What's the difference between FheBool and boolean Ciphertext?

Zama TFHE-rs
1

Hi there,

I wonder what’s the difference between FheBool and the boolean Ciphertext.
Under what kind of circumstance should I prefer using FheBool/Ciphertext?

Thanks

2

Hi!
In summary, FheBool is high level and boolean ciphertext is low level.

FheBool can be used with the other types from the “high level API” such as FheUint8, FheInt8, FheAsciiString,… that allows to write FHE code almost like normal code.
For example, if you use a comparison on 2 FheInt8 the result will be an FheBool:

use tfhe::prelude::*;
use tfhe::{generate_keys, set_server_key, ConfigBuilder, FheInt8};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = ConfigBuilder::default().build();
    let (keys, server_keys) = generate_keys(config);
    set_server_key(server_keys);

    let clear_a: i8 = -121;
    let clear_b: i8 = 87;

    let a = FheInt8::try_encrypt(clear_a, &keys)?;
    let b = FheInt8::try_encrypt(clear_b, &keys)?;

    // This is a FheBool
    let greater = a.gt(&b);

Under the hoods all ciphertexts from the high level api, FheBool included, are built on the shortint ciphertext.

The boolean ciphertext is a low level ciphertext, which means that you will not be able to do operations over integer, and you will have to take care of the cryptographic noise yourself. It allows to execute circuits made of boolean gates on ciphertexts. There is little reasons to use this directly if you want to build an FHE application, this is more used for research.

1 Like
3

Wow, thanks for your great answer! Things have been much clearer for me.
I was following the tutorial about SHA256 and found that it uses boolean Ciphertext instead of FheBool. Does this mean that this tutorial actually omits the part about taking care of noise? (Sorry, I’m relatively new to FHE, don’t know how much noise will be introduced during computing a SHA256 hash)

4

Hi!
This tutorial is becoming a bit old now, and has been written when the high level API was not so complete. The tutorial is correct because it only uses bootstrapped operations that reset the noise. But it had to re-implement its own parallelized carry propagation algorithms, which are things that are offered by the high-level API.

You can find an implementation of the sha256 using the HL API here: SHA256 HL (we should certainly rewrite the tutorial to use this instead!)

1 Like
5

I see. Thank you for your clarification!