Daniel's Avatar

Daniel

@dd23.bsky.social

Cryptography engineer at Zama

42 Followers  |  41 Following  |  4 Posts  |  Joined: 04.07.2023  |  1.6219

Latest posts by dd23.bsky.social on Bluesky

Abstract. This document is a preliminary version of what is intended to be submitted to NIST by Zama as part of their threshold call. The document also serves as partial documentation of the protocols used in the Zama MPC system for threshold TFHE. However, note that the Zama software includes many optimizations built on top of the simple specifications given here. In particular the TFHE parameters given here are larger than those used by the Zama software. This is because the Zama TFHE library contains optimizations which are beyond the scope of this document. Thus the parameters given in this document are compatible with the description of TFHE given here, and take no account of the extra optimizations in the Zama software. Also note that we describe more protocols than that provided in the Zama software. In particular this document describes BGV and BFV threshold implementations, MPC-in-the-Head based proofs of correct encryption. We present mechanisms to perform robust threshold key generation and decryption for Fully Homomorphic Encryption schemes such as BGV, BFV and TFHE, in the case of super honest majority, t < n/3, or t < n/4, in the presence of malicious adversaries. The main mechanism for threshold decryptions follow the noise flooding principle, which we argue is sufficient for BGV and BFV. For TFHE a more subtle technique is needed to apply noise flooding, since TFHE parameters are small. To deal with all three FHE scheme, and obtain a unified framework for all such schemes, we are led to consider secret sharing over Galois Rings and not just finite fields. We consider two sets of threshold profiles, depending on whether binomial(n,t) is big or small. In the small case we obtain for all schemes an asynchronous protocol for robust threshold decryption, and we obtain a robust synchronous protocol for threshold key generation; both with t < n/3. For the large case we only support TFHE, and our protocols require an “offline phase” which requires synchronous networks and can “only” tolerate t < n/4. The threshold key generation operation, and the above mentioned offline phase, require access to a generic offline MPC functionality over arbitrary Galois Rings. This functionality is fully specified here. Finally, we present Zero-Knowledge proof techniques for proving the valid encryption of an FHE ciphertext. These proofs are important in a number of application contexts.

Abstract. This document is a preliminary version of what is intended to be submitted to NIST by Zama as part of their threshold call. The document also serves as partial documentation of the protocols used in the Zama MPC system for threshold TFHE. However, note that the Zama software includes many optimizations built on top of the simple specifications given here. In particular the TFHE parameters given here are larger than those used by the Zama software. This is because the Zama TFHE library contains optimizations which are beyond the scope of this document. Thus the parameters given in this document are compatible with the description of TFHE given here, and take no account of the extra optimizations in the Zama software. Also note that we describe more protocols than that provided in the Zama software. In particular this document describes BGV and BFV threshold implementations, MPC-in-the-Head based proofs of correct encryption. We present mechanisms to perform robust threshold key generation and decryption for Fully Homomorphic Encryption schemes such as BGV, BFV and TFHE, in the case of super honest majority, t < n/3, or t < n/4, in the presence of malicious adversaries. The main mechanism for threshold decryptions follow the noise flooding principle, which we argue is sufficient for BGV and BFV. For TFHE a more subtle technique is needed to apply noise flooding, since TFHE parameters are small. To deal with all three FHE scheme, and obtain a unified framework for all such schemes, we are led to consider secret sharing over Galois Rings and not just finite fields. We consider two sets of threshold profiles, depending on whether binomial(n,t) is big or small. In the small case we obtain for all schemes an asynchronous protocol for robust threshold decryption, and we obtain a robust synchronous protocol for threshold key generation; both with t < n/3. For the large case we only support TFHE, and our protocols require an “offline phase” which requires synchronous networks and can “only” tolerate t < n/4. The threshold key generation operation, and the above mentioned offline phase, require access to a generic offline MPC functionality over arbitrary Galois Rings. This functionality is fully specified here. Finally, we present Zero-Knowledge proof techniques for proving the valid encryption of an FHE ciphertext. These proofs are important in a number of application contexts.

Image showing part 2 of abstract.

Image showing part 2 of abstract.

Image showing part 3 of abstract.

Image showing part 3 of abstract.

Threshold (Fully) Homomorphic Encryption (Carl Bootland, Kelong Cong, Daniel Demmler, Tore Kasper Frederiksen, Benoit Libert, Jean-Baptiste Orfila, Dragos Rotaru, Nigel P. Smart, Titouan Tanguy, Samuel Tap, Michael Walter) ia.cr/2025/699

18.04.2025 01:47 — 👍 8    🔁 3    💬 0    📌 0

Excuse me it's called an L1 cache.

29.03.2025 05:12 — 👍 36    🔁 2    💬 1    📌 0

Dear diary, today I needed to fix a docker compose file that would not start up correctly. After an hour of digging, the solution was to add "sleep 1" right before the existing "exit 0" in the entry point script of one service to make things work. #wtf #devops

14.02.2025 17:36 — 👍 1    🔁 0    💬 0    📌 0

looking back, AOL had it right. 30 hours of internet per month was the right amount.

13.02.2025 17:21 — 👍 35602    🔁 6268    💬 207    📌 195

Gute Nachrichten: Die Tage werden ab jetzt wieder länger!

21.12.2024 19:44 — 👍 1    🔁 0    💬 0    📌 0

Was kann Good Tape so was die Diktierfunktion in MacOS nicht kann? Ernst gemeinte Frage. Habe keinen Ahnung und nur letzteres mal Testweise für 2 Minuten benutzt.

25.11.2023 22:14 — 👍 0    🔁 0    💬 1    📌 0

Weiß nicht wie viel besser die Daten sind, aber hier gibt's ne Alternative die ein paar Details anzeigt, die der Navigator glaube ich nicht hat:
bahn.expert/routing

26.10.2023 06:12 — 👍 0    🔁 0    💬 0    📌 0
Ein Diagramm zeigt den Anstieg der Stromerzeugung in TWh pro Jahr in China zwischen 2012 und 2020. Es gibt zwei Kurven: Eine rote, die steil ansteigt, stellt "WWS" (vermutlich erneuerbare Energien) dar, die 2020 fast 1000 TWh erreicht. Die blaue Kurve, die flacher ist, repräsentiert die Kernenergie, die 2020 knapp über 300 TWh liegt. Der Titel lautet "Vergleich von erneuerbaren Energien mit der Kernenergieentwicklung in China". Der Autor ist Michael Barnard, Chief Strategist bei TFIE Strategy Inc.

Ein Diagramm zeigt den Anstieg der Stromerzeugung in TWh pro Jahr in China zwischen 2012 und 2020. Es gibt zwei Kurven: Eine rote, die steil ansteigt, stellt "WWS" (vermutlich erneuerbare Energien) dar, die 2020 fast 1000 TWh erreicht. Die blaue Kurve, die flacher ist, repräsentiert die Kernenergie, die 2020 knapp über 300 TWh liegt. Der Titel lautet "Vergleich von erneuerbaren Energien mit der Kernenergieentwicklung in China". Der Autor ist Michael Barnard, Chief Strategist bei TFIE Strategy Inc.

"If China can’t scale nuclear energy as rapidly as wind, solar, transmission and storage, no country can."

www.forbes.com/sites/michae...

17.10.2023 10:27 — 👍 10    🔁 7    💬 0    📌 0

@dd23 is following 20 prominent accounts