Skip to main content

Uploading programs and ciphertexts

Before anyone can use your FHE app, the SPF must be able to access he FHE program and any required ciphertexts. Unfortunately, storing FHE programs and their encrypted inputs on-chain will be extremely expensive (and in many cases not even possible due to how large FHE ciphertexts are). To get around this challenge, SPF provides off-chain data storage for your FHE program and any accompanying inputs. This makes it cost effective to use FHE programs in web3 as well as making it straightforward for the SPF to operate as a service.

In this section, we’ll look at how to upload programs and user inputs to SPF.

Program upload

To upload a compiled FHE program to SPF, use the upload-program command:

spf-client upload-program --file <FILE>

The command uploads the compiled program binary to SPF and returns a unique library identifier for use in program run requests.

Parameters:

  • --file <FILE>: Path to the compiled program library file (required)

Returns: Library identifier that uniquely identifies the uploaded program

Encrypting values

To encrypt values for use as program inputs, use the generate-ciphertext command:

spf-client generate-ciphertext --value <VALUE>
                               --bits <BITS>
                               [--output <OUTPUT>]
                               [--upload --private-key <PRIVATE_KEY>]

The command encrypts a plaintext value and either saves it to a file or uploads it directly to SPF.

Parameters:

  • --value <VALUE>: The plaintext value to encrypt (required)
  • --bits <BITS>: The bit width (8, 16, 32, or 64) (required)
  • --output <OUTPUT>: Path to save the ciphertext file (optional, used when not uploading)
  • --upload: Upload the ciphertext to SPF after generation (optional, requires --private-key)
  • --private-key <PRIVATE_KEY>: User’s private key in hexadecimal format (required with --upload)

Returns:

  • Without --upload: Saves the encrypted ciphertext to the specified output file
  • With --upload: Ciphertext identifier for the uploaded ciphertext

Ciphertext upload

To upload ciphertexts stored on disk to SPF, use the upload-ciphertext command:

spf-client upload-ciphertext --file <FILE> --private-key <PRIVATE_KEY>

The command uploads encrypted data to SPF and returns a unique ciphertext identifier (a keccak256 hash of the ciphertext bytes). The private key is used for authentication, and the uploader becomes the initial admin of the ciphertext.

Parameters:

  • --file <FILE>: Path to the ciphertext file to upload (required)
  • --private-key <PRIVATE_KEY>: User’s private key in hexadecimal format (required)

Returns: Ciphertext identifier for use in program run requests