# TFHE Programs with Sunscreen

{% hint style="info" %}
**Looking for a quick start?**\
\
To run the complete flow end-to-end using example code, follow the [Demo Tutorial](https://platformdocs.lattica.ai/demo-tutorials/tfhe-end-to-end-demo-sunscreen-+-lattica).

The page below describes each step in detail and links to the relevant documentation.
{% endhint %}

## Prerequisites 

Lattica's documentation assumes you have already compiled a TFHE program using Sunscreen.

{% hint style="danger" %}
If you haven’t compiled yet, go to **Sunscreen’s docs** and start from their [compiler introduction](https://docs.sunscreen.tech/start).
{% endhint %}

Lattica helps **deploy a TFHE program**, **control who can use it**, and **run it on workers** so that your users can submit encrypted queries and receive encrypted results.

{% hint style="warning" %}
**Note on terminology**

In the **Lattica platform documentation linked from this page**, the term **model** refers to a deployable computational workload.

This corresponds with your **compiled TFHE program** for **Sunscreen-based TFHE flows**, even though it is not an AI or ML model.

All concepts (deployment, access tokens, workers, credits, query submission) apply in the same way.
{% endhint %}

## Who Does What?

<div data-full-width="true"><figure><img src="https://1094188974-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVQmLdqLyUJqGzvb6ZjlN%2Fuploads%2Fd72A2QomjmcF3yj3HuR9%2Fflow.png?alt=media&#x26;token=fd16494f-8198-43f5-8433-df00d9458852" alt=""><figcaption></figcaption></figure></div>

### **Program Owner (you / your team)**

{% stepper %}
{% step %}

### Creates a Lattica account (credits + billing + ownership)

1. [Sign-up/sign-in](https://console.lattica.ai/?partner=sunscreen) to the Lattica Console (your team’s admin should do this).
2. In the Console, locate and download/copy your [**license**](https://platformdocs.lattica.ai/how-to-guides/account-and-finance-operations/how-to-update-account-information).
3. Store it securely (Management Client and Query Client use depends on it).

{% hint style="info" %}
Finance and account management are handled in the Console. Most technical operations can be done either in the Console or via the Management Client.
{% endhint %}
{% endstep %}

{% step %}

### Deploys the compiled program

1. [Install the Management Client](https://platformdocs.lattica.ai/how-to-guides/client-installation/how-to-install-management-client)
2. [Upload the compiled artifact](https://platformdocs.lattica.ai/how-to-guides/model-lifecycle/how-to-deploy-ai-model)

{% hint style="warning" %}
Lattica will run **platform validation** before execution, even after Sunscreen's compilation succeeded. You’ll see an error if validation fails, in which case you must fix the program and redeploy.
{% endhint %}
{% endstep %}

{% step %}

### Creates access tokens for users

[Access tokens](https://platformdocs.lattica.ai/platform-workflows/user-access-management) are for users to use in the Query Client. Tokens are:

* **Model/program-specific.** Each token grants permission to run queries on a specific program.&#x20;
* **Time-limited** (currently 30 days).
* **Not retrievable later** (copy and store them securely when created).

Create tokens here: [How‑To: Create User Access Token.](https://platformdocs.lattica.ai/how-to-guides/access-control/how-to-create-user-access-token)

{% hint style="info" %}
Treat tokens like passwords. Distribute them over a secure channel (never hard-code in public client apps).
{% endhint %}
{% endstep %}

{% step %}

### Buys credits (for workers to run)

Lattica uses a credit system:

* Credits are consumed based on **worker active runtime.**
* Workers stop when credits run out.

Start with:

* [**Credit Management**](https://platformdocs.lattica.ai/platform-workflows/credit-management) (workflow overview).
* [**How‑To: View Credit Balance and Add Credit**](https://platformdocs.lattica.ai/how-to-guides/account-and-finance-operations/how-to-view-credit-balance-and-add-credit-to-your-account)**.**

See [**Pricing** ](https://platformdocs.lattica.ai/platform-workflows/broken-reference)for current compute rates and available packages.
{% endstep %}

{% step %}

### Starts/stops workers (required to process queries)

Your program can process queries only when a worker is running.\
Start instructions: [**How‑To: Start Worker**.](https://platformdocs.lattica.ai/how-to-guides/resource-management/how-to-start-worker)
{% endstep %}

{% step %}

### Stops workers when idle (to control cost)

Because billing is runtime-based, you should stop workers when they’re not needed.

Stop instructions: [**How‑To: Stop Worker**.](https://platformdocs.lattica.ai/how-to-guides/resource-management/how-to-stop-worker)

{% hint style="info" %}
**Rule of thumb:**\
If there are no queries expected for a while → stop the worker → start it again before next usage.
{% endhint %}
{% endstep %}
{% endstepper %}

### **End User (your customer / your app / your users)**

{% hint style="info" %}
Two things must be true before a user can run a query:

1. The user has an **access token** for this program.
2. At least one **worker** is running (and your account has enough credits).
   {% endhint %}

{% stepper %}
{% step %}

### Installs the Query Client (once)

Using an access token you provide.

Install instructions: [**How‑To: Install Query Client**.](https://platformdocs.lattica.ai/how-to-guides/client-installation/how-to-install-query-client)
{% endstep %}

{% step %}

### Generates keys locally (secret key stay local)

Each user generates:

* A **Secret Key** (stays on the user's machine).
* An **Evaluation Key** (uploaded to Lattica so encrypted computation can run).

This is a one-time setup per user/program in normal usage.

Follow:[ **How‑To: Upload Evaluation Key**.](https://platformdocs.lattica.ai/how-to-guides/secure-query-processing/how-to-upload-evaluation-key)
{% endstep %}

{% step %}

### Runs encrypted queries (encrypt → execute → decrypt)

For **each query**, the client performs the following steps:

1. [**Encrypts** ](https://platformdocs.lattica.ai/how-to-guides/secure-query-processing/how-to-encrypt-input-message)the input locally.
2. [**Executes** ](https://platformdocs.lattica.ai/how-to-guides/secure-query-processing/how-to-execute-query)the encrypted query on the Lattica backend.
3. [**Decrypts** ](https://platformdocs.lattica.ai/how-to-guides/secure-query-processing/how-to-decrypt-output-data)the encrypted result locally.

These three steps can be executed **either separately** or[ **as a single command**](https://platformdocs.lattica.ai/how-to-guides/secure-query-processing/how-to-encrypt-execute-and-decrypt-in-one-step), depending on integration needs.

For a high-level view of how the client and backend interact, see: \
[**Query Submission (workflow overview)**](https://platformdocs.lattica.ai/platform-workflows/query-submission)
{% endstep %}
{% endstepper %}