Skip to main content
The TFHE endpoints evaluate Boolean gates (NAND, AND, OR, XOR, NOT, MUX) on TLWE ciphertexts. Each gate is one bootstrap operation. The recommended flow is:
  1. Client keygen() locally
  2. POST /tfhe/eval-session with the eval key (FHE-blind mode)
  3. POST /tfhe/gate or POST /tfhe/batch for each operation
  4. DELETE /tfhe/session/{id} to release server resources

POST /api/v1/tfhe/session

Create a server-managed session. For demos and quick tests only — the server holds the secret key. For production, use /eval-session. Auth: TRIAL+

Request

POST /api/v1/tfhe/session
{
  "preset": "fast_128"
}
FieldTypeRequiredAllowed
presetstringYes"fast_128", "standard_128", "conservative_128"

Response — 201 Created

{
  "session_id": "sess_a1b2c3...",
  "preset": "fast_128",
  "n": 636,
  "big_n": 1024
}

POST /api/v1/tfhe/eval-session

Create an FHE-blind session by uploading a client-generated evaluation key. Recommended for production. Auth: TRIAL+

Request

POST /api/v1/tfhe/eval-session
{
  "eval_key_b64": "<base64-of-eval-key-bytes>"
}
FieldTypeRequiredNotes
eval_key_b64stringYesbase64-encoded eval key, ≤40 MB

Response — 201 Created

{
  "session_id": "sess_xyz789...",
  "preset": "standard_128",
  "n": 1024,
  "big_n": 1024,
  "is_blind": true
}
preset is auto-detected from the eval-key parameters.

Response — 413 Payload Too Large

{
  "error": {
    "code": "PAYLOAD_TOO_LARGE",
    "message": "eval_key_b64 exceeds 40 MB limit"
  }
}

POST /api/v1/tfhe/gate

Evaluate a single Boolean gate. Auth: TRIAL+

Request

POST /api/v1/tfhe/gate
{
  "session_id": "sess_a1b2c3...",
  "op": "NAND",
  "a": "<base64-ciphertext-a>",
  "b": "<base64-ciphertext-b>",
  "sel": null
}
FieldTypeRequiredNotes
session_idstringYesFrom /session or /eval-session
opstringYes"NAND", "AND", "OR", "XOR", "NOR", "XNOR", "NOT", "MUX"
astring (base64)YesFirst operand ciphertext
bstring (base64)NoSecond operand. Required for binary gates; omit for NOT
selstring (base64)NoSelector input. Required only for MUX
For MUX: a is d1 (input when sel=1), b is d0 (input when sel=0), sel is the selector.

Response — 200 OK

{
  "result_b64": "<base64-result-ciphertext>",
  "op": "NAND",
  "bootstrap_ops": 1,
  "cost_jpy": 0.10,
  "compute_ms": 14.2
}

Bootstrap costs

GateBootstrap opsCost (JPY)
NAND, AND, OR, NOR1¥0.10
XOR, XNOR4¥0.40
NOT0¥0.00 (free, no bootstrap)
MUX3¥0.30

POST /api/v1/tfhe/batch

Evaluate multiple gates in one request. Sequential execution (not parallel), but 30% discount for ≥32 ops. Auth: TRIAL+

Request

POST /api/v1/tfhe/batch
{
  "session_id": "sess_a1b2c3...",
  "gates": [
    { "op": "NAND", "a": "<b64>", "b": "<b64>" },
    { "op": "AND",  "a": "<b64>", "b": "<b64>" },
    { "op": "XOR",  "a": "<b64>", "b": "<b64>" }
  ]
}
FieldTypeRequiredNotes
gatesarrayYes1–1024 gate objects, each like /gate request

Response — 200 OK

{
  "results_b64": [
    "<b64-result-1>",
    "<b64-result-2>",
    "<b64-result-3>"
  ],
  "total_bootstrap_ops": 6,
  "total_cost_jpy": 0.42,
  "total_compute_ms": 102.3,
  "batch_discount_applied": false
}
When gates.length >= 32: 
{
  "results_b64": [...],
  "total_bootstrap_ops": 32,
  "total_cost_jpy": 2.24,
  "total_compute_ms": 480.0,
  "batch_discount_applied": true
}

POST /api/v1/tfhe/session/{session_id}/encrypt

Server-side encryption. Only available for v1 (non-blind) sessions. Auth: TRIAL+

Request

POST /api/v1/tfhe/session/sess_xyz/encrypt
{
  "bit": false
}

Response — 200 OK

{
  "ciphertext_b64": "<base64-tlwe-ciphertext>"
}
For FHE-blind sessions, encrypt locally with the SDK and POST ciphertexts directly to /tfhe/gate or /tfhe/batch.

POST /api/v1/tfhe/session/{session_id}/decrypt

Server-side decryption. Only available for v1 (non-blind) sessions. Auth: TRIAL+

Request

POST /api/v1/tfhe/session/sess_xyz/decrypt
{
  "ciphertext_b64": "<base64>"
}

Response — 200 OK

{
  "bit": true
}

GET /api/v1/tfhe/session/{session_id}

Get session usage stats. Auth: TRIAL+

Response — 200 OK

{
  "session_id": "sess_a1b2c3",
  "preset": "standard_128",
  "gates_used": 1024,
  "total_cost_jpy": 102.4,
  "age_s": 1523,
  "is_blind": true
}

DELETE /api/v1/tfhe/session/{session_id}

Release session resources (eval key, cached ciphertexts). Auth: TRIAL+

Response — 204 No Content

No body. Cleanup completes within 5 seconds.

GET /api/v1/tfhe/sessions

Admin endpoint — list all sessions for the account. Auth: BILLING+ (account_admin)

Response — 200 OK

{
  "sessions": [
    {
      "session_id": "sess_a1",
      "preset": "fast_128",
      "gates_used": 12,
      "age_s": 305,
      "is_blind": false
    }
  ]
}

Common errors

CodeStatusMeaning
SESSION_NOT_FOUND404session_id invalid or expired
SESSION_EXPIRED410Session TTL elapsed (1 h default)
INVALID_CIPHERTEXT400Ciphertext bytes don’t match session params
INVALID_GATE_OP400op not in supported set
MISSING_OPERAND400b missing for binary gate, or sel missing for MUX
BATCH_TOO_LARGE400More than 1024 gates in one batch
PAYLOAD_TOO_LARGE413Single ciphertext >2 MB or eval key >40 MB

Performance tips

  • Batch ≥32 ops for the 30% discount and to amortize HTTP overhead.
  • Reuse sessions — a session is valid for 1 hour; one session per logical workflow, not one per gate.
  • Don’t ping-pong ciphertexts. Computing locally with the SDK is faster than round-tripping to the server when network latency dominates.
  • Use NOT freely — it’s a unary trivial operation, costs ¥0, and runs in microseconds.

Next Steps

Server Mode Example

Full FHE-blind walkthrough

Compute API

CKKS arithmetic operations