Documentation ¶
Overview ¶
Package drlwe implements a distributed (or threshold) version of the CKKS scheme that enables secure multiparty computation solutions with secret-shared secret keys.
Index ¶
- type CKGCRP
- type CKGProtocol
- func (ckg *CKGProtocol) AggregateShares(share1, share2, shareOut *CKGShare)
- func (ckg *CKGProtocol) AllocateShare() *CKGShare
- func (ckg *CKGProtocol) GenPublicKey(roundShare *CKGShare, crp CKGCRP, pubkey *rlwe.PublicKey)
- func (ckg *CKGProtocol) GenShare(sk *rlwe.SecretKey, crp CKGCRP, shareOut *CKGShare)
- func (ckg *CKGProtocol) SampleCRP(crs CRS) CKGCRP
- func (ckg *CKGProtocol) ShallowCopy() *CKGProtocol
- type CKGShare
- type CKSCRP
- type CKSProtocol
- func (cks *CKSProtocol) AggregateShares(share1, share2, shareOut *CKSShare)
- func (cks *CKSProtocol) AllocateShare(level int) *CKSShare
- func (cks *CKSProtocol) GenShare(skInput, skOutput *rlwe.SecretKey, c1 *ring.Poly, shareOut *CKSShare)
- func (cks *CKSProtocol) KeySwitch(ctIn *rlwe.Ciphertext, combined *CKSShare, ctOut *rlwe.Ciphertext)
- func (cks *CKSProtocol) SampleCRP(level int, crs CRS) CKSCRP
- func (cks *CKSProtocol) ShallowCopy() *CKSProtocol
- type CKSShare
- type CRS
- type Combiner
- type PCKSProtocol
- func (pcks *PCKSProtocol) AggregateShares(share1, share2, shareOut *PCKSShare)
- func (pcks *PCKSProtocol) AllocateShare(levelQ int) (s *PCKSShare)
- func (pcks *PCKSProtocol) GenShare(sk *rlwe.SecretKey, pk *rlwe.PublicKey, ct1 *ring.Poly, shareOut *PCKSShare)
- func (pcks *PCKSProtocol) KeySwitch(ctIn *rlwe.Ciphertext, combined *PCKSShare, ctOut *rlwe.Ciphertext)
- func (pcks *PCKSProtocol) ShallowCopy() *PCKSProtocol
- type PCKSShare
- type RKGCRP
- type RKGProtocol
- func (ekg *RKGProtocol) AggregateShares(share1, share2, shareOut *RKGShare)
- func (ekg *RKGProtocol) AllocateShare() (ephSk *rlwe.SecretKey, r1 *RKGShare, r2 *RKGShare)
- func (ekg *RKGProtocol) GenRelinearizationKey(round1 *RKGShare, round2 *RKGShare, evalKeyOut *rlwe.RelinearizationKey)
- func (ekg *RKGProtocol) GenShareRoundOne(sk *rlwe.SecretKey, crp RKGCRP, ephSkOut *rlwe.SecretKey, shareOut *RKGShare)
- func (ekg *RKGProtocol) GenShareRoundTwo(ephSk, sk *rlwe.SecretKey, round1 *RKGShare, shareOut *RKGShare)
- func (ekg *RKGProtocol) SampleCRP(crs CRS) RKGCRP
- func (ekg *RKGProtocol) ShallowCopy() *RKGProtocol
- type RKGShare
- type RTGCRP
- type RTGProtocol
- func (rtg *RTGProtocol) AggregateShares(share1, share2, shareOut *RTGShare)
- func (rtg *RTGProtocol) AllocateShare() (rtgShare *RTGShare)
- func (rtg *RTGProtocol) GenRotationKey(share *RTGShare, crp RTGCRP, rotKey *rlwe.SwitchingKey)
- func (rtg *RTGProtocol) GenShare(sk *rlwe.SecretKey, galEl uint64, crp RTGCRP, shareOut *RTGShare)
- func (rtg *RTGProtocol) SampleCRP(crs CRS) RTGCRP
- func (rtg *RTGProtocol) ShallowCopy() *RTGProtocol
- type RTGShare
- type ShamirPolynomial
- type ShamirPublicPoint
- type ShamirSecretShare
- type Thresholdizer
- func (thr *Thresholdizer) AggregateShares(share1, share2, outShare *ShamirSecretShare)
- func (thr *Thresholdizer) AllocateThresholdSecretShare() *ShamirSecretShare
- func (thr *Thresholdizer) GenShamirPolynomial(threshold int, secret *rlwe.SecretKey) (*ShamirPolynomial, error)
- func (thr *Thresholdizer) GenShamirSecretShare(recipient ShamirPublicPoint, secretPoly *ShamirPolynomial, ...)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CKGProtocol ¶
type CKGProtocol struct {
// contains filtered or unexported fields
}
CKGProtocol is the structure storing the parameters and and precomputations for the collective key generation protocol.
func NewCKGProtocol ¶
func NewCKGProtocol(params rlwe.Parameters) *CKGProtocol
NewCKGProtocol creates a new CKGProtocol instance
func (*CKGProtocol) AggregateShares ¶
func (ckg *CKGProtocol) AggregateShares(share1, share2, shareOut *CKGShare)
AggregateShares aggregates a new share to the aggregate key
func (*CKGProtocol) AllocateShare ¶
func (ckg *CKGProtocol) AllocateShare() *CKGShare
AllocateShare allocates the share of the CKG protocol.
func (*CKGProtocol) GenPublicKey ¶
func (ckg *CKGProtocol) GenPublicKey(roundShare *CKGShare, crp CKGCRP, pubkey *rlwe.PublicKey)
GenPublicKey return the current aggregation of the received shares as a bfv.PublicKey.
func (*CKGProtocol) GenShare ¶
func (ckg *CKGProtocol) GenShare(sk *rlwe.SecretKey, crp CKGCRP, shareOut *CKGShare)
GenShare generates the party's public key share from its secret key as:
crp*s_i + e_i
for the receiver protocol. Has no effect is the share was already generated.
func (*CKGProtocol) SampleCRP ¶
func (ckg *CKGProtocol) SampleCRP(crs CRS) CKGCRP
SampleCRP samples a common random polynomial to be used in the CKG protocol from the provided common reference string.
func (*CKGProtocol) ShallowCopy ¶
func (ckg *CKGProtocol) ShallowCopy() *CKGProtocol
ShallowCopy creates a shallow copy of CKGProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned CKGProtocol can be used concurrently.
type CKGShare ¶
type CKGShare struct {
}CKGShare is a struct storing the CKG protocol's share.
func (*CKGShare) MarshalBinary ¶
MarshalBinary encodes the target element on a slice of bytes.
func (*CKGShare) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes on the target element.
type CKSProtocol ¶
type CKSProtocol struct {
// contains filtered or unexported fields
}
CKSProtocol is the structure storing the parameters and and precomputations for the collective key-switching protocol.
func NewCKSProtocol ¶
func NewCKSProtocol(params rlwe.Parameters, sigmaSmudging float64) *CKSProtocol
NewCKSProtocol creates a new CKSProtocol that will be used to perform a collective key-switching on a ciphertext encrypted under a collective public-key, whose secret-shares are distributed among j parties, re-encrypting the ciphertext under another public-key, whose secret-shares are also known to the parties.
func (*CKSProtocol) AggregateShares ¶
func (cks *CKSProtocol) AggregateShares(share1, share2, shareOut *CKSShare)
AggregateShares is the second part of the unique round of the CKSProtocol protocol. Upon receiving the j-1 elements each party computes :
[ctx[0] + sum((skInput_i - skOutput_i) * ctx[0] + e_i), ctx[1]]
func (*CKSProtocol) AllocateShare ¶
func (cks *CKSProtocol) AllocateShare(level int) *CKSShare
AllocateShare allocates the shares of the CKSProtocol
func (*CKSProtocol) GenShare ¶
func (cks *CKSProtocol) GenShare(skInput, skOutput *rlwe.SecretKey, c1 *ring.Poly, shareOut *CKSShare)
GenShare computes a party's share in the CKS protocol. ct1 is the degree 1 element of the rlwe.Ciphertext to keyswitch, i.e. ct1 = rlwe.Ciphertext.Value[1]. NTT flag for ct1 is expected to be set correctly.
func (*CKSProtocol) KeySwitch ¶
func (cks *CKSProtocol) KeySwitch(ctIn *rlwe.Ciphertext, combined *CKSShare, ctOut *rlwe.Ciphertext)
KeySwitch performs the actual keyswitching operation on a ciphertext ct and put the result in ctOut
func (*CKSProtocol) SampleCRP ¶
func (cks *CKSProtocol) SampleCRP(level int, crs CRS) CKSCRP
SampleCRP samples a common random polynomial to be used in the CKS protocol from the provided common reference string.
func (*CKSProtocol) ShallowCopy ¶
func (cks *CKSProtocol) ShallowCopy() *CKSProtocol
ShallowCopy creates a shallow copy of CKSProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned CKSProtocol can be used concurrently.
type CKSShare ¶
type CKSShare struct {
}CKSShare is a type for the CKS protocol shares.
func (*CKSShare) MarshalBinary ¶
MarshalBinary encodes a CKS share on a slice of bytes.
func (*CKSShare) UnmarshalBinary ¶
UnmarshalBinary decodes marshaled CKS share on the target CKS share.
type CRS ¶
CRS is an interface for Common Reference Strings. CRSs are PRNGs for which the read bits are the same for all parties.
type Combiner ¶
type Combiner struct {
// contains filtered or unexported fields
}
Combiner is a type for generating t-out-of-t additive shares from local t-out-of-N shares. It implements the `Combine` operation as presented in "An Efficient Threshold Access-Structure for RLWE-Based Multiparty Homomorphic Encryption" (2022) by Mouchet, C., Bertrand, E., and Hubaux, J. P. (https://eprint.iacr.org/2022/780).
func NewCombiner ¶
func NewCombiner(params rlwe.Parameters, own ShamirPublicPoint, others []ShamirPublicPoint, threshold int) *Combiner
NewCombiner creates a new Combiner struct from the parameters and the set of ShamirPublicPoints. Note that the other parameter may contain the instantiator's own ShamirPublicPoint.
func (*Combiner) GenAdditiveShare ¶
func (cmb *Combiner) GenAdditiveShare(activesPoints []ShamirPublicPoint, ownPoint ShamirPublicPoint, ownShare *ShamirSecretShare, skOut *rlwe.SecretKey)
GenAdditiveShare generates a t-out-of-t additive share of the secret from a local aggregated share ownSecret and the set of active identities, identified by their ShamirPublicPoint. It stores the resulting additive share in skOut.
type PCKSProtocol ¶
type PCKSProtocol struct {
// contains filtered or unexported fields
}
PCKSProtocol is the structure storing the parameters for the collective public key-switching.
func NewPCKSProtocol ¶
func NewPCKSProtocol(params rlwe.Parameters, sigmaSmudging float64) (pcks *PCKSProtocol)
NewPCKSProtocol creates a new PCKSProtocol object and will be used to re-encrypt a ciphertext ctx encrypted under a secret-shared key among j parties under a new collective public-key.
func (*PCKSProtocol) AggregateShares ¶
func (pcks *PCKSProtocol) AggregateShares(share1, share2, shareOut *PCKSShare)
AggregateShares is the second part of the first and unique round of the PCKSProtocol protocol. Each party uppon receiving the j-1 elements from the other parties computes :
[ctx[0] + sum(s_i * ctx[0] + u_i * pk[0] + e_0i), sum(u_i * pk[1] + e_1i)]
func (*PCKSProtocol) AllocateShare ¶
func (pcks *PCKSProtocol) AllocateShare(levelQ int) (s *PCKSShare)
AllocateShare allocates the shares of the PCKS protocol.
func (*PCKSProtocol) GenShare ¶
func (pcks *PCKSProtocol) GenShare(sk *rlwe.SecretKey, pk *rlwe.PublicKey, ct1 *ring.Poly, shareOut *PCKSShare)
GenShare is the first part of the unique round of the PCKSProtocol protocol. Each party computes the following :
[s_i * ct[1] + (u_i * pk[0] + e_0i)/P, (u_i * pk[1] + e_1i)/P]
and broadcasts the result to the other j-1 parties. ct1 is the degree 1 element of the rlwe.Ciphertext to keyswitch, i.e. ct1 = rlwe.Ciphertext.Value[1]. NTT flag for ct1 is expected to be set correctly.
func (*PCKSProtocol) KeySwitch ¶
func (pcks *PCKSProtocol) KeySwitch(ctIn *rlwe.Ciphertext, combined *PCKSShare, ctOut *rlwe.Ciphertext)
KeySwitch performs the actual keyswitching operation on a ciphertext ct and put the result in ctOut
func (*PCKSProtocol) ShallowCopy ¶
func (pcks *PCKSProtocol) ShallowCopy() *PCKSProtocol
ShallowCopy creates a shallow copy of PCKSProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned PCKSProtocol can be used concurrently.
type PCKSShare ¶
type PCKSShare struct {
}PCKSShare represents a party's share in the PCKS protocol.
func (*PCKSShare) MarshalBinary ¶
MarshalBinary encodes a PCKS share on a slice of bytes.
func (*PCKSShare) UnmarshalBinary ¶
UnmarshalBinary decodes marshaled PCKS share on the target PCKS share.
type RKGProtocol ¶
type RKGProtocol struct {
// contains filtered or unexported fields
}
RKGProtocol is the structure storing the parameters and and precomputations for the collective relinearization key generation protocol.
func NewRKGProtocol ¶
func NewRKGProtocol(params rlwe.Parameters) *RKGProtocol
NewRKGProtocol creates a new RKG protocol struct.
func (*RKGProtocol) AggregateShares ¶
func (ekg *RKGProtocol) AggregateShares(share1, share2, shareOut *RKGShare)
AggregateShares combines two RKG shares into a single one.
func (*RKGProtocol) AllocateShare ¶
func (ekg *RKGProtocol) AllocateShare() (ephSk *rlwe.SecretKey, r1 *RKGShare, r2 *RKGShare)
AllocateShare allocates the share of the EKG protocol.
func (*RKGProtocol) GenRelinearizationKey ¶
func (ekg *RKGProtocol) GenRelinearizationKey(round1 *RKGShare, round2 *RKGShare, evalKeyOut *rlwe.RelinearizationKey)
GenRelinearizationKey computes the generated RLK from the public shares and write the result in evalKeyOut.
func (*RKGProtocol) GenShareRoundOne ¶
func (ekg *RKGProtocol) GenShareRoundOne(sk *rlwe.SecretKey, crp RKGCRP, ephSkOut *rlwe.SecretKey, shareOut *RKGShare)
GenShareRoundOne is the first of three rounds of the RKGProtocol protocol. Each party generates a pseudo encryption of its secret share of the key s_i under its ephemeral key u_i : [-u_i*a + s_i*w + e_i] and broadcasts it to the other j-1 parties.
func (*RKGProtocol) GenShareRoundTwo ¶
func (ekg *RKGProtocol) GenShareRoundTwo(ephSk, sk *rlwe.SecretKey, round1 *RKGShare, shareOut *RKGShare)
GenShareRoundTwo is the second of three rounds of the RKGProtocol protocol. Upon receiving the j-1 shares, each party computes :
[s_i * sum([-u_j*a + s_j*w + e_j]) + e_i1, s_i*a + e_i2]
= [s_i * (-u*a + s*w + e) + e_i1, s_i*a + e_i2]
and broadcasts both values to the other j-1 parties.
func (*RKGProtocol) SampleCRP ¶
func (ekg *RKGProtocol) SampleCRP(crs CRS) RKGCRP
SampleCRP samples a common random polynomial to be used in the RKG protocol from the provided common reference string.
func (*RKGProtocol) ShallowCopy ¶
func (ekg *RKGProtocol) ShallowCopy() *RKGProtocol
ShallowCopy creates a shallow copy of RKGProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned RKGProtocol can be used concurrently.
type RKGShare ¶
type RKGShare struct {
}RKGShare is a share in the RKG protocol.
func (*RKGShare) MarshalBinary ¶
MarshalBinary encodes the target element on a slice of bytes.
func (*RKGShare) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes on the target element.
type RTGProtocol ¶
type RTGProtocol struct {
// contains filtered or unexported fields
}
RTGProtocol is the structure storing the parameters for the collective rotation-keys generation.
func NewRTGProtocol ¶
func NewRTGProtocol(params rlwe.Parameters) *RTGProtocol
NewRTGProtocol creates a RTGProtocol instance.
func (*RTGProtocol) AggregateShares ¶
func (rtg *RTGProtocol) AggregateShares(share1, share2, shareOut *RTGShare)
AggregateShares aggregates two share in the Rotation Key Generation protocol.
func (*RTGProtocol) AllocateShare ¶
func (rtg *RTGProtocol) AllocateShare() (rtgShare *RTGShare)
AllocateShare allocates a party's share in the RTG protocol.
func (*RTGProtocol) GenRotationKey ¶
func (rtg *RTGProtocol) GenRotationKey(share *RTGShare, crp RTGCRP, rotKey *rlwe.SwitchingKey)
GenRotationKey finalizes the RTG protocol and populates the input RotationKey with the computed collective SwitchingKey.
func (*RTGProtocol) SampleCRP ¶
func (rtg *RTGProtocol) SampleCRP(crs CRS) RTGCRP
SampleCRP samples a common random polynomial to be used in the RTG protocol from the provided common reference string.
func (*RTGProtocol) ShallowCopy ¶
func (rtg *RTGProtocol) ShallowCopy() *RTGProtocol
ShallowCopy creates a shallow copy of RTGProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned RTGProtocol can be used concurrently.
type RTGShare ¶
type RTGShare struct {
}RTGShare is represent a Party's share in the RTG protocol.
func (*RTGShare) MarshalBinary ¶
MarshalBinary encode the target element on a slice of byte.
func (*RTGShare) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes on the target element.
type ShamirPolynomial ¶
ShamirPolynomial represents a polynomial with ringqp.Poly coefficients. It is used by the Thresholdizer type to produce t-out-of-N-threshold shares of an ringqp.Poly.
See Thresholdizer type.
type ShamirPublicPoint ¶
type ShamirPublicPoint uint64
ShamirPublicPoint is a type for Shamir public point associated with a party identity within the t-out-of-N-threshold scheme.
See Thresholdizer and Combiner types.
type ShamirSecretShare ¶
type ShamirSecretShare struct {
}ShamirSecretShare represents a t-out-of-N-threshold secret-share.
See Thresholdizer and Combiner types.
func (*ShamirSecretShare) MarshalBinary ¶
func (s *ShamirSecretShare) MarshalBinary() ([]byte, error)
func (*ShamirSecretShare) UnmarshalBinary ¶
func (s *ShamirSecretShare) UnmarshalBinary(b []byte) error
type Thresholdizer ¶
type Thresholdizer struct {
// contains filtered or unexported fields
}
Thresholdizer is a type for generating secret-shares of ringqp.Poly types such that the resulting sharing has a t-out-of-N-threshold access-structure. It implements the `Thresholdize` operation as presented in "An Efficient Threshold Access-Structure for RLWE-Based Multiparty Homomorphic Encryption" (2022) by Mouchet, C., Bertrand, E., and Hubaux, J. P. (https://eprint.iacr.org/2022/780).
See the `drlwe` package README.md.
func NewThresholdizer ¶
func NewThresholdizer(params rlwe.Parameters) *Thresholdizer
NewThresholdizer creates a new Thresholdizer instance from parameters.
func (*Thresholdizer) AggregateShares ¶
func (thr *Thresholdizer) AggregateShares(share1, share2, outShare *ShamirSecretShare)
AggregateShares aggregates two ShamirSecretShare and stores the result in outShare.
func (*Thresholdizer) AllocateThresholdSecretShare ¶
func (thr *Thresholdizer) AllocateThresholdSecretShare() *ShamirSecretShare
AllocateThresholdSecretShare allocates a ShamirSecretShare struct.
func (*Thresholdizer) GenShamirPolynomial ¶
func (thr *Thresholdizer) GenShamirPolynomial(threshold int, secret *rlwe.SecretKey) (*ShamirPolynomial, error)
GenShamirPolynomial generates a new secret ShamirPolynomial to be used in the Thresholdizer.GenShamirSecretShare method. It does so by sampling a random polynomial of degree threshold - 1 and with its constant term equal to secret.
func (*Thresholdizer) GenShamirSecretShare ¶
func (thr *Thresholdizer) GenShamirSecretShare(recipient ShamirPublicPoint, secretPoly *ShamirPolynomial, shareOut *ShamirSecretShare)
GenShamirSecretShare generates a secret share for the given recipient, identified by its ShamirPublicPoint. The result is stored in ShareOut and should be sent to this party.