I have a question regarding the practical implementation of TFHE. While I understand that Key Switching can theoretically allow for different keys between ciphertexts, I am curious about the “de facto” standard in real-world scenarios (e.g., boolean circuit evaluation).
Is it standard practice to use only one secret key and one Bootstrapping Key (BK) for all ciphertexts in a scheme? Specifically, is the “single-key” approach preferred as the primary way to balance performance and complexity, or are there common use cases where multiple keys are intentionally used despite the overhead?
I would like to confirm if “one key for all ciphertexts” is the universal go-to approach for most TFHE developers.strong text
TFHE is now deprecated, use FHEVM
Hello @xiangyuhuanghuang
In the context of the Zama Protocol having multiple keys would create an interoperability problem where ciphertexts would indeed need to be keyswitched to be compatible, that’s not the approach used by the Zama Protocol which instead has a single secret key, which is then secret shared between MPC nodes which can perform threshold decryptions.
To answer more broadly: outside of blockchain in the context of a “simple” Client/Server application where a service provider may want to run for example an AI model in FHE then a Client can send their bootstrap key and all ciphertexts for a given client will be encrypted under the corresponding secret key.
Hope this helps