Transistor: a TFHE-friendly Stream Cipher

Jules Baudrin; Sonia Belaïd; Nicolas Bon; Christina Boura; Anne Canteaut; Gaëtan Leurent; Pascal Paillier; Léo Perrin; Matthieu Rivain; Yann Rotella; Samuel Tap

Paper 2025/282

Transistor: a TFHE-friendly Stream Cipher

Jules Baudrin, French Institute for Research in Computer Science and Automation, UCLouvain, Belgium

Sonia Belaïd, CryptoExperts (France)

Nicolas Bon, CryptoExperts (France), French Institute for Research in Computer Science and Automation, DIENS, École Normale Supérieure - PSL

Christina Boura, IRIF, Université Paris Cité

Anne Canteaut, French Institute for Research in Computer Science and Automation

Gaëtan Leurent, French Institute for Research in Computer Science and Automation

Pascal Paillier, CryptoExperts (France), Zama

Léo Perrin, French Institute for Research in Computer Science and Automation

Matthieu Rivain, CryptoExperts (France)

Yann Rotella, Versailles Saint-Quentin-en-Yvelines University

Samuel Tap, Zama

Abstract

Fully Homomorphic Encryption (FHE) allows computations on encrypted data without requiring decryption, ensuring data privacy during processing. However, FHE introduces a significant expansion of ciphertext sizes compared to plaintexts, which results in higher communication. A practical solution to mitigate this issue is transciphering, where only the master key is homomorphically encrypted, while the actual data is encrypted using a symmetric cipher, usually a stream cipher. The server then homomorphically evaluates the stream cipher to convert the encrypted data into a homomorphically encrypted form. We introduce Transistor, a stream cipher specifically designed for efficient homomorphic evaluation within the TFHE scheme, a widely-used FHE framework known for its fast bootstrapping and ability to handle low-precision data. Transistor operates on which is chosen to optimize TFHE performances. Its components are carefully engineered to both control noise growth and provide strong security guarantees. First, a simple TFHE-friendly implementation technique for LFSRs allows us to use such components to cheaply increase the state size. At the same time, a small Finite State Machine is the only part of the state updated non-linearly, each non-linear operation corresponding in TFHE to a rather expensive Programmable Bootstrapping. This update is done using an AES-round-like transformation. But, in contrast to other stream ciphers like SNOW or LEX, our construction comes with information-theoretic security arguments proving that an attacker cannot obtain any information about the secret key from three or fewer consecutive keystream outputs. These information-theoretic arguments are then combined with a thorough analysis of potential correlations to bound the minimal keystream length required for recovering the secret key. Our implementation of Transistor significantly outperforms the state of the art of TFHE transciphering, achieving a throughput of over 60 bits/s on a standard CPU, all while avoiding the need for an expensive initialization process.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Preprint.
Keywords: Stream Cipher TFHE Linear cryptanalysis
Contact author(s): jules baudrin @ inria fr
sonia belaid @ cryptoexperts com
nicolas bon @ cryptoexperts com
christina boura @ irif fr
anne canteaut @ inria fr
gaetan leurent @ inria fr
pascal @ zama ai
leo perrin @ inria fr
matthieu rivain @ cryptoexperts com
yann rotella @ uvsq fr
samuel tap @ zama ai
History: 2025-02-19: approved; 2025-02-18: received; See all versions
Short URL: https://ia.cr/2025/282
License: CC BY

BibTeX

@misc{cryptoeprint:2025/282,
      author = {Jules Baudrin and Sonia Belaïd and Nicolas Bon and Christina Boura and Anne Canteaut and Gaëtan Leurent and Pascal Paillier and Léo Perrin and Matthieu Rivain and Yann Rotella and Samuel Tap},
      title = {Transistor: a {TFHE}-friendly Stream Cipher},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/282},
      year = {2025},
      url = {https://eprint.iacr.org/2025/282}
}