Switching Key Generation

Whisper · February 22, 2024, 12:10am

Hi,

I’ve been reading through several FHE accelerator papers, and one common trend is that they produce half of their key-switching keys on-chip. For example:

From CraterLake:
As half of each key-switch hint (KSH) is pseudo-random, it can be generated on the fly from a small seed, halving KSH storage and bandwidth.

However it also seems that each key-switching key is roughly of the form:
{-a*s'+s*P+e, a} for some key-switch s \rightarrow s'.

Since a, the pseudo-random half, is in both polynomials of the key, it feels like the above optimization won’t work? As in, you can’t independently sample a on-the-fly. In a client/server model, is the client required to send both polynomials of each switching key to the server? Or am I missing something and this on-the-fly generation is fine?

Caesar · February 22, 2024, 1:18am

The first half of the KS key is computed on the client side. As for the second half, a, it can be generated from a small seed (something like 32- or 64-bit integer). Given the client and the server share the same pseudo-random number generator, the server can use the seed to generate a, resulting in having the whole key.
This trick is used to reduce the IO complexity at the accelerator. The intuition is that generating a is cheaper than loading it from memory to the chip.

Whisper · February 22, 2024, 3:22am

Ah, I see! I wasn’t aware that the client and server could share the same pseudo-random number generator. This makes much more sense now. Thank you!

Topic		Replies	Views
KeySwitch keys reuse & optimization for hybrid key switching Library Questions	9	724	June 19, 2023
Multi-key HE implementation FHE Questions	1	39	April 12, 2024
About CKKS -> FHEW symmetric key FHE Questions	1	166	September 8, 2023
Generate private key from a predefined value Library Questions openfhe-help	6	133	October 14, 2023
BGV : using KeySwitch FHE Questions	5	215	June 14, 2023

Switching Key Generation

Related Topics