github/tfhe-rs
1
1
Fork 0
mirror of https://github.com/zama-ai/tfhe-rs.git synced 2026-04-28 03:01:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

wip: re-exported pbs 128 with symbolic mantissa

Browse Source 
- add pbs 128 params with a mantissa setting
- noise with this settings is in line with RO prediction
This commit is contained in:
Arthur Meyre
2024-12-12 12:36:38 +00:00
committed by Guillermo Oyarzun
parent 45da14c7dd
commit f95eb2cf2c
2 changed files with 52 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
tfhe/src/core_crypto/commons/noise_formulas/lwe_programmable_bootstrap_128.rs
View File

@@ -12,6 +12,7 @@ pub fn pbs_128_variance_132_bits_security_gaussian(
output_polynomial_size: PolynomialSize,
decomposition_base_log: DecompositionBaseLog,
decomposition_level_count: DecompositionLevelCount,
mantissa_size: f64,
modulus: f64,
) -> Variance {
Variance(pbs_128_variance_132_bits_security_gaussian_impl(
@@ -20,6 +21,7 @@ pub fn pbs_128_variance_132_bits_security_gaussian(
output_polynomial_size.0 as f64,
2.0f64.powi(decomposition_base_log.0 as i32),
decomposition_level_count.0 as f64,
mantissa_size,
modulus,
))
}
@@ -28,29 +30,24 @@ pub fn pbs_128_variance_132_bits_security_gaussian(
/// if the keys used are encrypted using secure noise given by the
/// [`minimal_glwe_variance`](`super::secure_noise`)
/// and [`minimal_lwe_variance`](`super::secure_noise`) family of functions.
#[allow(clippy::suspicious_operation_groupings)]
pub fn pbs_128_variance_132_bits_security_gaussian_impl(
input_lwe_dimension: f64,
output_glwe_dimension: f64,
output_polynomial_size: f64,
decomposition_base: f64,
decomposition_level_count: f64,
mantissa_size: f64,
modulus: f64,
) -> f64 {
input_lwe_dimension
* (2.54576848986251e-65
* decomposition_base.powf(2.0)
* decomposition_level_count
* output_polynomial_size.powf(2.0)
* (decomposition_level_count
* output_polynomial_size
* ((4.0 - 2.88539008177793 * modulus.ln()).exp2()
+ (-0.0497829131652661 * output_glwe_dimension * output_polynomial_size
+ 5.31469187675068)
.exp2())
* ((1_f64 / 12.0) * decomposition_base.powf(2.0) + 0.166666666666667)
* (output_glwe_dimension + 1.0)
+ decomposition_level_count
* output_polynomial_size
* ((4.0 - 2.88539008177793 * modulus.ln()).exp2()
+ (-0.0497829131652661 * output_glwe_dimension * output_polynomial_size
+ 5.31469187675068)
.exp2())
* ((1_f64 / 12.0) * decomposition_base.powf(2.0) + 0.166666666666667)
* (output_glwe_dimension + 1.0)
+ (1_f64 / 12.0) * modulus.powf(-2.0)
+ (1_f64 / 2.0)
* output_glwe_dimension
@@ -58,7 +55,13 @@ pub fn pbs_128_variance_132_bits_security_gaussian_impl(
* (0.0208333333333333 * modulus.powf(-2.0)
+ 0.0416666666666667
* decomposition_base.powf(-2.0 * decomposition_level_count))
+ (1_f64 / 24.0) * decomposition_base.powf(-2.0 * decomposition_level_count))
+ (1_f64 / 24.0) * decomposition_base.powf(-2.0 * decomposition_level_count)
+ 0.16756294607814
* (-2.0 * mantissa_size).exp2()
* decomposition_base.powf(2.0)
* decomposition_level_count
* output_polynomial_size.powf(2.0)
* (output_glwe_dimension + 1.0))
}
/// This formula is only valid if the proper noise distributions are used and
@@ -71,6 +74,7 @@ pub fn pbs_128_variance_132_bits_security_tuniform(
output_polynomial_size: PolynomialSize,
decomposition_base_log: DecompositionBaseLog,
decomposition_level_count: DecompositionLevelCount,
mantissa_size: f64,
modulus: f64,
) -> Variance {
Variance(pbs_128_variance_132_bits_security_tuniform_impl(
@@ -79,6 +83,7 @@ pub fn pbs_128_variance_132_bits_security_tuniform(
output_polynomial_size.0 as f64,
2.0f64.powi(decomposition_base_log.0 as i32),
decomposition_level_count.0 as f64,
mantissa_size,
modulus,
))
}
@@ -87,29 +92,24 @@ pub fn pbs_128_variance_132_bits_security_tuniform(
/// if the keys used are encrypted using secure noise given by the
/// [`minimal_glwe_variance`](`super::secure_noise`)
/// and [`minimal_lwe_variance`](`super::secure_noise`) family of functions.
#[allow(clippy::suspicious_operation_groupings)]
pub fn pbs_128_variance_132_bits_security_tuniform_impl(
input_lwe_dimension: f64,
output_glwe_dimension: f64,
output_polynomial_size: f64,
decomposition_base: f64,
decomposition_level_count: f64,
mantissa_size: f64,
modulus: f64,
) -> f64 {
input_lwe_dimension
* (2.54576848986251e-65
* decomposition_base.powf(2.0)
* decomposition_level_count
* output_polynomial_size.powf(2.0)
* (decomposition_level_count
* output_polynomial_size
* ((4.0 - 2.88539008177793 * modulus.ln()).exp2()
+ (-0.0497829131652661 * output_glwe_dimension * output_polynomial_size
+ 7.31469187675068)
.exp2())
* ((1_f64 / 12.0) * decomposition_base.powf(2.0) + 0.166666666666667)
* (output_glwe_dimension + 1.0)
+ decomposition_level_count
* output_polynomial_size
* ((4.0 - 2.88539008177793 * modulus.ln()).exp2()
+ (-0.0497829131652661 * output_glwe_dimension * output_polynomial_size
+ 7.31469187675068)
.exp2())
* ((1_f64 / 12.0) * decomposition_base.powf(2.0) + 0.166666666666667)
* (output_glwe_dimension + 1.0)
+ (1_f64 / 12.0) * modulus.powf(-2.0)
+ (1_f64 / 2.0)
* output_glwe_dimension
@@ -117,5 +117,11 @@ pub fn pbs_128_variance_132_bits_security_tuniform_impl(
* (0.0208333333333333 * modulus.powf(-2.0)
+ 0.0416666666666667
* decomposition_base.powf(-2.0 * decomposition_level_count))
+ (1_f64 / 24.0) * decomposition_base.powf(-2.0 * decomposition_level_count))
+ (1_f64 / 24.0) * decomposition_base.powf(-2.0 * decomposition_level_count)
+ 0.16756294607814
* (-2.0 * mantissa_size).exp2()
* decomposition_base.powf(2.0)
* decomposition_level_count
* output_polynomial_size.powf(2.0)
* (output_glwe_dimension + 1.0))
}

19
tfhe/src/shortint/server_key/tests/noise_distribution/atomic_pattern.rs
View File

@@ -2398,18 +2398,33 @@ struct PBS128Parameters {
glwe_noise_distribution: DynamicDistribution<u128>,
decomp_base_log: DecompositionBaseLog,
decomp_level_count: DecompositionLevelCount,
// There was a doubt on the mantissa size, several experiments were conducted
mantissa_size: f64,
ciphertext_modulus: CoreCiphertextModulus<u128>,
}
// Mantissa 106
// hat_N, hat_k, hat_l_bs, hat_b_bs
// 2048, 2, 3, 4294967296
// hat_b_bs_log2 = 32
// Mantissa 100
// hat_N, hat_k, hat_l_bs, hat_b_bs
// 2048, 2, 3, 67108864
// hat_b_bs_log2 = 26
// Mantissa 104
// hat_N, hat_k, hat_l_bs, hat_b_bs
// 2048, 2, 3, 536870912
// hat_b_bs_log2 = 29
const PBS128_PARAMS: PBS128Parameters = PBS128Parameters {
input_lwe_dimension: PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64.lwe_dimension,
glwe_dimension: GlweDimension(2),
polynomial_size: PolynomialSize(2048),
glwe_noise_distribution: DynamicDistribution::new_t_uniform(31),
decomp_base_log: DecompositionBaseLog(32),
decomp_base_log: DecompositionBaseLog(29),
decomp_level_count: DecompositionLevelCount(3),
mantissa_size: 104f64,
// 2^128
ciphertext_modulus: CoreCiphertextModulus::new_native(),
};
@@ -2954,6 +2969,7 @@ fn noise_check_shortint_br_to_squash_pbs_128_atomic_pattern_noise(
pbs_128_key.polynomial_size(),
pbs_128_key.decomposition_base_log(),
pbs_128_key.decomposition_level_count(),
pbs128_params.mantissa_size,
pbs128_output_modulus_as_f64,
),
DynamicDistribution::TUniform(_) => pbs_128_variance_132_bits_security_tuniform(
@@ -2962,6 +2978,7 @@ fn noise_check_shortint_br_to_squash_pbs_128_atomic_pattern_noise(
pbs_128_key.polynomial_size(),
pbs_128_key.decomposition_base_log(),
pbs_128_key.decomposition_level_count(),
pbs128_params.mantissa_size,
pbs128_output_modulus_as_f64,
),
};