bump TFHEpp to latest and fix keyswitching algorithm

nindanaoto · nindanaoto · commit cea68177c505 · 2025-08-28T09:38:03.000Z
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1,11 +1,11 @@
 cmake_minimum_required(VERSION 3.18)
-project(cuFHE LANGUAGES CUDA CXX)
+project(cuFHE LANGUAGES CUDA CXX C)
 
 set(CMAKE_CXX_STANDARD 20)
 find_package(CUDAToolkit REQUIRED)
 set(CMAKE_CUDA_FLAGS "--ptxas-options=-v")
 
-option(USE_RANDEN "Use randen as CSPRNG" ON)
+option(USE_RANDEN "Use randen as CSPRNG" OFF)
 option(USE_80BIT_SECURITY "Use 80bit security parameter(faster)" OFF)
 option(USE_CGGI19 "Use the parameter set proposed in CGGI19" OFF)
 option(USE_CONCRETE "Use the parameter set proposed in CONCRETE" OFF)
diff --git a/include/cufhe_gpu.cuh b/include/cufhe_gpu.cuh
@@ -125,7 +125,7 @@ struct Ctxt {
     Ctxt(const Ctxt& that) = delete;
     Ctxt& operator=(const Ctxt& that) = delete;
 
-    TFHEpp::TLWE<P> tlwehost;
+    alignas(64) TFHEpp::TLWE<P> tlwehost;
 
     std::vector<typename P::T*> tlwedevices;
 };
diff --git a/include/keyswitch_gpu.cuh b/include/keyswitch_gpu.cuh
@@ -9,24 +9,40 @@ namespace cufhe{
 
 extern std::vector<TFHEpp::lvl0param::T*> ksk_devs;
 
+
+template <class P>
+__device__ constexpr typename P::domainP::T iksoffsetgen()
+{
+    typename P::domainP::T offset = 0;
+    for (int i = 1; i <= P::t; i++)
+        offset +=
+            (1ULL << P::basebit) / 2 *
+            (1ULL << (std::numeric_limits<typename P::domainP::T>::digits -
+                      i * P::basebit));
+    return offset;
+}
+
 template <class P>
 __device__ inline void KeySwitch(typename P::targetP::T* const lwe,
                                  const typename P::domainP::T* const tlwe,
                                  const typename P::targetP::T* const ksk)
 {
-    constexpr typename P::domainP::T decomp_mask = (1U << P::basebit) - 1;
-    constexpr typename P::domainP::T decomp_offset =
-        1U << (std::numeric_limits<typename P::domainP::T>::digits - 1 -
-               P::t * P::basebit);
+    constexpr uint domain_digit =
+        std::numeric_limits<typename P::domainP::T>::digits;
+    constexpr uint target_digit =
+        std::numeric_limits<typename P::targetP::T>::digits;
+    constexpr typename P::domainP::T roundoffset =
+        (P::basebit * P::t) < domain_digit
+            ? 1ULL << (domain_digit - (1 + P::basebit * P::t))
+            : 0;
+    constexpr typename P::domainP::T decompoffset = iksoffsetgen<P>();
+    constexpr typename P::domainP::T mask = (1ULL << P::basebit) - 1;
+    constexpr typename P::domainP::T halfbase = 1ULL << (P::basebit - 1);
     const uint32_t tid = ThisThreadRankInBlock();
     const uint32_t bdim = ThisBlockSize();
     for (int i = tid; i <= P::targetP::k*P::targetP::n; i += bdim) {
         typename P::targetP::T res = 0;
         if (i == P::targetP::k*P::targetP::n){
-            constexpr uint domain_digit =
-                std::numeric_limits<typename P::domainP::T>::digits;
-            constexpr uint target_digit =
-                std::numeric_limits<typename P::targetP::T>::digits;
             if constexpr (domain_digit == target_digit)
                 res = tlwe[P::domainP::k * P::domainP::n];
             else if constexpr (domain_digit > target_digit)
@@ -40,20 +56,20 @@ __device__ inline void KeySwitch(typename P::targetP::T* const lwe,
                 tmp = tlwe[0];
             else
                 tmp = -tlwe[P::domainP::k*P::domainP::n - j];
-            tmp += decomp_offset;
+            tmp += decompoffset + roundoffset;
             for (int k = 0; k < P::t; k++) {
-                typename P::domainP::T val =
-                    (tmp >>
+                const int32_t val =
+                    ((tmp >>
                      (std::numeric_limits<typename P::domainP::T>::digits -
                       (k + 1) * P::basebit)) &
-                    decomp_mask;
-                if (val != 0) {
-                    constexpr int numbase = (1 << P::basebit) - 1;
-                    res -= ksk[j * (P::t * numbase *
+                    mask) - halfbase;
+                constexpr int numbase = 1 << (P::basebit-1);
+                const typename P::targetP::T kskelem = ksk[j * (P::t * numbase *
                                     (P::targetP::k*P::targetP::n + 1)) +
                                k * (numbase * (P::targetP::k*P::targetP::n + 1)) +
-                               (val - 1) * (P::targetP::k*P::targetP::n + 1) + i];
-                }
+                               (abs(val) - 1) * (P::targetP::k*P::targetP::n + 1) + i];
+                if (val > 0) res -= kskelem;
+                else if (val < 0) res += kskelem;
             }
         }
         lwe[i] = res;
@@ -66,19 +82,22 @@ __device__ inline void IdentityKeySwitchPreAdd(typename P::targetP::T* const lwe
                                  const typename P::domainP::T* const inb,
                                  const typename P::targetP::T* const ksk)
 {
-    constexpr typename P::domainP::T decomp_mask = (1U << P::basebit) - 1;
-    constexpr typename P::domainP::T decomp_offset =
-        1U << (std::numeric_limits<typename P::domainP::T>::digits - 1 -
-               P::t * P::basebit);
+    constexpr uint domain_digit =
+        std::numeric_limits<typename P::domainP::T>::digits;
+    constexpr uint target_digit =
+        std::numeric_limits<typename P::targetP::T>::digits;
+    constexpr typename P::domainP::T roundoffset =
+        (P::basebit * P::t) < domain_digit
+            ? 1ULL << (domain_digit - (1 + P::basebit * P::t))
+            : 0;
+    constexpr typename P::domainP::T decompoffset = iksoffsetgen<P>();
+    constexpr typename P::domainP::T mask = (1ULL << P::basebit) - 1;
+    constexpr typename P::domainP::T halfbase = 1ULL << (P::basebit - 1);
     const uint32_t tid = ThisThreadRankInBlock();
     const uint32_t bdim = ThisBlockSize();
     for (int i = tid; i <= P::targetP::k*P::targetP::n; i += bdim) {
         typename P::targetP::T res = 0;
         if (i == P::targetP::k*P::targetP::n){
-            constexpr uint domain_digit =
-                std::numeric_limits<typename P::domainP::T>::digits;
-            constexpr uint target_digit =
-                std::numeric_limits<typename P::targetP::T>::digits;
             const typename P::domainP::T added = casign*ina[P::domainP::k*P::domainP::n]+ cbsign*inb[P::domainP::k*P::domainP::n] + offset;
             if constexpr (domain_digit == target_digit)
                 res = added;
@@ -89,20 +108,22 @@ __device__ inline void IdentityKeySwitchPreAdd(typename P::targetP::T* const lwe
         }
         for (int j = 0; j < P::domainP::k*P::domainP::n; j++) {
             typename P::domainP::T tmp;
-            tmp = casign*ina[j]+ cbsign*inb[j] + 0 + decomp_offset;
+            tmp = casign*ina[j] + cbsign*inb[j] + 0 + decompoffset + roundoffset;
             for (int k = 0; k < P::t; k++) {
-                typename P::domainP::T val =
-                    (tmp >>
+                const int32_t val =
+                    ((tmp >>
                      (std::numeric_limits<typename P::domainP::T>::digits -
                       (k + 1) * P::basebit)) &
-                    decomp_mask;
-                if (val != 0) {
-                    constexpr int numbase = (1 << P::basebit) - 1;
-                    res -= ksk[j * (P::t * numbase *
-                                    (P::targetP::k*P::targetP::n + 1)) +
-                               k * (numbase * (P::targetP::k*P::targetP::n + 1)) +
-                               (val - 1) * (P::targetP::k*P::targetP::n + 1) + i];
-                }
+                    mask) - halfbase;
+                constexpr int numbase = 1 << (P::basebit-1);
+                if (val > 0) res -= ksk[j * (P::t * numbase *
+                                        (P::targetP::k*P::targetP::n + 1)) +
+                                k * (numbase * (P::targetP::k*P::targetP::n + 1)) +
+                                (val - 1) * (P::targetP::k*P::targetP::n + 1) + i];
+                else if (val < 0) res += ksk[j * (P::t * numbase *
+                                        (P::targetP::k*P::targetP::n + 1)) +
+                                k * (numbase * (P::targetP::k*P::targetP::n + 1)) +
+                                (-val - 1) * (P::targetP::k*P::targetP::n + 1) + i];
             }
         }
         lwe[i] = res;
diff --git a/thirdparties/TFHEpp b/thirdparties/TFHEpp
@@ -1 +1 @@
-Subproject commit a6462b36c951ab029df484ee7037805e2fb73157
+Subproject commit 412046b69b26eef8a6f3c4c2138b847bf8035081
