本集简介
双语字幕
仅展示文本字幕,不包含中文音频;想边听边看,请使用 Bayt 播客 App。
欢迎来到零知识领域。
Welcome to Zero Knowledge.
我是主持人安娜·罗斯。
I'm your host, Anna Rose.
在本期播客中,我们将探讨零知识研究和去中心化网络的最新进展,以及有望改变我们在线互动和交易方式的新范式。
In this podcast, we will be exploring the latest in zero knowledge research and the decentralized web, as well as new paradigms that promise to change the way we interact and transact online.
本周,我将再次深入探讨全同态加密话题,并邀请Zama公司CEO兰德·欣迪参与讨论。
This week, I dive back into the topic of FHE with Rand Hindy, CEO at Zama.
FHE代表全同态加密,这种密码系统允许对加密输入进行计算。
FHE stands for fully homomorphic encryption, a cryptosystem that allows for computation to occur on encrypted inputs.
我们将讨论FHE的发展现状、其理想应用场景、技术发展水平、与多方计算或零知识证明的区别,并深入分析各团队为实现这种真正隐私计算环境所采用的不同技术类型的细微差别。
We talk about the FHE landscape, what specific use cases it's ideal for, where the technology is at, how FHE differs from MPC or ZK, and look into some of the nuances of the different types of techniques the teams are using to achieve this cryptographic environment where one can do computation in a truly private manner.
但在开始前,我想分享一个来自合作伙伴Web3基金会关于最新CK峰会的公告。
But before we kick off, I wanna share an announcement from one of our partners on the latest CK Summit, the Web three Foundation.
他们将于11月在里斯本举办一场名为'Sub Zero'的线下活动——波卡开发者大会。
They are hosting an in person event called Sub Zero, the Polkadot Developer Conference in Lisbon on November.
今年的活动将汇聚全球Polkadot社区,并为那些希望深入了解Substrate(Polkadot构建自定义区块链的框架)的人士提供开放入门机会。
This year's edition will bring together the global Polkadot community and provide an open introduction to those looking to learn more about Substrate, Polkadot's framework for building custom blockchains.
了解更多信息并申请请访问sub0.polkadot.network。
Learn more and apply at sub0.polkadot.network.
我还想提醒大家,ZK招聘板上新发布了一批职位。
I also wanna highlight that there is a fresh batch of jobs over on the ZK jobs board.
如果你正在寻找与ZK领域顶尖团队合作的新机会,务必查看他们的招聘信息。
If you are looking for a new opportunity to work with the best teams in ZK, be sure to check out their job postings.
我会在节目备注中添加链接。
I'll add the link in the show notes.
现在Tanya将简要介绍本周的赞助商。
Now Tanya will share a little bit about this week's sponsor.
本期节目由ANOMA赞助播出。
Today's episode is sponsored by ANOMA.
ANOMA是一个
ANOMA is a
一套支持自主主权协调的协议。
set of protocols that enable self sovereign coordination.
其独特架构既支持最简单的经济协调形式(如两方之间的资产转移),也能实现更复杂的场景——比如多方参与的资产无关易货系统(无需直接需求匹配),甚至更复杂的N方交互,所有操作均可通过可调节的零知识隐私技术实现。
Their unique architecture facilitates the simplest forms of economic coordination, such as two parties transferring an asset to each other, as well as more sophisticated ones like an asset agnostic bartering system involving multiple parties without direct coincidence of wants, or even more complex ones such as n party where any interaction can be performed with an adjustable zero knowledge privacy.
Anoma的首个分形实例Nomada计划于2022年底推出,专注于实现任意资产的隐私转账功能,具有秒级交易延迟和近乎零手续费的特点。
Anoma's first fractal instance, Nomada, is planned for later in 2022, and it focuses on enabling shielded transfers for any assets with a few second transaction latency and near zero fees.
更多信息请访问anoma.net。
Visit anoma.net for more information.
再次感谢Anoma。
So thanks again, Anoma.
现在请听安娜对Zama公司Rand Hindi的采访。
Now here is Anna's interview with Rand Hindi from Zama.
今天,我请到了Zama公司的CEO Rand Hindi。
Today, I'm here with Rand Hindi, the CEO at Zama.
在本期节目中,我们将重新探讨全同态加密(FHE)这一话题。
And in today's episode, we're gonna be revisiting the topic of FHE or fully homomorphic encryption.
欢迎来到节目,Rand。
Welcome to the show, Rand.
谢谢你,Anna。
Thank you, Anna.
感谢邀请我参加。
Thank you for having me.
在我们开始之前,不如先简单介绍一下你自己和你的背景?
Before we start in, why don't you tell us a little bit about yourself and maybe your background?
是什么促使你想要研究这个问题?
What led you to want to work on this problem?
隐私一直是我感兴趣的领域。
Privacy is something I've always been interested in.
我其实从10岁就开始编程了。
I actually started coding when I was 10 years old.
早在九十年代,我就和一位朋友创建过一个社交网络。
And back in the nineties, I had created a social network, with a friend of mine.
高中时有段时间,有个又高又壮的家伙总是欺负我,我当时就想,必须找到他的把柄让他彻底停手。
And at some point in high school, there was this very tall, very big guy that was bullying me, and I thought, I have to find something against him so that he actually stops.
于是我入侵了我们之前搭建的社交网络数据库,发现了他发送的一些私密信息。
And I went into the database of the social network we had built, and I found some private messages he was sending.
我找到了一些关于他的相当劲爆的内容,你懂的。
And I found some very crunchy stuff about, you know, him.
后来我在学校找到他。
I went to him at school.
我就说,嘿。
I'm like, hey.
如果你再不放过我,我就把这些事公之于众,然后他就再也没骚扰过我。
If you don't leave me alone, I'm gonna tell everyone about that, and he left me alone.
但这件事让我始终有种负罪感,觉得自己做了件非常非常错误的事,你明白我的意思吧?
But it did leave me with a sentiment that I had done something really, really, really wrong because just, you know what I mean?
确实如此。
It is.
听起来挺艰难的。
It sounds pretty rough.
我知道。
I know.
嗯,我是说,那可是九十年代。
Well, I mean, it was the nineties.
对吧?
Right?
那时候互联网隐私还不是个话题。
Privacy on the Internet wasn't a topic yet.
对赛博朋克群体可能是,但还没成为主流意识。
I mean, it was for the cyberpunks, but it wasn't like mainstream.
但尽管如此,作为一个青少年,我觉得我做了对自己有利的事,但从道德角度看却是错误的。
But nonetheless, you know, as a teenager, I felt like I did the right thing for myself, but I did the wrong thing from an ethical perspective.
就像,仅仅因为我是网站管理员,并不意味着我有权侵犯他人隐私。
Like, just because I was the person administering the website didn't mean I had a right on people's privacy.
因此这个话题一直萦绕在我心头。
And so that was a topic that was in the back of my mind.
当我十五年前进入机器学习领域时,我就清楚地意识到我们需要越来越多的数据来实现有趣的人工智能应用,因此隐私问题必将成为机器学习的核心议题。
And when I got into machine learning, you know, fifteen years ago, it was clear to me that we're gonna need more and more data and if we want to do anything interesting with AI, and therefore privacy has to be a central issue in machine learning.
那时我便对这个领域产生了兴趣。
And that's when I got interested in that.
所以我攻读了一个机器学习方向的博士学位。
So I did a PhD in machine learning.
之后我创办了一家公司,专注于隐私保护的机器学习。
After that, I started a company doing machine learning with privacy.
我们开发了一款注重隐私的语音助手。
We had built a private voice assistant.
后来这家公司被Sonos收购了。
So that company got acquired by Sonos.
所以现在在美国,如果你使用Sonos的语音助手,那基本上就是我们的技术。
So today in The US, if you're using the voice assistant on your Sonos, it's basically our technology.
之后,我创立了Zama公司,专注于全同态加密技术,同时也参与了许多投资相关的事务。
And after that, I started Zama, which is working on fully homomorphic encryption as well as doing a lot of investment related stuff.
真酷。
Cool.
其实有趣的是,我们刚做了一期关于机器学习的节目,要知道我们通常不涉及这个话题。
Actually, interestingly, we just did an episode on machine learning and just started like, this is not a show that usually covers that topic.
我们还讨论了零知识证明中的机器学习应用,嗯。
And we did also talk about sort of machine learning in ZK, like Mhmm.
算是零知识证明范畴下的。
Kind of under ZK.
哦,我
Oh, I
特别喜欢这个话题。
love that topic.
我特别喜欢这个话题。
I love that topic.
顺便说一下,这是我正在积极投资的领域。
This is something I'm actively investing in, by the way.
机器学习与零知识证明的结合简直太奇妙了。
Machine learning and ZK is, like, such an amazing intersection.
我太喜欢这个了。
I love it.
是啊。
Yeah.
你走的这条机器学习隐私路线挺有意思的。
That's kind of an interesting path that you're going machine learning privacy.
听起来你们之前开发的产品似乎已经将隐私考虑在内了?
Did you feel like, it sounds like the product that you had built was actually already taking privacy into account.
但据我了解,很多机器学习研究或企业项目并没有这样做。
But as I understand it, a lot of machine learn learning, like research or companies, projects aren't.
他们在输入大量数据时根本没考虑隐私问题。
So they're feeding in a lot of data without really thinking about the privacy.
我认为这里的假设是,既然有这么多数据,那么任何私人数据都不太可能被真正发现。
I think the assumption here is that like, oh, well, if there's so much data, there's no way that any like private data would really be found.
但正如我们上期节目讨论过的,实际情况并非如此。
But I think as we talked about in our last episode, that's not really the case.
是的。
Yeah.
完全正确。
Absolutely.
在隐私保护和广义数据使用之间,存在这种错误的二分法。
There is this kind of false dichotomy between privacy and, I would say, data usage in general.
你明白吗?
You know?
我们一直被灌输这种观念:如果想利用数据做有用的事,就必须放弃数据隐私。
We've been fed this narrative that if you want to do something useful with data, you have to give away the data.
但同态加密——或者说整个安全计算领域最精妙之处在于,它让你能真正处理数据却无需看到原始数据,仅需持有加密版本即可。
But the beautiful thing about homomorphic encryption and, I would say, secure computation in general is that it enables you to actually do something with the data without actually seeing the data, with only having an encrypted version of the data.
这是我们在数据使用方式上的一个根本性范式转变,因为我们正从人们试图直接通过数据变现的世界,转向人们利用数据来为基于数据的服务创造价值的世界。
And this is a fundamental paradigm shift in the way that we actually use the data because we're moving from a world where people are trying to monetize data itself to a world where people are using data to monetize a service on top of the data.
而如果服务才是你关心的重点,你就不再需要查看数据本身来提供这项服务了。
And if the service is what you care about, you don't need to see the data to offer it anymore.
确实。
True.
不过如果你把数据私有化,难道不是仍然有方法能发现其中的信息吗?
Although if you make that private, aren't there still ways to find out things?
就像,如果你基本上是在加密数据上训练模型,但结果是否仍然可能揭示输入的某些信息?
Like, if you if you're basically training a model on encrypted data, but, like, the outcome could the outcome still, like, reveal something about the input?
是的。
Yes.
嗯,这与密码学无关。
Well, that's not a topic related to cryptography.
对吧?
Right?
这是个与机器学习相关的话题。
It's it's it's a topic related to machine learning.
确实,这是机器学习中存在的一个问题。
And indeed, this is a problem with machine learning.
你知道吗?
You know?
神经网络通常学得太好了。
Neural networks in general tend to learn too well.
如果某个事物的样本不足,网络很可能会认为该样本是唯一存在的。
And if there aren't enough examples of something, most likely, the network is going to learn that that example is the only one that exists.
因此你能够从输出中反推部分输入,特别是当这些输入并不常见或属于边缘案例时。
And so you're able to infer some of the inputs from the outputs, in particular if those inputs are not very common or something which are kind of edge cases.
很多人正在研究这个问题。
A lot of people are working on that.
要知道,有些方法可以通过轻微模糊数据来增强安全性。
You know, there are ways where you can fuzz the data a little bit in order to make that more secure.
但是,没错,我的意思是,这确实是机器学习中一个非常非常严重的问题,遗憾的是密码学也无法解决。
But, yeah, I mean, that that's a very, very big problem in machine learning that unfortunately cryptography doesn't solve.
现在让我们把注意力转向全同态加密(FHE),这应该是你当前工作的基础。
Now let's turn our attention to FHE though, which is the basis of, I guess, the work you do today.
你为什么选择研究全同态加密?
Why did you choose to work on fully homomorphic encryption?
在我经营上一家公司时,我们正在开发一款以隐私为核心设计的语音助手。
When I was running my previous company, we were working on this private by design voice assistant.
你知道,语音助手本质上是一个机器学习模型,它处理你的语音并返回某种回答。
And, you know, a voice assistant is a machine learning model that processes your voice and returns some kind of answer.
为了实现这一点,它需要配备麦克风来监听你的行为,并将数据发送到云端进行某种处理。
And to do that, it needs to have a microphone that listens in to what you're doing and, you know, sends that to the cloud for some kind of processing.
对我们来说,显然需要找到某种隐私解决方案,但我们找不到能在服务器端实现的技术,最终只能在客户端直接完成所有处理。
So for us, you know, it was obvious we needed to find some kind of privacy solution, but we couldn't find anything that could be done server side, and so we ended up doing everything on the client directly.
但后来,我团队里雇佣了一位真正的密码学家,他向我介绍了这项新技术。
But at some point, I hired someone in my team who actually was a cryptographer, and he told me about this new technology.
那是在2014、2015年左右,所以是很多年前的事了。
This was like 2014, 2015, so we're talking years ago.
他向我介绍了这项名为同态加密的新技术,它可以在服务器上直接处理加密数据,这样服务器实际上对其处理的数据一无所知。
He told me about this new technology called homomorphic encryption where you could actually do the processing on the server on encrypted data so that the server actually doesn't know anything about the data it's processing.
当我听说这个技术时,我的反应是:等等。
And when I heard about it, I was like, wait.
等一下。
Hold on.
这是否意味着用户可以向语音助手提问?
Does that mean that the user can ask something to the voice assistant?
语音助手将发送回你服务器的是语音的加密版本。
What the voice assistant will send back to your server is an encryption of the voice.
因此,它不会发送类似‘嘿’这样的内容。
So instead of sending something like, hey.
巴黎的天气怎么样?
What's the weather in Paris?
它会发送类似...随便你怎么发音的加密数据。
It will be sending like or, like, whatever, you know, however you pronounce encrypted data.
但这些加密数据仍会保留某些数学特性,因此你依然能在上面运行机器学习算法,产生一个本身也被加密的结果。
But this encrypted data would still keep some mathematical properties, and so you'd still be able to run your machine learning algorithms on it, produce a result which itself is encrypted.
所以,进行计算的计算机,它接收并返回数据。
So, you know, the computer that does the computation, you know, it hears and it returns.
但用户可以解密它。
But the user can decrypt it.
它能听到并知道,比如巴黎23度这样的信息。
It can hear, know, it's like, whatever, 23 degrees in Paris.
当我听说这个时,我的反应是:天啊。
When I heard about this, I was like, oh my god.
为什么不是所有人都在用这个技术?
Why isn't everyone doing that?
为什么这项技术还没有成为主流?
Like, why isn't this technology mainstream?
为什么我们现在还在向云端发送未加密的数据呢?
Why are we still, you know, sending unencrypted data to the cloud?
坦率地说,答案很简单。
And the answer, quite frankly, was simple.
就是行不通。
It just didn't work.
你知道,这在纸面上是个很棒的想法,就像十年前的ZK技术一样。
You know, it was a great idea on paper, kind of like ZK ten years ago.
纸面上很美好,但真要实际应用时,要么需要好几天才能得到反馈,要么性能不足,要么就是操作不够便捷。
Great idea on paper, but if you try to do anything useful with it, it would either take, like, you know, days to get a response back, or it just wasn't powerful enough, or you couldn't use it, you know, easily.
就是说,当时技术还不成熟。
Like, it just wasn't ready yet.
但现在可以了?
But now it is?
那么具体改变了什么呢?
So what's what's changed?
现在可以了。
Now it is.
所以你看我是怎么引导话题的
So you see how I'm I'm leading into the
下一个问题。
next question.
对吧?
Right?
是的。
Yes.
这次采访我作为采访者非常轻松。
Very easy as an interviewer on this one.
大约四年前出现的新一代同态加密方案,能够以更快的速度执行更复杂的运算,而且不像旧方案那么复杂。
So what happened is about four years ago, a new generation of homomorphic schemes started appearing that enabled to do much more complex operations much faster without as much complexity as the old ones.
因此我们在Zama所做的具体工作,就是采用这项名为TFHE(环面全同态加密)的技术,并将其打包成一个开发者框架,让任何不懂密码学的开发者都能使用它。
And so that work we've been doing at Zama specifically was to take this technology, which is called TFHE for Torus FHE, and package it in a developer framework that enables any developer without any knowledge of cryptography to use it.
正因我们使其易于使用,它便能轻松应用于机器学习、区块链应用,几乎任何你想做的事情。
And because we made it easy to use, it became easy to use for machine learning, for blockchain applications, for pretty much anything you wanted to do.
所以从密码学角度来说,我认为重大突破大约发生在四年前。
So I'd say the big breakthrough cryptographically speaking happened about four years ago.
而如今真正推动全同态加密发展的,是我们在此基础上构建的工具,让应用程序无需担忧密码学细节就能直接使用它。
And what really is enabling homomorphic encryption today are the tools we built on top of it that enables applications to start using it without having to worry about the cryptography.
让我们为听众解释一下FHE的含义。
Let's define FHE for for our audience.
我要快速回顾2020年4月的一期节目,当时我们采访了IBM的Flavio Bergamacci。
I'm gonna do a quick throwback to an episode I did in April 2020 where we talked to, Flavio Bergamacci from IBM.
我们确实做过一期FHE的入门介绍。
And we did actually an intro to FHE.
但正如录制前所说,我需要重新温习,因为时隔已久,我已经很长时间没讨论这个话题了。
But as I told you before we started recording, I'm gonna need a refresh because it's been a while and I haven't talked about it in a long time.
所以我认为现在正是我们深入探讨FHE实质的好时机。
And so I think it would be really great for us to explore what FHE actually is.
全同态加密的理念是,你可以在不拥有解密密钥的情况下对加密数据进行处理。
The idea of fully homomorphic encryption is that you can do processing on encrypted data without actually having the decryption key.
想象你是一个用户,想要访问云端的某种服务。
So imagine you're a user and you want to access some kind of service in the cloud.
传统上,你会将数据发送到服务器。
Traditionally, you would send your data to the server.
服务器会处理数据并返回响应。
The server would process it and send back a response.
问题在于执行计算的服务器实际上拥有你的数据,因为它必须对其进行处理。
The problem is that the server doing the computation actually has your data because it has to do processing on it.
而同态加密则是,你不再发送未加密的数据,而是用设备上的私钥加密数据后发送到云端,这种加密方式仍允许你在数据上运行数学运算。
With homomorphic encryption, instead of sending your data unencrypted, you would encrypt your data with your own private key that's on your device, send your encrypted data to the cloud, but the way it was encrypted still enables you to run, you know, mathematical operations on it.
你可以进行加法、乘法运算,或对其应用函数。
You can do additions, multiplications, apply functions on it.
因此服务器并不知道它接收到的具体内容。
So the server doesn't know what it just got.
它仍然运行其算法。
It still runs its algorithm.
服务器产生的结果本身是用用户发送输入时相同的密钥加密的,服务器将其返回给用户后,用户可以进行解密。
The result it produces itself is encrypted under the same key that the user send the inputs in, and the server sends it back to the user who can then decrypt it.
所以从用户的角度来看,没有任何变化。
So from the user's perspective, nothing changes.
你只是发送数据并得到响应。
You're just sending data and getting a response.
但区别在于现在数据是端到端加密的。
But the difference is now the data is encrypted end to end.
发送时是加密的。
It's encrypted when you sent it.
处理过程中是加密的。
It's encrypted during processing.
返回给你时也是加密的。
It's encrypted when you got it back.
在任何情况下,私钥都不会被发送出去。
And at no point whatsoever, the private key is sent anywhere.
你刚才提到了这种特殊的加密方式。
You sort of mentioned this kind of special encryption.
当你描述这个时,我部分想法是:为什么这很难实现?
When you describe this, part of me goes like, why is it hard to do?
然后又会想:为什么需要这种特殊加密?
And then it's like, why do you need this special encryption?
这到底是什么?
What is that exactly?
那不如我们直接先讨论为什么它实际上很难实现?
So why don't actually, why don't we start with why is it actually hard to do?
当然。
Sure.
这个理念其实很简单。
The idea is very simple.
同态加密其实是自七十年代起人们就开始讨论的话题。
Homomorphic encryption is something people have been talking about since the seventies, actually.
事实上,我的联合创始人Pascal Paillet就是同态加密的发明者之一,可以说是这个领域的元老级人物。
In fact, my cofounder, Pascal Paillet, is one of the inventors of homomorphic encryption and one of the OGs, you know, from, from back in the days.
首先真正的难点在于,你必须找到能实现这些同态运算的数学结构。
What's really hard first is you have to find a mathematical construct that can do those homomorphic operations.
具体来说就是,如果你对x的加密结果进行函数运算,最终要能得到f(x)的加密结果。
And by that, what it means is if you take an encryption of x and you apply a function on the encryption of x, you want to get as a result an encryption of f of x.
所以你明白这种将加密属性转移到数据本身的概念
So you knew you had this kind of, like, transferring property from the encryption to the data itself.
而这并不常见
And this is something that's not very common.
所以首先你需要在数学中找到那些同态性
So the first thing is you have to find those homomorphism in mathematics.
第二个问题是,既然你找到了它们,你能确定它们是安全的吗?
The second problem is, well, now you found them, do you know that they're secure?
因为,密码学本质上关乎安全性。
Because, you know, cryptography is about security.
要知道,有数以百万计的加密协议很容易被攻破。
You know, there there's a million cryptographic protocols that are easily broken.
所以你必须确保你刚提出的方案实际上是安全的。
So you have to make sure that what you just came up with is actually secure.
事实证明,创建既支持同态运算又安全的方案是极其复杂的命题。
And it turns out that creating something homomorphic and secure is an extremely complicated proposition.
因此,首次有人实现乘法同态加密要追溯到70年代。
So the first time someone did find that for multiplications was back in the 70s.
那其实就是El Gamal加密方案。
It was actually the El Gamal scheme.
而首次实现加法同态加密——即能进行安全同态加法运算的——是我的联合创始人Pascal。
The first time someone found this for addition, so being able to do secure homomorphic additions, was my co founder Pascal.
这就是Payet加密方案。
So that was a Payet scheme.
而首次有人找到实现全同态加密的方法,那是在2009年由克雷格·金特里完成的。
And the first time someone found a way to do anything homomorphically, so fully homomorphic encryption, that was in 2009 with Craig Gentry.
嗯。
Mhmm.
所以这是非常、非常新的技术。
So it's very, very new.
我们真正研究这个问题才不过十到十二年时间。
So we've only really had ten, twelve years to figure this out.
这就是为什么实际破解它如此困难。
And so that's why it's been so difficult to actually crack.
但一旦我们掌握了这个,问题并未就此结束。
But once we had that, the problem wasn't just there.
问题在于,你必须找到正确的参数。
The problem was, well, you have to find the right parameters.
要知道,密码学就是这样一种拥有十万种不同调节旋钮的东西。
You know, cryptography is this kind of thing with, like, a 100,000 different knobs.
如果你以错误的顺序排列它们,就会破坏整个系统。
And if you put them in a in the wrong sequence at the wrong order, you're breaking everything.
所以结果要么是错误的,要么就是不安全的。
So either the result is wrong or it's insecure.
对吧?
Right?
因此,你必须找到恰好能让系统既安全又正确的参数。
So, you know, you have to find just the right parameters that things are secure and correct.
顺便说一句,这和零知识证明(ZK)的做法非常相似。
Very similar to how you do it in ZK, by the way.
对吧?
Right?
这其实和密码学领域的普遍情况很类似。
Kind of like in cryptography in general.
所以找到这些参数极其复杂,这需要深厚的密码学专业知识。
So finding those parameters is extremely complicated, and this is something that required deep expertise in cryptography.
因此,这又是我们需要设法实现自动化的事情,也就是创建能够将任意Python或C程序转化为同态电路的编译器。
So that again is something that, you know, we had to figure out a way to automate, you know, so creating compilers that can take some arbitrary program in Python or c and turn that into a homomorphic circuit.
所有这些不同的因素叠加起来,使得这在过去根本无法实现。
So all of these different things kind of add up in a way that, is just wasn't possible to do.
你提到了同态映射。
You mentioned homomorphisms.
同态映射到底是什么?它具体指什么?
Homomorphisms, what are like, what is that even?
你刚才提到在寻找某种特定的东西。
You sort of said you're looking for certain something.
是的,请再多给我讲讲这方面。
So, yeah, tell tell me a little bit more about that.
简单来说,这意味着结构或形态是相同的。
It just means that the I mean, the structure is the same or the shape is the same.
同态加密的核心思想是:尽管数据被加密,但底层数据的结构特性实际上保持完整。
So the idea of homomorphic encryption is even though the data is encrypted, the structural property of the underlying data is actually intact.
所以当你在加密数据上应用一个函数时,这个函数会在解密后转换到未加密的领域。
So when you apply a function on the encrypted data, this function translates into the unencrypted realm after you've done the decryption.
可以把它想象成一种语言。
So think of it like like a language.
如果我用英语和你交流,你知道,我使用语法和文法,你通过这些来理解我的意思。
If I speak to you in English, you know, I'm using syntax using grammar, and you're using that to understand what I'm saying.
对。
Yeah.
如果我用法语或某种你不懂的语言和你说话,你知道,那种语言仍然有结构。
If I were to speak to you in French or in some language that you don't understand, you know, that language would still have structure.
对吧?
Right?
你仍然可以记录那种语言。
You could still record that language.
你仍然可以对刚说的句子做些什么。
You could still do something with the sentence you just said.
你可能听不懂,但它依然是正确的句子,只是用了不同的语言。
You wouldn't understand it, but it would still be a correct sentence just in a different language.
如果我给你罗塞塔石碑来理解它,你就能解密我刚才在对话中说的话。
If I gave you the Rosetta Stone to understand it, then you could decrypt what I just said in the conversation.
同态加密的情况也差不多是这样。
It's kind of the same thing with homomorphic encryption.
明白吗?
You know?
你只是改变了表达数据所用的语言,但并没有改变语法规则和其他相关结构。
You're just changing the language in which you're speaking the data, but you're not changing the syntax and grammar and everything else around it.
好的。
Okay.
所以这就是同态性。
So that's the homomorphism.
我想我明白了。
I think I understand that.
但你之前也提到过这些,比如那种特殊的加密方式。
But like you had also talked about these, like, the special encryption.
这是同一回事吗?
Is that the same thing?
那种特殊加密方式?是的。
Is that special encryption Yes.
好的。
The Okay.
你知道,传统上当你加密数据时,你无法对数据做任何操作。
So, you know, traditionally when you encrypt data, you cannot do anything with the data.
对吧?
Right?
那些只是随机的乱码数据点。
It's just random gibberish data points.
当你使用同态加密方案进行同态加密时,从这个意义上说就是一种特殊的加密方式。
When you encrypt it homomorphically with a homomorphic encryption scheme, so a special kind of encryption in that sense.
是的。
Yeah.
它看起来仍然是随机的,但这个随机数据具有数学特性,你可以在其上应用函数。
It's still gonna be a random thing you're looking at, but this random thing has mathematical properties where you can apply functions on it.
对吧?
Right?
这就是为什么我们说这是一种特殊的加密方式。
And so that's why we're saying there's a special kind of encryption.
你不仅仅是在加密数据。
You're not just encrypting the data.
你是以一种仍能对其进行操作的方式加密,使用与未加密时相同的数学函数。
You're encrypting it in a way that you can still manipulate it, using the same mathematical functions that you would without encryption.
实际输出的是什么?
What is actually outputted?
我在想象,当你进行这种加密时...
Like, I'm kind of picturing, like, when you're making that encryption.
因为我觉得自己太习惯谈论零知识世界里的电路之类的东西了,但你们实际是用什么来实现的呢?
Like, because I think I'm so used to talking about like circuits and things in the ZK world, but like what are you actually using to do that?
它看起来更像哈希运算吗?
Does it look more like hashing?
有没有什么我们可能比较熟悉的例子?
Like what's maybe something that we might be familiar with?
对。
Yeah.
运行计算的那个程序本身就是一个电路。
So the program itself that's running the computation is a circuit.
每个程序本质上都是一个电路。
Like, every program is just a circuit.
输入就像是一堆数字组成的向量。
The inputs are just like a bunch it's just a vector of a bunch of different numbers.
这些数字组合起来实际上就代表了一条消息,也就是你刚加密的若干比特信息。
And those numbers in combination effectively represent a message, so a certain number of bits of information that you just encrypted.
实际上,密文的结构是这样的:前几位是消息本身。
So the way that it looks actually, the ciphertext, the way it looks is the first few bits are the messages.
这就是你真正想要计算的部分。
So this is what you actually want to compute on.
而后几位则是用于保证加密安全性的随机噪声。
And the last few bits are random noise that you're adding to guarantee the security of the encryption.
嗯。
Mhmm.
因此在进行计算时,你需要在不让噪声溢出的情况下对消息位进行计算。
And so whenever you're doing a computation on it, you're trying to compute on the bits of message without actually having the noise overflow on it.
全同态加密的全部复杂性就在于:你在对有效信息位进行计算的同时,还需要管理这个噪声池。
And that's the whole complexity of homomorphic encryption is you're managing this noise reservoir at the same time as you're doing computing on the useful bits of information.
这正是它如此复杂的原因。
And this is really what's so complicated about it.
但本质上它看起来就像是一个庞大的数字向量。
But it basically just looks like a vector of numbers, like a huge one.
好的。
Okay.
当它输出时,我大概想象是进入某个执行计算的系统。
And when it comes out, so this is sort of like I'm sort of picturing going into something that's doing the computation.
输出时肯定会有个解密阶段。
When it comes out, there's there must be like a d decryption phase.
对。
Yeah.
这个阶段有什么特别之处吗?还是看起来基本一样?
Is it special, or does it look kind of the same?
和加密过程是一样的。
It's the same thing as encryption.
对吧?
Right?
同态加密的加密和解密过程非常廉价且简单。
It's a the encryption and decryption of homomorphic encryption is very cheap and very simple.
你在加密数据上进行的计算才是既昂贵又复杂的部分。
The computation you're doing on encrypted data is what's very costly and very complicated.
我
I
明白。
see.
但加密和解密过程其实非常简单。
But encryption decryption is very simple.
基本上就是你取一条消息,将其加密成这个随机值向量,对其进行运算,然后取出这个加密后的输出值向量进行解密,最终就能得到单一结果值。
You know, you just basically you take a message, you encrypt it into this vector of random values, you operate on that, and then you take this vector of output encrypted values, and then you decrypt that, and you end up with just one value.
大致原理就是这样运作的。
That's pretty much what what how it works.
你说它昂贵,具体是指哪方面?
When you say it's costly, how is it costly?
是指计算消耗的能源、时间,还是说它的规模庞大?
Is it costly in terms of, like, energy spent doing the computation, time, like, the size of it?
具体来说,成本体现在哪些方面?
Like, what's the cost?
时间成本。
The time.
是的。
Yes.
实际情况是,当你加密数据时,你会得到一个密文。
So what happens is when you encrypt the data so you've got a ciphertext.
比如说,其中一半是消息位,也就是实际有用的部分。
Let's say half of it is message bits, so actual useful stuff.
另一半是随机噪声。
Half of it is random noise.
实际操作中,你会把噪声放在最后几位,然后保留某种填充位以便噪声增长。
In practice, what you do is you put the noise on the last few bits, and then you keep some kind of padding in order for the noise to grow.
为什么?
Why?
因为每次进行同态计算时,噪声实际上会不断累积增长。
Because every time you do a homomorphic computation, the noise actually grows and grows and grows and grows.
如果计算次数过多,噪声最终会溢出到有用的实际数据上。
And if you do too many computations, the noise ends up overflowing on the actual data that's useful.
如果尝试解密这样的数据,你只会得到一个随机值。
And if you try to decrypt that, you're just getting a random value.
所以实际上这些计算本身是非常快的。
So this is actually doing those computations is very fast.
但为了避免噪声溢出到数据上,你需要应用一种称为自举的特殊操作,它能有效将噪声减少到某个较小值,就像刚加密原始数据时那样。
But to avoid the noise overflowing on the data, you need to apply a special operation called bootstrapping, which effectively reduces back the noise to some sort of small value as if you just encrypted the original data.
而这个操作代价高昂。
And this is the costly operation.
同态加密在需要自举前速度极快——而自举操作又非常频繁。
Homomorphic encryption is extremely fast until you have to bootstrap, which is very often.
因此我们才说它整体上非常慢。
And so that's why we say that it's very slow.
这就像是清理操作吗?
It's like, is this cleanup operation?
你知道吗?
You know?
就像,打碎东西很容易,但要清理干净却很难。
Like, it's easy to break things up, but it's very hard to clean them up.
同态加密也是类似的道理。
It's kind of the same thing with homomorphic encryption.
你多次提到了这种多重计算。
You sort of mentioned this multiple computations.
这是发生在相同输入上的,还是说在FHE系统内部?
Is this happening on the same inputs, or is this, like, within a FHE system?
你接收大量输入,进行计算,输出结果,然后又有新的输入进来。
You're kind of getting lots of inputs, doing computation, putting out some outputs, and then more is coming in.
是针对单一输入还是多个输入?
Is it on one or is it on many?
这取决于你的具体应用场景。
Guess it depends on your application.
对吧?
Right?
好的。
Okay.
比如在机器学习神经网络的情况下,有时你需要同时处理上百万个输入数据。
You know, in the case of, for example, a neural network for machine learning, you're getting, you know, sometimes a million inputs that you have to process at the same time.
但如果是预测某个商品价格,可能只需要五个输入参数。
But if you're looking at, you know, predicting the price of something, maybe it's just like five inputs.
这其实无关紧要。
It doesn't really matter.
完全取决于应用本身的需求。
That's completely up to the application itself.
但内部的计算过程,是会让一组输入数据经历多种计算模式,还是始终走单一路径呢?
But the computation happening inside, would one set of inputs be going through multiple computation patterns within it, or is it always like a single path?
同样地,我认为这取决于你如何设计电路。
Again, think that depends how you design your circuits.
你可以随心所欲地设计。
You you could do whatever you want.
它只是一个电路而已。
It's just a circuit.
对吧?
Right?
一旦数据输入,你几乎可以做任何你想做的事。
Once once the data is in, you can really pretty much do anything you want.
我认为这也是当今的一大不同之处——过去使用同态加密时,你只能进行非常简单的操作,比如加法和乘法。
And I think this is also one of the big differences today is it used to be that with homomorphic encryption, you were limited to very simple things, additions, multiplications.
你无法进行深度学习。
You couldn't do deep learning.
你无法对实际数据进行非常复杂的流程处理。
You couldn't do very complicated flows with the actual data.
如今情况已不再如此。
That's no longer the case today.
我们现有的新型同态加密技术让你几乎可以实现任何操作,无论电路多么复杂。
The new homomorphic technologies that we have enable you to do pretty much anything you want, however complex the circuit is.
所以我们现在可以进行深度学习。
So we can do deep learning.
我们可以为区块链实现同态智能合约。
We can do homomorphic smart contracts for blockchains.
我们可以构建同态数据库。
We can do homomorphic databases.
当然区别在于成本和运行时间,但所有这些因素每天都在变得越来越好。
The difference is gonna be, of course, the cost and the runtime, but all of that, again, is getting better and better every day.
关于完全同态智能合约这个概念。
That idea of a fully homomorphic smart contract.
这到底是什么意思?
What does that even mean?
展开剩余字幕(还有 480 条)
你能解释一下那是什么意思吗?就像你有一个智能合约,然后处理一个FHE黑盒并返回结果那样?
Can you explain what that like is that something like you have a smart contract that then deals with an FHE black box and returns something?
或者你指的是在FAG内部运行计算?
Or are you talking about, like, running the computation inside FAG?
对。
Yeah.
对。
Yeah.
对。
Yeah.
对。
Yeah.
我指的是让智能合约的部分状态可以加密,并且你能直接操作这些加密状态。
I'm talking about having smart contracts where some of the states can be encrypted, and you can operate an encrypted states directly.
拿一个传统的ERC 20代币智能合约来说。
Take a traditional, you know, ERC 20 token smart contract.
你有余额。
You've got the balance.
现在的余额是地址与数值之间的映射关系。
The balance right now is a map between an address and a value.
对吧?
Right?
所以每个人都能看到特定地址持有多少代币。
And so everybody can see how much tokens how many tokens a specific address has.
人们需要这样做的原因是,要达成共识,就必须对数值达成一致。
And the reason why people need to do that is because, well, know, if you want consensus, people have to agree on the values.
所以这基本上是目前唯一的实现方式。
And so that was pretty much the only way of doing it.
通过同态加密技术,你可以使用完全相同的智能合约,但将数值替换为加密数值。
With a homomorphic encryption, you could have the exact same smart contract, but you replace your value by an encrypted value.
因此你仍然保持着地址与加密数值之间的映射关系。
So you still have a map between an address and encrypted value.
但由于你可以对这些加密值进行操作,你完全可以用相同的代码、完全相同的方式在链上转移代币。
But because you can operate on those encrypted values, you can transfer tokens on chain in the same exact codes in exactly the same way.
只是除非你有解密密钥,否则没人能看到具体数值。
It's just that nobody can see the value unless you have the key to decrypt it.
所以我认为,同态智能合约的美妙之处就在于它们本质上仍是智能合约。
And so I think, you know, the beautiful thing about homomorphic smart contracts is they're just smart contracts.
区别只是你不再操作明文整数。
It's just that you're no longer operating on integers.
如果你愿意,现在操作的是加密后的整数。
You're operating on encrypted integers if you want to.
你是否认为这类应用需要专门的私有区块链才能实现?
Do you picture this kind of needing its own special blockchain to be able to use private
你需要修改共识机制。
You would need to modify the consensus.
明白了。
Okay.
是的。
Yeah.
这不像是在公有区块链上运行然后把这个放在上面那么简单。
This isn't like it can be on a public blockchain and then have this sitting on top.
我们的代码是用Rust编写的。
Our stuff is written in Rust.
所以没有什么能阻止你直接在你的智能合约引擎中使用它。
So nothing prevents you from just, you know, using that in your smart contract engine.
只是在实践中,为了让这个方案更高效并在区块链中运行,你可以修改共识算法来考虑特定的同态加密需求。
It's just in practice, in order to make this efficient and to make it work in a blockchain, you can modify the consensus algorithm to take into consideration the specific homomorphic encryption requirements.
所以我认为在实践中,你会想要修改底层的共识算法来真正适配这种同态计算。
So I think in practice, you would want to modify the actual low level consensus algorithms to actually fit with this homomorphic computation.
但你并不是非得这么做不可。
But it's not you don't have to.
对吧?
Right?
这其实就是代码在运行而已。
It's just, you know, it's just code running, really.
在Zcash的情况下,你们是否需要类似某些必须包含或启用的曲线?
Would you need some sort of like, in the Z case case, there's often, like, some curves that need to be included somehow or enabled.
你们有类似的东西吗?
Do you have anything like that?
比如,一个智能合约区块链需要内置什么才能支持FHE的使用?
Like, a smart contract blockchain would need to have in it for FHE to be used with it?
是的。
Yeah.
就像所有加密方案一样,我认为你需要特定的参数和设置才能使其真正运作。
Like every cryptographic scheme, I think, you know, you need specific parameters and you need a specific setup for this to actually work.
这里也是一样,但没有什么是不容易部署的。
Same thing here, really, but nothing that wouldn't be easily deployable.
我认为我们拥有实现这一目标所需的所有基础构件。
I think we have all the building blocks necessary to make this happen.
事实上,我们正在构建一个同态智能合约的测试网络示例,以证明这在当前是可行的。
And in fact, we are actually building an example test net for homomorphic smart contracts to show that it's doable today.
有意思。
Interesting.
你们是用哪种区块链来构建这个的?
What kind of blockchain are you building that with?
比如,它类似于什么?
Like, what's what's it similar to?
是类似geth的分叉吗?
Is it like a geth fork?
还是
Or
不是。
No.
遗憾的是,我们正在做的东西要简单得多。
Unfortunately unfortunately, we're doing something much simpler.
我是说,很遗憾。
I mean, unfortunately.
我们选择了更简单的方案。
We're going for something much simpler.
我们目前正在同时用Substrate和Tendermint进行原型开发。
I think, you know, we're we're currently prototyping with both substrates and substrate and Tendermint.
好的。
Okay.
所以这会是一个非常简单的委托权益证明类共识算法。
So it's gonna be a very simple, you know, delegated proof of stake type of consensus algorithm.
重申一下,我们的目标不是要打造什么以太坊竞争对手之类的。
Again, our goal here isn't to build an Ethereum competitor of some sort or anything like that.
我们的目标只是验证这个方案可行。
Our goal is just to show that it works.
有意思。
Interesting.
如果其他区块链想使用它,你知道,他们完全可以采用。
And if other blockchains wants to use it, you know, they can use it.
所有代码都是开源的。
Everything is open source.
但真正的目标只是证明其可行性,并实现所有必要的功能模块,使其真正具有实用价值。
But, really, the goal here is just to show that it works and to implement all the different building blocks necessary for this to actually be useful.
我想把全同态加密与多方计算、零知识证明这些技术做个比较。
I wanna kinda compare FHE to things like MPC or zero knowledge.
你对多方计算这类技术做过深入研究吗?
Have you done a lot of research into MPC and stuff?
虽然不如对全同态加密研究得深入,但我对其有足够了解。
Not so much as I did in FHC, but I know enough about it.
是的。
Yes.
那么不同的应用场景可能有哪些?
So what are the different maybe use cases?
比如,在哪些情况下你认为MPC或ZK更适用,而在哪些情况下FHC更有意义?
Like, where are where are times where you think MPC or ZK would be more appropriate, and where are times where you think FHC makes more sense?
我认为MPC在需要多方共同完成某些任务时非常出色。
I think MPC is great whenever you need multiple parties to actually, you know, do some something together.
因此我认为,举例来说,MPC是管理你的密钥、加密密钥的绝佳解决方案。
So I think, for example, MPC is an exceptional exceptionally great solution for managing your secret keys, your cryptographic secret keys.
当你需要进行某种门限解密协议之类的操作时,它非常适用。
It's really good whenever you have to do some kind of, like, threshold decryption protocol, things like that.
投票场景也许?
Voting maybe?
也许是投票。
Maybe voting.
对。
Yeah.
为什么不呢?
Why not?
然而,多方计算的问题在于你仍然需要与大量不同的人进行沟通。
However, the problem with multiparty computation is that you still have to communicate with a lot of different people by doing that.
所以在区块链的场景下,人们会说,哦,对啊。
So in the case of a blockchain, people are like, oh, yeah.
无所谓啦。
Whatever.
你知道,我们反正已经在这么做了。
You know, we already do that anyway.
这某种程度上就是去中心化的全部意义所在。
That's kind of like the whole point of decentralization.
但在实践中,如果你想部署MPC,就需要管理不同节点间的互动。
But in practice, if you want to deploy MPC, there is this extra level of complexity having to manage different nodes interacting.
所以我认为这使得它在生产环境中非常难以应用,也难以理解其真正含义。
So I think that's something that makes it very difficult to use in production and to understand what it means.
而同态加密则是一种非常简单的客户端服务器交互方式。
Homomorphic encryption on the other end is a very simple client server interaction.
你知道,服务器上有一个应用程序。
You know, you have an application on a server.
有一个客户端连接到服务器并发送数据。
You have a client connecting to the server and sending data.
唯一的区别是现在对处理的数据进行加密。
The only difference is you're now encrypting the data being processed.
所以在软件架构方面,与明文处理没有区别。
So there is no difference in terms of architecting your software versus what you do in plain text.
但多方计算(MPC)需要管理这套系统。
But MPC, you have to, you know, manage this thing.
第二个问题是无论MPC能跑多快,总会受到网络时间的限制。
The second problem is no matter how fast the MPC stuff can go, you're always gonna be bounded by the network time.
这从根本上限制了超低延迟应用的实现。
And that's going to be fundamentally something that prevents you from doing super low latency applications.
对吧?
Right?
如果节点之间距离很远,无论你的计算能力多强,都无法让通信速度更快。
If nodes are communicating at large distance, there's nothing you can do to make that faster, however good you are at computation.
因为同态加密可能运行在单台机器上,它具有无限的垂直扩展潜力。
Because homomorphic encryption is running on a single machine potentially, there is unlimited vertical, you know, scalability potential.
所以没错,目前同态加密比多方计算慢,但长期来看它更有加速潜力,因为两者的限制条件不同。
So, sure, today, homomorphic encryption is slower than MPC, but it has more opportunity to be faster long term because the constraints are not the same.
所以我认为两者都很好。
So I think both are good.
事实上,在我们的同态智能合约协议中,我们使用多方计算协议进行分布式解密和密钥生成。
And in fact, you know, in our protocol for homomorphic smart contracts, we use an MPC protocol for distributed decryption and key generation.
我们仍然使用了多方计算的部分,但仅针对多方计算最擅长的密钥处理环节。
So we still use an MPC part, but specifically for what MPC is amazing at, which is the key stuff.
所有计算都是通过全同态加密完成的。
All the computation is done with FHE.
零知识证明呢?
What about ZK?
在我看来,ZK(零知识)并非隐私技术。
So ZK for me is not a privacy technology.
ZK是一种可验证正确性的技术。
ZK is a provable correctness technology.
它是一种可扩展性技术。
It's a scalability technology.
它不是隐私技术。
It's not a privacy technology.
当人们谈论零知识证明的隐私性时,他们实际指的是:我会在其他地方完成计算,然后向你证明我已完成计算。
When people talk about privacy with zero knowledge, what they really mean is I'm do I'm gonna do the computation somewhere else and prove to you I've done it.
没错。
Yeah.
但在进行这类计算的远端——实际发生计算的地方——可能并不具备隐私性。
But the computation that's being done like this elsewhere place where the computation happens Might not be private.
正是如此。
Exactly.
想象一下多个用户想要协作完成某项计算。
So think about multiple users wanting to collaborate on some computation.
对吧?
Right?
如果他们想用ZK协议来实现,要么需要设计一个特定用途的ZK协议(这样就不够通用),要么这些人需要在某个中心节点完成计算,再把证明发送到他们的区块链上。
If they wanted to do that with a ZK protocol, either you would need to design a specific purpose ZK protocol to do that, so it's not very generic purpose, or those people would need to do this computation on a hub somewhere and then send the proof to their blockchain.
如果采用后者,谁来保证中心节点本身的隐私性呢?
If that happens, who guarantees privacy on the hub itself?
你明白我的意思吗?
You know what I mean?
所以这实际上只是把链上的隐私问题转移成了链下的隐私问题。
So, like, you you're only really displacing privacy from an on chain privacy problem to an off chain privacy problem.
嗯。
Mhmm.
但你实际上并没有真正保证隐私。
But you're not actually guaranteeing privacy.
不过在区块链环境下,比如你看Zcash这样的项目,他们就是在区块链环境中使用零知识证明。
In a blockchain context, though, if you look at something like Zcash, they are using it in a blockchain context.
没有公开数据的过程。
There's no open data happening.
是的。
Yep.
他们基本上是用零知识证明来证明转账确实发生了。
They're using the ZKPs to prove that transfers had occurred, basically.
确实。
Sure.
这没问题。
And that's fine.
而且,重申一下,你总是可以为特定用途设计专门的协议。
And and, again, you know, you can always design a a special purpose protocol for something.
我这里讨论的是让多个用户能共同隐私地执行任意智能合约。
Here, I'm talking about taking some arbitrary smart contract and running it privately for multiple users interacting together.
根本不可能实现多用户零知识通用智能合约协议,因为这些用户无论如何都需要在区块链之外进行交流。
There is just no way that you can do a multiuser ZK generic smart contract protocol because those users would need to talk to each other outside of the blockchain anyway.
我觉得有些团队正在尝试这么做,虽然我不清楚他们会提出什么论据,但如果他们正在听,或者节目播出后想在推特上发表意见,我会很感兴趣。
I feel like there are teams trying to do that, and I don't I don't know their arguments to to bring to the table, but I would be curious if they're listening, if they wanna weigh in on this on Twitter maybe after it airs.
如果存在任何可能性的话
If there is any way
如果真是这样,我也很想了解更多,因为我觉得这更多是个结构性问题。
I'd love to learn more about that too if that's the case because, you know, I mean, I think it's it's more of a structural thing.
对吧?
Right?
是啊。
Yeah.
这根本不是它本来的用途。
It's it's just not what is meant to be used for.
事实上,我认为隐私与区块链结合的终极目标是实现同态零知识汇总。
And in fact, I think that the holy grail of privacy and and and blockchain is actually to have homomorphic ZK rollups.
因为如果你能在第一层实现同态智能合约,那么你仍然会面临扩展性问题。
Because if you can do homomorphic smart contracts on the layer one, well, you're still gonna have scalability issues.
对吧?
Right?
这意味着就像任何第一层技术一样,你会遇到扩展性问题。
That means just like any layer one thing, you have scalability issues.
所以你真正需要的是能在FHE智能合约上实现ZK Rollups。
And so what you want is to be able to do ZK rollups on an FHE smart contract.
但这其实就相当于实现可证明的ZK FHE,对吧?
But then that's equivalent to doing provable ZK FHE, right?
因此我认为真正有趣的是ZK与FHE的结合,这将为区块链和智能合约创造隐私且可扩展的解决方案。
And so I think that what's going be really interesting is this intersection between ZK and FHE as a way to create private scalable blockchain solutions and smart contracts.
有意思。
Interesting.
你们团队在这方面有在进行相关工作吗?
Are you doing any work in that department?
你们有与任何rollup服务提供商合作吗?
Are you working with any of the roll up providers?
我们开始探索实际实现ZKFHE意味着什么。
So we started exploring what it means to actually do, you know, ZKFHE.
这是个极其复杂的问题。
It's an extremely complicated problem.
原因是我们研究了所有现有技术,而同态加密的电路规模实在太庞大了。
The reason is that we we looked at all the existing technologies, and homomorphic encryption is such a big circuit.
这是个巨大的计算量。
It's a huge computation.
根本无法适配任何有实际意义的证明方案。
It just couldn't fit in any proof that would make sense.
对吧?
Right?
所以我认为,我们当前面临的主要难题就是如何在可接受的时间内完成证明。
And so I think, you know, a big problem we have right now is really just trying to just prove it in a time that is acceptable.
首先,我们正试图整体验证它,然后在可接受的时间内完成验证。
Well, first of all, we're trying to prove it altogether and then prove it in an acceptable time.
但我们确实认为这将源于某种形式的合作。
But we do think that this is gonna come from some kind of collaboration.
你明白吗?
You know?
我不认为我们能独自解决所有问题。
I don't think we're gonna be able to crack every problem ourselves.
懂我意思吗?
You know?
我们是全同态加密公司。
We are the FHE company.
市面上有出色的零知识证明团队,合作推进这个项目将会非常棒。
There are amazing ZK teams out there, and, you know, collaborating on that would be a fantastic project.
我在想全同态加密是否会走零知识证明的老路,因为就像你说的,它最初也存在这类难以实用的电路问题。
I wonder if FHE will go the path of ZK because originally, like you said, it had sort of these unusable circuit side.
它实在是太慢、太大了。
It was just too too slow, too big.
随着大量优化和来自不同领域技术的引入,它变得越来越高效。
And with a lot of optimization and the introduction of techniques from different kind of realms, it's gotten to become more and more efficient.
现在有了不需要可信设置的DK snarks。
Now there's DK snarks that don't need the trusted setup.
所以就像你在过去三年或自这个节目四年前开播以来看到的那样,进展简直令人难以置信。
So you have like, you have seen in the last three years or since this show started four years ago, like incredible, incredible, progress yet.
但仍然极其缓慢。
Is still extremely slow.
在证明环节仍然存在瓶颈。
There's still a bottleneck on proving.
呃,这不是要看情况吗?
Well, doesn't it depend?
我以为证明者的速度其实很快。
I thought the prover's really fast.
等等。
Wait.
是哪一个?
Which one is it?
STARKs和SNARKs。
Starks and snarks.
我总是把它们搞混。
I always miss mix it up.
STARKs。
Starks.
所以,像,那些大型通用型证明器仍然非常慢。
So, like, those kind of, like, big general purpose prover are still very slow.
原因在于,证明的计算量仍然很大。
And the reason is that the amount of computation needed to prove something is still very high.
对吧?
Right?
这比最初直接进行计算要大得多。
It's it's it's much bigger than just doing the computation in the first place.
对吧?
Right?
所以,你知道,用零知识证明东西只是增加了这额外的计算层,这需要时间。
So, you know, proving something with ZK just adds this extra layer of compute, which just takes time.
而且这与我们在全同态加密中看到的情况相同,我们已经破解了所有的数学难题。
And and this is the same thing that we see with FHE is we cracked all the mathematical pieces.
对吧?
Right?
就像零知识证明社区已经破解了所有的数学难题一样。
Just like the ZK community cracked all the mathematical pieces.
但就像零知识证明社区现在需要硬件加速来使其足够便宜和快速一样,在全同态加密领域,我们正面临着最后一步需要硬件加速的阶段。
But just like the ZK community is now getting to the point where they need a hardware acceleration to make this cheap and fast enough, in FHE, we are getting to the point where the last mile is harder acceleration.
换句话说,我们已经解决了全同态加密在密码学方面和可用性方面的所有问题。
So to put it differently, we've solved every problem in FHE on the cryptography side, on the usability side.
我们只需要硬件加速的额外助力,就能使其运行变得极其经济高效且快速。
We just need this extra boost from hardware acceleration in order for this to become extremely cost effective and fast to run.
FHE的硬件加速会是什么样子?
What would hardware acceleration look like for FHE?
你们需要什么?
What do you need?
你们是不是在寻找某种能快速提升FHE运算速度的ASIC芯片?
Are you just looking for some type of ASIC that would just, like, make FHE fast, quickly?
是的。
Yeah.
完全正确。
Absolutely.
毫无疑问。
Absolutely.
不仅仅是ASIC芯片。
Not just ASICs.
我们也在研究光子学用于加速。
We're also looking at photonics, for acceleration.
任何类型的加速器都能发挥作用。
Any any kind of accelerator would work.
但关键在于,同态加密中这个非常耗时的自举操作,本质上就是进行大量多项式乘法运算。
But the idea is that this bootstrapping operation, which is very slow in homomorphic encryption, really boils down to doing a bunch of polynomial multiplications.
对吧?
Right?
好消息是,这个过程需要进行FFT或类似运算,而这与零知识证明中需要加速的部分非常相似。
And the good thing is that doing that requires an FFT or an entity, which is very similar to what people need to accelerate in ZK as well.
因此那些用于加速零知识证明的相同加速器,实际上可以重新用于加速全同态加密,反之亦然。
So the same accelerators which are being used to accelerate ZK with those entities can actually be repurposed to accelerate FHE potential and vice versa.
这确实很有趣,过去六个月里我看到越来越多的零知识证明加速公司开始对全同态加密加速产生兴趣。
And so it's really interesting, but in the past six months, I've seen an increasing number of ZK acceleration companies start getting interested in doing FHE acceleration.
有意思。
Interesting.
所以所有这些技术最终都会融合。
So all these things are converging eventually.
对吧?
Right?
我认为,在未来几年内,我们将看到首批用于同态加密的加速器问世。
And I think that, you know, we're gonna see the first accelerators for homomorphic encryption available in the next couple of years.
我敢打赌到2025年,同态加密基本上就大功告成了。
And my bet is that by 2025, homomorphic encryption is basically a done deal.
已经完成了。
It's done.
问题解决了。
It's solved.
你可以在任何地方使用它。
You can use it anywhere.
而且成本低廉。
It's cheap.
它是可应用的。
It's applicable.
它很强大。
It's powerful.
它易于使用。
It's easy to use.
已经完成了。
It's done.
你是否觉得全同态加密在某种程度上是要取代SGX在这些TEE(可信执行环境)中的地位?
Do you feel like FHE is meant to take the place of SGX in a way for these TEEs or trusted execution environments?
这就是它要替代的东西吗?
Is that what it's meant to replace in a way?
因为它听起来具备所有这些灵活性。
Because it sounds like it has all that flexibility.
是的。
Yeah.
是的。
Yeah.
因为为什么还需要安全飞地呢?
Because why would you need a secure enclave?
我是说,在这种情况下有什么意义?
I mean, what's the point in that case?
确实有其意义。
There is a point.
没错。
Yeah.
事实上,我甚至要说,不幸的是飞地已经被证明存在多种攻击方式。
And in fact, I would even say that enclaves unfortunately have multiple attacks that have been built that have been proven on them.
所以如果飞地是在你手机上就没问题,比如说。
So it's fine if the enclave is on your phone, for example.
对吧?
Right?
比如,你知道的,因为手机在你手上。
Like, you know, because you you're the one with the phone.
但如果你要把计算上传到服务器上...嗯哼。
But if you're gonna be uploading the computation to a server Mhmm.
如果你不信任服务器所在位置,攻击者可能拥有服务器硬件访问权限,能进行某种功耗分析之类的操作,那么确实存在攻击安全飞地的可能途径。
That you don't trust where an attacker potentially has hardware access to a server, can, you know, do some kind of power consumption analysis or whatever, then there are ways you can potentially attack the enclave.
所以同态加密是终极解决方案,你知道的,这是T公司短期内在努力解决的问题。
So homomorphic encryption is the ultimate solution that, you know, Ts are trying to solve short term.
我明白了。
I see.
所以再次强调,你知道的,这完全是个实用主义的问题。
So again, you know, it's it's all a question of being pragmatic.
你现在能使用可信执行环境吗?
Can you use, you know, trusted environments today?
你现在能使用多方计算吗?
Can you use MPC today?
当然。
Sure.
去做吧。
Do it.
在许多应用场景中,它会比全同态加密更快。
It's gonna be faster than FHE in many use cases.
一旦全同态加密在未来几年内填补这最后的空白,它们还会是必需的吗?
Are they gonna be necessary once FHE bridge this final gap, you know, in the next couple of years?
我不这么认为。
I don't think so.
所以我认为,这会像机器学习一样。
So I think, you know, it's gonna be like machine learning.
你可以使用多种不同技术,但如果有了像深度学习这样无所不能的方法,何必再费心呢?
You can use a bunch of different techniques, but why bother if you have something like deep learning that can do everything?
全同态加密也会是同样的道理。
This is gonna be the same thing with FHE.
不过,FHE存在哪些安全风险呢?
What are the security risks of FHE, though?
就像,我们刚才提到过针对TE的侧信道攻击。
Like, so, you know, we just mentioned side channel attacks on TEs.
我猜想对于FHE来说,应该不存在这种情况吧。
I'm assuming for FHEs, it shouldn't be the case.
不过如果使用专用硬件的话,是否仍有可能呢?
Although if you do have dedicated hardware, could it be?
FHE不存在侧信道攻击。
There is no side channel attack on FHE.
好的。
Okay.
FHE不存在侧信道攻击,因为服务器端没有私钥。
There are no side channel attack on FHE because there is no private key server side.
要知道,在可信环境中,私钥基本上是被硬件严密保护的。
You know, in a trusted environment, the private key is hidden in the hardware pretty much.
对吧?
Right?
所以,你知道的,它就在那里。
So, you know, it's there.
这就是为什么你能攻击并泄露它。
That's why you can attack it and reveal it.
在FHE中,服务器端的所有计算都是用公钥完成的。
In FHE, all the computation server side is done with a public key.
因此没有私钥可获取,因为服务器端从一开始就没有发送或使用私钥。
So there is no private key to retrieve because there is no private key sent or used in the first place on the server.
私钥始终在客户端用户那里。
The private key is always on the client side with the user.
你不认为某些类型的计算会因为能量或其他原因而无法追踪吗?比如没有任何信号泄露之类的?
And you don't think, like, certain kinds of computation would not be traceable because of, like, energy or there's no, like, signals or anything that would come through?
完全没有。
Zero.
完全没有任何痕迹。
There is absolutely nothing.
如果你能破解同态加密,就等于破解了后量子密码学。
If you can break homomorphic encryption, you're breaking post quantum cryptography.
哦,哇。
Oh, wow.
好吧。
Okay.
那可就糟了。
That would be bad.
那可就糟了。
That would be bad.
出于其他原因。
For other reasons.
出于多种原因。
For many reasons.
所以这是后量子FAD吗?
So it is post quantum FAD?
后量子。
Post quantum.
是的。
Yes.
它基于格点,基于格点结构。
It's based on lattice it's based on lattices.
所以基本上和我们现在NIST后量子标准采用相同的硬度假设。
So pretty much the same hardness assumptions as, you know, the NIST post quantum standards that we have now.
有意思。
Interesting.
那我们聊聊生态系统和社区发展现状吧。
Let's then talk about where the ecosystem and kind of community is at.
嗯我知道。
So I know that Mhmm.
要知道,零知识证明(ZK)社区一直在蓬勃发展。
You know, the ZK community has been growing, booming.
它的发展令人惊叹。
It's doing amazing.
多方计算(MPC)社区,我知道之前有努力在建设它。
The MPC community, I know there was like efforts to build that up.
我相信那是一个正在滚动的生态系统。
I believe that is a rolling ecosystem.
全同态加密(FHE)作为一个生态系统现在发展如何?
Where's FHE at as an ecosystem?
正在成长中。
It's growing.
正在成长中。
It's growing.
所以我们一年半前创建了一个名为fhe.org的社区。嗯。
So we started a community, a year and a half ago called fhe.org Mhmm.
这基本上就是当前同态加密领域的核心社区。
Which pretty much is the community now for homomorphic encryption.
我们每月都会举办关于同态加密的交流会。
So we have monthly meetups where we talk about homomorphic encryption.
所以内容非常技术向。
So it's very technical.
这不是一个面向企业家的社群。
It's not it's not like a entrepreneur's community.
这是密码学家的聚集地。
It's a cryptographer's community.
核心始终围绕密码学展开。
It's really about cryptography.
我们每月都会定期举办交流会。
So we do meetups every month.
已经有许多顶尖学者前来分享研究成果。
We've got a bunch of amazing researcher that came to speak.
英特尔来做过演讲。
Intel came to speak.
谷歌来做过演讲。
Google came to speak.
我们还会每年举办一次会议,通常是在某个现有会议期间,比如欧洲密码学会议、亚洲密码学会议或真实世界密码学会议,专门讨论同态加密。
And we also do a yearly conference, usually around one of the existing conferences, Europe Crypt or Asia Crypt or Real World Crypto, dedicated to homomorphic encryption.
还有一个非常活跃的Discord服务器,人们在那里讨论同态加密,库提供商也会在那里为用户提供支持。
And there is also a Discord server, which is very active, where people talk about homomorphic encryption and also where library providers give support to users.
所以我认为,它正在逐步完善。
So I think, you know, it's it's getting there.
对吧?
Right?
我认为我们正在将这个社群规范化。
I think we are formalizing this community.
我说的'我们'并不是指Xama公司。
And when I say we, I don't mean Xama.
我指的是fhe.org。
I mean, fhe.org.
是的。
Yeah.
它是独立于Zama的。
Which is independent from Zama.
而且它正在发展壮大,非常棒,越来越多的人对它产生了兴趣。
And it's growing and it's great and more and more people getting interested in it.
这大概相当于两年前零知识证明(ZK)的发展阶段。
It's probably where ZK was two years ago.
酷。
Cool.
现在跟我聊聊Zama吧。
Tell me about Zama, like, now.
让我们重新梳理一下——你故事的开头显然引出了这个话题,但Zama究竟是什么?
Let's revisit, you know, the beginning of your story definitely led to this, but what is Zama?
规模有多大?
How big is it?
你之前提到过,实际上你们销售的是一个黑箱解决方案,让人们能够使用这些工具,而不必深入了解底层的密码学技术。
You you sort of mentioned this earlier, what you're actually selling is this sort of black box, the ability for people to like use, use these tools, but not need to necessarily like, you know, develop the cryptography underneath them.
那么,再详细介绍一下Zama吧。
So, yeah, tell me a little bit more about Zama.
好的。
Sure.
我们是一家专注于同态加密的初创公司。
So we are a homomorphic encryption startup.
我们构建并设计密码学协议,然后将其集成到开源开发者框架中,让开发者能轻松使用同态加密技术。
We build and design cryptographic protocols that we then put into open source developer frameworks that makes it easy for developers to use homomorphic encryption.
所以我们所有工作都是开源的。
So everything we do is open source.
所有成果都会公开发布。
Everything we do is publish.
我们在密码学领域做了大量研究。
So we do a lot of research on cryptography.
我们花了很多精力将这些研究成果整合到框架中。
We do a lot of work on packaging that into frameworks.
在这些框架之上,我们当然也开始构建更高层次的协议,比如区块链智能合约协议或一些机器学习专用组件。
And on top of those frameworks, of course, you know, we're starting to build higher level protocols like the blockchain smart contract protocol or some machine learning specific stuff.
因此我们真正致力于为应用开发者提供一套使用同态加密的工具箱。
So we try really to provide a toolbox for application developers to use homomorphic encryption.
公司成立已有几年时间。
So the company is a couple of years old.
我们成立于2019年底,2020年初。
We were founded late twenty nineteen, early twenty twenty.
我的联合创始人帕斯卡尔·帕耶特和我相识多年,我们都一直想做这件事。
My cofounder, Pascal Paillet, and I were friends for years, and we all wanted to do that.
所以当我卖掉我的上一家公司后,一周内我们就创立了Z Zama。
So when I sold my previous company, you know, a week later, we started Zama.
这就像连续作战一样,我不建议任何人这样做。
It was like a back to back thing, which I don't recommend anyone doing.
你可能需要休息一段时间。
It was You need some time off maybe.
是的。
Yes.
是的。
Yes.
是的。
Yes.
应该休六个月假,去环游世界。
Take six months, travel the world.
我本该这么做的,但你知道,我当时太兴奋了就想立刻开始这个项目。
I should have done that, but, you know, I was just too excited to get started on this.
公司目前约有50名员工,其中一半是密码学领域的博士研究员。
We have about 50 people in the company right now, half of which are PhDs, researchers in cryptography.
因此我们是研究同态加密的最大团队。
So we are the largest team of research working on homomorphic encryption.
我们很幸运已经筹集了大量资金。
We're fortunate enough that we've raised a significant funding.
我们已经筹集了超过5000万欧元,这为我们提供了充足的资金来实际构建这项技术。
So we've raised over €50,000,000 already, which gives us plenty of runway to actually build, you know, this technology.
公司是法国的,但我们并不真正以巴黎为基地。
The company is French, but we're not really based in Paris.
团队成员基本上遍布欧洲各地。
People are pretty much all over Europe mostly.
你
You
要知道,疫情发生时我们只有四个人,所以当时我们别无选择,只能暂时远程办公。
know, it was only four of us when COVID happened, so, you know, we had no choice but to be a remote for a second.
远程。
Remote.
你刚才提到了Python。
You sort of mentioned Python.
你们是否在开发工具,让人们能用Python构建应用程序,然后通过这个系统运行?
Are you building tools for people to build applications in Python to then run through this?
这是你们正在开发的工具包之一吗?
Is that one of the kind of toolkits that you're doing?
是的。
Yes.
完全正确。
Absolutely.
框架本身是用Rust构建的。
The framework itself is built in Rust.
所有的密码学功能都是用Rust实现的。
So all the cryptography is implemented in Rust.
所有的库功能都是用Rust实现的。
All the library stuff is implemented in Rust.
在此基础上,我们构建了一个编译器,能够将某些Python程序转换为同态电路,然后由这个Rust库执行。
And on top of that, we built a compiler that can convert from some Python program down into a homomorphic circuit that this Rust library will then execute.
我们这样做的原因是希望确保从事机器学习工作的数据科学家能够非常方便地将他们现有的Python代码接入我们的同态编译器。
So the reason we did this is because we wanted to make sure that data scientists working on machine learning had a very convenient way of plugging their existing Python codes into our homomorphic compiler.
所以这实际上只是一个产品决策。
So it's really just a it's a product decision.
你明白吗?
You know?
我们并没有用Python实现任何功能。
We we don't implement anything in Python.
Python只是一种表层语言,用于开发者的便利。
Python is just a surface language that's being used for developers purposes.
但如果你愿意,也可以直接使用Rust。
But you can use Rust as well if you want to.
所以目前还没有——比如你设想的能编译成这种形式的区块链原生语言?
So this isn't yet there's, like, no blockchain native languages that you imagine compiling down into this yet.
比如,你们还没有任何类似Solidity的语言支持
Like, you don't have any sort of solidity
嗯,我们考虑过这个问题,这是个好问题。
Well, we thought about That's a good question.
我认为,很多区块链项目其实都在转向Rust语言了。
I think I mean, a lot of a lot of the blockchain world is moving to Rust anyway.
所以我觉得我们暂时还是会坚持使用Rust。
So I think, you know, like, we're probably gonna stick with Rust for the time being.
说实话,专门为Solidity开发编译器我觉得没必要。
You know, in doing a compiler for Solidity, I don't think is necessary.
而且我很确定迟早会有人开发出直接编译到虚拟机的Rust编译器,这样我们就能直接在以太坊上使用Rust了
Plus, I'm pretty sure that at some point, someone will do a Rust compiler that goes to the VM directly, and so we'll do Rust on Ethereum as
好吧,如果
well if it's
还没实现的话。
not already done.
所以我认为我们会继续使用Rust来处理区块链部分。
So I think we're gonna stick to Rust for the blockchain parts.
你还提到了一些事情。
You also mentioned something.
这有点回到FHE的部分。
This is kind of going back to the FHE part.
你提到了TFHE这个术语。
You had mentioned sort of the term TFHE.
你还有另一个可能专属于Zama的东西。
You had this other thing that's maybe specific to Zama.
告诉我那到底是什么。
Tell me what that actually is.
在同态加密领域,主要有三种技术。
In homomorphic encryption, you've got three main technologies.
人们正在使用的三种主要方案。
Three main, like, schemes that people are using.
你知道吗?
You know?
就像在零知识证明领域有STARKS、NARKS、PLANK这些方案一样。
Just like in ZK, you've got STARKS, NARKS, PLANK, for example.
对。
Yeah.
没错。
Yeah.
在完全同态加密领域,主要有BGV、CKKS和TFHE这三种方案。
In FHE, you've got BGV, CKKS, and TFHE.
这是当前人们使用的三大主流技术。
These are the three dominant technologies people are using.
BGV和CKKS速度非常快,但它们只能执行有限次数的运算。
BGV and CKKS are very fast, but they can only do a certain number of operations.
超过这个限制后噪声就会过大,基本上就无计可施了。
Beyond that, there's just too much noise, and you can't do much about it.
嗯。
Mhmm.
TFHE能执行的操作较少,但它能极速完成自举,这意味着你无需顾虑操作数量的限制。
TFHE can do fewer operations, but it can bootstrap extremely rapidly, meaning that you don't have to care about how many operations you're doing.
你可以无限持续地进行下去。
You just keep on going forever.
因此我们采用了TFHE,并扩展了它的能力,使其功能远超几年前由Ilaria Quilotti(现就职于Zama公司)发表的原版方案。
So we took TFHE, and we've extended the capabilities of TFHE to be able to do much more than the original scheme that was published a few years ago by a woman called Ilaria Quilotti, who also works at Zama Today.
我们让TFHE能够执行大整数运算、复杂的深度学习任务,几乎无所不能。
And we've made TFHE able to do large integer arithmetics, able to do complicated deep learning stuff, pretty much anything you want it to do.
那么其他方案还有用武之地吗?
So are the other schemes useful?
有的。
Yes.
在某些应用场景中,这些方案依然能发挥作用。
There are use cases where these can be useful.
但我们认为TFHE将成为主导技术,因为它具有多功能性且其原语非常强大。
But we think that TFHE will be the dominant technology because of the versatility and how powerful the primitives are in it.
我想稍微拆解一下这些缩写词。
I I wanna sort of crack open some of these acronyms.
那么TFHE中的t代表什么?
So what does the t in TFHE stand for?
哦,t f...这个t代表Taurus f h e。
Oh, t f the t stands for Taurus f h e.
Taurus?
Taurus?
就像Taurus。
Like Taurus.
就像...
To like
像个甜甜圈。
Like a donut.
哦,好吧。
Oh, okay.
不是指那种动物。
Not like the animal.
就像,就像数学里的环面。
Like, like like the like, mathematical Taurus.
好吧。
Okay.
就像甜甜圈那样。
It's like like a donut.
对吧?
Right?
好的。
Okay.
他们本可以叫它甜甜圈全同态加密的。
They could have called it donut FHE, I guess.
那其实是一回事。
It would have been the same thing.
TFHE背后的理念是使用环面来表示全同态加密计算等操作。
The idea behind TFHE was to use a torus as a way to represent the FHE computations, things like that.
所以这可以说是一种数学运作方式的思维构想。
So it was just it was a vision of the mind, if you want, to how the mathematics kinda worked.
你认为行业内还有哪些其他项目?
What other projects would you say are in your industry?
比如你们可能合作的团队,或者同样参与这个fhe.org倡议的团队?
Like, teams that you maybe collaborate with or are also sort of working on this fhe.org initiative?
我们与很多很多公司都有合作。
Well, we work with many, many, many companies.
我们有超过20家不同的合作伙伴,涵盖硬件加速、密码学库到机器学习等各个领域。
I mean, we've got over 20 different partners ranging everything from hard acceleration to cryptographic libraries to, you know, machine learning stuff.
现在有越来越多的公司专门从事全同态加密研究。
There are more and more companies working on FHE specifically.
你知道,六个月前,大概只有我们三四家在做。
You know, six months ago, there were maybe, like, three, four of us.
过去六个月不知怎么突然爆发,现在有大约10家新公司开始做全同态加密,这真是
In the last six months for some reason, it just blew up, and now there is, like, 10 new companies doing FHE, which is
酷。
Cool.
我也不知道发生了什么。
I don't know what happened.
你知道吗?
You know?
可能我们最近展示的东西太多了,大家都对此感到兴奋。
Maybe we showed too much stuff recently, and everybody was, like, got excited about it.
但这很棒。
But it's great.
对吧?
Right?
因为这会让事情进展得更快。
Because it's gonna make things move faster.
对我们也有好处。
And also also good for us.
你知道,终于有点竞争其实挺好的。
You know, it's kind of nice to have a little bit competition finally.
对吧?
Right?
之前有一段时间感觉挺孤独的。
It it felt kind of lonely for a while.
现在有几支非常优秀的团队在研究FHE。
There are some very good teams working on FHE.
我觉得,这块市场足够大,只要我们是行业第一,几家公司共同分享也没问题。
And I think, you know, it's it's a big enough pie that, you know, a few companies can share it as long as we are the number one in it, of
当然。
course.
你知道吗?
You know?
我明白了。
I see.
我明白了。
I see.
创业精神。
Entrepreneurial.
不过其他项目有哪些?就当让我们了解一下。
What are the other projects, though, in case just for us to know?
有一家叫Duality的公司,是由一群非常优秀的密码学家创立的。
So there is a company called Duality that a bunch of very good cryptographers started.
他们更专注于BGV和CKKS,对TFHE关注不多。
They're more focused on BGV, CKKS, not so much on TFHE.
所以你看,我们在很多方面都非常相似。
So, you know, we're very similar in many ways.
我们只是采用了完全不同的策略和技术栈。
We just have a very different strategy and a very different technology stack.
嗯。
Mhmm.
但你知道,他们已经相当成熟了。
But, you know, they're they're they're pretty established.
还有一家刚完成种子轮融资的小公司,叫Sunscreen,也在做同但你知道,他们已经相当成熟了。
There is a small company that just did their seed rounds to do homomorphic smart contracts as well called sunscreen.
哦,是的。
Oh, yeah.
等等。
Wait.
我认识他们。
I know them.
这是Ravitel。
This is, Ravitel.
这是前NuCypher团队的人。
This is ex NuCypher folks.
对吧?
Right?
是的。
Yes.
对。
Yeah.
酷。
Cool.
就是他们。
That's them.
英特尔正在研发加速技术。
Intel is working on acceleration.
当然,所有大公司也都开始关注这个领域了。
Then all the big guys are starting to look into that, of course, as well.
但总的来说,我认为这是一种趋势。
But I would say, generally, it's a trend.
对吧?
Right?
这个领域的公司越来越多。
There are more and more companies in that space.
但你知道,其中有些只是在使用FHE(全同态加密)。
But, you know, some of them are just using FHE.
有些则在发明新的FHE技术。
Some of them are inventing new FHE stuff.
Ravetel和她的团队正在使用现有方案。
Ravetel and her team are using existing schemes.
他们只是以对智能合约开发者非常便利的方式进行了封装。
They're just packaging it in a way that is convenient for smart contract developers pretty much.
他们正在做非常有趣的工作。
And they're doing very interesting work.
你知道,我们当然也在关注他们的工作,在某些情况下也会从中汲取灵感。
You know, we're looking at what they do, of course, you know, taking inspirations in some cases too.
我们在技术栈上的层级要低得多。
We are much lower down the stack as well.
我们既构建新的FHE原语,也在其之上开发工具。
You know, we build new FHE primitives as well as build those tools on top of it.
我想把话题转回到机器学习上。
I want to bring it back to machine learning.
你说过有一些合作伙伴在做机器学习相关的工作。
So you said you have sort of partners who are doing machine learning type stuff.
你认为我们距离在FHE框架下实现私有模型创建还有多远?
How far away are we really from having private model creation under the hood of an FHE, do you think?
嗯,这是可行的。
Well, it works.
只是目前还非常
It's just very
目前速度很慢。
slow right now.
好的。
Okay.
所以现在已经可以实现了。
So it's doable already.
不过好吧。
But okay.
这是可行的。
It's doable.
只是速度慢。
It's just slow.
明白了。
Okay.
什么时候使用才实际可行呢?
When is it practical to use?
是的。
Yeah.
你需要加速器。
You need accelerators.
所以我想说还需要几年时间。
So a couple of years, I would say.
这是你2025年的那种肯定。
This is your 2025 kind of Yes.
想法。
Idea.
对。
Yes.
没错。
Yes.
2025年,这就是我的愿景。
2025, that's my vision.
这是你的目标。
That's your goal.
好的。
Okay.
这就是我们要去的地方。
That's where we're that's where we're going.
不错。
Nice.
所以是的。
So yeah.
所以如果你不介意等一会儿的话,今天就可以做。
So you can do it today if you don't care about waiting for a while.
顺便问一下,'一会儿'是多久?
What is a while, by the way?
当你这么说的时候,具体是指什么?
Like, when you say that, like, what are you talking about?
关于 Bayt 播客
Bayt 提供中文+原文双语音频和字幕,帮助你打破语言障碍,轻松听懂全球优质播客。