12/12.REFHE is the result of work by @dWalletLabs cryptography team and reflects our broader mission: pushing the boundaries of cryptography to create a secure, programmable, private and decentralized world without compromising on the Zero-Trust principles of Web3. Paper link:.

11/12.We believe this is a foundational shift. REFHE reframes FHE as a platform for encrypted computation that mirrors the machine model - allowing us to reason about programs, not just circuits. It's the first step toward a real homomorphic ALU.

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

10/12. With 100x smaller ciphertexts, 20x faster multiplication, and 1000x faster additions, REFHE surpasses TFHE in every parameter.Benchmarks in the paper.

9/12.We also generalize modulus switching to the setting where plaintext and ciphertext moduli are ideals, not integers. And we explore algebraic moduli construction that enables a Double-CRT representation - typically unavailable outside cyclotomic rings.

8/12.REFHE does not require batching. That’s intentional. Instead, we focus on single-word encrypted computation - matching the CPU-like abstraction. This makes it particularly relevant for use cases like:.- Encrypted VMs.- Smart contracts with FHE backends.- zkCompute over.

7/12.For example, to compute a > b homomorphically:.1. Subtract b from a.2. Bootstrap the result.3. Extract the most significant bit → gives you the result of the comparison. This kind of operation would be painful in arithmetic schemes and bloated in boolean ones.

6/12.🔧 Bootstrapping in REFHE.Our bootstrapping mechanism:.- Recursively extracts encrypted bits µᵢ of the message during bootstrap.- Enables boolean ops during bootstrapping - e.g. comparisons, bit shifts, masking.

5/12.This has profound consequences:.- The bits of the integer are just the coefficients of the polynomial.- Noise scales like n^O(d) for depth-d circuits (vs 2^O(d) in prior Z₂ⁿ approaches).- Bootstrapping becomes a natural place to extract bit-level structure.

4/12.REFHE starts from the BGV blueprint but makes two key architectural shifts:.1. We work over a non-cyclotomic ring: ℤ[x]/(xⁿ - x + 2).2. We define the plaintext space as an ideal: ⟨x - 2⟩, giving us plaintexts ≅ Z₂ⁿ. This lets us represent 64-bit values directly - with.

3/12.Why is this a big deal?. Most existing schemes fall into one of two camps:.- Arithmetic-focused (BGV, BFV, CKKS) - fast at math, awkward for logic.- Boolean-focused (TFHE) - logic is native, but everything is bit-bloated. Real programs use both. REFHE bridges this divide.

2/12.At its core, REFHE asks:. Can we build an FHE scheme that behaves like a CPU ALU?. That means:.- Integer arithmetic (mod 2⁶⁴).- Logic ops like AND, OR, comparisons.- Operations on encrypted values.- Efficient bootstrapping. All natively supported. Not simulated.

🧵1/12.We're excited to share REFHE: Fully Homomorphic ALU, our new paper introducing an FHE scheme that natively supports both arithmetic and logical operations on 64-bit machine words. This is a step toward treating FHE not as a circuit model - but as a real compute model.

RT @ycscaly: Today we released our Threshold FHE paper - the first that can be used by nodes of a decentralized network for threshold decry….

RT @omersadika: Today we are publishing our Threshold FHE scheme, redefining cryptographic computation and bringing Web3 a step closer to t….

11/ Our scheme is scalable: supporting thousands of participants, DKG and reconfiguration in minutes (should happen once every > 24 hours) and sub-second decryption!.

10/ Our scheme is reconfigurable: allowing participants (think: node operators) to join and leave, and still participate in decryption. This is crucial to enable permissionless setups of threshold networks where parties join and leave at will.

9/ It is publicly verifiable, and with f<n/3, admits Guaranteed Output Delivery (GOD) - meaning that as long as less than a 1/3 of the parties are malicious, the decryption is guranteed to succeed, a really difficult and useful trait to achieve!.

8/ Our scheme is blockchain compatible: It is realized over an asynchronous network and only utilizes reliable broadcast.

7/ Our scheme is generic: it can work under any t-out-of-n setting and for any FHE scheme. Importantly, we solve a key-issue here with t=2/3 which is commonly used for consensus, and no scheme known to us has been able to achieve a practical, scalable solution for.

6/ This makes it the first threshold FHE scheme that can be used for decentralized networks, and the first to allow building permissionless threshold decryption networks and many other solutions.