Documentation ¶
Overview ¶
Package rlwe implements the generic operations that are common to R-LWE schemes. The other implemented schemes extend this package with their specific operations and structures.
Index ¶
- Constants
- Variables
- func AddPolyTimesGadgetVectorToGadgetCiphertext(pt *ring.Poly, cts []GadgetCiphertext, ringQP ringqp.Ring, logbase2 int, ...)
- func AddPolyToGadgetMatrix(pt *ring.Poly, gm [][]ringqp.Poly, ringQP ringqp.Ring, logbase2 int, ...)
- func CheckModuli(q, p []uint64) error
- func GenModuli(logN int, logQ, logP []int) (q, p []uint64, err error)
- func Norm(ct *Ciphertext, dec Decryptor) (std, min, max float64)
- func NormStats(vec []*big.Int) (float64, float64, float64)
- func PopulateElementRandom(prng utils.PRNG, params Parameters, ct *Ciphertext)
- func PublicKeyIsCorrect(pk *PublicKey, sk *SecretKey, params Parameters, log2Bound int) bool
- func RelinearizationKeyIsCorrect(rlk *SwitchingKey, skIdeal *SecretKey, params Parameters, log2Bound int) bool
- func RotationKeyIsCorrect(swk *SwitchingKey, galEl uint64, skIdeal *SecretKey, params Parameters, ...) bool
- func SwitchCiphertextRingDegree(ctIn *Ciphertext, ctOut *Ciphertext)
- func SwitchCiphertextRingDegreeNTT(ctIn *Ciphertext, ringQSmallDim, ringQLargeDim *ring.Ring, ctOut *Ciphertext)
- func SwitchingKeyIsCorrect(swk *SwitchingKey, skIn, skOut *SecretKey, params Parameters, log2Bound int) bool
- type AdditiveShare
- type AdditiveShareBigint
- type Ciphertext
- func GetSmallestLargest(el0, el1 *Ciphertext) (smallest, largest *Ciphertext, sameDegree bool)
- func NewCiphertext(params Parameters, degree, level int) (ct *Ciphertext)
- func NewCiphertextAtLevelFromPoly(level int, poly []*ring.Poly) (ct *Ciphertext)
- func NewCiphertextRandom(prng utils.PRNG, params Parameters, degree, level int) (ciphertext *Ciphertext)
- func (ct *Ciphertext) Copy(ctxCopy *Ciphertext)
- func (ct *Ciphertext) CopyNew() *Ciphertext
- func (ct *Ciphertext) Decode64(data []byte) (ptr int, err error)
- func (ct *Ciphertext) Degree() int
- func (ct *Ciphertext) El() *Ciphertext
- func (ct *Ciphertext) Encode64(data []byte) (ptr int, err error)
- func (ct *Ciphertext) GetScale() Scale
- func (ct *Ciphertext) Level() int
- func (ct *Ciphertext) MarshalBinary() (data []byte, err error)
- func (ct *Ciphertext) MarshalBinarySize() (dataLen int)
- func (ct *Ciphertext) Resize(degree, level int)
- func (ct *Ciphertext) SetScale(scale Scale)
- func (ct *Ciphertext) UnmarshalBinary(data []byte) (err error)
- type CiphertextQP
- type Decryptor
- type Encryptor
- type EvaluationKey
- type Evaluator
- func (eval *Evaluator) Automorphism(ctIn *Ciphertext, galEl uint64, ctOut *Ciphertext)
- func (eval *Evaluator) AutomorphismHoisted(level int, ctIn *Ciphertext, c1DecompQP []ringqp.Poly, galEl uint64, ...)
- func (eval *Evaluator) AutomorphismHoistedLazy(levelQ int, c0 *ring.Poly, c1DecompQP []ringqp.Poly, galEl uint64, ...)
- func (eval *Evaluator) CheckBinary(op0, op1, opOut Operand, opOutMinDegree int) (degree, level int)
- func (eval *Evaluator) CheckUnary(op0, opOut Operand) (degree, level int)
- func (eval *Evaluator) DecomposeNTT(levelQ, levelP, nbPi int, c2 *ring.Poly, c2IsNTT bool, ...)
- func (eval *Evaluator) DecomposeSingleNTT(levelQ, levelP, nbPi, decompRNS int, c2NTT, c2InvNTT, c2QiQ, c2QiP *ring.Poly)
- func (eval *Evaluator) Expand(ctIn *Ciphertext, logN, logGap int) (ctOut []*Ciphertext)
- func (eval *Evaluator) GadgetProduct(levelQ int, cx *ring.Poly, gadgetCt GadgetCiphertext, ct *Ciphertext)
- func (eval *Evaluator) GadgetProductLazy(levelQ int, cx *ring.Poly, gadgetCt GadgetCiphertext, ct CiphertextQP)
- func (eval *Evaluator) GadgetProductSinglePAndBitDecompLazy(levelQ int, cx *ring.Poly, gadgetCt GadgetCiphertext, ct CiphertextQP)
- func (eval *Evaluator) InnerSum(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)
- func (eval *Evaluator) KeyswitchHoisted(levelQ int, BuffQPDecompQP []ringqp.Poly, evakey *SwitchingKey, ...)
- func (eval *Evaluator) KeyswitchHoistedLazy(levelQ int, BuffQPDecompQP []ringqp.Poly, evakey *SwitchingKey, ...)
- func (eval *Evaluator) Merge(ctIn map[int]*Ciphertext) (ctOut *Ciphertext)
- func (eval *Evaluator) Parameters() Parameters
- func (eval *Evaluator) Relinearize(ctIn *Ciphertext, ctOut *Ciphertext)
- func (eval *Evaluator) Replicate(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)
- func (eval *Evaluator) ShallowCopy() *Evaluator
- func (eval *Evaluator) SwitchKeys(ctIn *Ciphertext, switchingKey *SwitchingKey, ctOut *Ciphertext)
- func (eval *Evaluator) Trace(ctIn *Ciphertext, logN int, ctOut *Ciphertext)
- func (eval *Evaluator) WithKey(evaluationKey *EvaluationKey) *Evaluator
- type GadgetCiphertext
- func (ct *GadgetCiphertext) CopyNew() (ctCopy *GadgetCiphertext)
- func (ct *GadgetCiphertext) Decode(data []byte) (ptr int, err error)
- func (ct *GadgetCiphertext) Encode(data []byte) (ptr int, err error)
- func (ct *GadgetCiphertext) Equals(other *GadgetCiphertext) bool
- func (ct *GadgetCiphertext) LevelP() int
- func (ct *GadgetCiphertext) LevelQ() int
- func (ct *GadgetCiphertext) MarshalBinary() (data []byte, err error)
- func (ct *GadgetCiphertext) MarshalBinarySize() (dataLen int)
- func (ct *GadgetCiphertext) UnmarshalBinary(data []byte) (err error)
- type GadgetPlaintext
- type KeyGenerator
- type MetaData
- func (m *MetaData) Decode64(data []byte) (ptr int, err error)
- func (m *MetaData) Encode64(data []byte) (ptr int, err error)
- func (m *MetaData) Equal(other MetaData) (res bool)
- func (m *MetaData) MarshalBinary() (data []byte, err error)
- func (m *MetaData) MarshalBinarySize() int
- func (m *MetaData) UnmarshalBinary(data []byte) (err error)
- type Operand
- type PRNGEncryptor
- type Parameters
- func (p Parameters) CopyNew() Parametersdeprecated
- func (p Parameters) DecompPw2(levelQ, levelP int) (c int)
- func (p Parameters) DecompRNS(levelQ, levelP int) int
- func (p Parameters) DefaultNTTFlag() bool
- func (p Parameters) DefaultScale() Scale
- func (p Parameters) Equals(other Parameters) bool
- func (p Parameters) GaloisElementForColumnRotationBy(k int) uint64
- func (p Parameters) GaloisElementForExpand(logN int) (galEls []uint64)
- func (p Parameters) GaloisElementForRowRotation() uint64
- func (p Parameters) GaloisElementsForMerge() (galEls []uint64)
- func (p Parameters) GaloisElementsForRowInnerSum() (galEls []uint64)
- func (p Parameters) GaloisElementsForTrace(logN int) (galEls []uint64)
- func (p Parameters) HammingWeight() int
- func (p Parameters) InverseGaloisElement(galEl uint64) uint64
- func (p Parameters) LogN() int
- func (p Parameters) LogP() int
- func (p Parameters) LogQ() int
- func (p Parameters) LogQP() int
- func (p Parameters) MarshalBinary() ([]byte, error)
- func (p Parameters) MarshalBinarySize() int
- func (p Parameters) MarshalJSON() ([]byte, error)
- func (p Parameters) MaxBit(levelQ, levelP int) (c int)
- func (p Parameters) MaxLevel() int
- func (p Parameters) MaxLevelP() int
- func (p Parameters) MaxLevelQ() int
- func (p Parameters) N() int
- func (p Parameters) NewScale(scale interface{}) Scale
- func (p Parameters) NoiseBound() uint64
- func (p Parameters) P() []uint64
- func (p Parameters) PBigInt() *big.Int
- func (p Parameters) PCount() int
- func (p Parameters) ParametersLiteral() ParametersLiteral
- func (p *Parameters) PiOverflowMargin(level int) int
- func (p Parameters) Pow2Base() int
- func (p Parameters) Q() []uint64
- func (p Parameters) QBigInt() *big.Int
- func (p Parameters) QCount() int
- func (p Parameters) QP() []uint64
- func (p Parameters) QPBigInt() *big.Int
- func (p Parameters) QPCount() int
- func (p Parameters) QiFloat64(level int) float64
- func (p *Parameters) QiOverflowMargin(level int) int
- func (p Parameters) RingP() *ring.Ring
- func (p Parameters) RingQ() *ring.Ring
- func (p Parameters) RingQP() *ringqp.Ring
- func (p Parameters) RingType() ring.Type
- func (p Parameters) RotationFromGaloisElement(galEl uint64) (k uint64)
- func (p Parameters) RotationsForInnerSum(batch, n int) (rotations []int)
- func (p Parameters) RotationsForReplicate(batch, n int) (rotations []int)
- func (p Parameters) Sigma() float64
- func (p Parameters) StandardParameters() (pci Parameters, err error)
- func (p *Parameters) UnmarshalBinary(data []byte) error
- func (p *Parameters) UnmarshalJSON(data []byte) (err error)
- type ParametersLiteral
- type Plaintext
- type PublicKey
- func (pk *PublicKey) CopyNew() *PublicKey
- func (pk *PublicKey) Equals(other *PublicKey) bool
- func (pk *PublicKey) LevelP() int
- func (pk *PublicKey) LevelQ() int
- func (pk *PublicKey) MarshalBinary() (data []byte, err error)
- func (pk *PublicKey) MarshalBinarySize() (dataLen int)
- func (pk *PublicKey) UnmarshalBinary(data []byte) (err error)
- type RelinearizationKey
- func (rlk *RelinearizationKey) CopyNew() *RelinearizationKey
- func (rlk *RelinearizationKey) Equals(other *RelinearizationKey) bool
- func (rlk *RelinearizationKey) MarshalBinary() (data []byte, err error)
- func (rlk *RelinearizationKey) MarshalBinarySize() (dataLen int)
- func (rlk *RelinearizationKey) UnmarshalBinary(data []byte) (err error)
- type RotationKeySet
- func (rtks *RotationKeySet) Equals(other *RotationKeySet) bool
- func (rtks *RotationKeySet) GetRotationKey(galoisEl uint64) (*SwitchingKey, bool)
- func (rtks *RotationKeySet) Includes(other *RotationKeySet) bool
- func (rtks *RotationKeySet) MarshalBinary() (data []byte, err error)
- func (rtks *RotationKeySet) MarshalBinarySize() (dataLen int)
- func (rtks *RotationKeySet) UnmarshalBinary(data []byte) (err error)
- type Scale
- func (s Scale) Cmp(s1 Scale) (cmp int)
- func (s *Scale) Decode(data []byte) (err error)
- func (s Scale) Div(s1 Scale) Scale
- func (s Scale) Encode(data []byte) (err error)
- func (s Scale) Float64() float64
- func (s Scale) MarshalBinarySize() int
- func (s Scale) Max(s1 Scale) (max Scale)
- func (s Scale) Min(s1 Scale) (max Scale)
- func (s Scale) Mul(s1 Scale) Scale
- func (s Scale) Uint64() uint64
- type SecretKey
- type SwitchingKey
Constants ¶
const DefaultSigma = 3.2
DefaultSigma is the default error distribution standard deviation
const GaloisGen uint64 = ring.GaloisGen
GaloisGen is an integer of order N=2^d modulo M=2N and that spans Z_M with the integer -1. The j-th ring automorphism takes the root zeta to zeta^(5j).
const MaxLogN = 17
MaxLogN is the log2 of the largest supported polynomial modulus degree.
const MaxModuliCount = 34
MaxModuliCount is the largest supported number of moduli in the RNS representation.
const MaxModuliSize = 60
MaxModuliSize is the largest bit-length supported for the moduli in the RNS representation.
const MinLogN = 4
MinLogN is the log2 of the smallest supported polynomial modulus degree (needed to ensure the NTT correctness).
const ( // ScalePrecision is the default precision of the scale. ScalePrecision = uint(128) )
Variables ¶
var ( // TestPN10QP27 is a set of default parameters with logN=10 and logQP=27 TestPN10QP27 = ParametersLiteral{ LogN: 10, Q: []uint64{0x7fff801}, Pow2Base: 2, } // TestPN11QP54 is a set of default parameters with logN=11 and logQP=54 TestPN11QP54 = ParametersLiteral{ LogN: 11, Q: []uint64{0x15400000001}, P: []uint64{0x3001}, Pow2Base: 14, } // TestPN12QP109 is a set of default parameters with logN=12 and logQP=109 TestPN12QP109 = ParametersLiteral{ LogN: 12, Q: []uint64{0x7ffffffec001, 0x400000008001}, P: []uint64{0xa001}, Pow2Base: 16, } // TestPN13QP218 is a set of default parameters with logN=13 and logQP=218 TestPN13QP218 = ParametersLiteral{ LogN: 13, Q: []uint64{0x3fffffffef8001, 0x4000000011c001, 0x40000000120001}, P: []uint64{0x7ffffffffb4001}, } // TestPN14QP438 is a set of default parameters with logN=14 and logQP=438 TestPN14QP438 = ParametersLiteral{ LogN: 14, Q: []uint64{0x100000000060001, 0x80000000068001, 0x80000000080001, 0x3fffffffef8001, 0x40000000120001, 0x3fffffffeb8001}, P: []uint64{0x80000000130001, 0x7fffffffe90001}, } // TestPN15QP880 is a set of default parameters with logN=15 and logQP=880 TestPN15QP880 = ParametersLiteral{ LogN: 15, Q: []uint64{0x7ffffffffe70001, 0x7ffffffffe10001, 0x7ffffffffcc0001, 0x400000000270001, 0x400000000350001, 0x400000000360001, 0x3ffffffffc10001, 0x3ffffffffbe0001, 0x3ffffffffbd0001, 0x4000000004d0001, 0x400000000570001, 0x400000000660001}, P: []uint64{0xffffffffffc0001, 0x10000000001d0001, 0x10000000006e0001}, } // TestPN16QP240 is a set of default parameters with logN=16 and logQP=240 TestPN16QP240 = ParametersLiteral{ LogN: 16, LogQ: []int{60, 60, 60}, LogP: []int{60}, } // TestPN17QP360 is a set of default parameters with logN=17 and logQP=360 TestPN17QP360 = ParametersLiteral{ LogN: 17, LogQ: []int{60, 60, 60, 60}, LogP: []int{60, 60}, } DefaultParams = []ParametersLiteral{TestPN10QP27, TestPN11QP54, TestPN12QP109, TestPN13QP218, TestPN14QP438, TestPN15QP880, TestPN16QP240, TestPN17QP360} )
Functions ¶
func AddPolyTimesGadgetVectorToGadgetCiphertext ¶
func AddPolyTimesGadgetVectorToGadgetCiphertext(pt *ring.Poly, cts []GadgetCiphertext, ringQP ringqp.Ring, logbase2 int, buff *ring.Poly)
AddPolyTimesGadgetVectorToGadgetCiphertext takes a plaintext polynomial and a list of Ciphertexts and adds the plaintext times the RNS and BIT decomposition to the i-th element of the i-th Ciphertexts. This method panics if len(cts) > 2.
func AddPolyToGadgetMatrix ¶
func AddPolyToGadgetMatrix(pt *ring.Poly, gm [][]ringqp.Poly, ringQP ringqp.Ring, logbase2 int, buff *ring.Poly)
AddPolyToGadgetMatrix takes a plaintext polynomial and a list of ringqp.Poly and adds the plaintext times the RNS and BIT decomposition to the list of ringqp.Poly.
func CheckModuli ¶
CheckModuli checks that the provided q and p correspond to a valid moduli chain.
func Norm ¶
func Norm(ct *Ciphertext, dec Decryptor) (std, min, max float64)
Norm returns the log2 of the standard deviation, minimum and maximum absolute norm of the decrypted Ciphertext, before the decoding (i.e. including the error).
func PopulateElementRandom ¶
func PopulateElementRandom(prng utils.PRNG, params Parameters, ct *Ciphertext)
PopulateElementRandom creates a new rlwe.Element with random coefficients.
func PublicKeyIsCorrect ¶
func PublicKeyIsCorrect(pk *PublicKey, sk *SecretKey, params Parameters, log2Bound int) bool
PublicKeyIsCorrect returns true if pk is a correct RLWE public-key for secret-key sk and parameters params.
func RelinearizationKeyIsCorrect ¶
func RelinearizationKeyIsCorrect(rlk *SwitchingKey, skIdeal *SecretKey, params Parameters, log2Bound int) bool
RelinearizationKeyIsCorrect returns true if swk is a correct RLWE relinearization-key for secret-key sk and parameters params.
func RotationKeyIsCorrect ¶
func RotationKeyIsCorrect(swk *SwitchingKey, galEl uint64, skIdeal *SecretKey, params Parameters, log2Bound int) bool
RotationKeyIsCorrect returns true if swk is a correct RLWE switching-key for galois element galEl, secret-key sk and parameters params.
func SwitchCiphertextRingDegree ¶
func SwitchCiphertextRingDegree(ctIn *Ciphertext, ctOut *Ciphertext)
SwitchCiphertextRingDegree changes the ring degree of ctIn to the one of ctOut. Maps Y^{N/n} -> X^{N} or X^{N} -> Y^{N/n}. If the ring degree of ctOut is larger than the one of ctIn, then the ringQ of ctIn must be provided (otherwise, a nil pointer).
func SwitchCiphertextRingDegreeNTT ¶
func SwitchCiphertextRingDegreeNTT(ctIn *Ciphertext, ringQSmallDim, ringQLargeDim *ring.Ring, ctOut *Ciphertext)
SwitchCiphertextRingDegreeNTT changes the ring degree of ctIn to the one of ctOut. Maps Y^{N/n} -> X^{N} or X^{N} -> Y^{N/n}. If the ring degree of ctOut is larger than the one of ctIn, then the ringQ of ctIn must be provided (otherwise, a nil pointer). The ctIn must be in the NTT domain and ctOut will be in the NTT domain.
func SwitchingKeyIsCorrect ¶
func SwitchingKeyIsCorrect(swk *SwitchingKey, skIn, skOut *SecretKey, params Parameters, log2Bound int) bool
SwitchingKeyIsCorrect returns true if swk is a correct RLWE switching-key for input key skIn, output key skOut and parameters params.
Types ¶
type AdditiveShare ¶
type AdditiveShare struct {
}AdditiveShare is a type for storing additively shared values in Z_Q[X] (RNS domain).
func NewAdditiveShare ¶
func NewAdditiveShare(params Parameters) *AdditiveShare
NewAdditiveShare instantiates a new additive share struct for the ring defined by the given parameters at maximum level.
func NewAdditiveShareAtLevel ¶
func NewAdditiveShareAtLevel(params Parameters, level int) *AdditiveShare
NewAdditiveShareAtLevel instantiates a new additive share struct for the ring defined by the given parameters at level `level`.
type AdditiveShareBigint ¶
type AdditiveShareBigint struct {
}AdditiveShareBigint is a type for storing additively shared values in Z (positional domain).
func NewAdditiveShareBigint ¶
func NewAdditiveShareBigint(params Parameters, n int) *AdditiveShareBigint
NewAdditiveShareBigint instantiates a new additive share struct composed of "n" big.Int elements.
type Ciphertext ¶
Ciphertext is a generic type for RLWE ciphertexts.
func GetSmallestLargest ¶
func GetSmallestLargest(el0, el1 *Ciphertext) (smallest, largest *Ciphertext, sameDegree bool)
GetSmallestLargest returns the provided element that has the smallest degree as a first returned value and the largest degree as second return value. If the degree match, the order is the same as for the input.
func NewCiphertext ¶
func NewCiphertext(params Parameters, degree, level int) (ct *Ciphertext)
NewCiphertext returns a new Ciphertext with zero values and an associated MetaData set to the Parameters default value.
func NewCiphertextAtLevelFromPoly ¶
func NewCiphertextAtLevelFromPoly(level int, poly []*ring.Poly) (ct *Ciphertext)
NewCiphertextAtLevelFromPoly constructs a new Ciphertext at a specific level where the message is set to the passed poly. No checks are performed on poly and the returned Ciphertext will share its backing array of coefficients. Returned Ciphertext's MetaData is empty.
func NewCiphertextRandom ¶
func NewCiphertextRandom(prng utils.PRNG, params Parameters, degree, level int) (ciphertext *Ciphertext)
NewCiphertextRandom generates a new uniformly distributed Ciphertext of degree, level.
func (*Ciphertext) Copy ¶
func (ct *Ciphertext) Copy(ctxCopy *Ciphertext)
Copy copies the input element and its parameters on the target element.
func (*Ciphertext) CopyNew ¶
func (ct *Ciphertext) CopyNew() *Ciphertext
CopyNew creates a new element as a copy of the target element.
func (*Ciphertext) Decode64 ¶
func (ct *Ciphertext) Decode64(data []byte) (ptr int, err error)
Decode64 decodes a slice of bytes in the target Ciphertext and returns the number of bytes decoded. The method will first try to write on the buffer. If this step fails, either because the buffer isn't allocated or because it has the wrong size, the method will allocate the correct buffer. Assumes that each coefficient is encoded on 8 bytes.
func (*Ciphertext) Degree ¶
func (ct *Ciphertext) Degree() int
Degree returns the degree of the target Ciphertext.
func (*Ciphertext) Encode64 ¶
func (ct *Ciphertext) Encode64(data []byte) (ptr int, err error)
Encode64 encodes the target Ciphertext on a byte array, using 8 bytes per coefficient. It returns the number of written bytes, and the corresponding error, if it occurred.
func (*Ciphertext) GetScale ¶
func (ct *Ciphertext) GetScale() Scale
GetScale gets the scale of the target ciphertext.
func (*Ciphertext) Level ¶
func (ct *Ciphertext) Level() int
Level returns the level of the target Ciphertext.
func (*Ciphertext) MarshalBinary ¶
func (ct *Ciphertext) MarshalBinary() (data []byte, err error)
MarshalBinary encodes a Ciphertext on a byte slice. The total size in bytes is 4 + 8* N * numberModuliQ * (degree + 1).
func (*Ciphertext) MarshalBinarySize ¶
func (ct *Ciphertext) MarshalBinarySize() (dataLen int)
MarshalBinarySize returns the length in bytes of the target Ciphertext.
func (*Ciphertext) Resize ¶
func (ct *Ciphertext) Resize(degree, level int)
Resize resizes the degree of the target element. Sets the NTT flag of the added poly equal to the NTT flag to the poly at degree zero.
func (*Ciphertext) SetScale ¶
func (ct *Ciphertext) SetScale(scale Scale)
SetScale sets the scale of the target ciphertext.
func (*Ciphertext) UnmarshalBinary ¶
func (ct *Ciphertext) UnmarshalBinary(data []byte) (err error)
UnmarshalBinary decodes a previously marshaled Ciphertext on the target Ciphertext.
type CiphertextQP ¶
CiphertextQP is a generic type for RLWE ciphertexts in R_qp. It contains no MetaData.
func NewCiphertextQP ¶
func NewCiphertextQP(params Parameters, levelQ, levelP int) CiphertextQP
NewCiphertextQP allocates a new CiphertextQP.
func (*CiphertextQP) CopyNew ¶
func (ct *CiphertextQP) CopyNew() *CiphertextQP
CopyNew returns a copy of the target CiphertextQP.
func (*CiphertextQP) Decode64 ¶
func (ct *CiphertextQP) Decode64(data []byte) (ptr int, err error)
Decode64 decodes a slice of bytes in the target CiphertextQP and returns the number of bytes decoded. The method will first try to write on the buffer. If this step fails, either because the buffer isn't allocated or because it has the wrong size, the method will allocate the correct buffer. Assumes that each coefficient is encoded on 8 bytes.
func (*CiphertextQP) Encode64 ¶
func (ct *CiphertextQP) Encode64(data []byte) (ptr int, err error)
Encode64 encodes the target CiphertextQP on a byte array, using 8 bytes per coefficient. It returns the number of written bytes, and the corresponding error, if it occurred.
func (*CiphertextQP) MarshalBinarySize ¶
func (ct *CiphertextQP) MarshalBinarySize() int
MarshalBinarySize returns the length in bytes of the target CiphertextQP.
type Decryptor ¶
type Decryptor interface { Decrypt(ct *Ciphertext, pt *Plaintext) DecryptNew(ct *Ciphertext) (pt *Plaintext) ShallowCopy() Decryptor WithKey(sk *SecretKey) Decryptor }
Decryptor is an RLWE decryption interface.
func NewDecryptor ¶
func NewDecryptor(params Parameters, sk *SecretKey) Decryptor
NewDecryptor instantiates a new generic RLWE Decryptor.
type Encryptor ¶
type Encryptor interface { Encrypt(pt *Plaintext, ct interface{}) EncryptZero(ct interface{}) EncryptZeroNew(level int) (ct *Ciphertext) EncryptNew(pt *Plaintext) (ct *Ciphertext) ShallowCopy() Encryptor WithKey(key interface{}) Encryptor }
Encryptor a generic RLWE encryption interface.
func NewEncryptor ¶
func NewEncryptor(params Parameters, key interface{}) Encryptor
NewEncryptor creates a new Encryptor Accepts either a secret-key or a public-key.
type EvaluationKey ¶
type EvaluationKey struct { Rlk *RelinearizationKey Rtks *RotationKeySet }
EvaluationKey is a type for storing generic RLWE public evaluation keys. An evaluation key is a union of a relinearization key and a set of rotation keys.
type Evaluator ¶
type Evaluator struct { Rlk *RelinearizationKey Rtks *RotationKeySet PermuteNTTIndex map[uint64][]uint64 BasisExtender *ring.BasisExtender Decomposer *ring.Decomposer // contains filtered or unexported fields }
Evaluator is a struct that holds the necessary elements to execute general homomorphic operation on RLWE ciphertexts, such as automorphisms, key-switching and relinearization.
func NewEvaluator ¶
func NewEvaluator(params Parameters, evaluationKey *EvaluationKey) (eval *Evaluator)
NewEvaluator creates a new Evaluator.
func (*Evaluator) Automorphism ¶
func (eval *Evaluator) Automorphism(ctIn *Ciphertext, galEl uint64, ctOut *Ciphertext)
Automorphism computes phi(ct), where phi is the map X -> X^galEl. The method requires that the corresponding RotationKey has been added to the Evaluator. The method will panic if either ctIn or ctOut degree is not equal to 1.
func (*Evaluator) AutomorphismHoisted ¶
func (eval *Evaluator) AutomorphismHoisted(level int, ctIn *Ciphertext, c1DecompQP []ringqp.Poly, galEl uint64, ctOut *Ciphertext)
AutomorphismHoisted is similar to Automorphism, except that it takes as input ctIn and c1DecompQP, where c1DecompQP is the RNS decomposition of its element of degree 1. This decomposition can be obtained with DecomposeNTT. The method requires that the corresponding RotationKey has been added to the Evaluator. The method will panic if either ctIn or ctOut degree is not equal to 1.
func (*Evaluator) AutomorphismHoistedLazy ¶
func (eval *Evaluator) AutomorphismHoistedLazy(levelQ int, c0 *ring.Poly, c1DecompQP []ringqp.Poly, galEl uint64, ctQP CiphertextQP)
AutomorphismHoistedLazy is similar to AutomorphismHoisted, except that it returns a ciphertext modulo QP and scaled by P. The method requires that the corresponding RotationKey has been added to the Evaluator. Requires that the NTT domain of c0 and ctQP are the same.
func (*Evaluator) CheckBinary ¶
CheckBinary checks that:
Inputs are not nil op0.Degree() + op1.Degree() != 0 (i.e at least one operand is a ciphertext) opOut.Degree() >= opOutMinDegree op0.IsNTT = DefaultNTTFlag op1.IsNTT = DefaultNTTFlag
and returns max(op0.Degree(), op1.Degree(), opOut.Degree()) and min(op0.Level(), op1.Level(), opOut.Level())
func (*Evaluator) CheckUnary ¶
CheckUnary checks that op0 and opOut are not nil and that op0 respects the DefaultNTTFlag. Also returns max(op0.Degree(), opOut.Degree()) and min(op0.Level(), opOut.Level()).
func (*Evaluator) DecomposeNTT ¶
func (eval *Evaluator) DecomposeNTT(levelQ, levelP, nbPi int, c2 *ring.Poly, c2IsNTT bool, BuffDecompQP []ringqp.Poly)
DecomposeNTT applies the full RNS basis decomposition on c2. Expects the IsNTT flag of c2 to correctly reflect the domain of c2. BuffQPDecompQ and BuffQPDecompQ are vectors of polynomials (mod Q and mod P) that store the special RNS decomposition of c2 (in the NTT domain)
func (*Evaluator) DecomposeSingleNTT ¶
func (eval *Evaluator) DecomposeSingleNTT(levelQ, levelP, nbPi, decompRNS int, c2NTT, c2InvNTT, c2QiQ, c2QiP *ring.Poly)
DecomposeSingleNTT takes the input polynomial c2 (c2NTT and c2InvNTT, respectively in the NTT and out of the NTT domain) modulo the RNS basis, and returns the result on c2QiQ and c2QiP, the receiver polynomials respectively mod Q and mod P (in the NTT domain)
func (*Evaluator) Expand ¶
func (eval *Evaluator) Expand(ctIn *Ciphertext, logN, logGap int) (ctOut []*Ciphertext)
Expand expands a RLWE Ciphertext encrypting sum ai * X^i to 2^logN ciphertexts, each encrypting ai * X^0 for 0 <= i < 2^LogN. That is, it extracts the first 2^logN coefficients, whose degree is a multiple of 2^logGap, of ctIn and returns an RLWE Ciphertext for each coefficient extracted.
func (*Evaluator) GadgetProduct ¶
func (eval *Evaluator) GadgetProduct(levelQ int, cx *ring.Poly, gadgetCt GadgetCiphertext, ct *Ciphertext)
GadgetProduct evaluates poly x Gadget -> RLWE where
p0 = dot(decomp(cx) * gadget[0]) mod Q p1 = dot(decomp(cx) * gadget[1]) mod Q
Expects the flag IsNTT of ct to correctly reflect the domain of cx.
func (*Evaluator) GadgetProductLazy ¶
func (eval *Evaluator) GadgetProductLazy(levelQ int, cx *ring.Poly, gadgetCt GadgetCiphertext, ct CiphertextQP)
GadgetProductLazy applies the gadget prodcut to the polynomial cx:
ct.Value[0] = dot(decomp(cx) * gadget[0]) mod QP (encrypted input is multiplied by P factor) ct.Value[1] = dot(decomp(cx) * gadget[1]) mod QP (encrypted input is multiplied by P factor)
Expects the flag IsNTT of ct to correctly reflect the domain of cx.
func (*Evaluator) GadgetProductSinglePAndBitDecompLazy ¶
func (eval *Evaluator) GadgetProductSinglePAndBitDecompLazy(levelQ int, cx *ring.Poly, gadgetCt GadgetCiphertext, ct CiphertextQP)
GadgetProductSinglePAndBitDecompLazy applies the key-switch to the polynomial cx:
ct.Value[0] = dot(decomp(cx) * evakey[0]) mod QP (encrypted input is multiplied by P factor) ct.Value[1] = dot(decomp(cx) * evakey[1]) mod QP (encrypted input is multiplied by P factor)
Expects the flag IsNTT of ct to correctly reflect the domain of cx.
func (*Evaluator) InnerSum ¶
func (eval *Evaluator) InnerSum(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)
InnerSum applies an optimized inner sum on the Ciphertext (log2(n) + HW(n) rotations with double hoisting). The operation assumes that `ctIn` encrypts SlotCount/`batchSize` sub-vectors of size `batchSize` which it adds together (in parallel) in groups of `n`. It outputs in ctOut a Ciphertext for which the "leftmost" sub-vector of each group is equal to the sum of the group.
func (*Evaluator) KeyswitchHoisted ¶
func (eval *Evaluator) KeyswitchHoisted(levelQ int, BuffQPDecompQP []ringqp.Poly, evakey *SwitchingKey, c0Q, c1Q, c0P, c1P *ring.Poly)
KeyswitchHoisted applies the key-switch to the decomposed polynomial c2 mod QP (BuffQPDecompQ and BuffQPDecompP) and divides the result by P, reducing the basis from QP to Q.
BuffQP2 = dot(BuffQPDecompQ||BuffQPDecompP * evakey[0]) mod Q BuffQP3 = dot(BuffQPDecompQ||BuffQPDecompP * evakey[1]) mod Q
func (*Evaluator) KeyswitchHoistedLazy ¶
func (eval *Evaluator) KeyswitchHoistedLazy(levelQ int, BuffQPDecompQP []ringqp.Poly, evakey *SwitchingKey, c0Q, c1Q, c0P, c1P *ring.Poly)
KeyswitchHoistedLazy applies the key-switch to the decomposed polynomial c2 mod QP (BuffQPDecompQ and BuffQPDecompP)
BuffQP2 = dot(BuffQPDecompQ||BuffQPDecompP * evakey[0]) mod QP BuffQP3 = dot(BuffQPDecompQ||BuffQPDecompP * evakey[1]) mod QP
func (*Evaluator) Merge ¶
func (eval *Evaluator) Merge(ctIn map[int]*Ciphertext) (ctOut *Ciphertext)
Merge merges a batch of RLWE, packing the first coefficient of each RLWE into a single RLWE.
Given P(Y) = sum[ct(P(X) = sum[a_{ij} * X^{j}]) * Y^{i}] returns ct(P(X) = sum[a_{0j} * X^{j}])
This method is not inplace and will modify the input ciphertexts. The operation will require N/gap + log(gap) key-switches, where gap is the minimum gap between two non-zero coefficients of the final Ciphertext. The method takes as input a map of Ciphertext, indexing in which coefficient of the final Ciphertext the first coefficient of each Ciphertext of the map must be packed. All input ciphertexts must be in the NTT domain; otherwise, the method will panic.
func (*Evaluator) Parameters ¶
func (eval *Evaluator) Parameters() Parameters
Parameters returns the parameters used to instantiate the target evaluator.
func (*Evaluator) Relinearize ¶
func (eval *Evaluator) Relinearize(ctIn *Ciphertext, ctOut *Ciphertext)
Relinearize applies the relinearization procedure on ct0 and returns the result in ctOut. The method will panic if the corresponding relinearization key to the ciphertext degree is missing.
func (*Evaluator) Replicate ¶
func (eval *Evaluator) Replicate(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)
Replicate applies an optimized replication on the Ciphertext (log2(n) + HW(n) rotations with double hoisting). It acts as the inverse of a inner sum (summing elements from left to right). The replication is parameterized by the size of the sub-vectors to replicate "batchSize" and the number of times 'n' they need to be replicated. To ensure correctness, a gap of zero values of size batchSize * (n-1) must exist between two consecutive sub-vectors to replicate. This method is faster than Replicate when the number of rotations is large and it uses log2(n) + HW(n) instead of 'n'.
func (*Evaluator) ShallowCopy ¶
ShallowCopy creates a shallow copy of this Evaluator in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned Evaluators can be used concurrently.
func (*Evaluator) SwitchKeys ¶
func (eval *Evaluator) SwitchKeys(ctIn *Ciphertext, switchingKey *SwitchingKey, ctOut *Ciphertext)
SwitchKeys re-encrypts ctIn under a different key and returns the result in ctOut. It requires a SwitchingKey, which is computed from the key under which the Ciphertext is currently encrypted and the key under which the Ciphertext will be re-encrypted. The method will panic if either ctIn or ctOut degree isn't 1.
func (*Evaluator) Trace ¶
func (eval *Evaluator) Trace(ctIn *Ciphertext, logN int, ctOut *Ciphertext)
Trace maps X -> sum((-1)^i * X^{i*n+1}) for n <= i < N Monomial X^k vanishes if k is not divisible by (N/n), otherwise it is multiplied by (N/n). Ciphertext is pre-multiplied by (N/n)^-1 to remove the (N/n) factor. Examples of full Trace for [0 + 1X + 2X^2 + 3X^3 + 4X^4 + 5X^5 + 6X^6 + 7X^7]
1.
[1 + 2X + 3X^2 + 4X^3 + 5X^4 + 6X^5 + 7X^6 + 8X^7] + [1 - 6X - 3X^2 + 8X^3 + 5X^4 + 2X^5 - 7X^6 - 4X^7] {X-> X^(i * 5^1)} = [2 - 4X + 0X^2 +12X^3 +10X^4 + 8X^5 - 0X^6 + 4X^7]
2.
[2 - 4X + 0X^2 +12X^3 +10X^4 + 8X^5 - 0X^6 + 4X^7] + [2 + 4X + 0X^2 -12X^3 +10X^4 - 8X^5 + 0X^6 - 4X^7] {X-> X^(i * 5^2)} = [4 + 0X + 0X^2 - 0X^3 +20X^4 + 0X^5 + 0X^6 - 0X^7]
3.
[4 + 0X + 0X^2 - 0X^3 +20X^4 + 0X^5 + 0X^6 - 0X^7] + [4 + 0X + 0X^2 - 0X^3 -20X^4 + 0X^5 + 0X^6 - 0X^7] {X-> X^(i * -1)} = [8 + 0X + 0X^2 - 0X^3 + 0X^4 + 0X^5 + 0X^6 - 0X^7]
func (*Evaluator) WithKey ¶
func (eval *Evaluator) WithKey(evaluationKey *EvaluationKey) *Evaluator
WithKey creates a shallow copy of the receiver Evaluator for which the new EvaluationKey is evaluationKey and where the temporary buffers are shared. The receiver and the returned Evaluators cannot be used concurrently.
type GadgetCiphertext ¶
type GadgetCiphertext struct {
Value [][]CiphertextQP
}
GadgetCiphertext is a struct for storing an encrypted plaintext times the gadget power matrix.
func NewGadgetCiphertext ¶
func NewGadgetCiphertext(params Parameters, levelQ, levelP, decompRNS, decompBIT int) (ct *GadgetCiphertext)
NewGadgetCiphertext returns a new Ciphertext key with pre-allocated zero-value. Ciphertext is always in the NTT domain.
func (*GadgetCiphertext) CopyNew ¶
func (ct *GadgetCiphertext) CopyNew() (ctCopy *GadgetCiphertext)
CopyNew creates a deep copy of the receiver Ciphertext and returns it.
func (*GadgetCiphertext) Decode ¶
func (ct *GadgetCiphertext) Decode(data []byte) (ptr int, err error)
Decode decodes a slice of bytes on the target ciphertext.
func (*GadgetCiphertext) Encode ¶
func (ct *GadgetCiphertext) Encode(data []byte) (ptr int, err error)
Encode encodes the target ciphertext on a pre-allocated slice of bytes.
func (*GadgetCiphertext) Equals ¶
func (ct *GadgetCiphertext) Equals(other *GadgetCiphertext) bool
Equals checks two Ciphertexts for equality.
func (*GadgetCiphertext) LevelP ¶
func (ct *GadgetCiphertext) LevelP() int
LevelP returns the level of the modulus P of the target Ciphertext.
func (*GadgetCiphertext) LevelQ ¶
func (ct *GadgetCiphertext) LevelQ() int
LevelQ returns the level of the modulus Q of the target Ciphertext.
func (*GadgetCiphertext) MarshalBinary ¶
func (ct *GadgetCiphertext) MarshalBinary() (data []byte, err error)
MarshalBinary encodes the target Ciphertext on a slice of bytes.
func (*GadgetCiphertext) MarshalBinarySize ¶
func (ct *GadgetCiphertext) MarshalBinarySize() (dataLen int)
MarshalBinarySize returns the length in bytes of the target GadgetCiphertext.
func (*GadgetCiphertext) UnmarshalBinary ¶
func (ct *GadgetCiphertext) UnmarshalBinary(data []byte) (err error)
UnmarshalBinary decodes a slice of bytes on the target Ciphertext.
type GadgetPlaintext ¶
GadgetPlaintext stores a RGSW plaintext value.
func NewGadgetPlaintext ¶
func NewGadgetPlaintext(params Parameters, value interface{}, levelQ, levelP, logBase2, decompBIT int) (pt *GadgetPlaintext)
NewGadgetPlaintext creates a new gadget plaintext from value, which can be either uint64, int64 or *ring.Poly. Plaintext is returned in the NTT and Mongtomery domain.
type KeyGenerator ¶
type KeyGenerator interface { GenSecretKey() (sk *SecretKey) GenSecretKeyGaussian() (sk *SecretKey) GenSecretKeyWithDistrib(p float64) (sk *SecretKey) GenSecretKeyWithHammingWeight(hw int) (sk *SecretKey) GenPublicKey(sk *SecretKey) (pk *PublicKey) GenKeyPair() (sk *SecretKey, pk *PublicKey) GenRelinearizationKey(sk *SecretKey, maxDegree int) (evk *RelinearizationKey) GenSwitchingKey(skInput, skOutput *SecretKey) (newevakey *SwitchingKey) GenSwitchingKeyForGalois(galEl uint64, sk *SecretKey) (swk *SwitchingKey) GenRotationKeys(galEls []uint64, sk *SecretKey) (rks *RotationKeySet) GenSwitchingKeyForRotationBy(k int, sk *SecretKey) (swk *SwitchingKey) GenRotationKeysForRotations(ks []int, inclueSwapRows bool, sk *SecretKey) (rks *RotationKeySet) GenSwitchingKeyForRowRotation(sk *SecretKey) (swk *SwitchingKey) GenRotationKeysForInnerSum(sk *SecretKey) (rks *RotationKeySet) GenSwitchingKeysForRingSwap(skCKKS, skCI *SecretKey) (stdToci, ciToStd *SwitchingKey) }
KeyGenerator is an interface implementing the methods of the KeyGenerator.
func NewKeyGenerator ¶
func NewKeyGenerator(params Parameters) KeyGenerator
NewKeyGenerator creates a new KeyGenerator, from which the secret and public keys, as well as the evaluation, rotation and switching keys can be generated.
type MetaData ¶
MetaData is a struct storing metadata.
func (*MetaData) Decode64 ¶
Decode64 decodes a slice of bytes in the target MetaData and returns the number of bytes decoded. The method will first try to write on the buffer. If this step fails, either because the buffer isn't allocated or because it has the wrong size, the method will allocate the correct buffer. Assumes that each coefficient is encoded on 8 bytes.
func (*MetaData) Encode64 ¶
Encode64 encodes the target MetaData on a byte array, using 8 bytes per coefficient. It returns the number of written bytes, and the corresponding error, if it occurred.
func (*MetaData) MarshalBinary ¶
MarshalBinary encodes a MetaData on a byte slice.
func (*MetaData) MarshalBinarySize ¶
MarshalBinarySize returns the length in bytes of the target MetaData.
func (*MetaData) UnmarshalBinary ¶
UnmarshalBinary decodes a previously marshaled MetaData on the target MetaData.
type Operand ¶
type Operand interface { El() *Ciphertext Degree() int Level() int GetScale() Scale SetScale(Scale) }
Operand is a common interface for Ciphertext and Plaintext types.
type PRNGEncryptor ¶
type PRNGEncryptor interface { Encryptor WithPRNG(prng utils.PRNG) PRNGEncryptor }
PRNGEncryptor is an interface for encrypting RLWE ciphertexts from a secret-key and a pre-determined PRNG. An Encryptor constructed from a secret-key complies to this interface.
func NewPRNGEncryptor ¶
func NewPRNGEncryptor(params Parameters, key *SecretKey) PRNGEncryptor
NewPRNGEncryptor creates a new PRNGEncryptor instance.
type Parameters ¶
type Parameters struct {
// contains filtered or unexported fields
}
Parameters represents a set of generic RLWE parameters. Its fields are private and immutable. See ParametersLiteral for user-specified parameters.
func NewParameters ¶
func NewParameters(logn int, q, p []uint64, pow2Base, h int, sigma float64, ringType ring.Type, defaultScale Scale, defaultNTTFlag bool) (Parameters, error)
NewParameters returns a new set of generic RLWE parameters from the given ring degree logn, moduli q and p, and error distribution parameter sigma. It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.
func NewParametersFromLiteral ¶
func NewParametersFromLiteral(paramDef ParametersLiteral) (Parameters, error)
NewParametersFromLiteral instantiate a set of generic RLWE parameters from a ParametersLiteral specification. It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.
If the moduli chain is specified through the LogQ and LogP fields, the method generates a moduli chain matching the specified sizes (see `GenModuli`).
If the secrets' density parameter (H) is left unset, its value is set to 2^(paramDef.LogN-1) to match the standard ternary distribution.
If the error variance is left unset, its value is set to `DefaultSigma`.
If the RingType is left unset, the default value is ring.Standard.
func (Parameters) CopyNew
deprecated
func (p Parameters) CopyNew() Parameters
CopyNew makes a deep copy of the receiver and returns it.
Deprecated: Parameter is now a read-only struct, except for the UnmarshalBinary method: deep copying should only be required to save a Parameter struct before calling its UnmarshalBinary method and it will be deprecated when transitioning to a immutable serialization interface.
func (Parameters) DecompPw2 ¶
func (p Parameters) DecompPw2(levelQ, levelP int) (c int)
DecompPw2 returns ceil(p.MaxBitQ(levelQ, levelP)/bitDecomp).
func (Parameters) DecompRNS ¶
func (p Parameters) DecompRNS(levelQ, levelP int) int
DecompRNS returns the number of element in the RNS decomposition basis: Ceil(lenQi / lenPi)
func (Parameters) DefaultNTTFlag ¶
func (p Parameters) DefaultNTTFlag() bool
DefaultNTTFlag returns the default NTT flag.
func (Parameters) DefaultScale ¶
func (p Parameters) DefaultScale() Scale
DefaultScale returns the default scale, if any.
func (Parameters) Equals ¶
func (p Parameters) Equals(other Parameters) bool
Equals checks two Parameter structs for equality.
func (Parameters) GaloisElementForColumnRotationBy ¶
func (p Parameters) GaloisElementForColumnRotationBy(k int) uint64
GaloisElementForColumnRotationBy returns the Galois element for plaintext column rotations by k position to the left. Providing a negative k is equivalent to a right rotation.
func (Parameters) GaloisElementForExpand ¶
func (p Parameters) GaloisElementForExpand(logN int) (galEls []uint64)
GaloisElementForExpand returns the list of Galois elements required to perform the Expand operation.
func (Parameters) GaloisElementForRowRotation ¶
func (p Parameters) GaloisElementForRowRotation() uint64
GaloisElementForRowRotation returns the Galois element for generating the row rotation automorphism
func (Parameters) GaloisElementsForMerge ¶
func (p Parameters) GaloisElementsForMerge() (galEls []uint64)
GaloisElementsForMerge returns the list of Galois elements required to perform the Merge operation.
func (Parameters) GaloisElementsForRowInnerSum ¶
func (p Parameters) GaloisElementsForRowInnerSum() (galEls []uint64)
GaloisElementsForRowInnerSum returns a list of all Galois elements required to perform an InnerSum operation. This corresponds to all the left rotations by k-positions where k is a power of two and the row-rotation element.
func (Parameters) GaloisElementsForTrace ¶
func (p Parameters) GaloisElementsForTrace(logN int) (galEls []uint64)
GaloisElementsForTrace generates the Galois elements for the Trace evaluation. Trace maps X -> sum((-1)^i * X^{i*n+1}) for 2^{LogN} <= i < N.
func (Parameters) HammingWeight ¶
func (p Parameters) HammingWeight() int
HammingWeight returns the number of non-zero coefficients in secret-keys.
func (Parameters) InverseGaloisElement ¶
func (p Parameters) InverseGaloisElement(galEl uint64) uint64
InverseGaloisElement takes a Galois element and returns the Galois element corresponding to the inverse automorphism
func (Parameters) LogN ¶
func (p Parameters) LogN() int
LogN returns the log of the degree of the polynomial ring
func (Parameters) LogP ¶
func (p Parameters) LogP() int
LogP returns the size of the extended modulus P in bits
func (Parameters) LogQ ¶
func (p Parameters) LogQ() int
LogQ returns the size of the extended modulus Q in bits
func (Parameters) LogQP ¶
func (p Parameters) LogQP() int
LogQP returns the size of the extended modulus QP in bits
func (Parameters) MarshalBinary ¶
func (p Parameters) MarshalBinary() ([]byte, error)
MarshalBinary returns a []byte representation of the parameter set.
func (Parameters) MarshalBinarySize ¶
func (p Parameters) MarshalBinarySize() int
MarshalBinarySize returns the length of the []byte encoding of the receiver.
func (Parameters) MarshalJSON ¶
func (p Parameters) MarshalJSON() ([]byte, error)
MarshalJSON returns a JSON representation of this parameter set. See `Marshal` from the `encoding/json` package.
func (Parameters) MaxBit ¶
func (p Parameters) MaxBit(levelQ, levelP int) (c int)
MaxBit returns max(max(bitLen(Q[:levelQ+1])), max(bitLen(P[:levelP+1])).
func (Parameters) MaxLevel ¶
func (p Parameters) MaxLevel() int
MaxLevel returns the maximum level of a ciphertext.
func (Parameters) MaxLevelP ¶
func (p Parameters) MaxLevelP() int
MaxLevelP returns the maximum level of the modulus P.
func (Parameters) MaxLevelQ ¶
func (p Parameters) MaxLevelQ() int
MaxLevelQ returns the maximum level of the modulus Q.
func (Parameters) NewScale ¶
func (p Parameters) NewScale(scale interface{}) Scale
NewScale creates a new scale using the stored default scale as template.
func (Parameters) NoiseBound ¶
func (p Parameters) NoiseBound() uint64
NoiseBound returns truncation bound for the noise distribution.
func (Parameters) P ¶
func (p Parameters) P() []uint64
P returns a new slice with the factors of the ciphertext modulus extension P
func (Parameters) PBigInt ¶
func (p Parameters) PBigInt() *big.Int
PBigInt return the ciphertext-space extention modulus P in big.Integer, reconstructed, representation.
func (Parameters) PCount ¶
func (p Parameters) PCount() int
PCount returns the number of factors of the ciphertext modulus extension P
func (Parameters) ParametersLiteral ¶
func (p Parameters) ParametersLiteral() ParametersLiteral
ParametersLiteral returns the ParametersLiteral of the target Parameters.
func (*Parameters) PiOverflowMargin ¶
func (p *Parameters) PiOverflowMargin(level int) int
PiOverflowMargin returns floor(2^64 / max(Pi)), i.e. the number of times elements of Z_max{Pi} can be added together before overflowing 2^64.
func (Parameters) Pow2Base ¶
func (p Parameters) Pow2Base() int
Pow2Base returns the base 2^x decomposition used for the key-switching keys. Returns 0 if no decomposition is used (the case where x = 0).
func (Parameters) Q ¶
func (p Parameters) Q() []uint64
Q returns a new slice with the factors of the ciphertext modulus q
func (Parameters) QBigInt ¶
func (p Parameters) QBigInt() *big.Int
QBigInt return the ciphertext-space modulus Q in big.Integer, reconstructed, representation.
func (Parameters) QCount ¶
func (p Parameters) QCount() int
QCount returns the number of factors of the ciphertext modulus Q
func (Parameters) QP ¶
func (p Parameters) QP() []uint64
QP return the extended ciphertext-space modulus QP in RNS representation.
func (Parameters) QPBigInt ¶
func (p Parameters) QPBigInt() *big.Int
QPBigInt return the extended ciphertext-space modulus QP in big.Integer, reconstructed, representation.
func (Parameters) QPCount ¶
func (p Parameters) QPCount() int
QPCount returns the number of factors of the ciphertext modulus + the modulus extension P
func (Parameters) QiFloat64 ¶
func (p Parameters) QiFloat64(level int) float64
QiFloat64 returns the float64 value of the Qi at position level in the modulus chain.
func (*Parameters) QiOverflowMargin ¶
func (p *Parameters) QiOverflowMargin(level int) int
QiOverflowMargin returns floor(2^64 / max(Qi)), i.e. the number of times elements of Z_max{Qi} can be added together before overflowing 2^64.
func (Parameters) RingQP ¶
func (p Parameters) RingQP() *ringqp.Ring
RingQP returns a pointer to ringQP
func (Parameters) RingType ¶
func (p Parameters) RingType() ring.Type
RingType returns the type of the underlying ring.
func (Parameters) RotationFromGaloisElement ¶
func (p Parameters) RotationFromGaloisElement(galEl uint64) (k uint64)
RotationFromGaloisElement returns the corresponding rotation from the Galois element, i.e. computes k given 5^k = galEl mod NthRoot.
func (Parameters) RotationsForInnerSum ¶
func (p Parameters) RotationsForInnerSum(batch, n int) (rotations []int)
RotationsForInnerSum generates the rotations that will be performed by the `Evaluator.RotationsForInnerSum` operation when performed with parameters `batch` and `n`.
func (Parameters) RotationsForReplicate ¶
func (p Parameters) RotationsForReplicate(batch, n int) (rotations []int)
RotationsForReplicate generates the rotations that will be performed by the `Evaluator.Replicate` operation when performed with parameters `batch` and `n`.
func (Parameters) Sigma ¶
func (p Parameters) Sigma() float64
Sigma returns standard deviation of the noise distribution
func (Parameters) StandardParameters ¶
func (p Parameters) StandardParameters() (pci Parameters, err error)
StandardParameters returns a RLWE parameter set that corresponds to the standard dual of a conjugate invariant parameter set. If the receiver is already a standard set, then the method returns the receiver.
func (*Parameters) UnmarshalBinary ¶
func (p *Parameters) UnmarshalBinary(data []byte) error
UnmarshalBinary decodes a []byte into a parameter set struct.
func (*Parameters) UnmarshalJSON ¶
func (p *Parameters) UnmarshalJSON(data []byte) (err error)
UnmarshalJSON reads a JSON representation of a parameter set into the receiver Parameter. See `Unmarshal` from the `encoding/json` package.
type ParametersLiteral ¶
type ParametersLiteral struct { LogN int Q []uint64 P []uint64 LogQ []int `json:",omitempty"` LogP []int `json:",omitempty"` Pow2Base int Sigma float64 H int RingType ring.Type DefaultScale Scale DefaultNTTFlag bool }
ParametersLiteral is a literal representation of BFV parameters. It has public fields and is used to express unchecked user-defined parameters literally into Go programs. The NewParametersFromLiteral function is used to generate the actual checked parameters from the literal representation.
Users must set the polynomial degree (LogN) and the coefficient modulus, by either setting the Q and P fields to the desired moduli chain, or by setting the LogQ and LogP fields to the desired moduli sizes.
Optionally, users may specify - the base 2 decomposition for the gadget ciphertexts - the error variance (Sigma) and secrets' density (H) and the ring type (RingType). If left unset, standard default values for these field are substituted at parameter creation (see NewParametersFromLiteral).
type Plaintext ¶
Plaintext is a common base type for RLWE plaintexts.
func NewPlaintext ¶
func NewPlaintext(params Parameters, level int) (pt *Plaintext)
NewPlaintext creates a new Plaintext at level `level` from the parameters.
func NewPlaintextAtLevelFromPoly ¶
NewPlaintextAtLevelFromPoly constructs a new Plaintext at a specific level where the message is set to the passed poly. No checks are performed on poly and the returned Plaintext will share its backing array of coefficients. Returned plaintext's MetaData is empty.
func (*Plaintext) El ¶
func (pt *Plaintext) El() *Ciphertext
El returns the plaintext as a new `Element` for which the value points to the receiver `Value` field.
type PublicKey ¶
type PublicKey struct {
CiphertextQP
}
PublicKey is a type for generic RLWE public keys. The Value field stores the polynomials in NTT and Montgomery form.
func NewPublicKey ¶
func NewPublicKey(params Parameters) (pk *PublicKey)
NewPublicKey returns a new PublicKey with zero values.
func (*PublicKey) LevelP ¶
LevelP returns the level of the modulus P of the target. Returns -1 if P is absent.
func (*PublicKey) MarshalBinary ¶
MarshalBinary encodes a PublicKey in a byte slice.
func (*PublicKey) MarshalBinarySize ¶
MarshalBinarySize returns the length in bytes of the target PublicKey.
func (*PublicKey) UnmarshalBinary ¶
UnmarshalBinary decodes a previously marshaled PublicKey in the target PublicKey.
type RelinearizationKey ¶
type RelinearizationKey struct {
Keys []*SwitchingKey
}
RelinearizationKey is a type for generic RLWE public relinearization keys. It stores a slice with a switching key per relinearizable degree. The switching key at index i is used to relinearize a degree i+2 ciphertexts back to a degree i + 1 one.
func NewRelinearizationKey ¶
func NewRelinearizationKey(params Parameters, maxRelinDegree int) (evakey *RelinearizationKey)
NewRelinearizationKey creates a new EvaluationKey with zero values.
func (*RelinearizationKey) CopyNew ¶
func (rlk *RelinearizationKey) CopyNew() *RelinearizationKey
CopyNew creates a deep copy of the receiver RelinearizationKey and returns it.
func (*RelinearizationKey) Equals ¶
func (rlk *RelinearizationKey) Equals(other *RelinearizationKey) bool
Equals checks two RelinearizationKeys for equality.
func (*RelinearizationKey) MarshalBinary ¶
func (rlk *RelinearizationKey) MarshalBinary() (data []byte, err error)
MarshalBinary encodes an EvaluationKey key in a byte slice.
func (*RelinearizationKey) MarshalBinarySize ¶
func (rlk *RelinearizationKey) MarshalBinarySize() (dataLen int)
MarshalBinarySize returns the length in bytes of the target EvaluationKey.
func (*RelinearizationKey) UnmarshalBinary ¶
func (rlk *RelinearizationKey) UnmarshalBinary(data []byte) (err error)
UnmarshalBinary decodes a previously marshaled EvaluationKey in the target EvaluationKey.
type RotationKeySet ¶
type RotationKeySet struct {
Keys map[uint64]*SwitchingKey
}
RotationKeySet is a type for storing generic RLWE public rotation keys. It stores a map indexed by the galois element defining the automorphism.
func NewRotationKeySet ¶
func NewRotationKeySet(params Parameters, galoisElement []uint64) (rotKey *RotationKeySet)
NewRotationKeySet returns a new RotationKeySet with pre-allocated switching keys for each distinct galoisElement value.
func (*RotationKeySet) Equals ¶
func (rtks *RotationKeySet) Equals(other *RotationKeySet) bool
Equals checks to RotationKeySets for equality.
func (*RotationKeySet) GetRotationKey ¶
func (rtks *RotationKeySet) GetRotationKey(galoisEl uint64) (*SwitchingKey, bool)
GetRotationKey return the rotation key for the given galois element or nil if such key is not in the set. The second argument is true iff the first one is non-nil.
func (*RotationKeySet) Includes ¶
func (rtks *RotationKeySet) Includes(other *RotationKeySet) bool
Includes checks whether the receiver RotationKeySet includes the given other RotationKeySet.
func (*RotationKeySet) MarshalBinary ¶
func (rtks *RotationKeySet) MarshalBinary() (data []byte, err error)
MarshalBinary encodes a RotationKeys struct in a byte slice.
func (*RotationKeySet) MarshalBinarySize ¶
func (rtks *RotationKeySet) MarshalBinarySize() (dataLen int)
MarshalBinarySize returns the length in bytes of the target RotationKeys.
func (*RotationKeySet) UnmarshalBinary ¶
func (rtks *RotationKeySet) UnmarshalBinary(data []byte) (err error)
UnmarshalBinary decodes a previously marshaled RotationKeys in the target RotationKeys.
type Scale ¶
Scale is a struct used to track the scaling factor of Plaintext and Ciphertext structs. The scale is managed as an 128-bit precision real and can be either a floating point value or a mod T prime integer, which is determined at instantiation.
func NewScale ¶
func NewScale(s interface{}) Scale
NewScale instantiates a new floating point Scale. Accepted types for s are int, int64, uint64, float64, *big.Int, *big.Float and *Scale. If the input type is not an accepted type, returns an error.
func NewScaleModT ¶
NewScaleModT instantiates a new integer mod T Scale. Accepted types for s are int, int64, uint64, float64, *big.Int, *big.Float and *Scale. If the input type is not an accepted type, returns an error.
func (Scale) Cmp ¶
Cmp compares the target scale with s1. Returns 0 if the scales are equal, 1 if the target scale is greater and -1 if the target scale is smaller.
func (*Scale) Decode ¶
Decode decodes the input slice of bytes on the target scale. If the input slice of bytes is smaller than .MarshalBinarySize(), the method will return an error.
func (Scale) Div ¶
Div multiplies the target s with s1^-1, returning the result in a new Scale struct. If mod is specified, performs the multiplication modulo t with the multiplicative inverse of s1. Otherwise, performs the quotient operation.
func (Scale) Encode ¶
Encode encode the target scale on the input slice of bytes. If the slice of bytes given as input is smaller than the value of .MarshalBinarySize(), the method will return an error.
func (Scale) MarshalBinarySize ¶
MarshalBinarySize returns the size in bytes required to encode the target scale.
func (Scale) Max ¶
Max returns the a new scale which is the maximum between the target scale and s1.
func (Scale) Min ¶
Min returns the a new scale which is the minimum between the target scale and s1.
type SecretKey ¶
SecretKey is a type for generic RLWE secret keys. The Value field stores the polynomial in NTT and Montgomery form.
func NewSecretKey ¶
func NewSecretKey(params Parameters) *SecretKey
NewSecretKey generates a new SecretKey with zero values.
func (*SecretKey) LevelP ¶
LevelP returns the level of the modulus P of the target. Returns -1 if P is absent.
func (*SecretKey) MarshalBinary ¶
MarshalBinary encodes a secret key in a byte slice.
func (*SecretKey) MarshalBinarySize ¶
MarshalBinarySize returns the length in bytes of the target SecretKey.
func (*SecretKey) UnmarshalBinary ¶
UnmarshalBinary decodes a previously marshaled SecretKey in the target SecretKey.
type SwitchingKey ¶
type SwitchingKey struct {
GadgetCiphertext
}
SwitchingKey is a type for generic RLWE public switching keys. The Value field stores the polynomials in NTT and Montgomery form.
func NewSwitchingKey ¶
func NewSwitchingKey(params Parameters, levelQ, levelP int) *SwitchingKey
NewSwitchingKey returns a new public switching key with pre-allocated zero-value
func (*SwitchingKey) CopyNew ¶
func (swk *SwitchingKey) CopyNew() *SwitchingKey
CopyNew creates a deep copy of the target SwitchingKey and returns it.
func (*SwitchingKey) Equals ¶
func (swk *SwitchingKey) Equals(other *SwitchingKey) bool
Equals checks two SwitchingKeys for equality.
func (*SwitchingKey) MarshalBinary ¶
func (swk *SwitchingKey) MarshalBinary() (data []byte, err error)
MarshalBinary encodes the target SwitchingKey on a slice of bytes.
func (*SwitchingKey) UnmarshalBinary ¶
func (swk *SwitchingKey) UnmarshalBinary(data []byte) (err error)
UnmarshalBinary decodes a slice of bytes on the target SwitchingKey.