertext, FheProgramInput,
+    InnerCiphertext, InnerPlaintext, Plaintext, PrivateKey, PublicKey, SealCiphertext, SealData,
+    SealPlaintext, TryFromPlaintext, TryIntoPlaintext, TypeNameInstance,
 };
 
 use log::trace;

diff --git a/sunscreen_tfhe/Cargo.toml b/sunscreen_tfhe/Cargo.toml
@@ -4,7 +4,7 @@ version = "0.1.0"
 edition = "2021"
 
 authors = ["Sunscreen"]
-rust-version = "1.56.0"
+rust-version = "1.67.0"
 license = "AGPL-3.0-only"
 description = "This crate contains the Sunscreen Torus FHE (TFHE) implementation"
 homepage = "https://sunscreen.tech"
@@ -14,7 +14,6 @@ keywords = ["FHE", "TFHE", "lattice", "cryptography"]
 categories = ["cryptography"]
 readme = "crates-io.md"
 
-
 [dependencies]
 aligned-vec = { workspace = true }
 bytemuck = { workspace = true }

diff --git a/sunscreen_tfhe/benches/ops.rs b/sunscreen_tfhe/benches/ops.rs
@@ -1,16 +1,24 @@
+use std::borrow::Borrow;
+
 use criterion::{
     criterion_group, criterion_main, measurement::WallTime, BenchmarkGroup, Criterion,
 };
 
 use sunscreen_tfhe::{
     entities::{
-        GgswCiphertext, GgswCiphertextFft, GlweCiphertext, Polynomial, UnivariateLookupTable,
+        GgswCiphertext, GgswCiphertextFft, GlweCiphertext, Polynomial, PolynomialRef,
+        PublicFunctionalKeyswitchKey, UnivariateLookupTable,
     },
     high_level::{self, *},
-    ops::bootstrapping::circuit_bootstrap,
+    ops::{
+        bootstrapping::circuit_bootstrap,
+        keyswitch::public_functional_keyswitch::{
+            generate_public_functional_keyswitch_key, public_functional_keyswitch,
+        },
+    },
     rand::Stddev,
     GlweDef, GlweDimension, GlweSize, LweDef, LweDimension, PlaintextBits, PolynomialDegree,
-    RadixCount, RadixDecomposition, RadixLog, GLWE_1_1024_80, GLWE_5_256_80, LWE_512_80,
+    RadixCount, RadixDecomposition, RadixLog, Torus, GLWE_1_1024_80, GLWE_5_256_80, LWE_512_80,
 };
 
 fn cmux(c: &mut Criterion) {
@@ -275,11 +283,71 @@ fn keygen(c: &mut Criterion) {
     });
 }
 
+fn public_functional_keyswitching(c: &mut Criterion) {
+    c.bench_function("Public functional keyswitching", |b| {
+        let glwe = high_level::keygen::generate_binary_glwe_sk(&GLWE_1_1024_80);
+
+        let radix = RadixDecomposition {
+            count: RadixCount(8),
+            radix_log: RadixLog(4),
+        };
+
+        let mut puksk = PublicFunctionalKeyswitchKey::new(
+            &GLWE_1_1024_80.as_lwe_def(),
+            &GLWE_1_1024_80,
+            &radix,
+        );
+
+        generate_public_functional_keyswitch_key(
+            &mut puksk,
+            glwe.to_lwe_secret_key(),
+            &glwe,
+            &GLWE_1_1024_80.as_lwe_def(),
+            &GLWE_1_1024_80,
+            &radix,
+        );
+
+        let values = (1..1024)
+            .map(|_| {
+                high_level::encryption::encrypt_lwe_secret(
+                    0,
+                    glwe.to_lwe_secret_key(),
+                    &GLWE_1_1024_80.as_lwe_def(),
+                    PlaintextBits(1),
+                )
+            })
+            .collect::<Vec<_>>();
+
+        b.iter(|| {
+            let mut output = GlweCiphertext::new(&GLWE_1_1024_80);
+
+            let f = |poly: &mut PolynomialRef<Torus<u64>>, tori: &[Torus<u64>]| {
+                for (c, t) in poly.coeffs_mut().iter_mut().zip(tori.iter()) {
+                    *c = *t;
+                }
+            };
+
+            let lwe_refs = values.iter().map(|x| x.borrow()).collect::<Vec<_>>();
+
+            public_functional_keyswitch(
+                &mut output,
+                &lwe_refs,
+                &puksk,
+                f,
+                &GLWE_1_1024_80.as_lwe_def(),
+                &GLWE_1_1024_80,
+                &radix,
+            );
+        });
+    });
+}
+
 criterion_group!(
     benches,
     cmux,
     programmable_bootstrapping,
     circuit_bootstrapping,
-    keygen
+    keygen,
+    public_functional_keyswitching
 );
 criterion_main!(benches);
diff --git a/sunscreen_tfhe/src/entities/lwe_keyswitch_key.rs b/sunscreen_tfhe/src/entities/lwe_keyswitch_key.rs
@@ -104,7 +104,6 @@ mod tests {
     use crate::{
         entities::{LweCiphertext, LweKeyswitchKey},
         high_level::*,
-        high_level::{TEST_LWE_DEF_1, TEST_LWE_DEF_2, TEST_RADIX},
         ops::keyswitch::{
             lwe_keyswitch::keyswitch_lwe_to_lwe, lwe_keyswitch_key::generate_keyswitch_key_lwe,
         },

diff --git a/sunscreen_tfhe/src/math/fft/cyclic/mod.rs b/sunscreen_tfhe/src/math/fft/cyclic/mod.rs
@@ -105,8 +105,6 @@ where
 mod tests {
     use num::complex::ComplexFloat;
 
-    use crate::FrequencyTransform;
-
     use super::*;
 
     #[test]

diff --git a/sunscreen_tfhe/src/ops/ciphertext/glwe_ciphertext_ops.rs b/sunscreen_tfhe/src/ops/ciphertext/glwe_ciphertext_ops.rs
@@ -244,7 +244,6 @@ mod tests {
     use crate::{
         entities::{GgswCiphertext, LweCiphertext, Polynomial},
         high_level::*,
-        high_level::{keygen, TEST_GLWE_DEF_1},
         ops::encryption::{
             decrypt_ggsw_ciphertext, encrypt_ggsw_ciphertext, encrypt_glwe_ciphertext_secret,
             trivially_encrypt_glwe_ciphertext,

diff --git a/sunscreen_tfhe/src/ops/encryption/ggsw_encryption.rs b/sunscreen_tfhe/src/ops/encryption/ggsw_encryption.rs
@@ -245,7 +245,7 @@ pub fn decrypt_ggsw_ciphertext<S>(
 
 #[cfg(test)]
 mod tests {
-    use crate::{entities::GgswCiphertext, high_level::TEST_GLWE_DEF_1, high_level::*};
+    use crate::{entities::GgswCiphertext, high_level::*};
 
     use super::*;
 

diff --git a/sunscreen_tfhe/src/ops/encryption/lwe_encryption.rs b/sunscreen_tfhe/src/ops/encryption/lwe_encryption.rs
@@ -44,6 +44,7 @@ where
     params.assert_valid();
 
     let (a, b) = ct.a_b_mut(params);
+    *b = Torus::zero();
 
     for (a_i, d_i) in a.iter_mut().zip(sk.as_slice().iter()) {
         *a_i = uniform_torus::<S>();
@@ -76,7 +77,7 @@ where
 #[cfg(test)]
 mod tests {
 
-    use crate::{high_level::*, PlaintextBits};
+    use crate::{high_level::*, ops::encryption::encode_and_encrypt_lwe_ciphertext, PlaintextBits};
 
     #[test]
     fn can_encrypt_decrypt() {
@@ -91,6 +92,25 @@ mod tests {
         assert_eq!(pt, 4);
     }
 
+    #[test]
+    fn can_reuse_lwe_ciphertext() {
+        let params = TEST_LWE_DEF_1;
+        let bits = PlaintextBits(4);
+
+        let sk = keygen::generate_binary_lwe_sk(&params);
+
+        for _ in 0..10 {
+            let mut ct = encryption::encrypt_lwe_secret(4, &sk, &params, bits);
+            let pt = encryption::decrypt_lwe(&ct, &sk, &params, bits);
+
+            assert_eq!(pt, 4);
+
+            encode_and_encrypt_lwe_ciphertext(&mut ct, &sk, 3, &params, bits);
+
+            assert_eq!(encryption::decrypt_lwe(&ct, &sk, &params, bits), 3);
+        }
+    }
+
     #[test]
     fn can_encrypt_decrypt_uniform() {
         let params = TEST_LWE_DEF_1;

diff --git a/sunscreen_tfhe/src/ops/keyswitch/private_functional_keyswitch.rs b/sunscreen_tfhe/src/ops/keyswitch/private_functional_keyswitch.rs
@@ -201,7 +201,7 @@ mod tests {
     use crate::{
         entities::{GlweCiphertext, PrivateFunctionalKeyswitchKey},
         high_level::{keygen, TEST_GLWE_DEF_1, TEST_LWE_DEF_1, TEST_RADIX},
-        PlaintextBits, PrivateFunctionalKeyswitchLweCount,
+        PlaintextBits,
     };
 
     use super::*;
-Original file line number
+Diff line change
@@ Expand Up / @@ -222,8 +222,6 @@ mod tests_one_limb { @@
             }
         }
-        use sunscreen_math::ring::BarrettConfig;
         #[test]
         fn can_mul_largish_single_limb_modulus() {
             #[derive(DeriveBarrettConfig)]
@@ Expand Down @@