rlwe

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2024 License: Apache-2.0, BSD-3-Clause, ISC, + 1 more Imports: 15 Imported by: 0

README

References

  1. Somewhat Practical Fully Homomorphic Encryption (https://eprint.iacr.org/2012/144)
  2. Fully Homomorphic Encryption without Bootstrapping (https://eprint.iacr.org/2011/277)
  3. Efficient Homomorphic Conversion Between (Ring) LWE Ciphertexts (https://eprint.iacr.org/2020/015)
  4. HERMES: Efficient Ring Packing using MLWE Ciphertexts and Application to Transciphering (https://eprint.iacr.org/2023/1244)

Documentation

Overview

Package rlwe implements the generic cryptographic functionalities and operations that are common to R-LWE schemes. The other implemented schemes extend this package with their specific operations and structures.

Index

Constants

View Source 
const (

	// Unsigned: unsigned digit decomposition, Var[X] = 2^{w}/12, E[X] = 2^{w-1}
	// Fastest decomposition, but greatest error.
	Unsigned = DigitDecompositionType(1)

	// Signed: signed digit decomposition, Var[X] = 2^{w}/12, E[X] = -0.5
	// Sligthly slower than unsigned (up to 15%), close to optimal error.
	Signed = DigitDecompositionType(2)

	// SignedBalanced: signed balanced digit decomposition, Var[X] = (2^{w}+0.25)/12, E[X] = 0
	// Much slower than unsigned (up to 50%), but optimal error.
	SignedBalanced = DigitDecompositionType(3)
)
View Source 
const (
	// XsUniformTernary is the standard deviation of a ternary key with uniform distribution
	XsUniformTernary = 0.816496580927726 //Sqrt(2/3)

	// DefaultNoise is the default standard deviation of the error
	DefaultNoise = 3.2

	// DefaultNoiseBound is the default bound (in number of standard deviation) of the noise bound
	DefaultNoiseBound = 19.2 // 6*3.2
)
View Source 
const GaloisGen uint64 = ring.GaloisGen

GaloisGen is an integer of order N=2^d modulo M=2N and that spans Z_M with the integer -1. The j-th ring automorphism takes the root zeta to zeta^(5j).

View Source 
const MaxLogN = 20

MaxLogN is the log2 of the largest supported polynomial modulus degree.

View Source 
const MaxModuliSize = 60

MaxModuliSize is the largest bit-length supported for the moduli in the RNS representation.

View Source 
const MinLogN = 4

MinLogN is the log2 of the smallest supported polynomial modulus degree (needed to ensure the NTT correctness).

View Source 
const (
	// ScalePrecision is the default precision of the scale.
	ScalePrecision = uint(128)
)

Variables

View Source 
var DefaultXe = ring.DiscreteGaussian{Sigma: DefaultNoise, Bound: DefaultNoiseBound}

DefaultXe is the default discrete Gaussian distribution.

View Source 
var DefaultXs = ring.Ternary{P: 2 / 3.0}
View Source 
var (
	// ExampleParameterLogN14LogQP438 is an example parameters set with logN=14 and logQP=438
	// offering 128-bit of security.
	ExampleParametersLogN14LogQP438 = ParametersLiteral{
		LogN:    14,
		Q:       []uint64{0x200000440001, 0x7fff80001, 0x800280001, 0x7ffd80001, 0x7ffc80001},
		P:       []uint64{0x3ffffffb80001, 0x4000000800001},
		NTTFlag: true,
	}
)
View Source 
var ScalePrecisionLog10 = int(math.Ceil(float64(ScalePrecision) / math.Log2(10)))

Functions

func AddPlaintextToMatrix 

func AddPlaintextToMatrix(rQ, rP ring.RNSRing, pt, buff ring.RNSPoly, ct ring.Matrix, dd DigitDecomposition) (err error)

AddPlaintextToMatrix takes a plaintext polynomial and adds the plaintext times the gadget decomposition matrix to the matrix ct.

func CheckModuli 

func CheckModuli(q, p []uint64) error

CheckModuli checks that the provided q and p correspond to a valid moduli chain.

func GaloisElementsForInnerSum 

func GaloisElementsForInnerSum(params ParameterProvider, batch, n int) (galEls []uint64)

GaloisElementsForInnerSum returns the list of Galois elements necessary to apply the method `InnerSum` operation with parameters `batch` and `n`.

func GaloisElementsForReplicate 

func GaloisElementsForReplicate(params ParameterProvider, batch, n int) (galEls []uint64)

GaloisElementsForReplicate returns the list of Galois elements necessary to perform the `Replicate` operation with parameters `batch` and `n`.

func GaloisElementsForTrace 

func GaloisElementsForTrace(params ParameterProvider, logN int) (galEls []uint64)

GaloisElementsForTrace returns the list of Galois elements requored for the for the `Trace` operation. Trace maps X -> sum((-1)^i * X^{i*n+1}) for 2^{LogN} <= i < N.

func GenModuli 

func GenModuli(LogN, LogNthRoot int, logQ, logP []int, have map[uint64]bool) (q, p []uint64, err error)

GenModuli generates a valid moduli chain from the provided moduli sizes.

func NTTSparseAndMontgomery 

func NTTSparseAndMontgomery(r ring.RNSRing, metadata *MetaData, pol ring.RNSPoly)

NTTSparseAndMontgomery takes a polynomial Z[Y] outside of the NTT domain and maps it to a polynomial Z[X] in the NTT domain where Y = X^(gap). This method is used to accelerate the NTT of polynomials that encode sparse polynomials.

func NoiseCiphertext 

func NoiseCiphertext(ct *Ciphertext, pt *Plaintext, sk *SecretKey, params Parameters) (noise float64)

NoiseCiphertext returns the log2 of the standard deviation of the input ciphertext with respect to the given secret-key and parameters. Function expects: - ct and pt NTT domain to match - pt to not be in the Montgomery domain

func NoiseEvaluationKey 

func NoiseEvaluationKey(evk *EvaluationKey, skIn, skOut *SecretKey, params Parameters) float64

NoiseEvaluationKey the log2 of the standard deviation of the noise of the input Galois key key with respect to the given secret-key and parameters.

func NoiseGadgetCiphertext 

func NoiseGadgetCiphertext(gct *GadgetCiphertext, pt ring.RNSPoly, sk *SecretKey, params Parameters) float64

NoiseGadgetCiphertext returns the log2 of the standard deviation of the noise of the input gadget ciphertext with respect to the given plaintext, secret-key and parameters. The polynomial pt is expected to be in the NTT and Montgomery domain.

func NoiseGaloisKey 

func NoiseGaloisKey(gk *GaloisKey, sk *SecretKey, params Parameters) float64

NoiseGaloisKey the log2 of the standard deviation of the noise of the input Galois key key with respect to the given secret-key and parameters.

func NoisePublicKey 

func NoisePublicKey(pk *PublicKey, sk *SecretKey, params Parameters) (noise float64)

NoisePublicKey returns the log2 of the standard deviation of the input public-key with respect to the given secret-key and parameters.

func NoiseRelinearizationKey 

func NoiseRelinearizationKey(rlk *RelinearizationKey, sk *SecretKey, params Parameters) float64

NoiseRelinearizationKey the log2 of the standard deviation of the noise of the input relinearization key with respect to the given secret-key and parameters.

func Norm 

func Norm(ct *Ciphertext, dec *Decryptor) (std, min, max float64)

Norm returns the log2 of the standard deviation, minimum and maximum absolute norm of the decrypted Ciphertext, before the decoding (i.e. including the error).

func NormStats 

func NormStats(vec []big.Int) (float64, float64, float64)

Types

type Ciphertext 

type Ciphertext struct {
	*MetaData
	*ring.Vector
}

Ciphertext is wrapper around an rlwe.Vector.

func GetSmallestLargest 

func GetSmallestLargest(el0, el1 *Ciphertext) (smallest, largest *Ciphertext, sameDegree bool)

GetSmallestLargest returns the provided element that has the smallest degree as a first returned value and the largest degree as second return value. If the degree match, the order is the same as for the input.

func NewCiphertext 

func NewCiphertext(params ParameterProvider, Degree, LevelQ, LevelP int) (ct *Ciphertext)

NewCiphertext returns a new Ciphertext with zero values. The field rlwe.Metadata is initialized with the IsNTT flag set to parameters default NTT domain (see rlwe.Parameters).

func NewCiphertextAtLevelFromPoly 

func NewCiphertextAtLevelFromPoly(LevelQ, LevelP int, pQ, pP []ring.RNSPoly) (*Ciphertext, error)

NewCiphertextAtLevelFromPoly returns an instance of a Ciphertext at a specific level where the message is set to the passed poly. No checks are performed on poly and the returned Ciphertext will share its backing array of coefficients. Returned Ciphertext's MetaData is allocated but empty.

func (*Ciphertext) AsCiphertext 

func (ct *Ciphertext) AsCiphertext() *Ciphertext

AsCiphertext wraps the receiver into an rlwe.Ciphertext.

func (*Ciphertext) AsPlaintext 

func (ct *Ciphertext) AsPlaintext() *Plaintext

AsPlaintext wraps the receiver into an rlwe.Plaintext.

func (*Ciphertext) AsVector 

func (ct *Ciphertext) AsVector() *ring.Vector

AsVector wraps the receiver into an rlwe.Vector.

func (*Ciphertext) BinarySize 

func (ct *Ciphertext) BinarySize() (size int)

BinarySize returns the serialized size of the object in bytes.

func (*Ciphertext) BufferSize 

func (ct *Ciphertext) BufferSize(params ParameterProvider, Degree, LevelQ, LevelP int) int

BufferSize returns the minimum buffer size to instantiate the receiver through [FromBuffer].

func (*Ciphertext) Clone 

func (ct *Ciphertext) Clone() *Ciphertext

Clone returns a deep copy of the receiver.

func (*Ciphertext) ConcatPtoQ 

func (ct *Ciphertext) ConcatPtoQ(n int) *Ciphertext

ConcatPtoQ returns an instance of the receiver where the modulus Q is increased to Q[:] + P[:n] and the modulus P reduced to P[n:]. n must be a positive integer 0 <= n <= ct.LevelP()+1.

func (*Ciphertext) ConcatQtoP 

func (ct *Ciphertext) ConcatQtoP(n int) *Ciphertext

ConcatQtoP returns an instance of the receiver where the modulus Q is reduced to Q[:n] and the modulus P increased to Q[n:] + P[:]. n must be a positive integer 0 <= n < ct.LevelQ()+1.

func (*Ciphertext) Copy 

func (ct *Ciphertext) Copy(other *Ciphertext)

Copy copies the input element and its parameters on the receiver.

func (*Ciphertext) Degree 

func (ct *Ciphertext) Degree() int

Degree returns the degree of the receiver.

func (*Ciphertext) Equal 

func (ct *Ciphertext) Equal(other *Ciphertext) bool

Equal performs a deep equal.

func (*Ciphertext) FromBuffer 

func (ct *Ciphertext) FromBuffer(params ParameterProvider, Degree, LevelQ, LevelP int, buf []uint64)

FromBuffer assigns new backing array to the receiver. Method panics if len(buf) is too small. Minimum backing array size can be obtained with [BufferSize].

func (*Ciphertext) MarshalBinary 

func (ct *Ciphertext) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*Ciphertext) Randomize 

func (ct *Ciphertext) Randomize(params ParameterProvider, source *sampling.Source)

Randomize populates the receiver with uniform random coefficients.

func (*Ciphertext) ReadFrom 

func (ct *Ciphertext) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (*Ciphertext) ResizeDegree 

func (ct *Ciphertext) ResizeDegree(degree int)

ResizeDegree resize the degree of the receiver to the given degree.

func (*Ciphertext) SwitchRingDegree 

func (ct *Ciphertext) SwitchRingDegree(rQ, rP ring.RNSRing, buff []uint64, ctOut *Ciphertext)

func (*Ciphertext) UnmarshalBinary 

func (ct *Ciphertext) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (*Ciphertext) WriteTo 

func (ct *Ciphertext) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

type CiphertextWrapper 

type CiphertextWrapper interface {
	AsCiphertext() *Ciphertext
}

type CompressionInfos 

type CompressionInfos struct {
	Qi   structs.Vector[uint64]
	Pi   structs.Vector[uint64]
	Seed [32]byte
}

CompressionInfos is a struct storing information to be able to reconstruct public random polynomial from a seed. rlwe.Ciphertext or rlwe.GadgetCiphertext with compression infos have a serialization size that is half of their usual size.

func (CompressionInfos) BinarySize 

func (c CompressionInfos) BinarySize() (size int)

BinarySize returns the serialized size of the object in bytes.

func (CompressionInfos) MarshalBinary 

func (c CompressionInfos) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*CompressionInfos) ReadFrom 

func (c *CompressionInfos) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (*CompressionInfos) UnmarshalBinary 

func (c *CompressionInfos) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (CompressionInfos) WriteTo 

func (c CompressionInfos) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

type Decryptor 

type Decryptor struct {
	// contains filtered or unexported fields
}

Decryptor is a structure used to decrypt rlwe.Ciphertext. It stores the secret-key.

func NewDecryptor 

func NewDecryptor(params ParameterProvider, sk *SecretKey) *Decryptor

NewDecryptor instantiates a new rlwe.Decryptor.

func (Decryptor) Decrypt 

func (d Decryptor) Decrypt(ct *Ciphertext, pt *Plaintext)

Decrypt decrypts an rlwe.Ciphertext and writes the result on an rlwe.Plaintext. The level of the output plaintext is min(ct.Level(), pt.Level()). Output plaintext rlwe.MetaData will match the input ciphertext rlwe.MetaData.

func (Decryptor) DecryptNew 

func (d Decryptor) DecryptNew(ct *Ciphertext) (pt *Plaintext)

DecryptNew decrypts an rlwe.Ciphertext and returns the result in a new rlwe.Plaintext. Output plaintext rlwe.MetaData will match the input ciphertext rlwe.MetaData.

func (Decryptor) GetRLWEParameters 

func (d Decryptor) GetRLWEParameters() *Parameters

GetRLWEParameters returns the underlying rlwe.Parameters of the receiver..

func (Decryptor) ShallowCopy 

func (d Decryptor) ShallowCopy() *Decryptor

ShallowCopy creates a shallow copy of the receiver in which all the read-only data- structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned object can be used concurrently.

func (Decryptor) WithKey 

func (d Decryptor) WithKey(sk *SecretKey) *Decryptor

WithKey returns an instance of the receiver with a new decryption key. The returned object cannot be used concurrently with the receiver.

type DigitDecomposition 

type DigitDecomposition struct {
	Type      DigitDecompositionType
	Log2Basis int
}

DigitDecomposition is a struct that stores the parameters for the digit decomposition.

func ResolveEvaluationKeyParameters 

func ResolveEvaluationKeyParameters(params ParameterProvider, evkParams []EvaluationKeyParameters) (int, int, DigitDecomposition)

func (DigitDecomposition) ToString 

func (dd DigitDecomposition) ToString() string

type DigitDecompositionType 

type DigitDecompositionType int

DigitDecompositionType defines the type of the digit decomposition.

type Distribution 

type Distribution struct {
	ring.DistributionParameters
	Std      float64
	AbsBound float64
}

func NewDistribution 

func NewDistribution(params ring.DistributionParameters, logN int) (d Distribution)

type DistributionLiteral 

type DistributionLiteral interface{}

type Element 

type Element interface {
	N() int
	LogN() int
	Degree() int
	Level() int
	LevelQ() int
	LevelP() int
	AsPoint() *ring.Point
	AsVector() *ring.Vector
	AsPlaintext() *Plaintext
	AsCiphertext() *Ciphertext
}

type EncryptionKey 

type EncryptionKey interface {
	// contains filtered or unexported methods
}

EncryptionKey is an interface for encryption keys. Valid encryption keys are rlwe.SecretKey and rlwe.Publickey types.

type Encryptor 

type Encryptor struct {
	*EncryptorBuffers
	// contains filtered or unexported fields
}

Encryptor is a struct dedicated to encrypting - rlwe.Ciphertext - rlwe.GadgetCiphertext

func NewEncryptor 

func NewEncryptor(params ParameterProvider, key EncryptionKey) *Encryptor

NewEncryptor creates a new rlwe.Encryptor from either an rlwe.EncryptionKey.

func (Encryptor) Encrypt 

func (enc Encryptor) Encrypt(pt *Plaintext, ct interface{}) (err error)

Encrypt encrypts the input rlwe.Plaintext using the stored encryption key and writes the result on ct.

The following types are accepted for ct:

- rlwe.Ciphertext - rlwe.GadgetCiphertext

Plaintext informations:

- If no rlwe.Plaintext is given (nil pointer), the method will produce an encryption of zero. - If an rlwe.Plaintext is given, then the output ciphertext rlwe.MetaData will match the plaintext rlwe.MetaData.

The encryption procedure masks the plaintext by adding a fresh encryption of zero. The encryption procedure depends on the parameters: If an auxiliary modulus P is defined and the encryption key is an rlwe.PublicKey, the encryption of zero is sampled in QP before being rescaled by P; otherwise, it is directly sampled in Q.

The method returns an error if:

- The ciphertext is of an unsupported type - No encryption key is stored - The input ciphertext is of degree 0 and the encryption key is an rlwe.PublicKey

func (Encryptor) EncryptZero 

func (enc Encryptor) EncryptZero(ct interface{}) (err error)

EncryptZero generates an encryption of zero under the stored encryption key and writes the result on ct. The method returns an error if no encryption key is stored in the Encryptor.

The encryption procedure depends on the parameters: - If the auxiliary modulus P is defined, the encryption of zero is sampled in QP before being rescaled by P; - otherwise, it is directly sampled in Q. The zero encryption is generated according to the given Element MetaData.

func (Encryptor) GetRLWEParameters 

func (enc Encryptor) GetRLWEParameters() *Parameters

GetRLWEParameters returns the underlying rlwe.Parameters of the receiver.

func (Encryptor) KeySwitch 

func (enc Encryptor) KeySwitch(key *SecretKey, eFlood float64, ct *Ciphertext) (err error)

KeySwitch decrypts the ciphertext using the provided key and re-encrypts is using the encryptor's key and adds a flooding noise with standard deviation eFlood.

Method will return an error if the input ciphertext is not of degree 1.

Re-encryption is performed as follow: - sk -> sk : (c0, c1) -> (c0, 0) + (c1*(sIn-sOut) + eFlood, c1) - sk -> pk : (c0, c1) -> (c0, 0) + (c1*sIn + pk[0]*u + e + eFlood, pk[1]*u + e') - sk -> nil: (c0, c1) -> (c0, 0) + (c1*sIn + eFlood, 0)

func (Encryptor) ShallowCopy 

func (enc Encryptor) ShallowCopy() *Encryptor

ShallowCopy creates a shallow copy of the receiver in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned object can be used concurrently.

func (Encryptor) WithKey 

func (enc Encryptor) WithKey(key EncryptionKey) *Encryptor

WithKey returns an instance of the receiver with a new rlwe.EncryptionKey.

func (*Encryptor) WithSeededPublicRandomness 

func (enc *Encryptor) WithSeededPublicRandomness(seed [32]byte) *Encryptor

WithSeededPublicRandomness returns an instance of the receiver were Xa - Xu: public randomness when encrypting with rlwe.SecretKey is seeded with the provided seed.

func (*Encryptor) WithSeededSecretRandomness 

func (enc *Encryptor) WithSeededSecretRandomness(seed [32]byte) *Encryptor

WithSeededSecretRandomness returns an instance of the receiver were the secre randomness: - Xe: noise when encrypting with rlwe.SecretKey or rlwe.PublicKey - Xu: small vector when encrypting with rlwe.PublicKey are seeded with a seed derived from the provided seed.

type EncryptorBuffers 

type EncryptorBuffers struct {
	BuffQ [3]ring.RNSPoly
	BuffP [4]ring.RNSPoly
}

EncryptorBuffers is a struct storing the read and write buffers of an encryptor.

type EvaluationKey 

type EvaluationKey struct {
	GadgetCiphertext
}

EvaluationKey is a public key indented to be used during the evaluation phase of a homomorphic circuit. It provides a one way public and non-interactive re-encryption from a ciphertext encrypted under `skIn` to a ciphertext encrypted under `skOut`.

Such re-encryption is for example used for:

  • Homomorphic relinearization: re-encryption of a quadratic ciphertext (that requires (1, sk sk^2) to be decrypted) to a linear ciphertext (that required (1, sk) to be decrypted). In this case skIn = sk^2 an skOut = sk.
  • Homomorphic automorphisms: an automorphism in the ring Z[X]/(X^{N}+1) is defined as pi_k: X^{i} -> X^{i^k} with k coprime to 2N. Pi_sk is for exampled used during homomorphic slot rotations. Applying pi_k to a ciphertext encrypted under sk generates a new ciphertext encrypted under pi_k(sk), and an Evaluationkey skIn = pi_k(sk) to skOut = sk is used to bring it back to its original key.

func NewEvaluationKey 

func NewEvaluationKey(params ParameterProvider, evkParams ...EvaluationKeyParameters) (evk *EvaluationKey)

NewEvaluationKey returns a new EvaluationKey with pre-allocated zero-value.

func (*EvaluationKey) BufferSize 

func (evk *EvaluationKey) BufferSize(params ParameterProvider, evkParams ...EvaluationKeyParameters) int

BufferSize returns the minimum buffer size to instantiate the receiver through [FromBuffer].

func (EvaluationKey) Clone 

func (evk EvaluationKey) Clone() *EvaluationKey

Clone creates a deep copy of the target EvaluationKey and returns it.

func (EvaluationKey) Equal 

func (evk EvaluationKey) Equal(other *EvaluationKey) bool

Equal performs a deep equal.

func (*EvaluationKey) FromBuffer 

func (evk *EvaluationKey) FromBuffer(params ParameterProvider, buf []uint64, evkParams ...EvaluationKeyParameters)

FromBuffer assigns new backing array to the receiver. Method panics if len(buf) is too small. Minimum backing array size can be obtained with [BufferSize].

type EvaluationKeyParameters 

type EvaluationKeyParameters struct {
	LevelQ *int
	LevelP *int
	DigitDecomposition
}

type EvaluationKeySet 

type EvaluationKeySet interface {

	// GetGaloisKey retrieves the Galois key for the automorphism X^{i} -> X^{i*galEl}.
	GetGaloisKey(galEl uint64) (evk *GaloisKey, err error)

	// GetGaloisKeysList returns the list of all the Galois elements
	// for which a Galois key exists in the object.
	GetGaloisKeysList() (galEls []uint64)

	// GetRelinearizationKey retrieves the RelinearizationKey.
	GetRelinearizationKey() (evk *RelinearizationKey, err error)
}

EvaluationKeySet is an interface implementing methods to load the RelinearizationKey and GaloisKeys in the Evaluator. Implementations of this interface must be safe for concurrent use.

type Evaluator 

type Evaluator struct {
	EvaluationKeySet
	*EvaluatorBuffers

	// RingP holds extended ringPs for level-aware gadget product.
	// i-th element of RingP corresponds to the coalescing factor i.
	RingP structs.Vector[ring.RNSRing]
	// Decomposers holds Decomposers for level-aware gadget product.
	// i-th element of Decomposers corresponds to the coalescing factor i.
	Decomposers structs.Vector[ring.Decomposer]
	// contains filtered or unexported fields
}

Evaluator is a struct that holds the necessary elements to execute general homomorphic operation on RLWE ciphertexts, such as automorphisms, key-switching and relinearization.

func NewEvaluator 

func NewEvaluator(params ParameterProvider, evk EvaluationKeySet) (eval *Evaluator)

NewEvaluator creates a new Evaluator.

func (Evaluator) ApplyEvaluationKey 

func (eval Evaluator) ApplyEvaluationKey(ctIn *Ciphertext, evk *EvaluationKey, opOut *Ciphertext) (err error)

ApplyEvaluationKey is a generic method to apply an EvaluationKey on a ciphertext. An EvaluationKey is a type of public key that is be used during the evaluation of a homomorphic circuit to provide additional functionalities, like relinearization or rotations.

In a nutshell, an Evaluationkey encrypts a secret skIn under a secret skOut and enables the public and non interactive re-encryption of any ciphertext encrypted under skIn to a new ciphertext encrypted under skOut.

The method will return an error if either ctIn or opOut degree isn't 1.

This method can also be used to switch a ciphertext to one with a different ring degree. Note that the parameters of the smaller ring degree must be the same or a subset of the moduli Q and P of the one for the larger ring degree.

To do so, it must be provided with the appropriate EvaluationKey, and have the operands matching the target ring degrees.

To switch a ciphertext to a smaller ring degree:

  • ctIn ring degree must match the evaluator's ring degree.
  • opOut ring degree must match the smaller ring degree.
  • evk must have been generated using the key-generator of the large ring degree with as input large-key -> small-key.

To switch a ciphertext to a smaller ring degree:

  • ctIn ring degree must match the smaller ring degree.
  • opOut ring degree must match the evaluator's ring degree.
  • evk must have been generated using the key-generator of the large ring degree with as input small-key -> large-key.

func (Evaluator) Automorphism 

func (eval Evaluator) Automorphism(ctIn *Ciphertext, galEl uint64, opOut *Ciphertext) (err error)

Automorphism computes phi(ct), where phi is the map X -> X^galEl. The method requires that the corresponding RotationKey has been added to the Evaluator. The method will return an error if either ctIn or opOut degree is not equal to 1.

func (Evaluator) AutomorphismHoisted 

func (eval Evaluator) AutomorphismHoisted(ctIn *Ciphertext, buf HoistingBuffer, galEl uint64, opOut *Ciphertext) (err error)

AutomorphismHoisted is similar to Automorphism, except that it takes as input ctIn and c1DecompQP, where c1DecompQP is the RNS decomposition of its element of degree 1. This decomposition can be obtained with DecomposeNTT. The method requires that the corresponding RotationKey has been added to the Evaluator. The method will return an error if either ctIn or opOut degree is not equal to 1.

func (Evaluator) AutomorphismHoistedLazy 

func (eval Evaluator) AutomorphismHoistedLazy(LevelQ int, ctIn *Ciphertext, buf HoistingBuffer, galEl uint64, ctQP *Ciphertext) (err error)

AutomorphismHoistedLazy is similar to AutomorphismHoisted, except that it returns a ciphertext modulo QP and scaled by P. The method requires that the corresponding RotationKey has been added to the Evaluator. Accepts `ctIn` in NTT and outside of NTT domain, but `ctQP` is always returned in the NTT domain.

func (Evaluator) AutomorphismIndex 

func (eval Evaluator) AutomorphismIndex(galEl uint64) []uint64

func (Evaluator) CheckAndGetGaloisKey 

func (eval Evaluator) CheckAndGetGaloisKey(galEl uint64) (evk *GaloisKey, err error)

CheckAndGetGaloisKey returns an error if the GaloisKey for the given Galois element is missing or the EvaluationKey interface is nil.

func (Evaluator) CheckAndGetRelinearizationKey 

func (eval Evaluator) CheckAndGetRelinearizationKey() (evk *RelinearizationKey, err error)

CheckAndGetRelinearizationKey returns an error if the RelinearizationKey is missing or the EvaluationKey interface is nil.

func (Evaluator) DecomposeSingleNTT 

func (eval Evaluator) DecomposeSingleNTT(LevelQ, LevelP, BaseRNSDecompositionVectorSize int, c2NTT, c2InvNTT, c2QiQ, c2QiP ring.RNSPoly)

DecomposeSingleNTT takes the input polynomial c2 (c2NTT and c2InvNTT, respectively in the NTT and out of the NTT domain) modulo the RNS basis, and returns the result on c2QiQ and c2QiP, the receiver polynomials respectively mod Q and mod P (in the NTT domain)

func (Evaluator) FillHoistingBuffer 

func (eval Evaluator) FillHoistingBuffer(LevelQ, LevelP int, cx ring.RNSPoly, cxIsNTT bool, buf HoistingBuffer)

FillHoistingBuffer fills HoistingBuffer with the decomposition of cx. Values in HoistingBuffer are in the NTT domain.

func (Evaluator) GadgetProduct 

func (eval Evaluator) GadgetProduct(LevelQ int, cx ring.RNSPoly, cxIsNTT bool, gadgetCt *GadgetCiphertext, ct *Ciphertext)

GadgetProduct evaluates poly x Gadget -> RLWE where

ct = [<decomp(cx), gadget[0]>, <decomp(cx), gadget[1]>] mod Q

func (Evaluator) GadgetProductHoisted 

func (eval Evaluator) GadgetProductHoisted(LevelQ int, buf HoistingBuffer, gadgetCt *GadgetCiphertext, ct *Ciphertext)

GadgetProductHoisted applies the key-switch to the decomposed polynomial c2 mod QP (HoistingBuffer) divides the result by P, reducing the basis from QP to Q, and stores the result in ct.

ct = [<HoistingBuffer, gadget[0]>, <HoistingBuffer, gadget[1]>] mod Q

HoistingBuffer is expected to be in the NTT domain.

Result NTT domain is returned according to the NTT flag of ct.

func (Evaluator) GadgetProductHoistedLazy 

func (eval Evaluator) GadgetProductHoistedLazy(LevelQ int, overwrite bool, buf HoistingBuffer, gadgetCt *GadgetCiphertext, ct *Ciphertext) (err error)

GadgetProductHoistedLazy applies the gadget product to the decomposed polynomial c2 mod QP (BuffQPDecompQP)

(c0, c1) = dot(BuffQPDecompQ * gadgetCt[0]) mod QP BuffQP3 = dot(BuffQPDecompQ * gadgetCt[1]) mod QP

BuffQPDecompQP is expected to be in the NTT domain.

Result is always written (overwrite = true) / added (overwrite = false) on ct in the NTT domain, regardless of the NTT flag of ct.

func (Evaluator) GadgetProductLazy 

func (eval Evaluator) GadgetProductLazy(LevelQ int, overwrite bool, cx ring.RNSPoly, cxIsNTT bool, gadgetCt *GadgetCiphertext, ct *Ciphertext) (err error)

GadgetProductLazy evaluates poly x Gadget -> RLWE where

ct = [<decomp(cx), gadget[0]>, <decomp(cx), gadget[1]>] mod QP

Result is always written (overwrite = true) / added (overwrite = false) on ct in the NTT domain, regardless of the NTT flag of ct.

func (Evaluator) GetBuffCt 

func (eval Evaluator) GetBuffCt() *Ciphertext

func (Evaluator) GetBuffP 

func (eval Evaluator) GetBuffP() [6]ring.RNSPoly

func (Evaluator) GetBuffQ 

func (eval Evaluator) GetBuffQ() [6]ring.RNSPoly

func (Evaluator) GetEvaluatorBuffer 

func (eval Evaluator) GetEvaluatorBuffer() *EvaluatorBuffers

func (*Evaluator) GetRLWEParameters 

func (eval *Evaluator) GetRLWEParameters() *Parameters

func (Evaluator) InitOutputBinaryOp 

func (eval Evaluator) InitOutputBinaryOp(op0, op1 *Ciphertext, opInTotalMaxDegree int, opOut *Ciphertext) (degree, level int, err error)

InitOutputBinaryOp initializes the output Ciphertext opOut for receiving the result of a binary operation over op0 and op1. The method also performs the following checks:

1. Inputs are not nil 2. MetaData are not nil 3. op0.Degree() + op1.Degree() != 0 (i.e at least one Ciphertext is a ciphertext) 4. op0.IsNTT == op1.IsNTT == DefaultNTTFlag 5. op0.IsBatched == op1.IsBatched

The opOut metadata are initilized as: IsNTT <- DefaultNTTFlag IsBatched <- op0.IsBatched LogDimensions <- max(op0.LogDimensions, op1.LogDimensions)

The method returns max(op0.Degree(), op1.Degree(), opOut.Degree()) and min(op0.Level(), op1.Level(), opOut.Level())

func (Evaluator) InitOutputUnaryOp 

func (eval Evaluator) InitOutputUnaryOp(op0, opOut *Ciphertext) (degree, level int, err error)

InitOutputUnaryOp initializes the output Ciphertext opOut for receiving the result of a unary operation over op0. The method also performs the following checks:

1. Input and output are not nil 2. Inoutp and output Metadata are not nil 2. op0.IsNTT == DefaultNTTFlag

The method will also update the metadata of opOut:

IsNTT <- NTTFlag IsBatched <- op0.IsBatched LogDimensions <- op0.LogDimensions

The method returns max(op0.Degree(), opOut.Degree()) and min(op0.Level(), opOut.Level()).

func (Evaluator) InnerFunction 

func (eval Evaluator) InnerFunction(ctIn []Ciphertext, batchSize, n int, f func(a, b, c []Ciphertext) (err error), opOut []Ciphertext) (err error)

InnerFunction applies an user defined function on the Ciphertext with a tree-like combination requiring log2(n) + HW(n) rotations.

InnerFunction with f = eval.Add(a, b, c) is equivalent to InnerSum (although slightly slower).

The operation assumes that `ctIn` encrypts Slots/`batchSize` sub-vectors of size `batchSize` and will add them together (in parallel) in groups of `n`. It outputs in opOut a Ciphertext for which the "leftmost" sub-vector of each group is equal to the pair-wise recursive evaluation of function over the group.

The inner function is computed in a tree fashion. Example for batchSize=2 & n=4 (garbage slots are marked by 'x'):

1) [{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}]

  1. [{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}] f [{c, d}, {e, f}, {g, h}, {x, x}, {c, d}, {e, f}, {g, h}, {x, x}] (rotate batchSize * 2^{0}) = [{f(a, c), f(b, d)}, {f(c, e), f(d, f)}, {f(e, g), f(f, h)}, {x, x}, {f(a, c), f(b, d)}, {f(c, e), f(d, f)}, {f(e, g), f(f, h)}, {x, x}]

  2. [{f(a, c), f(b, d)}, {x, x}, {f(e, g), f(f, h)}, {x, x}, {f(a, c), f(b, d)}, {x, x}, {f(e, g), f(f, h)}, {x, x}] (rotate batchSize * 2^{1}) + [{f(e, g), f(f, h)}, {x, x}, {x, x}, {x, x}, {f(e, g), f(f, h)}, {x, x}, {x, x}, {x, x}] = = [{f(f(a,c),f(e,g)), f(f(b, d), f(f, h))}, {x, x}, {x, x}, {x, x}, {f(f(a,c),f(e,g)), f(f(b, d), f(f, h))}, {x, x}, {x, x}, {x, x}]

func (Evaluator) InnerSum 

func (eval Evaluator) InnerSum(ctIn *Ciphertext, batchSize, n int, buf HoistingBuffer, opOut *Ciphertext) (err error)

InnerSum applies an optimized inner sum on the Element (log2(n) + HW(n) rotations with double hoisting). The operation assumes that `ctIn` encrypts Slots/`batchSize` sub-vectors of size `batchSize` and will add them together (in parallel) in groups of `n`. It outputs in opOut a Element for which the "leftmost" sub-vector of each group is equal to the sum of the group.

The inner sum is computed in a tree fashion. Example for batchSize=2 & n=4 (garbage slots are marked by 'x'):

1) [{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}]

  1. [{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}] + [{c, d}, {e, f}, {g, h}, {x, x}, {c, d}, {e, f}, {g, h}, {x, x}] (rotate batchSize * 2^{0}) = [{a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}, {a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}]

  2. [{a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}, {a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}] (rotate batchSize * 2^{1}) + [{e+g, f+h}, {x, x}, {x, x}, {x, x}, {e+g, f+h}, {x, x}, {x, x}, {x, x}] = = [{a+c+e+g, b+d+f+h}, {x, x}, {x, x}, {x, x}, {a+c+e+g, b+d+f+h}, {x, x}, {x, x}, {x, x}]

func (Evaluator) ModDown 

func (eval Evaluator) ModDown(LevelQ, LevelP int, elQP, elQ *Ciphertext)

ModDown takes elQP (mod QP) and returns elQ = (elQP/P) (mod Q).

func (Evaluator) ModDownNTT 

func (eval Evaluator) ModDownNTT(LevelQ, LevelP int, p1Q, p1P, p2Q ring.RNSPoly)

func (Evaluator) NewHoistingBuffer 

func (eval Evaluator) NewHoistingBuffer(LevelQ, LevelP int) (buf HoistingBuffer)

func (Evaluator) PrecomputeLevelAware 

func (eval Evaluator) PrecomputeLevelAware(LevelQ int, gadgetCt *GadgetCiphertext, buf []uint64) *GadgetCiphertext

PrecomputeLevelAware precomputes buffers for level-awrare gadget product. Does nothing if: 1. No auxiliary prime is used 2. gadgetCt uses digit decomposition on top of RNS decomposition 3. gadgetCt is not encrypted at the maximum level

func (Evaluator) Relinearize 

func (eval Evaluator) Relinearize(ctIn, opOut *Ciphertext) (err error)

Relinearize applies the relinearization procedure on ct0 and returns the result in opOut. Relinearization is a special procedure required to ensure ciphertext compactness. It takes as input a quadratic ciphertext, that decrypts with the key (1, sk, sk^2) and outputs a linear ciphertext that decrypts with the key (1, sk). In a nutshell, the relinearization re-encrypt the term that decrypts using sk^2 to one that decrypts using sk. The method will return an error if:

  • The input ciphertext degree isn't 2.
  • The corresponding relinearization key to the ciphertext degree

is missing.

func (Evaluator) RelinearizeInplace 

func (eval Evaluator) RelinearizeInplace(op *Ciphertext, c2 ring.RNSPoly) (err error)

func (Evaluator) Replicate 

func (eval Evaluator) Replicate(ctIn *Ciphertext, batchSize, n int, buf HoistingBuffer, opOut *Ciphertext) (err error)

Replicate applies an optimized replication on the Ciphertext (log2(n) + HW(n) rotations with double hoisting). It acts as the inverse of a inner sum (summing elements from left to right). The replication is parameterized by the size of the sub-vectors to replicate "batchSize" and the number of times 'n' they need to be replicated. To ensure correctness, a gap of zero values of size batchSize * (n-1) must exist between two consecutive sub-vectors to replicate. This method is faster than Replicate when the number of rotations is large and it uses log2(n) + HW(n) instead of 'n'.

func (Evaluator) ShallowCopy 

func (eval Evaluator) ShallowCopy() *Evaluator

ShallowCopy creates a shallow copy of this Evaluator in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned Evaluators can be used concurrently.

func (Evaluator) Trace 

func (eval Evaluator) Trace(ctIn *Ciphertext, logN int, opOut *Ciphertext) (err error)

Trace maps X -> sum((-1)^i * X^{i*n+1}) for n <= i < N Monomial X^k vanishes if k is not divisible by (N/n), otherwise it is multiplied by (N/n). Ciphertext is pre-multiplied by (N/n)^-1 to remove the (N/n) factor. Examples of full Trace for [0 + 1X + 2X^2 + 3X^3 + 4X^4 + 5X^5 + 6X^6 + 7X^7]

1. 

  [1 + 2X + 3X^2 + 4X^3 + 5X^4 + 6X^5 + 7X^6 + 8X^7]
+ [1 - 6X - 3X^2 + 8X^3 + 5X^4 + 2X^5 - 7X^6 - 4X^7]  {X-> X^(i * 5^1)}
= [2 - 4X + 0X^2 +12X^3 +10X^4 + 8X^5 - 0X^6 + 4X^7]

2. 

  [2 - 4X + 0X^2 +12X^3 +10X^4 + 8X^5 - 0X^6 + 4X^7]
+ [2 + 4X + 0X^2 -12X^3 +10X^4 - 8X^5 + 0X^6 - 4X^7]  {X-> X^(i * 5^2)}
= [4 + 0X + 0X^2 - 0X^3 +20X^4 + 0X^5 + 0X^6 - 0X^7]

3. 

  [4 + 0X + 0X^2 - 0X^3 +20X^4 + 0X^5 + 0X^6 - 0X^7]
+ [4 + 0X + 0X^2 - 0X^3 -20X^4 + 0X^5 + 0X^6 - 0X^7]  {X-> X^(i * -1)}
= [8 + 0X + 0X^2 - 0X^3 + 0X^4 + 0X^5 + 0X^6 - 0X^7]

The method will return an error if the input and output ciphertexts degree is not one.

func (Evaluator) WithKey 

func (eval Evaluator) WithKey(evk EvaluationKeySet) *Evaluator

WithKey creates a shallow copy of the receiver Evaluator for which the new EvaluationKey is evaluationKey and where the temporary buffers are shared. The receiver and the returned Evaluators cannot be used concurrently.

type EvaluatorBuffers 

type EvaluatorBuffers struct {
	BuffCt          *Ciphertext
	BuffQ           [6]ring.RNSPoly
	BuffP           [6]ring.RNSPoly
	BuffNTT         ring.RNSPoly    // Memory buffer for NTT(ct[1])
	BuffInvNTT      ring.RNSPoly    // Memory buffer for INTT(ct[1])
	BuffDigitDecomp [2][]uint64     // Memory buffer for digit decomposition
	BuffGadgetCt    []uint64        // Memroy buffer for coalesced gadget ciphertext
	BuffGadgetP     [2]ring.RNSPoly // Memory buffer for ciphertext auxiliary prime
	BuffGadgetQP    [2]ring.RNSPoly // Memory buffer for decomposed ciphertext
	BuffModDownQ    ring.RNSPoly
	BuffModDownP    ring.RNSPoly
}

func NewEvaluatorBuffers 

func NewEvaluatorBuffers(p Parameters) *EvaluatorBuffers

type GadgetCiphertext 

type GadgetCiphertext struct {
	*CompressionInfos
	DigitDecomposition
	structs.Vector[ring.Matrix]
	CoalescingFactor   int
	CoalescingConstant ring.RNSScalar
}

GadgetCiphertext is a struct for storing an encrypted plaintext times the gadget power matrix.

func NewGadgetCiphertext 

func NewGadgetCiphertext(params ParameterProvider, Degree, LevelQ, LevelP int, DD DigitDecomposition) (ct *GadgetCiphertext)

NewGadgetCiphertext returns a new Ciphertext key with pre-allocated zero-value. Ciphertext is always in the NTT domain. A GadgetCiphertext is created by default at degree 1 with the the maximum LevelQ and LevelP and with no base 2 decomposition. Give the optional GadgetCiphertextParameters struct to create a GadgetCiphertext with at a specific degree, LevelQ, LevelP and/or base 2 decomposition.

func (*GadgetCiphertext) At 

func (ct *GadgetCiphertext) At(i, j int) (el *Ciphertext)

At returns the rlwe.Ciphertext at position [i][j] in the receiver.

func (*GadgetCiphertext) BinarySize 

func (ct *GadgetCiphertext) BinarySize() (dataLen int)

BinarySize returns the serialized size of the object in bytes.

func (*GadgetCiphertext) BufferSize 

func (ct *GadgetCiphertext) BufferSize(params ParameterProvider, Degree, LevelQ, LevelP int, DD DigitDecomposition) (size int)

BufferSize returns the minimum buffer size to instantiate the receiver through [FromBuffer].

func (*GadgetCiphertext) Clone 

func (ct *GadgetCiphertext) Clone() (ctCopy *GadgetCiphertext)

Clone creates a deep copy of the receiver Ciphertext and returns it.

func (*GadgetCiphertext) Coalesce 

func (ct *GadgetCiphertext) Coalesce(params ParameterProvider, LevelQ, coalescing int, buf []uint64) (coalesced *GadgetCiphertext)

Coalesce coalesces the receiver on the buffer. Assumes GadgetP divides GadgetP.

func (*GadgetCiphertext) ConcatPtoQ 

func (ct *GadgetCiphertext) ConcatPtoQ(n int) *GadgetCiphertext

ConcatPtoQ returns an instance of the receiver where the modulus Q is increased to Q[:] + P[:n] and the modulus P reduced to P[n:]. n must be a positive integer 0 <= n <= ct.LevelP()+1.

func (*GadgetCiphertext) ConcatQtoP 

func (ct *GadgetCiphertext) ConcatQtoP(n int) *GadgetCiphertext

ConcatQtoP returns an instance of the receiver where the modulus Q is reduced to Q[:n] and the modulus P increased to Q[n:] + P[:]. n must be a positive integer 0 <= n < ct.LevelQ()+1.

func (*GadgetCiphertext) Degree 

func (ct *GadgetCiphertext) Degree() int

Degree returns the degree of the receiver.

func (*GadgetCiphertext) Dims 

func (ct *GadgetCiphertext) Dims() (dims []int)

Dims returns the dimension of the receiver.

func (*GadgetCiphertext) DropGadget 

func (ct *GadgetCiphertext) DropGadget(n int) *GadgetCiphertext

DropGadget returns an instance of the recceiver where n rows of the RNS gadget matrix are dropped. The method will panic if n > ct.Dims().

func (*GadgetCiphertext) Equal 

func (ct *GadgetCiphertext) Equal(other *GadgetCiphertext) bool

Equal checks two Ciphertexts for equality.

func (*GadgetCiphertext) FromBuffer 

func (ct *GadgetCiphertext) FromBuffer(params ParameterProvider, Degree, LevelQ, LevelP int, DD DigitDecomposition, buf []uint64)

FromBuffer assigns new backing array to the receiver. Method panics if len(buf) is too small. Minimum backing array size can be obtained with [BufferSize].

func (*GadgetCiphertext) LevelP 

func (ct *GadgetCiphertext) LevelP() int

LevelP returns the level of the modulus P of the receiver.

func (*GadgetCiphertext) LevelQ 

func (ct *GadgetCiphertext) LevelQ() int

LevelQ returns the level of the modulus Q of the receiver.

func (*GadgetCiphertext) LogN 

func (ct *GadgetCiphertext) LogN() int

LogN returns the base 2 logarithm of the ring dimension of the receiver.

func (*GadgetCiphertext) MarshalBinary 

func (ct *GadgetCiphertext) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*GadgetCiphertext) OptimalCoalescingFactor 

func (ct *GadgetCiphertext) OptimalCoalescingFactor(LevelQ int) (coalescing int)

OptimalCoalescingFactor finds the optimal coalescing parameter for the given parameters.

func (*GadgetCiphertext) ReadFrom 

func (ct *GadgetCiphertext) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (*GadgetCiphertext) UnmarshalBinary 

func (ct *GadgetCiphertext) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (*GadgetCiphertext) WriteTo 

func (ct *GadgetCiphertext) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

type GadgetPlaintext 

type GadgetPlaintext struct {
	Value structs.Vector[ring.RNSPoly]
}

GadgetPlaintext stores a plaintext value times the gadget vector.

func NewGadgetPlaintext 

func NewGadgetPlaintext(p Parameters, value interface{}, LevelQ, LevelP int, dd DigitDecomposition) (pt *GadgetPlaintext, err error)

NewGadgetPlaintext creates a new gadget plaintext from value, which can be either uint64, int64 or *ring.RNSPoly. Plaintext is returned in the NTT and Montgomery domain.

type GaloisKey 

type GaloisKey struct {
	GaloisElement uint64
	NthRoot       uint64
	EvaluationKey
}

GaloisKey is a type of evaluation key used to evaluate automorphisms on ciphertext. An automorphism pi: X^{i} -> X^{i*GaloisElement} changes the key under which the ciphertext is encrypted from s to pi(s). Thus, the ciphertext must be re-encrypted from pi(s) to s to ensure correctness, which is done with the corresponding GaloisKey.

Lattigo implements automorphisms differently than the usual way (which is to first apply the automorphism and then the evaluation key). Instead the order of operations is reversed, the GaloisKey for pi^{-1} is evaluated on the ciphertext, outputting a ciphertext encrypted under pi^{-1}(s), and then the automorphism pi is applied. This enables a more efficient evaluation, by only having to apply the automorphism on the final result (instead of having to apply it on the decomposed ciphertext).

func NewGaloisKey 

func NewGaloisKey(params ParameterProvider, evkParams ...EvaluationKeyParameters) (gk *GaloisKey)

NewGaloisKey allocates a new GaloisKey with zero coefficients and GaloisElement set to zero.

func (GaloisKey) BinarySize 

func (gk GaloisKey) BinarySize() (size int)

BinarySize returns the serialized size of the object in bytes.

func (*GaloisKey) BufferSize 

func (gk *GaloisKey) BufferSize(params ParameterProvider, evkParams ...EvaluationKeyParameters) int

BufferSize returns the minimum buffer size to instantiate the receiver through [FromBuffer].

func (GaloisKey) Clone 

func (gk GaloisKey) Clone() *GaloisKey

Clone creates a deep copy of the object and returns it

func (GaloisKey) Equal 

func (gk GaloisKey) Equal(other *GaloisKey) bool

Equal returns true if the two objects are equal.

func (*GaloisKey) FromBuffer 

func (gk *GaloisKey) FromBuffer(params ParameterProvider, buf []uint64, evkParams ...EvaluationKeyParameters)

FromBuffer assigns new backing array to the receiver. Method panics if len(buf) is too small. Minimum backing array size can be obtained with [BufferSize].

func (GaloisKey) MarshalBinary 

func (gk GaloisKey) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*GaloisKey) ReadFrom 

func (gk *GaloisKey) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (*GaloisKey) UnmarshalBinary 

func (gk *GaloisKey) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (GaloisKey) WriteTo 

func (gk GaloisKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

type HoistingBuffer 

type HoistingBuffer structs.Vector[ring.Point]

type KeyGenerator 

type KeyGenerator struct {
	*Encryptor
	Point ring.Point
}

KeyGenerator is a structure that stores the elements required to create new keys, as well as a memory buffer for intermediate values.

func NewKeyGenerator 

func NewKeyGenerator(params ParameterProvider) *KeyGenerator

NewKeyGenerator creates a new KeyGenerator, from which the secret and public keys, as well as EvaluationKeys.

func (KeyGenerator) GenEvaluationKey 

func (kgen KeyGenerator) GenEvaluationKey(skInput, skOutput *SecretKey, evk *EvaluationKey)

GenEvaluationKey generates an EvaluationKey, that will re-encrypt a Ciphertext encrypted under the input key into the output key. If the ringDegree(skOutput) > ringDegree(skInput), generates [-a*SkOut + w*P*skIn_{Y^{N/n}} + e, a] in X^{N}. If the ringDegree(skOutput) < ringDegree(skInput), generates [-a*skOut_{Y^{N/n}} + w*P*skIn + e_{N}, a_{N}] in X^{N}. Else generates [-a*skOut + w*P*skIn + e, a] in X^{N}. The output EvaluationKey is always given in max(N, n) and in the moduli of the output EvaluationKey. When re-encrypting a Ciphertext from Y^{N/n} to X^{N}, the Ciphertext must first be mapped to X^{N} using SwitchCiphertextRingDegreeNTT(ctSmallDim, nil, ctLargeDim). When re-encrypting a Ciphertext from X^{N} to Y^{N/n}, the output of the re-encryption is in still X^{N} and must be mapped Y^{N/n} using SwitchCiphertextRingDegreeNTT(ctLargeDim, ringQLargeDim, ctSmallDim).

func (KeyGenerator) GenEvaluationKeyNew 

func (kgen KeyGenerator) GenEvaluationKeyNew(skInput, skOutput *SecretKey, evkParams ...EvaluationKeyParameters) (evk *EvaluationKey)

GenEvaluationKeyNew generates a new EvaluationKey, that will re-encrypt a Ciphertext encrypted under the input key into the output key. If the ringDegree(skOutput) > ringDegree(skInput), generates [-a*SkOut + w*P*skIn_{Y^{N/n}} + e, a] in X^{N}. If the ringDegree(skOutput) < ringDegree(skInput), generates [-a*skOut_{Y^{N/n}} + w*P*skIn + e_{N}, a_{N}] in X^{N}. Else generates [-a*skOut + w*P*skIn + e, a] in X^{N}. The output EvaluationKey is always given in max(N, n) and in the moduli of the output EvaluationKey. When re-encrypting a Ciphertext from Y^{N/n} to X^{N}, the Ciphertext must first be mapped to X^{N} using SwitchCiphertextRingDegreeNTT(ctSmallDim, nil, ctLargeDim). When re-encrypting a Ciphertext from X^{N} to Y^{N/n}, the output of the re-encryption is in still X^{N} and must be mapped Y^{N/n} using SwitchCiphertextRingDegreeNTT(ctLargeDim, ringQLargeDim, ctSmallDim).

func (KeyGenerator) GenEvaluationKeysForRingSwapNew 

func (kgen KeyGenerator) GenEvaluationKeysForRingSwapNew(skStd, skConjugateInvariant *SecretKey, evkParams ...EvaluationKeyParameters) (stdToci, ciToStd *EvaluationKey)

GenEvaluationKeysForRingSwapNew generates the necessary EvaluationKeys to switch from a standard ring to to a conjugate invariant ring and vice-versa.

func (KeyGenerator) GenGaloisKey 

func (kgen KeyGenerator) GenGaloisKey(galEl uint64, sk *SecretKey, gk *GaloisKey)

GenGaloisKey generates a GaloisKey, enabling the automorphism X^{i} -> X^{i * galEl}.

func (KeyGenerator) GenGaloisKeyNew 

func (kgen KeyGenerator) GenGaloisKeyNew(galEl uint64, sk *SecretKey, evkParams ...EvaluationKeyParameters) (gk *GaloisKey)

GenGaloisKeyNew generates a new GaloisKey, enabling the automorphism X^{i} -> X^{i * galEl}.

func (KeyGenerator) GenGaloisKeys 

func (kgen KeyGenerator) GenGaloisKeys(galEls []uint64, sk *SecretKey, gks []*GaloisKey)

GenGaloisKeys generates the GaloisKey objects for all galois elements in galEls, and stores the resulting key for galois element i in gks[i]. The galEls and gks parameters must have the same length.

func (KeyGenerator) GenGaloisKeysNew 

func (kgen KeyGenerator) GenGaloisKeysNew(galEls []uint64, sk *SecretKey, evkParams ...EvaluationKeyParameters) (gks []*GaloisKey)

GenGaloisKeysNew generates the GaloisKey objects for all galois elements in galEls, and returns the resulting keys in a newly allocated []*GaloisKey.

func (KeyGenerator) GenKeyPairNew 

func (kgen KeyGenerator) GenKeyPairNew() (sk *SecretKey, pk *PublicKey)

GenKeyPairNew generates a new SecretKey and a corresponding public key. Distribution is of the SecretKey set according to `rlwe.Parameters.HammingWeight()`.

func (KeyGenerator) GenPublicKey 

func (kgen KeyGenerator) GenPublicKey(sk *SecretKey, pk *PublicKey)

GenPublicKey generates a public key from the provided SecretKey.

func (KeyGenerator) GenPublicKeyNew 

func (kgen KeyGenerator) GenPublicKeyNew(sk *SecretKey) (pk *PublicKey)

GenPublicKeyNew generates a new public key from the provided SecretKey.

func (KeyGenerator) GenRelinearizationKey 

func (kgen KeyGenerator) GenRelinearizationKey(sk *SecretKey, rlk *RelinearizationKey)

GenRelinearizationKey generates an EvaluationKey that will be used to relinearize Ciphertexts during multiplication.

func (KeyGenerator) GenRelinearizationKeyNew 

func (kgen KeyGenerator) GenRelinearizationKeyNew(sk *SecretKey, evkParams ...EvaluationKeyParameters) (rlk *RelinearizationKey)

GenRelinearizationKeyNew generates a new EvaluationKey that will be used to relinearize Ciphertexts during multiplication.

func (KeyGenerator) GenSecretKey 

func (kgen KeyGenerator) GenSecretKey(sk *SecretKey)

GenSecretKey generates a SecretKey. Distribution is set according to `rlwe.Parameters.HammingWeight()`.

func (KeyGenerator) GenSecretKeyFromSampler 

func (kgen KeyGenerator) GenSecretKeyFromSampler(sampler ring.Sampler, sk *SecretKey)

func (KeyGenerator) GenSecretKeyNew 

func (kgen KeyGenerator) GenSecretKeyNew() (sk *SecretKey)

GenSecretKeyNew generates a new SecretKey. Distribution is set according to `rlwe.Parameters.HammingWeight()`.

func (KeyGenerator) GenSecretKeyWithHammingWeight 

func (kgen KeyGenerator) GenSecretKeyWithHammingWeight(hw int, sk *SecretKey)

GenSecretKeyWithHammingWeight generates a SecretKey with exactly hw non-zero coefficients.

func (*KeyGenerator) GenSecretKeyWithHammingWeightNew 

func (kgen *KeyGenerator) GenSecretKeyWithHammingWeightNew(hw int) (sk *SecretKey)

GenSecretKeyWithHammingWeightNew generates a new SecretKey with exactly hw non-zero coefficients.

func (KeyGenerator) ShallowCopy 

func (kgen KeyGenerator) ShallowCopy() *KeyGenerator

ShallowCopy creates a shallow copy of the receiver in which ll athe read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned object can be used concurrently.

type MemEvaluationKeySet 

type MemEvaluationKeySet struct {
	RelinearizationKey *RelinearizationKey
	GaloisKeys         structs.Map[uint64, GaloisKey]
}

MemEvaluationKeySet is a basic in-memory implementation of the EvaluationKeySet interface.

func NewMemEvaluationKeySet 

func NewMemEvaluationKeySet(relinKey *RelinearizationKey, galoisKeys ...*GaloisKey) (eks *MemEvaluationKeySet)

NewMemEvaluationKeySet returns a new EvaluationKeySet with the provided RelinearizationKey and GaloisKeys.

func (MemEvaluationKeySet) BinarySize 

func (evk MemEvaluationKeySet) BinarySize() (size int)

func (MemEvaluationKeySet) GetGaloisKey 

func (evk MemEvaluationKeySet) GetGaloisKey(galEl uint64) (gk *GaloisKey, err error)

GetGaloisKey retrieves the Galois key for the automorphism X^{i} -> X^{i*galEl}.

func (MemEvaluationKeySet) GetGaloisKeysList 

func (evk MemEvaluationKeySet) GetGaloisKeysList() (galEls []uint64)

GetGaloisKeysList returns the list of all the Galois elements for which a Galois key exists in the object.

func (MemEvaluationKeySet) GetRelinearizationKey 

func (evk MemEvaluationKeySet) GetRelinearizationKey() (rk *RelinearizationKey, err error)

GetRelinearizationKey retrieves the RelinearizationKey.

func (MemEvaluationKeySet) MarshalBinary 

func (evk MemEvaluationKeySet) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*MemEvaluationKeySet) ReadFrom 

func (evk *MemEvaluationKeySet) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (*MemEvaluationKeySet) UnmarshalBinary 

func (evk *MemEvaluationKeySet) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (MemEvaluationKeySet) WriteTo 

func (evk MemEvaluationKeySet) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

type MetaData 

type MetaData struct {
	// Scale is the scaling factor of the plaintext.
	Scale Scale

	// LogDimensions is the Log2 of the 2D plaintext matrix dimensions.
	LogDimensions ring.Dimensions

	// IsBatched is a flag indicating if the underlying plaintext is encoded
	// in such a way that product in R[X]/(X^N+1) acts as a point-wise multiplication
	// in the plaintext space.
	IsBatched bool

	// IsNTT is a flag indicating if the ciphertext is in the NTT domain.
	IsNTT bool

	// IsMontgomery is a flag indicating if the ciphertext is in the Montgomery domain.
	IsMontgomery bool
}

MetaData is a struct storing metadata.

func (MetaData) BinarySize 

func (m MetaData) BinarySize() int

BinarySize returns the size in bytes that the object once marshalled into a binary form.

func (*MetaData) Clone 

func (m *MetaData) Clone() *MetaData

Clone returns a copy of the target.

func (*MetaData) Equal 

func (m *MetaData) Equal(other *MetaData) (res bool)

func (MetaData) LogScale 

func (m MetaData) LogScale() float64

LogScale returns log2(scale).

func (MetaData) LogSlots 

func (m MetaData) LogSlots() int

LogSlots returns the log2 of the total number of slots that the plaintext holds.

func (MetaData) MarshalBinary 

func (m MetaData) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*MetaData) ReadFrom 

func (m *MetaData) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (MetaData) Slots 

func (m MetaData) Slots() int

Slots returns the total number of slots that the plaintext holds.

func (*MetaData) UnmarshalBinary 

func (m *MetaData) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (MetaData) WriteTo 

func (m MetaData) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

type Operand 

type Operand interface {
}

Operand is an empty interface aimed at providing an anchor for documentation.

This interface is deliberately left empty for backward and forward compatibility. It aims at representing all types of operands that can be passed as argument to homomorphic evaluators.

type ParameterProvider 

type ParameterProvider interface {
	GetRLWEParameters() *Parameters
}

type Parameters 

type Parameters struct {
	// contains filtered or unexported fields
}

Parameters represents a set of generic RLWE parameters. Its fields are private and immutable. See rlwe.ParametersLiteral for user-specified parameters.

func NewCustomParameters 

func NewCustomParameters(LogN int, qi, pi []uint64, xe, xs Distribution, ringQ, ringP ring.RNSRing, ringType ring.Type, defaultScale Scale, nttFlag bool) Parameters

NewCustomParameters enables the construction of custom rlwe.Parameters by passing each private field individually.

func NewParameters 

func NewParameters(logn int, q, p []uint64, xs, xe DistributionLiteral, ringType ring.Type, defaultScale Scale, NTTFlag bool) (params Parameters, err error)

NewParameters returns a new set of generic RLWE parameters from the given ring degree logn, moduli q and p, and error distribution Xs (secret) and Xe (error). It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.

func NewParametersFromLiteral 

func NewParametersFromLiteral(paramDef ParametersLiteral) (params Parameters, err error)

NewParametersFromLiteral instantiate a set of generic RLWE parameters from an rlwe.ParametersLiteral specification. It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.

If the moduli chain is specified through the LogQ and LogP fields, the method generates a moduli chain matching the specified sizes (see `GenModuli`).

If the secrets' density parameter (H) is left unset, its value is set to 2^(paramDef.LogN-1) to match the standard ternary distribution.

If the error variance is left unset, its value is set to `DefaultError`.

If the RingType is left unset, the default value is ring.Standard.

func (Parameters) BinarySize 

func (p Parameters) BinarySize() int

BinarySize returns the serialized size of the object in bytes.

func (Parameters) CoalescedRingP 

func (p Parameters) CoalescedRingP(coalescing int) ring.RNSRing

CoalescedRingP returns the coalesced ringP, i.e. ringQ[#Q - coalescing * #P:] + ringP. See https://eprint.iacr.org/2023/1328.

func (Parameters) DecompositionMatrixDimensions 

func (p Parameters) DecompositionMatrixDimensions(levelQ, levelP int, dd DigitDecomposition) (dims []int)

DecompositionMatrixDimensions returns the shape of the RNS + Digit decomposition matrix. Shape is returned as rows = len(dims) and len(cols[i]) = dims[i].

func (Parameters) DefaultScale 

func (p Parameters) DefaultScale() Scale

DefaultScale returns the default scaling factor of the plaintext, if any.

func (Parameters) Equal 

func (p Parameters) Equal(other *Parameters) (res bool)

Equal checks two Parameter structs for equality.

func (Parameters) GaloisElement 

func (p Parameters) GaloisElement(k int) uint64

GaloisElement takes an integer k and returns GaloisGen^{k} mod NthRoot.

func (Parameters) GaloisElementOrderTwoOrthogonalSubgroup 

func (p Parameters) GaloisElementOrderTwoOrthogonalSubgroup() uint64

GaloisElementOrderTwoOrthogonalSubgroup returns GaloisGen^{-1} mod NthRoot

func (Parameters) GaloisElements 

func (p Parameters) GaloisElements(k []int) (galEls []uint64)

GaloisElements takes a list of integers k and returns the list [GaloisGen^{k[i]} mod NthRoot, ...].

func (Parameters) GetRLWEParameters 

func (p Parameters) GetRLWEParameters() *Parameters

GetRLWEParameters returns a pointer to the underlying RLWE parameters.

func (Parameters) LogN 

func (p Parameters) LogN() int

LogN returns the log of the degree of the polynomial ring

func (Parameters) LogNthRoot 

func (p Parameters) LogNthRoot() int

LogNthRoot returns the log2(NthRoot) of the ring.

func (Parameters) LogP 

func (p Parameters) LogP() (logp float64)

LogP returns the size of the extended modulus P in bits

func (Parameters) LogPi 

func (p Parameters) LogPi() (logpi []int)

LogPi returns the round(log2) of each primes of the modulus P.

func (Parameters) LogQ 

func (p Parameters) LogQ() (logq float64)

LogQ returns the size of the extended modulus Q in bits

func (Parameters) LogQP 

func (p Parameters) LogQP() (logqp float64)

LogQP returns the size of the extended modulus QP in bits

func (Parameters) LogQi 

func (p Parameters) LogQi() (logqi []int)

LogQi returns round(log2) of each primes of the modulus Q.

func (Parameters) MarshalBinary 

func (p Parameters) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (Parameters) MarshalJSON 

func (p Parameters) MarshalJSON() ([]byte, error)

MarshalJSON returns a JSON representation of this parameter set. See `Marshal` from the `encoding/json` package.

func (Parameters) MaxBit 

func (p Parameters) MaxBit(levelQ, levelP int) (c int)

MaxBit returns max(max(bitLen(Q[:levelQ+1])), max(bitLen(P[:levelP+1])).

func (Parameters) MaxCoalescing 

func (p Parameters) MaxCoalescing() (maxCoalescing int)

MaxCoalescing returns the maximum coalscing factor (0 being no coalescing). See https://eprint.iacr.org/2023/1328.

func (Parameters) MaxLevel 

func (p Parameters) MaxLevel() int

MaxLevel returns the maximum level of a ciphertext.

func (Parameters) MaxLevelP 

func (p Parameters) MaxLevelP() int

MaxLevelP returns the maximum level of the modulus P.

func (Parameters) MaxLevelQ 

func (p Parameters) MaxLevelQ() int

MaxLevelQ returns the maximum level of the modulus Q.

func (Parameters) ModInvGaloisElement 

func (p Parameters) ModInvGaloisElement(galEl uint64) uint64

ModInvGaloisElement takes a Galois element of the form GaloisGen^{k} mod NthRoot and returns GaloisGen^{-k} mod NthRoot.

func (Parameters) N 

func (p Parameters) N() int

N returns the ring degree

func (Parameters) NTTFlag 

func (p Parameters) NTTFlag() bool

NTTFlag returns a boolean indicating if elements are stored by default in the NTT domain.

func (Parameters) NewScale 

func (p Parameters) NewScale(scale interface{}) Scale

NewScale creates a new scale using the stored default scale as template.

func (Parameters) NoiseBound 

func (p Parameters) NoiseBound() float64

NoiseBound returns truncation bound for the error distribution.

func (Parameters) NoiseFreshPK 

func (p Parameters) NoiseFreshPK() (std float64)

NoiseFreshPK returns the standard deviation of a fresh encryption with the public key.

func (Parameters) NoiseFreshSK 

func (p Parameters) NoiseFreshSK() (std float64)

NoiseFreshSK returns the standard deviation of a fresh encryption with the secret key.

func (Parameters) NthRoot 

func (p Parameters) NthRoot() int

NthRoot returns the NthRoot of the ring.

func (Parameters) P 

func (p Parameters) P() []uint64

P returns a new slice with the factors of the ciphertext modulus extension P

func (Parameters) PBigInt 

func (p Parameters) PBigInt() *big.Int

PBigInt return the ciphertext-space extension modulus P in big.Integer, reconstructed, representation.

func (Parameters) PCount 

func (p Parameters) PCount() int

PCount returns the number of factors of the ciphertext modulus extension P

func (Parameters) ParametersLiteral 

func (p Parameters) ParametersLiteral() ParametersLiteral

ParametersLiteral returns the ParametersLiteral of the target Parameters.

func (Parameters) PiOverflowMargin 

func (p Parameters) PiOverflowMargin(level int) int

PiOverflowMargin returns floor(2^64 / max(Pi)), i.e. the number of times elements of Z_max{Pi} can be added together before overflowing 2^64.

func (Parameters) Q 

func (p Parameters) Q() []uint64

Q returns a new slice with the factors of the ciphertext modulus q

func (Parameters) QBigInt 

func (p Parameters) QBigInt() *big.Int

QBigInt return the ciphertext-space modulus Q in big.Integer, reconstructed, representation.

func (Parameters) QCount 

func (p Parameters) QCount() int

QCount returns the number of factors of the ciphertext modulus Q

func (Parameters) QP 

func (p Parameters) QP() []uint64

QP return the extended ciphertext-space modulus QP in RNS representation.

func (Parameters) QPBigInt 

func (p Parameters) QPBigInt() *big.Int

QPBigInt return the extended ciphertext-space modulus QP in big.Integer, reconstructed, representation.

func (Parameters) QPCount 

func (p Parameters) QPCount() int

QPCount returns the number of factors of the ciphertext modulus + the modulus extension P

func (Parameters) QiOverflowMargin 

func (p Parameters) QiOverflowMargin(level int) int

QiOverflowMargin returns floor(2^64 / max(Qi)), i.e. the number of times elements of Z_max{Qi} can be added together before overflowing 2^64.

func (*Parameters) ReadFrom 

func (p *Parameters) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (Parameters) RingP 

func (p Parameters) RingP() ring.RNSRing

RingP returns a pointer to ringP.

func (Parameters) RingPAtLevel 

func (p Parameters) RingPAtLevel(LevelP int) (rP ring.RNSRing)

RingPAtLevel returns a pointer to ringP at the given level.

func (Parameters) RingQ 

func (p Parameters) RingQ() ring.RNSRing

RingQ returns a pointer to ringQ.

func (Parameters) RingQAtLevel 

func (p Parameters) RingQAtLevel(LevelQ int) (rQ ring.RNSRing)

RingQAtLevel returns a pointer to ringQ at the given level.

func (Parameters) RingType 

func (p Parameters) RingType() ring.Type

RingType returns the type of the underlying ring.

func (Parameters) SolveDiscreteLogGaloisElement 

func (p Parameters) SolveDiscreteLogGaloisElement(galEl uint64) (k int)

SolveDiscreteLogGaloisElement takes a Galois element of the form GaloisGen^{k} mod NthRoot and returns k.

func (Parameters) StandardParameters 

func (p Parameters) StandardParameters() (pci Parameters, err error)

StandardParameters returns a RLWE parameter set that corresponds to the standard dual of a conjugate invariant parameter set. If the receiver is already a standard set, then the method returns the receiver.

func (*Parameters) UnmarshalBinary 

func (p *Parameters) UnmarshalBinary(data []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (*Parameters) UnmarshalJSON 

func (p *Parameters) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON reads a JSON representation of a parameter set into the receiver Parameter. See `Unmarshal` from the `encoding/json` package.

func (Parameters) UnpackLevelParams 

func (p Parameters) UnpackLevelParams(args []int) (levelQ, levelP int)

UnpackLevelParams is an internal function for unpacking level values passed as variadic function parameters.

func (Parameters) WriteTo 

func (p Parameters) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (Parameters) Xe 

func (p Parameters) Xe() ring.DistributionParameters

Xe returns Distribution of the error

func (Parameters) Xs 

func (p Parameters) Xs() ring.DistributionParameters

Xs returns the Distribution of the secret

func (Parameters) XsHammingWeight 

func (p Parameters) XsHammingWeight() int

XsHammingWeight returns the expected Hamming weight of the secret.

type ParametersLiteral 

type ParametersLiteral struct {
	LogN         int
	LogNthRoot   int                         `json:",omitempty"`
	Q            structs.Vector[uint64]      `json:",omitempty"`
	P            structs.Vector[uint64]      `json:",omitempty"`
	LogQ         structs.Vector[int]         `json:",omitempty"`
	LogP         structs.Vector[int]         `json:",omitempty"`
	Xe           ring.DistributionParameters `json:",omitempty"`
	Xs           ring.DistributionParameters `json:",omitempty"`
	RingType     ring.Type                   `json:",omitempty"`
	DefaultScale Scale                       `json:",omitempty"`
	NTTFlag      bool                        `json:",omitempty"`
}

ParametersLiteral is a literal representation of RLWE parameters. It has public fields and is used to express unchecked user-defined parameters literally into Go programs. The NewParametersFromLiteral function is used to generate the actual checked parameters from the literal representation.

Users must set the polynomial degree (LogN) and the coefficient modulus, by either setting the Q and P fields to the desired moduli chain, or by setting the LogQ and LogP fields to the desired moduli sizes.

Optionally, users may specify

  • the base 2 decomposition for the gadget ciphertexts
  • the error variance (Sigma) and secrets' density (H) and the ring type (RingType).

If left unset, standard default values for these field are substituted at parameter creation (see NewParametersFromLiteral).

func (ParametersLiteral) BinarySize 

func (p ParametersLiteral) BinarySize() (size int)

func (ParametersLiteral) MarshalBinary 

func (p ParametersLiteral) MarshalBinary() (data []byte, err error)

func (*ParametersLiteral) ReadFrom 

func (p *ParametersLiteral) ReadFrom(r io.Reader) (n int64, err error)

func (*ParametersLiteral) UnmarshalBinary 

func (p *ParametersLiteral) UnmarshalBinary(data []byte) (err error)

func (*ParametersLiteral) UnmarshalJSON 

func (p *ParametersLiteral) UnmarshalJSON(b []byte) (err error)

func (ParametersLiteral) WriteTo 

func (p ParametersLiteral) WriteTo(w io.Writer) (n int64, err error)

type Plaintext 

type Plaintext struct {
	*MetaData
	*ring.Point
}

Plaintext is a common base type for RLWE plaintexts.

func NewPlaintext 

func NewPlaintext(params ParameterProvider, LevelQ, LevelP int) (pt *Plaintext)

NewPlaintext creates a new Plaintext.

func NewPlaintextAtLevelFromPoly 

func NewPlaintextAtLevelFromPoly(LevelQ, LevelP int, pQ, pP ring.RNSPoly) (pt *Plaintext, err error)

NewPlaintextAtLevelFromPoly constructs a new Plaintext at a specific level where the message is set to the passed poly. No checks are performed on poly and the returned Plaintext will share its backing array of coefficients. Returned plaintext's MetaData is allocated but empty.

func (*Plaintext) AsCiphertext 

func (pt *Plaintext) AsCiphertext() *Ciphertext

AsCiphertext wraps the receiver into an rlwe.Ciphertext.

func (*Plaintext) AsPlaintext 

func (pt *Plaintext) AsPlaintext() *Plaintext

AsPlaintext wraps the receiver into an rlwe.Plaintext.

func (*Plaintext) AsPoint 

func (pt *Plaintext) AsPoint() *ring.Point

AsPoint wraps the receiver into an rlwe.Point.

func (Plaintext) BinarySize 

func (pt Plaintext) BinarySize() (size int)

BinarySize returns the serialized size of the object in bytes.

func (*Plaintext) BufferSize 

func (pt *Plaintext) BufferSize(params ParameterProvider, LevelQ, LevelP int) int

BufferSize returns the minimum buffer size to instantiate the receiver through [FromBuffer].

func (Plaintext) Clone 

func (pt Plaintext) Clone() (ptCpy *Plaintext)

func (Plaintext) Degree 

func (pt Plaintext) Degree() int

Degree returns the degree of the receiver.

func (*Plaintext) FromBuffer 

func (pt *Plaintext) FromBuffer(params ParameterProvider, LevelQ, LevelP int, buf []uint64)

FromBuffer assigns new backing array to the receiver. Method panics if len(buf) is too small. Minimum backing array size can be obtained with [BufferSize].

func (Plaintext) MarshalBinary 

func (pt Plaintext) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*Plaintext) Randomize 

func (pt *Plaintext) Randomize(params ParameterProvider, source *sampling.Source)

Randomize populates the receiver with uniform random coefficients.

func (*Plaintext) ReadFrom 

func (pt *Plaintext) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (*Plaintext) UnmarshalBinary 

func (pt *Plaintext) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (Plaintext) WriteTo 

func (pt Plaintext) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

type PlaintextWrapper 

type PlaintextWrapper interface {
	AsPlaintext() *Plaintext
}

type PublicKey 

type PublicKey struct {
	MetaData
	ring.Vector
}

PublicKey is a type for generic RLWE public keys. The Vector field stores the polynomials in NTT and Montgomery form.

func NewPublicKey 

func NewPublicKey(params ParameterProvider) (pk *PublicKey)

NewPublicKey returns a new PublicKey with zero values.

func (*PublicKey) AsCiphertext 

func (pk *PublicKey) AsCiphertext() *Ciphertext

AsCiphertext wraps the receiver into an rlwe.Ciphertext.

func (PublicKey) BinarySize 

func (pk PublicKey) BinarySize() (size int)

BinarySize returns the serialized size of the object in bytes.

func (*PublicKey) BufferSize 

func (pk *PublicKey) BufferSize(params ParameterProvider) int

BufferSize returns the minimum buffer size to instantiate the receiver through [FromBuffer].

func (PublicKey) Clone 

func (pk PublicKey) Clone() *PublicKey

Clone creates a deep copy of the target PublicKey and returns it.

func (*PublicKey) FromBuffer 

func (pk *PublicKey) FromBuffer(params ParameterProvider, buf []uint64)

FromBuffer assigns new backing array to the receiver. Method panics if len(buf) is too small. Minimum backing array size can be obtained with [BufferSize].

func (PublicKey) MarshalBinary 

func (pk PublicKey) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*PublicKey) ReadFrom 

func (pk *PublicKey) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (*PublicKey) UnmarshalBinary 

func (pk *PublicKey) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (PublicKey) WriteTo 

func (pk PublicKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

type RelinearizationKey 

type RelinearizationKey struct {
	EvaluationKey
}

RelinearizationKey is type of evaluation key used for ciphertext multiplication compactness. The Relinearization key encrypts s^{2} under s and is used to homomorphically re-encrypt the degree 2 term of a ciphertext (the term that decrypt with s^{2}) into a degree 1 term (a term that decrypts with s).

func NewRelinearizationKey 

func NewRelinearizationKey(params ParameterProvider, evkParams ...EvaluationKeyParameters) (rlk *RelinearizationKey)

NewRelinearizationKey allocates a new RelinearizationKey with zero coefficients.

func (*RelinearizationKey) BufferSize 

func (rlk *RelinearizationKey) BufferSize(params ParameterProvider, evkParams ...EvaluationKeyParameters) int

BufferSize returns the minimum buffer size to instantiate the receiver through [FromBuffer].

func (RelinearizationKey) Clone 

func (rlk RelinearizationKey) Clone() *RelinearizationKey

Clone creates a deep copy of the object and returns it.

func (RelinearizationKey) Equal 

func (rlk RelinearizationKey) Equal(other *RelinearizationKey) bool

Equal performs a deep equal.

func (*RelinearizationKey) FromBuffer 

func (rlk *RelinearizationKey) FromBuffer(params ParameterProvider, buf []uint64, evkParams ...EvaluationKeyParameters)

type Scale 

type Scale struct {
	Value big.Float //`json:",omitempty"`
	Mod   *big.Int  //`json:",omitempty"`
}

Scale is a struct used to track the scaling factor of Plaintext and Ciphertext structs. The scale is managed as an 128-bit precision real and can be either a floating point value or a mod T prime integer, which is determined at instantiation.

func NewScale 

func NewScale(s interface{}) Scale

NewScale instantiates a new floating point Scale. Accepted types for s are int, int64, uint64, float64, *big.Int, *big.Float and *Scale. If the input type is not an accepted type, returns an error.

func NewScaleModT 

func NewScaleModT(s interface{}, mod uint64) Scale

NewScaleModT instantiates a new integer mod T Scale. Accepted types for s are int, int64, uint64, float64, *big.Int, *big.Float and *Scale. If the input type is not an accepted type, returns an error.

func (Scale) BigInt 

func (s Scale) BigInt() (sInt *big.Int)

BigInt returns the scale as a big.Int, truncating the rational part and rounding ot the nearest integer. The rounding assumes that the scale is a positive value.

func (Scale) BinarySize 

func (s Scale) BinarySize() int

BinarySize returns the serialized size of the object in bytes. Each value is encoded with .Text('e', ceil(ScalePrecision / log2(10))).

func (Scale) Cmp 

func (s Scale) Cmp(s1 Scale) (cmp int)

Cmp compares the target scale with s1. Returns 0 if the scales are equal, 1 if the target scale is greater and -1 if the target scale is smaller.

func (Scale) Div 

func (s Scale) Div(s1 Scale) Scale

Div multiplies the target s with s1^-1, returning the result in a new Scale struct. If mod is specified, performs the multiplication modulo t with the multiplicative inverse of s1. Otherwise, performs the quotient operation.

func (Scale) Equal 

func (s Scale) Equal(s1 Scale) bool

Equal returns true if a == b.

func (Scale) Float64 

func (s Scale) Float64() float64

Float64 returns the underlying scale as a float64 value.

func (Scale) InDelta 

func (s Scale) InDelta(s1 Scale, log2Delta float64) bool

InDelta returns true if abs(a-b) <= 2^{-log2Delta}

func (Scale) Log2 

func (s Scale) Log2() float64

Log2 returns the base two logarithm of the Scale.

func (Scale) Log2Delta 

func (s Scale) Log2Delta(s1 Scale) float64

Log2Delta returns -log2(abs(a-b)/max(a, b))

func (Scale) MarshalBinary 

func (s Scale) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (Scale) MarshalJSON 

func (s Scale) MarshalJSON() (p []byte, err error)

func (Scale) Max 

func (s Scale) Max(s1 Scale) (max Scale)

Max returns the a new scale which is the maximum between the target scale and s1.

func (Scale) Min 

func (s Scale) Min(s1 Scale) (max Scale)

Min returns the a new scale which is the minimum between the target scale and s1.

func (Scale) Mul 

func (s Scale) Mul(s1 Scale) Scale

Mul multiplies the target s with s1, returning the result in a new Scale struct. If mod is specified, performs the multiplication modulo mod.

func (*Scale) ReadFrom 

func (s *Scale) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (Scale) Uint64 

func (s Scale) Uint64() uint64

Uint64 returns the underlying scale as an uint64 value.

func (*Scale) UnmarshalBinary 

func (s *Scale) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (Scale) UnnMarshalJSON 

func (s Scale) UnnMarshalJSON(p []byte) (err error)

func (Scale) WriteTo 

func (s Scale) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

type SecretKey 

type SecretKey struct {
	MetaData
	ring.Point
}

SecretKey is a type for generic RLWE secret keys. The Value field stores the polynomial in NTT and Montgomery form.

func NewSecretKey 

func NewSecretKey(params ParameterProvider) (sk *SecretKey)

NewSecretKey generates a new SecretKey with zero values.

func (*SecretKey) AsPlaintext 

func (sk *SecretKey) AsPlaintext() *Plaintext

AsPlaintext wraps the receiver into an rlwe.Plaintext.

func (SecretKey) BinarySize 

func (sk SecretKey) BinarySize() (size int)

BinarySize returns the serialized size of the object in bytes.

func (*SecretKey) BufferSize 

func (sk *SecretKey) BufferSize(params ParameterProvider) int

BufferSize returns the minimum buffer size to instantiate the receiver through [FromBuffer].

func (SecretKey) Clone 

func (sk SecretKey) Clone() *SecretKey

Clone creates a deep copy of the receiver secret key and returns it.

func (SecretKey) Equal 

func (sk SecretKey) Equal(other *SecretKey) bool

Equal performs a deep equal.

func (*SecretKey) FromBuffer 

func (sk *SecretKey) FromBuffer(params ParameterProvider, buf []uint64)

FromBuffer assigns new backing array to the receiver. Method panics if len(buf) is too small. Minimum backing array size can be obtained with [BufferSize].

func (SecretKey) MarshalBinary 

func (sk SecretKey) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*SecretKey) ReadFrom 

func (sk *SecretKey) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (*SecretKey) UnmarshalBinary 

func (sk *SecretKey) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (SecretKey) WriteTo 

func (sk SecretKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.