This month, Zama is releasing TFHE-rs v1.0, the first stable version of the TFHE-rs library. This marks a major milestone, stabilizing the high-level API for the x86 CPU backend while ensuring backward compatibility.
In other words, you can now rely on the TFHE-rs API without worrying about breaking changes in future updates.
The most significant improvement in this release is the refinement of key parameters, which enhances cryptographic security, preserves the performance and optimizes them for use in distributed protocols. This update also introduces an official handbook and a streamlined contribution process, both of which will be covered in detail in this article.
Notably, the probability of computational errors has been reduced to less than 2-128, all while maintaining performance. In practical terms, this means that the likelihood of an error is as negligible as breaking modern cryptographic standards.
Alongside the release of TFHE-rs v1.0, Zama has published a first edition of its TFHE-rs handbook detailing all the implementations in the backend.
The TFHE-rs handbook covers:
Another important point is that, unlike the documentation, the handbook focuses on Gaussian noise distribution, aligning with standard definitions used in academic literature.
A core enhancement in this release is the refinement of cryptographic parameters, reducing the probability of computational errors from less than 2-64 to less than 2-128.
Although often hidden from users, cryptographic parameters are fundamental to TFHE-rs, ensuring the security, efficiency, and correctness of computations.
Until recently, TFHE-rs’ standard parameter sets guaranteed computational correctness with an error probability below 2-64—practically negligible for traditional client-server use cases. However, recent research suggests that in scenarios where both encrypted and decrypted data might be accessible, certain theoretical attacks could emerge. While still computationally infeasible with previous parameter sets—requiring an average of 263 computations to succeed—this update further strengthens security against such possibilities.
Zama designed TFHE-rs to provide the highest level of security for all applications. With TFHE-rs v1.0, cryptographic parameters have been refined to reduce the computational error probability to below 2-128, aligning with standard cryptographic security levels and ensuring robustness—even in distributed protocols.
Typically, lowering the failure probability from 2-64 to 2-128 would at least double computation time. However, TFHE-rs limits the slowdown to around 10% by implementing a novel technique called drift mitigation (see more details in the associated scientific article).
As TFHE-rs serves as the backbone of Zama's blockchain protocol enabling developers to write confidential smart contracts using FHE. This new version is designed to better support distributed protocols—where private and public key generation may be shared among multiple users —TFHE-rs v1.0 now uses a TUniform noise distribution by default. This variant of Uniform avoids the constraints imposed by Gaussian distributions.
For users who prefer the traditional approach, cryptographic parameters based on the Gaussian distribution remain available.
The TFHE-rs documentation provides comprehensive guidance on selecting cryptographic parameters and understanding different distributions.
For deeper technical insights, benchmarks performed with the new parameter sets—including those for integer operations and low-level operations like bootstrapping—are also available in the documentation.
Below is a simple demonstration of how to use TFHE-rs in a client-server setup.
To keep this example straightforward, we’ve intentionally left out advanced features like public key encryption and its associated Zero-Knowledge Proofs—which are commonly used in distributed environments to let users share a common encryption key and verify that ciphertexts are correctly formed.
This example focuses on the core workflow, simulating interactions between a Client and a Server:
At Zama, being an open-source cryptography company isn’t just a requirement—it’s something we actively embrace. Openness drives innovation, collaboration, and the continuous improvement of our technologies.
TFHE-rs is built with this philosophy in mind, welcoming contributions in two main ways:
1. Contribute to TFHE-rs via Zama Bounty Program: Advancing FHE, One Challenge at a Time
The Zama Bounty Program rewards developers for tackling technical challenges that push TFHE-rs forward. Each quarter, a new TFHE-rs bounty is opened, and solutions from participants often lead to meaningful improvements in the library.
A recent example is the homomorphic string feature, which started as a bounty contribution and was later integrated into the main repository. Thanks to this addition, users can now run the following code to check whether a substring is contained within another string:
A detailed comparison of the benefits of this new feature can be found in the string documentation.
Several other bounty-driven contributions have also been integrated into TFHE-rs, including homomorphic SHA-256:
The next season of the Bounty Program is opening soon! Follow the official Bounty Program repository to participate. Looking forward to your contributions!
2. Contribute to TFHE-rs Directly: Build, Improve, and Innovate
We've introduced a streamlined contribution process to make it easier for developers and researchers to add new features and improvements to TFHE-rs. Whether you're building an application or experimenting with a novel prototype, you can integrate your work into the library by following these steps:
Once accepted, your contribution will be maintained over time, just like any other feature in the library.
Looking ahead, TFHE-rs is evolving with two key objectives:
News, research and product releases