Fully Homomorphic Encryption (FHE) is a powerful cryptographic primitive that enables performing computations over encrypted data without having access to the secret key. However, FHE only achieves a relatively weak security notion (IND-CPA or IND-CPA-D), which is often insufficient for real-world deployments.
The goal of zkOpenFHE is to be a drop-in replacement for the excellent OpenFHE library, with the additional ability to prove the correct evaluation of an FHE circuit using a (zero-knowledge) succinct non-interactive argument of knowldege ((zk)SNARK).
To achieve this, we mirror's OpenFHE's interfaces, and augment them under the hood with automatic constraint generation and extended witness computation, using libsnark.
| OpenFHE | zkOpenFHE |
|---|---|
c = cryptoContext->Encrypt(secretKey, x);
c_rot = cryptoContext->EvalRotate(c, 1);
c2 = cryptoContext->EvalMultNoRelin(c, c_rot); |
proofSystem = LibsnarkProofSystem(cryptoContext);
c = cryptoContext->Encrypt(secretKey, x);
proofSystem.PublicInput(c);
c_rot = proofSystem->EvalRotate(c, 1);
c2 = proofSystem->EvalMultNoRelin(c, c_rot); |
A ProofSystem has three modes:
PROOFSYSTEM_MODE_EVALUATION: evaluate the FHE circuit, just like OpenFHEPROOFSYSTEM_MODE_CONSTRAINT_GENERATION: generate the constraints corresponding to the FHE circuit and automatically optimize themPROOFSYSTEM_MODE_WITNESS_GENERATION: generate the extended witness for the FHE circuit, which is needed for proving correct computation
For a more complete overview of our project, have a look at zkFHE.github.io, where you'll find out more about what we're trying to achieve
To install zkOpenFHE, refer to OpenFHE's General Installation Information: readthedocs for more information
Or refer to the following for your specific operating system:
-
MacOS. Note that the libsnark backend will not build on Apple Silicon, but a fix should be available soon.
If you'd like to contribute, please reach out! We're also very grateful if you report issues, big or small, or if you'd like to contribute some examples.