A server-side CKKS GPU library fully interoperable with OpenFHE.
- OpenFHE version 1.5.1 compatibility.
- Multi-GPU support with NCCL.
- Sparse Secret Encapsulation support.
- Many performance optimizations.
- Bug fixes.
- Full CKKS implementation: Add, AddPt, AddScalar, Mult, MultPt, MultScalar, Square, Rotate, RotateHoisted, Bootstrap.
- OpenFHE interoperability for FIXEDMANUAL, FIXEDAUTO, FLEXIBLEAUTO and FLEXIBLEAUTOEXT.
- Hardware acceleration with NVIDIA CUDA.
- High-performance NTT/INTT implementation.
- Hybrid Key-Switching.
- Ciphertext offloading: evict GPU-resident ciphertexts to host RAM and reclaim VRAM on demand.
When you are holding more ciphertexts than comfortably fit in GPU memory, or simply want to hand some VRAM back to the system before other GPU work, a GPU-resident ciphertext can be evicted to host RAM and brought back on demand:
ct->Offload()— copy the ciphertext's limbs to host RAM and free its VRAM.ct->IsOffloaded()— whether the ciphertext is currently evicted.ct->Reload()— copy it back to the GPU. WithSetCiphertextAutoload(true)this also happens automatically the first time an offloaded ciphertext is used.cc->TrimGPUMemoryPool()— return the freed VRAM to the driver/OS.
Offload()/Reload() are a bit-exact round trip: no decrypt, rescale or NTT is performed,
so the ciphertext is numerically identical afterwards.
Offload() on its own frees the limbs into FIDESlib's internal GPU memory pool so they can
be cheaply reused by later operations; it does not return that memory to the OS, so
nvidia-smi will not show a drop until you call TrimGPUMemoryPool(). If you only intend to
reuse the memory for more FIDESlib work, no trim is needed — the pool recycles it for free.
// Cache some ciphertexts we do not need on the GPU right now.
std::vector<Ciphertext<DCRTPoly>> cached;
for (int i = 0; i < n; ++i)
cached.push_back(cc->Encrypt(keys.publicKey, ptxt));
for (auto& ct : cached)
ct->Offload(); // limbs -> host RAM, VRAM freed into the pool
cc->TrimGPUMemoryPool(); // hand the freed VRAM back to the system
// ... do other GPU work here ...
auto sum = cc->EvalAdd(cached[0], cached[1]); // cached[*] auto-reload on useSee examples/offload for a complete, runnable program.
If you use FIDESlib on your research, please cite our ISPASS paper.
@inproceedings{FIDESlib,
author = {Carlos Agulló-Domingo and Óscar Vera-López and Seyda Guzelhan and Lohit Daksha and Aymane El Jerari and Kaustubh Shivdikar and Rashmi Agrawal and David Kaeli and Ajay Joshi and José L. Abellán},
title = {{FIDESlib: A Fully-Fledged Open-Source FHE Library for Efficient CKKS on GPUs}},
booktitle = {2025 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS)},
year = {2025},
note = {Poster paper},
url = {https://github.com/CAPS-UMU/FIDESlib},
publisher = {IEEE},
address = {Ghent, Belgium},
}Important
Requirements:
- NVIDIA CUDA version 12 or 13.
- GCC version >=11
- OpenMP development library.
- CMake version 3.25.2 or greater.
- (Optional) NVIDIA Collective Communications Library to enable Multi-GPU support.
For CUDA software stack, follow the official installation guides. For the remaining dependencies, install them using the package manager or mehtod of your choice.
On Ubuntu:
apt install make build-essential cmake gitNote
CMake package on Ubuntu may be older than expected; install it using snap, pip or build from source.
In order to be able to compile the project, one must follow these steps:
- Clone this repository.
- Generate the Makefile with CMake.
- Build the project.
FIDESlib needs a patched version of OpenFHE in order to be able to access some internals needed for interoperability. This patched version can be automatically installed by defining FIDESLIB_INSTALL_OPENFHE=ON CMake variable. By default this variable is set OFF. Once the patched version is installed, one can disable this flag when reinstalling FIDESlib.
The build process produces the following artifacts:
- fideslib.so: The FIDESlib library to be dynamically linked to any client application.
- fideslib-test: The test suite executable if selected.
- fideslib-bench: The benchmark suite executable if selected.
- gpu-test: A dummy executable to search for the CUDA capable devices on the machine.
- dummy: Another dummy executable.
The following options can be used with CMake to configure the build. The default value for each option is denoted in boldface under the Values column:
| CMake Option | Values | Description |
|---|---|---|
FIDESLIB_ARCH |
"all-major",string | Select the GPU architectures of the selected backend. |
CMAKE_BUILD_TYPE |
"Release", "Debug", "MinSizeRel", "RelWithDebInfo" | Select the compilation build type. |
FIDESLIB_INSTALL_PREFIX |
"/usr/local",string | Select prefix path for the installation path of FIDESlib. Relative paths are resolved from the project root directory. |
OPENFHE_INSTALL_PREFIX |
"/usr/local",string | Select prefix path for the installation path of OpenFHE. Relative paths are resolved from the project root directory. |
FIDESLIB_INSTALL_OPENFHE |
ON / OFF | Enable the installation of the patched version of OpenFHE. Needed the first time. |
FIDESLIB_COMPILE_TESTS |
ON / OFF | Build the tests for verifying the functionality of the project. |
FIDESLIB_COMPILE_BENCHMARKS |
ON / OFF | Build the benchmarks executable. |
Installing the library is as easy as running the following command:
cmake --build $PATH_TO_BUILD_DIR --target install -jFIDESlib is currently ready to be consumed as a CMake library. The template project on the examples directory shows how to build and run a FIDESlib client application and contains examples of usage of most of the functionality provided by FIDESlib.
Note
As the default installation prefix for FIDESlib is /usr/local you may need administrator priviledges. Change this using the previously mentioned configuration options.
Check examples for projects that use FIDESlib.
Check docker directory to obtain instructions on running FIDESlib inside a Docker environment.
Thanks to all main contributors:
- Carlos Agulló Domingo.
- Óscar Vera López.
- Seyda Guzelhan.
- Lohit Daksha.
- Aymane El Jerari.
And thanks to our advisor:
- José L. Abellán.
This project was possible thanks to the following grants:
- Grant CNS2023-144241 funded by "MICIU/AEI/10.13039/501100011033" and the "European Union NextGenerationEU/PRTR".
- Grants NSF CNS 2312275 and 2312276, and supported in part from the NSF IUCRC Center for Hardware and Embedded Systems Security and Trust (CHEST).
If you have any question, comment, or suggestion, please contact:
- Carlos Agulló Domingo (carlos.a.d@um.es).
- Óscar Vera López (oscar.veral@um.es).
Or feel free to open an issue or a general discussion on this repository.