TFHE: Fast Fully Homomorphic Encryption over the Torus

v1.0.1 -- TFHE for Linux and MacOs, date: 2017.08.15
v1.0 -- First official release, date: 2017.05.02
v1.0-rc2 -- Second release candidate, date: 2017.04.21
v1.0-rc1 -- First release candidate, date: 2017.04.05
v0.1 -- Proof of Concept, date: 2016.08.10

TFHE is an open-source library for fully homomorphic encryption, distributed under the terms of the Apache 2.0 license.

The underlying scheme is described in best paper of the IACR conference Asiacrypt 2016: “Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds”, presented by Ilaria Chillotti, Nicolas Gama, Mariya Georgieva and Malika Izabachène.

Description

TFHE is a C/C++ library which implements a very fast gate-by-gate bootstrapping, based on [CGGI16] and [CGGI17]. The library allows to evaluate an arbitrary boolean circuit composed of binary gates, over encrypted data, without revealing any information on the data.

The library supports the homomorphic evaluation of the 10 binary gates (And, Or, Xor, Nand, Nor, etc…), as well as the negation and the Mux gate. Each binary gate takes about 13 milliseconds single-core time to evaluate, which improves [DM15] by a factor 53, and the mux gate takes about 26 CPU-ms.

Unlike other libraries, the gate-bootstrapping mode of TFHE has no restriction on the number of gates or on their composition. This allows to perform any computation over encrypted data, even if the actual function that will be applied is not yet known when the data is encrypted. The library is easy to use with either manually crafted circuits, or with the output of automated circuit generation tools.

From the user point of view, the library can:

Under the hood

The library implements a Ring-variant of the GSW [GSW13] cryptosystem and makes many optimizations described in [DM15], [CGGI16] and [CGGI17].

It also implements a dedicated Fast Fourier Transformation for the anticyclic ring \(\mathbb{R}[X]/(X^N+1)\), and uses AVX assembly vectorization instructions. The default parameter set achieves a 110-bit cryptographic security, based on ideal lattice assumptions.

Since the running time per gate seems to be the bottleneck of fully homomorphic encryption, an optimal circuits for TFHE is most likely a circuit with the smallest possible number of gates, and to a lesser extent, the possibility to evaluate them in parallel.

Dependencies

The library interface can be used in a regular C code. However, to compile the core of the library you will need a standard x86_64 C++11 compiler. The project has been tested and reported to work with the GNU compiler g++/gcc (>=5.2) as well as the clang compiler (>=3.8) on both Linux and MacOS platforms. Compilation under Windows is not supported at this time.

At least one FFT processor is needed to run the project:

How to cite this library


@misc{TFHE,
  Title   = {{TFHE}: Fast Fully Homomorphic Encryption Library},
  Author  = {Ilaria Chillotti and  Nicolas Gama and Mariya Georgieva and Malika Izabach{\`e}ne},
  Note    = {https://tfhe.github.io/tfhe/},
  Year    = {August 2016}
}

References

[CGGI16]: I. Chillotti, N. Gama, M. Georgieva, and M. Izabachène. Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds. In Asiacrypt 2016 (Best Paper), pages 3-33. PDF Slides

[CCS18]: N.Gama. TFHE tutorial presentation at CCS 2018. Slides

[DM15]: L. Ducas and D. Micciancio. FHEW: Bootstrapping homomorphic encryption in less than a second. In Eurocrypt 2015, pages 617-640. PDF

[GSW13]: C. Gentry, A. Sahai, and B. Waters. Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. In Crypto 2013, pages 75-92. PDF

Future releases based on

[CGGI17]: I. Chillotti, N. Gama, M. Georgieva, and M. Izabachène. Faster Packed Homomorphic Operations and Efficient Circuit Bootstrapping for TFHE. ASIACRYPT (1) 2017: 377-408. PDF Slides

[CGGI18]: I. Chillotti, N. Gama, M. Georgieva, and M. Izabachène. TFHE: Fast Fully Homomorphic Encryption over the Torus. IACR Cryptology ePrint Archive 2018: 421 (2018) (Invited JoC). PDF

[BGG18]: C. Boura, N. Gama, M. Georgieva: Chimera: a unified framework for B/FV, TFHE and HEAAN fully homomorphic encryption and predictions for deep learning. IACR Cryptology ePrint Archive 2018: 758 (2018). PDF Slides

[CIM19]: S. Carpov, M. Izabachène, V. Mollimard: New Techniques for Multi-value Input Homomorphic Evaluation and Applications. CT-RSA 2019: 106-126. PDF

Applications and open source projects based on TFHE

[CGGT.P19]: S. Carpov, N. Gama, M. Georgieva, J.R. Troncoso-Pastoriza: Privacy-preserving semi-parallel logistic regression training with Fully Homomorphic Encryption.(among the winners Idash 2018) IACR Cryptology ePrint Archive 2019: 101 (2019) PDF Slides

[CCS19]: H. Chen, I. Chillotti, Y. Song: Multi-Key Homomophic Encryption from TFHE. IACR Cryptology ePrint Archive 2019: 116 (2019). PDF

[BMMP18]: F. Bourse, M. Minelli, M. Minihold, P. Paillier: Fast Homomorphic Evaluation of Deep Discretized Neural Networks. CRYPTO (3) 2018: 483-512. PDF

[CGGI16]: I. Chillotti, N. Gama, M. Georgieva, M. Izabachène: A Homomorphic LWE Based E-voting Scheme. PQCrypto 2016: 245-265. PDF Slides

[cuFHE]: CUDA-accelerated Fully Homomorphic Encryption Library: GitHub

(Please contact us to add your work based on TFHE)

Use of TFHE in the industry: