dckks

package
v6.0.0-...-cdc8096 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 7, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package dckks implements a distributed (or threshold) version of the CKKS scheme that enables secure multiparty computation solutions. See `drlwe/README.md` for additional information on multiparty schemes.

Package dckks implements a distributed (or threshold) version of the CKKS scheme that enables secure multiparty computation solutions with secret-shared secret keys.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetMinimumLevelForBootstrapping 

func GetMinimumLevelForBootstrapping(lambda int, scale rlwe.Scale, nParties int, moduli []uint64) (minLevel int, logBound uint, ok bool)

GetMinimumLevelForBootstrapping takes the security parameter lambda, the ciphertext scale, the number of parties and the moduli chain and returns the minimum level at which the collective refresh can be called with a security of at least 128-bits. It returns 3 parameters : minLevel : the minimum level at which the collective refresh must be called to ensure correctness logBound : the bit length of the masks to be sampled to mask the plaintext and ensure 128-bits of statistical indistinguishability ok : a boolean flag, which is set to false if no such instance exist

func NewAdditiveShareBigint 

func NewAdditiveShareBigint(params ckks.Parameters, logSlots int) *rlwe.AdditiveShareBigint

NewAdditiveShareBigint instantiates a new additive share struct composed of "n" big.Int elements

func NewCKGProtocol 

func NewCKGProtocol(params ckks.Parameters) *drlwe.CKGProtocol

NewCKGProtocol creates a new drlwe.CKGProtocol instance from the CKKS parameters. The returned protocol instance is generic and can be used in other multiparty schemes.

func NewCKSProtocol 

func NewCKSProtocol(params ckks.Parameters, sigmaSmudging float64) *drlwe.CKSProtocol

NewCKSProtocol creates a new drlwe.CKSProtocol instance from the CKKS parameters. The returned protocol instance is generic and can be used in other multiparty schemes.

func NewPCKSProtocol 

func NewPCKSProtocol(params ckks.Parameters, sigmaSmudging float64) *drlwe.PCKSProtocol

NewPCKSProtocol creates a new drlwe.PCKSProtocol instance from the CKKS paramters. The returned protocol instance is generic and can be used in other multiparty schemes.

func NewRKGProtocol 

func NewRKGProtocol(params ckks.Parameters) *drlwe.RKGProtocol

NewRKGProtocol creates a new drlwe.RKGProtocol instance from the CKKS parameters. The returned protocol instance is generic and can be used in other multiparty schemes.

func NewRTGProtocol 

func NewRTGProtocol(params ckks.Parameters) *drlwe.RTGProtocol

NewRTGProtocol creates a new drlwe.RTGProtocol instance from the CKKS parameters. The returned protocol instance is generic and can be used in other multiparty schemes.

Types

type E2SProtocol 

type E2SProtocol struct {
	*drlwe.CKSProtocol
	// contains filtered or unexported fields
}

E2SProtocol is the structure storing the parameters and temporary buffers required by the encryption-to-shares protocol.

func NewE2SProtocol 

func NewE2SProtocol(params ckks.Parameters, sigmaSmudging float64) *E2SProtocol

NewE2SProtocol creates a new E2SProtocol struct from the passed CKKS parameters.

func (*E2SProtocol) AllocateShare 

func (e2s *E2SProtocol) AllocateShare(level int) (share *drlwe.CKSShare)

AllocateShare allocates a share of the E2S protocol

func (*E2SProtocol) GenShare 

func (e2s *E2SProtocol) GenShare(sk *rlwe.SecretKey, logBound uint, logSlots int, ct *rlwe.Ciphertext, secretShareOut *rlwe.AdditiveShareBigint, publicShareOut *drlwe.CKSShare)

GenShare generates a party's share in the encryption-to-shares protocol. This share consist in the additive secret-share of the party which is written in secretShareOut and in the public masked-decryption share written in publicShareOut. This protocol requires additional inputs which are : logBound : the bit length of the masks logSlots : the bit length of the number of slots ct1 : the degree 1 element the ciphertext to share, i.e. ct1 = ckk.Ciphertext.Value[1]. The method "GetMinimumLevelForBootstrapping" should be used to get the minimum level at which E2S can be called while still ensure 128-bits of security, as well as the value for logBound.

func (*E2SProtocol) GetShare 

func (e2s *E2SProtocol) GetShare(secretShare *rlwe.AdditiveShareBigint, aggregatePublicShare *drlwe.CKSShare, logSlots int, ct *rlwe.Ciphertext, secretShareOut *rlwe.AdditiveShareBigint)

GetShare is the final step of the encryption-to-share protocol. It performs the masked decryption of the target ciphertext followed by a the removal of the caller's secretShare as generated in the GenShare method. If the caller is not secret-key-share holder (i.e., didn't generate a decryption share), `secretShare` can be set to nil. Therefore, in order to obtain an additive sharing of the message, only one party should call this method, and the other parties should use the secretShareOut output of the GenShare method.

func (*E2SProtocol) ShallowCopy 

func (e2s *E2SProtocol) ShallowCopy() *E2SProtocol

ShallowCopy creates a shallow copy of E2SProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned E2SProtocol can be used concurrently.

type MaskedTransformFunc 

type MaskedTransformFunc struct {
	Decode bool
	Func   func(coeffs []*ring.Complex)
	Encode bool
}

MaskedTransformFunc represents a user-defined in-place function that can be evaluated on masked CKKS plaintexts, as a part of the Masked Transform Protocol. The function is called with a vector of *ring.Complex modulo ckks.Parameters.Slots() as input, and must write its output on the same buffer. Transform can be the identity. Decode: if true, then the masked CKKS plaintext will be decoded before applying Transform. Recode: if true, then the masked CKKS plaintext will be recoded after applying Transform. i.e. : Decode (true/false) -> Transform -> Recode (true/false).

type MaskedTransformProtocol 

type MaskedTransformProtocol struct {
	// contains filtered or unexported fields
}

MaskedTransformProtocol is a struct storing the parameters for the MaskedTransformProtocol protocol.

func NewMaskedTransformProtocol 

func NewMaskedTransformProtocol(paramsIn, paramsOut ckks.Parameters, prec uint, sigmaSmudging float64) (rfp *MaskedTransformProtocol, err error)

NewMaskedTransformProtocol creates a new instance of the PermuteProtocol. paramsIn: the ckks.Parameters of the ciphertext before the protocol. paramsOut: the ckks.Parameters of the ciphertext after the protocol. prec : the log2 of decimal precision of the internal encoder. The method will return an error if the maximum number of slots of the output parameters is smaller than the number of slots of the input ciphertext.

func (*MaskedTransformProtocol) AggregateShares 

func (rfp *MaskedTransformProtocol) AggregateShares(share1, share2, shareOut *MaskedTransformShare)

AggregateShares sums share1 and share2 on shareOut.

func (*MaskedTransformProtocol) AllocateShare 

func (rfp *MaskedTransformProtocol) AllocateShare(levelDecrypt, levelRecrypt int) *MaskedTransformShare

AllocateShare allocates the shares of the PermuteProtocol

func (*MaskedTransformProtocol) GenShare 

func (rfp *MaskedTransformProtocol) GenShare(skIn, skOut *rlwe.SecretKey, logBound uint, logSlots int, ct *rlwe.Ciphertext, crs drlwe.CKSCRP, transform *MaskedTransformFunc, shareOut *MaskedTransformShare)

GenShare generates the shares of the PermuteProtocol This protocol requires additional inputs which are : skIn : the secret-key if the input ciphertext. skOut : the secret-key of the output ciphertext. logBound : the bit length of the masks. logSlots : the bit length of the number of slots. ct1 : the degree 1 element the ciphertext to refresh, i.e. ct1 = ckk.Ciphetext.Value[1]. scale : the scale of the ciphertext when entering the refresh. The method "GetMinimumLevelForBootstrapping" should be used to get the minimum level at which the masked transform can be called while still ensure 128-bits of security, as well as the value for logBound.

func (*MaskedTransformProtocol) SampleCRP 

func (rfp *MaskedTransformProtocol) SampleCRP(level int, crs utils.PRNG) drlwe.CKSCRP

SampleCRP samples a common random polynomial to be used in the Masked-Transform protocol from the provided common reference string. The CRP is considered to be in the NTT domain.

func (*MaskedTransformProtocol) ShallowCopy 

func (rfp *MaskedTransformProtocol) ShallowCopy() *MaskedTransformProtocol

ShallowCopy creates a shallow copy of MaskedTransformProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned MaskedTransformProtocol can be used concurrently.

func (*MaskedTransformProtocol) Transform 

func (rfp *MaskedTransformProtocol) Transform(ct *rlwe.Ciphertext, logSlots int, transform *MaskedTransformFunc, crs drlwe.CKSCRP, share *MaskedTransformShare, ciphertextOut *rlwe.Ciphertext)

Transform applies Decrypt, Recode and Recrypt on the input ciphertext. The ciphertext scale is reset to the default scale.

func (*MaskedTransformProtocol) WithParams 

func (rfp *MaskedTransformProtocol) WithParams(paramsOut ckks.Parameters) *MaskedTransformProtocol

WithParams creates a shallow copy of the target MaskedTransformProtocol but with new output parameters. The expected input parameters remain unchanged.

type MaskedTransformShare 

type MaskedTransformShare struct {
	// contains filtered or unexported fields
}

MaskedTransformShare is a struct storing the decryption and recryption shares.

func (*MaskedTransformShare) MarshalBinary 

func (share *MaskedTransformShare) MarshalBinary() (data []byte, err error)

MarshalBinary encodes a RefreshShare on a slice of bytes.

func (*MaskedTransformShare) UnmarshalBinary 

func (share *MaskedTransformShare) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a marshaled RefreshShare on the target RefreshShare.

type RefreshProtocol 

type RefreshProtocol struct {
	MaskedTransformProtocol
}

RefreshProtocol is a struct storing the relevant parameters for the Refresh protocol.

func NewRefreshProtocol 

func NewRefreshProtocol(params ckks.Parameters, prec uint, sigmaSmudging float64) (rfp *RefreshProtocol)

NewRefreshProtocol creates a new Refresh protocol instance. prec : the log2 of decimal precision of the internal encoder.

func (*RefreshProtocol) AggregateShares 

func (rfp *RefreshProtocol) AggregateShares(share1, share2, shareOut *RefreshShare)

AggregateShares aggregates two parties' shares in the Refresh protocol.

func (*RefreshProtocol) AllocateShare 

func (rfp *RefreshProtocol) AllocateShare(inputLevel, outputLevel int) *RefreshShare

AllocateShare allocates the shares of the PermuteProtocol

func (*RefreshProtocol) Finalize 

func (rfp *RefreshProtocol) Finalize(ctIn *rlwe.Ciphertext, logSlots int, crs drlwe.CKSCRP, share *RefreshShare, ctOut *rlwe.Ciphertext)

Finalize applies Decrypt, Recode and Recrypt on the input ciphertext. The ciphertext scale is reset to the default scale.

func (*RefreshProtocol) GenShare 

func (rfp *RefreshProtocol) GenShare(sk *rlwe.SecretKey, logBound uint, logSlots int, ct *rlwe.Ciphertext, crs drlwe.CKSCRP, shareOut *RefreshShare)

GenShare generates a share for the Refresh protocol. This protocol requires additional inputs which are : logBound : the bit length of the masks logSlots : the bit length of the number of slots ct1 : the degree 1 element the ciphertext to refresh, i.e. ct1 = ckk.Ciphetext.Value[1]. scale : the scale of the ciphertext entering the refresh. The method "GetMinimumLevelForBootstrapping" should be used to get the minimum level at which the refresh can be called while still ensure 128-bits of security, as well as the value for logBound.

func (*RefreshProtocol) ShallowCopy 

func (rfp *RefreshProtocol) ShallowCopy() *RefreshProtocol

ShallowCopy creates a shallow copy of RefreshProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned RefreshProtocol can be used concurrently.

type RefreshShare 

type RefreshShare struct {
	MaskedTransformShare
}

RefreshShare is a struct storing a party's share in the Refresh protocol.

type S2EProtocol 

type S2EProtocol struct {
	*drlwe.CKSProtocol
	// contains filtered or unexported fields
}

S2EProtocol is the structure storing the parameters and temporary buffers required by the shares-to-encryption protocol.

func NewS2EProtocol 

func NewS2EProtocol(params ckks.Parameters, sigmaSmudging float64) *S2EProtocol

NewS2EProtocol creates a new S2EProtocol struct from the passed CKKS parameters.

func (S2EProtocol) AllocateShare 

func (s2e S2EProtocol) AllocateShare(level int) (share *drlwe.CKSShare)

AllocateShare allocates a share of the S2E protocol

func (*S2EProtocol) GenShare 

func (s2e *S2EProtocol) GenShare(sk *rlwe.SecretKey, crs drlwe.CKSCRP, logSlots int, secretShare *rlwe.AdditiveShareBigint, c0ShareOut *drlwe.CKSShare)

GenShare generates a party's in the shares-to-encryption protocol given the party's secret-key share `sk`, a common polynomial sampled from the CRS `c1` and the party's secret share of the message.

func (*S2EProtocol) GetEncryption 

func (s2e *S2EProtocol) GetEncryption(c0Agg *drlwe.CKSShare, crs drlwe.CKSCRP, ctOut *rlwe.Ciphertext)

GetEncryption computes the final encryption of the secret-shared message when provided with the aggregation `c0Agg` of the parties' share in the protocol and with the common, CRS-sampled polynomial `c1`.

func (*S2EProtocol) ShallowCopy 

func (s2e *S2EProtocol) ShallowCopy() *S2EProtocol

ShallowCopy creates a shallow copy of S2EProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned S2EProtocol can be used concurrently.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.