- scalar_add now uses the same parallel carry propagation algorithm
as the add function.
- scalar_sub now uses the same parallel carry propagation algorithm
as the sub function.
- the 'default' negation function uses the now improved scalar_add
to be faster
- unchecked_scalar_add, smart_scalar_add, checked_scalar_add, scalar_add
have been updated to work on generic scalar type so it should work
on u32, u64, u128, U256, etc
- unchecked_scalar_sub, smart_scalar_sub, checked_scalar_sub, scalar_sub
have been updated to work on generic scalar type so it should work
on u32, u64, u128.
As U256 does not yet implement the UnsignedInteger trait, its not
usable yet as a scalar type for the sub operation.
- The HLAPI is still locked to u64 scalars, it will be updated
when most / all scalar ops are ready
This allows removing all calls to std::mem::transmute in shortint/engine/server_side/mod.rs, isolating unsafe blocks in the conversion functions. This makes the code safer and more likely to panic! in case of an error.
In the web wasm test we serialize the public key
to print its size (38_931_6265 bytes) this
means we hold the public key twice in ram.
I suspect this causes frequent out of
memory errors which then result in the
test timing out.
So we remove that hoping it has a positive impact
- default tests do not run multi bit PBS as it's not yet deterministic
- only radix parallel currently use multi bit pbs in integer
- remove determinism checks for some unchecked ops
- 4_4 multi bit parameters are disabled for now as they seem to introduce
too much noise
When the scalar value denoting the shift was bigger or equal to
the total number of bits in the ciphertext we would return zeros.
To match more the rust behaviour as well as the behaviour of
non scalar shift / rotate, the scalar shift will now remove
any higher bits of the clear shift value
This new implementation should hopefully be a little bit easier to understand.
But more importantly it is more general/generic,
the previous implementation required the input type to be able to be described as u64 words,
the new one works for any type (as long as needed trait are implemented)
Also the new implementation is separated from the encryption code,
meaning it will be usable by scalar operation, which will allow us
to deduplicate code and start making scalar ops support scalar values
that are on more than 64-bits.
Now that WopPBS key are optional in the hlapi
we can have a CompressedServerKey.
If a user tries to create a CompressedServerKey
but has enabled function evaluation on integers
(WopPBS) then it will panic as WopPBS are not yet compressible.
And 'stuffing' the non-compressed wopbs-key in the
compressed server key, would defeat the purpose of
compressed server key, as WopPBS key makes of for
the vast majority of the space used.
Also having CompressedServerKey is required to
be able to have wasm API of the hlapi
as wasm cannot generate normal server key.
In the HLAPI, the WopPBS is enabled by default,
meaning the WopPBS key is generated when integers
are enabled.
This is not really good as the wopbs key is huge
(~700MB with PARAM_2_2) and only used for function evaluation
which does not scale for all types exposed by the halpi
and is still a bit experimental so not really advertised in the docs.
Also keys for wopbs are not compressible yet
(that is why the HLAPI does not yet have a CompressedServerKey).
So disabling wopbs by default will enable to have a compressed server
key that actually compresse things.
- preparatory work to manage several PBS implementations and harmonize
parameters management
BREAKING CHANGE:
- parameters structures changed
- gen_keys for integer now takes parameters by value to uniformize with
shortint
