github/tfhe-rs
1
1
Fork 0
mirror of https://github.com/zama-ai/tfhe-rs.git synced 2026-01-09 22:57:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore(zk): sqr fc takes u64 as parameter to avoid overflow

Browse Source
This commit is contained in:
Nicolas Sarlin
2025-01-13 13:26:08 +01:00
committed by Nicolas Sarlin
parent ccc647a5ee
commit 1f41a6b85d
3 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tfhe-zk-pok/src/backward_compatibility/mod.rs
View File

@@ -110,7 +110,7 @@ impl Upgrade<SerializablePKEv2PublicParams> for SerializablePKEv2PublicParamsV0
n: self.n,
d: self.d,
k: self.k,
B_bound_squared: sqr(self.B_bound as u128),
B_bound_squared: sqr(self.B_bound),
B_inf,
q: self.q,
t: self.t,

10
tfhe-zk-pok/src/four_squares.rs
View File

@@ -1,7 +1,9 @@
use ark_ff::biginteger::arithmetic::widening_mul;
use rand::prelude::*;
pub fn sqr(x: u128) -> u128 {
/// Avoid overflows for squares of u64
pub fn sqr(x: u64) -> u128 {
let x = x as u128;
x * x
}
@@ -231,7 +233,7 @@ pub fn four_squares(v: u128) -> [u64; 4] {
let x = 2 + rng.gen::<u64>() % (b - 2);
let y = 2 + rng.gen::<u64>() % (b - 2);
let (sum, o) = u128::overflowing_add(sqr(x as u128), sqr(y as u128));
let (sum, o) = u128::overflowing_add(sqr(x), sqr(y));
if o || sum > v {
continue 'main_loop;
}
@@ -288,9 +290,9 @@ pub fn four_squares(v: u128) -> [u64; 4] {
let i = mont.natural_from_mont(sqrt);
let i = if i <= p / 2 { p - i } else { i };
let z = half_gcd(p, i) as u64;
let w = isqrt(p - sqr(z as u128)) as u64;
let w = isqrt(p - sqr(z)) as u64;
if p != sqr(z as u128) + sqr(w as u128) {
if p != sqr(z) + sqr(w) {
continue 'main_loop;
}

15
tfhe-zk-pok/src/proofs/pke_v2.rs
View File

@@ -511,7 +511,7 @@ than the lwe dimension d. Please pick a smaller k: k = {k}, d = {d}"
Bound::GHL => 950625,
Bound::CS => 2 * (d as u128 + k as u128) + 4,
})
.checked_mul(B_squared + (sqr((d + 2) as u128) * (d + k) as u128) / 4)
.checked_mul(B_squared + (sqr((d + 2) as u64) * (d + k) as u128) / 4)
.unwrap_or_else(|| {
panic!(
"Invalid parameters for zk_pok, B_squared: {B_squared}, d: {d}, k: {k}. \
@@ -552,8 +552,9 @@ The computed m parameter is {m_bound} > 64. Please select a smaller B, d and/or
/// Use the relationship: `||x||_2 <= sqrt(dim)*||x||_inf`. Since we are only interested in the
/// squared bound, we avoid the sqrt by returning dim*(||x||_inf)^2.
fn inf_norm_bound_to_euclidean_squared(B_inf: u64, dim: usize) -> u128 {
checked_sqr(B_inf as u128)
.and_then(|norm_squared| norm_squared.checked_mul(dim as u128))
let norm_squared = sqr(B_inf);
norm_squared
.checked_mul(dim as u128)
.unwrap_or_else(|| panic!("Invalid parameters for zk_pok, B_inf: {B_inf}, d+k: {dim}"))
}
@@ -765,7 +766,7 @@ fn prove_impl<G: Curve>(
let e_sqr_norm = e1
.iter()
.chain(e2)
.map(|x| sqr(x.unsigned_abs() as u128))
.map(|x| sqr(x.unsigned_abs()))
.sum::<u128>();
if sanity_check_mode == ProofSanityCheckMode::Panic {
@@ -940,7 +941,7 @@ fn prove_impl<G: Curve>(
assert!(
checked_sqr(acc.unsigned_abs()).unwrap() <= B_bound_squared,
"sqr(acc) ({}) > B_bound_squared ({B_bound_squared})",
sqr(acc as u128)
checked_sqr(acc.unsigned_abs()).unwrap()
);
}
acc as i64
@@ -2797,7 +2798,7 @@ mod tests {
.e1
.iter()
.chain(&testcase.e2)
.map(|x| sqr(x.unsigned_abs() as u128))
.map(|x| sqr(x.unsigned_abs()))
.sum::<u128>();
let orig_value = match coeff_type {
@@ -2806,7 +2807,7 @@ mod tests {
};
let bound_squared =
B_with_slack_squared - (e_sqr_norm - sqr(orig_value as u128));
B_with_slack_squared - (e_sqr_norm - sqr(orig_value as u64));
isqrt(bound_squared) as i64
}
// There is no slack effect, any term above B should be refused