{"id":"https://openalex.org/W4416549512","doi":"https://doi.org/10.1145/3719027.3765097","title":"Towards Verifiable FHE in Practice: Proving Correct Execution of TFHE's Bootstrapping using plonky2","display_name":"Towards Verifiable FHE in Practice: Proving Correct Execution of TFHE's Bootstrapping using plonky2","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549512","doi":"https://doi.org/10.1145/3719027.3765097"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3765097","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765097","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005945317","display_name":"Louis Thibault","orcid":"https://orcid.org/0000-0002-5804-3703"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Louis Tremblay Thibault","raw_affiliation_strings":["Zama, Paris, France"],"affiliations":[{"raw_affiliation_string":"Zama, Paris, France","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070604415","display_name":"Michael Walter","orcid":"https://orcid.org/0000-0003-3186-2482"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Michael Walter","raw_affiliation_strings":["Zama, Paris, France"],"affiliations":[{"raw_affiliation_string":"Zama, Paris, France","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5005945317"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.671,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.92779882,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1113","last_page":"1126"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.46860000491142273,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.46860000491142273,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.1298000067472458,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10142","display_name":"Formal Methods in Verification","score":0.08219999819993973,"subfield":{"id":"https://openalex.org/subfields/1703","display_name":"Computational Theory and Mathematics"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/bootstrapping","display_name":"Bootstrapping (finance)","score":0.9648000001907349},{"id":"https://openalex.org/keywords/verifiable-secret-sharing","display_name":"Verifiable secret sharing","score":0.7401000261306763},{"id":"https://openalex.org/keywords/computation","display_name":"Computation","score":0.4661000072956085},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.31610000133514404},{"id":"https://openalex.org/keywords/formal-verification","display_name":"Formal verification","score":0.31220000982284546},{"id":"https://openalex.org/keywords/sampling","display_name":"Sampling (signal processing)","score":0.31119999289512634},{"id":"https://openalex.org/keywords/circuit-design","display_name":"Circuit design","score":0.296099990606308}],"concepts":[{"id":"https://openalex.org/C207609745","wikidata":"https://www.wikidata.org/wiki/Q4944086","display_name":"Bootstrapping (finance)","level":2,"score":0.9648000001907349},{"id":"https://openalex.org/C85847156","wikidata":"https://www.wikidata.org/wiki/Q59015987","display_name":"Verifiable secret sharing","level":3,"score":0.7401000261306763},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7250000238418579},{"id":"https://openalex.org/C45374587","wikidata":"https://www.wikidata.org/wiki/Q12525525","display_name":"Computation","level":2,"score":0.4661000072956085},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.4546999931335449},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.4332999885082245},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.3637000024318695},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.34220001101493835},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.31610000133514404},{"id":"https://openalex.org/C111498074","wikidata":"https://www.wikidata.org/wiki/Q173326","display_name":"Formal verification","level":2,"score":0.31220000982284546},{"id":"https://openalex.org/C140779682","wikidata":"https://www.wikidata.org/wiki/Q210868","display_name":"Sampling (signal processing)","level":3,"score":0.31119999289512634},{"id":"https://openalex.org/C190560348","wikidata":"https://www.wikidata.org/wiki/Q3245116","display_name":"Circuit design","level":2,"score":0.296099990606308},{"id":"https://openalex.org/C90702460","wikidata":"https://www.wikidata.org/wiki/Q1055112","display_name":"Circuit complexity","level":3,"score":0.2906999886035919},{"id":"https://openalex.org/C182306322","wikidata":"https://www.wikidata.org/wiki/Q1779371","display_name":"Order (exchange)","level":2,"score":0.2906999886035919},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.2685999870300293},{"id":"https://openalex.org/C134146338","wikidata":"https://www.wikidata.org/wiki/Q1815901","display_name":"Electronic circuit","level":2,"score":0.2676999866962433},{"id":"https://openalex.org/C94461902","wikidata":"https://www.wikidata.org/wiki/Q2762418","display_name":"Formal proof","level":3,"score":0.26570001244544983},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.26409998536109924},{"id":"https://openalex.org/C12426560","wikidata":"https://www.wikidata.org/wiki/Q189569","display_name":"Basis (linear algebra)","level":2,"score":0.26109999418258667}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3765097","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765097","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W56544557","https://openalex.org/W1499934958","https://openalex.org/W1557386445","https://openalex.org/W1590453572","https://openalex.org/W1836725053","https://openalex.org/W2101687784","https://openalex.org/W2400700555","https://openalex.org/W2554750353","https://openalex.org/W2603155476","https://openalex.org/W2782979894","https://openalex.org/W2885314357","https://openalex.org/W2942255051","https://openalex.org/W3023051856","https://openalex.org/W3030708022","https://openalex.org/W3157709467","https://openalex.org/W3158989923","https://openalex.org/W3173128495","https://openalex.org/W3176410512","https://openalex.org/W4292387255","https://openalex.org/W4294325388","https://openalex.org/W4312321890","https://openalex.org/W4313270705","https://openalex.org/W4380082463","https://openalex.org/W4389292272","https://openalex.org/W4389919023","https://openalex.org/W4396691178","https://openalex.org/W4401598503","https://openalex.org/W4405166865","https://openalex.org/W4405183111","https://openalex.org/W4409253680"],"related_works":[],"abstract_inverted_index":{"In":[0,103],"this":[1],"work":[2],"we":[3,76,113,139],"demonstrate":[4],"for":[5,31],"the":[6,32,45,70,117,120,145],"first":[7],"time":[8],"that":[9,148],"a":[10,19,85,110,134,141],"full":[11,99],"FHE":[12,158],"bootstrapping":[13,33,74,80],"operation":[14,34,75],"can":[15],"be":[16],"proven":[17],"using":[18,38],"SNARK":[20],"in":[21,52,84,109,144,152],"practice.":[22],"We":[23,40],"do":[24],"so":[25],"by":[26],"designing":[27],"an":[28,48,94],"arithmetic":[29,95],"circuit":[30,46,96,131],"and":[35,62,81,101,122,159],"prove":[36,44,127],"it":[37,83,92],"plonky2.":[39],"are":[41],"able":[42],"to":[43,88,105,125,132,163],"on":[47],"AWS":[49],"Hpc7a":[50],"instance":[51],"under":[53],"20":[54],"minutes.":[55],"Proof":[56],"size":[57],"is":[58],"about":[59],"200":[60],"kB":[61],"verification":[63,130],"takes":[64],"less":[65],"than":[66],"10":[67],"ms.":[68],"As":[69],"basis":[71],"of":[72,116,119,156],"our":[73,107,161],"use":[77],"TFHE's":[78],"programmable":[79],"modify":[82],"few":[86],"places":[87],"more":[89],"efficiently":[90,126],"represent":[91],"as":[93],"(while":[97],"maintaining":[98],"functionality":[100],"security).":[102],"order":[104],"achieve":[106],"results":[108],"memory-efficient":[111],"way,":[112],"take":[114],"advantage":[115],"structure":[118],"computation":[121],"plonky2's":[123],"ability":[124],"its":[128],"own":[129],"implement":[133],"recursion-based":[135],"IVC":[136],"scheme.":[137],"Lastly,":[138],"present":[140],"security":[142],"proof":[143],"UC":[146],"model":[147],"captures":[149],"active":[150],"attacks":[151],"real":[153],"world":[154],"applications":[155],"verifiable":[157],"augment":[160],"prototype":[162],"fit":[164],"such":[165],"applications.":[166]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-17T09:09:15.849793","created_date":"2025-11-23T00:00:00"}