mhe

package
v5.0.0-...-72ea290 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 15, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

README

MHE

The MHE package implements several Multiparty Homomorphic Encryption (MHE) primitives based on Ring-Learning-with-Errors (RLWE). It provides generic interfaces for the local steps of the MHE-based Secure Multiparty Computation (MHE-MPC) protocol that are common across all the RLWE distributed schemes implemented in Lattice (e.g., collective key generation). The mhe/heinteger and mhe/hefloat packages import mhe and provide scheme-specific functionalities (e.g., interactive bootstrapping).

This package implements local operations only, hence does not assume or provide any network-layer protocol implementation. However, it provides serialization methods for all relevant structures that implement the standard encoding.BinaryMarshaller and encoding.BinaryUnmarshaller interfaces (see https://pkg.go.dev/encoding) as well as the io.WriterTo and io.ReaderFrom interfaces (see https://pkg.go.dev/encoding).

The MHE-MPC protocol implemented in Lattice is based on the constructions described in "Multiparty Homomorphic Encryption from Ring-Learning-with-Errors" by Mouchet et al. (2021), which is an RLWE instantiation of the MPC protocol described in "Multiparty computation with low communication, computation and interaction via threshold FHE" by Asharov et al. (2012).

MHE-MPC Protocol Overview

The protocol enables a group of N input parties to compute a joint function over their private inputs under encryption and to provide a receiver party with the result. The protocol is generic and covers several system- and adversary-models:

Peer-to-peer vs Cloud-assisted models. The parties can execute the protocol in a peer-to-peer way or receive assistance from a third-party server (which is also considered an adversary).

Internal vs External receivers. Receiver parties are the intended recipients of the computation result and can be either internal or external depending or whether they are or not input parties themselves, respectively. This distinction is important in practice, because external receivers do not need to be online (and even to be known) during the setup phase.

Anytrust vs Full-threshold Access-structure. As for many MPC protocols, the assumption on the worst-case number of corrupted parties can be mapped in the cryptographic access-control mechanism (the access structure). The implemented MHE-MPC protocol is "anytrust" (N-out-of-N-threshold) by default, but can be relaxed to any positive threshold t-out-of-N (see Threshold Secret-Key Generation).

Passive vs Active Adversaries. The implemented MHE-MPC protocol is secure against passive adversaries, and can in theory be extended to active security by requiring the parties to produce proofs that their shares are correctly computed for every round. Note that those proofs are not implemented in Lattice.

An execution of the MHE-based MPC protocol has two phases: the Setup phase and the Evaluation phase, each of which comprises a number of sub-protocols as depicted below (the details of each protocols are provided later).

  1. Setup Phase
    1. Secret Keys Generation
    2. [if t < N] Threshold Secret-Key Generation
    3. Collective Public Encryption-Key Generation
    4. Collective Public Evaluation-Key Generation
      1. Relinearization-Key
      2. Galois-Keys
      3. Generic Evaluation-Keys
  2. Evaluation Phase
    1. Input (Encryption)
    2. Circuit Evaluation
    3. Output phase (Decryption)
      1. Collective Key-Switching
      2. Local Decryption

MHE-MPC Protocol Steps Description

This section provides a description for each sub-protocol of the MHE-MPC protocol and provides pointers to the relevant Lattice types and methods. This description is a first draft and will evolve in the future. For concrete code examples, see the example/mhe folders. For a more formal exposition, see "Multiparty Homomorphic Encryption from Ring-Learning-with-Errors" and An Efficient Threshold Access-Structure for RLWE-Based Multiparty Homomorphic Encryption.

The system model is abstracted by considering that the parties have access to a common public authenticated channel. In the cloud-assisted setting, this public channel can be the helper cloud-server. In the peer-to-peer setting, it could be a public broadcast channel. We also assume that parties can communicate over private authenticated channels.

Several protocols require the parties to have access to common uniformly random polynomials (CRP), which are sampled from a common random string (CRS). This CRS is implemented as an interface type mhe.CRS that can be read by the parties as a part of the protocols (see below). The mhe.CRS can be implemented by a utils.KeyedPRNG type for which all parties use the same key.

1. Setup

In this phase, the parties generate the various keys that are required by the Evaluation phase. Similarly to LSSS-based MPC protocols such as SPDZ, the setup phase does not depend on the input and can be pre-computed. However, unlike LSSS-based MPC, the setup produces public-keys that can be re-used for an arbitrary number of evaluation phases.

1.i Secret Keys Generation

The parties generate their individual secret-keys locally by using a rlwe.KeyGenerator; this provides them with a rlwe.SecretKey type. See core/rlwe/keygenerator.go for further information on key-generation.

The ideal secret-key is implicitly defined as the sum of all secret-keys. Hence, this secret-key enforces an N-out-N access structure which requires all the parties to collaborate in a ciphertext decryption and thus tolerates N-1 dishonest parties.

1.ii [if t < N] Threshold Secret-Key Generation

For settings where an N-out-N access structure is too restrictive (e.g., from an availability point of view), an optional Threshold Secret-Key Generation Protocol can be run to enable t-out-of-N access-structures (hence tolerating t-1 dishonest parties). The idea of this protocol is to apply Shamir Secret Sharing to the ideal secret-key in such a way that any group of t parties can reconstruct it. This is achieved by a single-round protocol where each party applies Shamir Secret-Sharing to its own share of the ideal secret-key.

We assume that each party is associated with a distinct mhe.ShamirPublicPoint that is known to the other parties.

This protocol is implemented by the mhe.Thresholdizer type and its steps are the following:

  • Each party generates a mhe.ShamirPolynomial by using the Thresholdizer.GenShamirPolynomial method, then generates a share of type mhe.ShamirSecretShare for each of the other parties' ShamirPublicPoint by using the Thresholdizer.GenShamirSecretShare.
  • Each party privately sends the respective ShamirSecretShare to each of the other parties.
  • Each party aggregates all the ShamirSecretShares it received using the Thresholdizer.AggregateShares method.

Each party stores its aggregated ShamirSecretShare for later use.

1.iii Public Key Generation

The parties execute the collective public encryption-key generation protocol to obtain an encryption-key for the ideal secret-key.

The protocol is implemented by the mhe.PublicKeyGenProtocol type and its steps are as follows:

  • Each party samples a common random polynomial (mhe.PublicKeyGenCRP) from the CRS by using the PublicKeyGenProtocol.SampleCRP method.
  • [if t < N] Each party uses the mhe.Combiner.GenAdditiveShare to obtain a t-out-of-t sharing and uses the result as its secret-key in the next step.
  • Each party generates a share (mhe.PublicKeyGenShare) from the CRP and their secret-key, by using the PublicKeyGenProtocol.GenShare method.
  • Each party discloses its share over the public channel. The shares are aggregated with the PublicKeyGenProtocol.AggregateShares method.
  • Each party can derive the public encryption-key (rlwe.PublicKey) by using the PublicKeyGenProtocol.GenPublicKey method.

After the execution of this protocol, the parties have access to the collective public encryption-key, hence can provide their inputs to computations.

1.iv Evaluation-Key Generation

In order to evaluate circuits on the collectively-encrypted inputs, the parties must generate the evaluation-keys that correspond to the operations they wish to support. The generation of a relinearization-key, which enables compact homomorphic multiplication, is described below (see mhe.RelinearizationKeyGenProtocol). Additionally, and given that the circuit requires it, the parties can generate evaluation-keys to support rotations and other kinds of Galois automorphisms (see mhe.GaloisKeyGenProtocol below). Finally, it is possible to generate generic evaluation-keys to homomorphically re-encrypt a ciphertext from a secret-key to another (see mhe.EvaluationKeyGenProtocol).

1.iv.a Relinearization Key

This protocol provides the parties with a public relinearization-key (rlwe.RelinearizationKey) for the ideal secret-key. This public-key enables compact multiplications in RLWE schemes. Out of the described protocols in this package, this is the only two-round protocol.

The protocol is implemented by the mhe.RelinearizationKeyGenProtocol type and its steps are as follows:

  • Each party samples a common random polynomial matrix (mhe.RelinearizationKeyGenCRP) from the CRS by using the RelinearizationKeyGenProtocol.SampleCRP method.
  • [if t < N] Each party uses the mhe.Combiner.GenAdditiveShare to obtain a t-out-of-t sharing and use the result as their secret-key in the next steps.
  • Each party generates a share (mhe.RelinearizationKeyGenShare) for the first protocol round by using the RelinearizationKeyGenProtocol.GenShareRoundOne method. This method also provides the party with an ephemeral secret-key (rlwe.SecretKey), which is required for the second round.
  • Each party discloses its share for the first round over the public channel. The shares are aggregated with the RelinearizationKeyGenProtocol.AggregateShares method.
  • Each party generates a share (also a mhe.RelinearizationKeyGenShare) for the second protocol round by using the RelinearizationKeyGenProtocol.GenShareRoundTwo method.
  • Each party discloses its share for the second round over the public channel. The shares are aggregated with the RelinearizationKeyGenProtocol.AggregateShares method.
  • Each party can derive the public relinearization-key (rlwe.RelinearizationKey) by using the RelinearizationKeyGenProtocol.GenRelinearizationKey method.
1.iv.b Galois Keys

This protocol provides the parties with a public Galois-key (stored as rlwe.GaloisKey types) for the ideal secret-key. One Galois-key enables one specific Galois automorphism on the ciphertexts' slots. The protocol can be repeated to generate the keys for multiple automorphisms.

The protocol is implemented by the mhe.GaloisKeyGenProtocol type and its steps are as follows:

  • Each party samples a common random polynomial matrix (mhe.GaloisKeyGenCRP) from the CRS by using the GaloisKeyGenProtocol.SampleCRP method.
  • [if t < N] Each party uses the mhe.Combiner.GenAdditiveShare to obtain a t-out-of-t sharing and uses the result as its secret-key in the next step.
  • Each party generates a share (mhe.GaloisKeyGenShare) by using GaloisKeyGenProtocol.GenShare.
  • Each party discloses its mhe.GaloisKeyGenShare over the public channel. The shares are aggregated with the GaloisKeyGenProtocol.AggregateShares method.
  • Each party can derive the public Galois-key (rlwe.GaloisKey) from the final GaloisKeyGenShare by using the GaloisKeyGenProtocol.AggregateShares method.
1.iv.c Other Evaluation Keys

This protocol provides the parties with a generic public Evaluation-key (stored as rlwe.EvaluationKey types) for the ideal secret-key. One Evaluation-key enables one specific public re-encryption from one key to another.

The protocol is implemented by the mhe.EvaluationKeyGenProtocol type and its steps are as follows:

  • Each party samples a common random polynomial matrix (mhe.EvaluationKeyGenCRP) from the CRS by using the EvaluationKeyGenProtocol.SampleCRP method.
  • [if t < N] Each party uses the mhe.Combiner.GenAdditiveShare to obtain a t-out-of-t sharing and uses the result as its secret-key in the next step.
  • Each party generates a share (mhe.EvaluationKeyGenShare) by using EvaluationKeyGenProtocol.GenShare.
  • Each party discloses its mhe.EvaluationKeyGenShare over the public channel. The shares are aggregated with the EvaluationKeyGenProtocol.AggregateShares method.
  • Each party can derive the public Evaluation-key (rlwe.EvaluationKey) from the final EvaluationKeyGenShare by using the EvaluationKeyGenProtocol.AggregateShares method.
2 Evaluation Phase
2.i Input step (Encryption Phase)

The parties provide their inputs for the computation during the Input Phase. They use the collective encryption-key generated during the Setup Phase to encrypt their inputs, and send them through the public channel. Since the collective encryption-key is a valid RLWE public encryption-key, it can be used directly with the single-party scheme. Hence, the parties can use the Encoder and Encryptor interfaces of the desired encryption scheme (see heint.Encoder, hefloat.Encoder and rlwe.Encryptor).

2.ii Circuit Evaluation step

The computation of the desired function is performed homomorphically during the Evaluation Phase. The step can be performed by the parties themselves or can be outsourced to a cloud-server. Since the ciphertexts in the multiparty schemes are valid ciphertexts for the single-party ones, the homomorphic operation of the latter can be used directly (see heint.Evaluator and hefloat.Evaluator).

2.iii Output step

The receiver(s) obtain their outputs through the final Output Phase, whose aim is to decrypt the ciphertexts resulting from the Evaluation Phase. It is a two-step process with an optional pre-processing step when using the t-out-of-N access structure. In the first step, Collective Key-Switching, the parties re-encrypt the desired ciphertext under the receiver's secret-key. The second step is the local decryption of this re-encrypted ciphertext by the receiver.

2.iii.a Collective Key-Switching

The parties perform a re-encryption of the desired ciphertext(s) from being encrypted under the ideal secret-key to being encrypted under the receiver's secret-key. There are two instantiations of the Collective Key-Switching protocol:

  • Collective Key-Switching (KeySwitch), implemented as the mhe.KeySwitchProtocol interface: it enables the parties to switch from their ideal secret-key s to another ideal secret-key s' when s' is collectively known by the parties. In the case where s' = 0, this is equivalent to a collective decryption protocol that can be used when the receiver is one of the input-parties.
  • Collective Public-Key Switching (PublicKeySwitch), implemented as the mhe.PublicKeySwitchProtocol interface, enables parties to switch from their ideal secret-key s to an arbitrary key s' when provided with a public encryption-key for s'. Hence, this enables key-switching to a secret-key that is not known to the input parties, which enables external receivers.

While both protocol variants have slightly different local operations, their steps are the same:

  • Each party generates a share (of type mhe.KeySwitchShare or mhe.PublicKeySwitchShare) with the mhe.(Public)KeySwitchProtocol.GenShare method. This requires its own secret-key (a rlwe.SecretKey) as well as the destination key: its own share of the destination key (a rlwe.SecretKey) in KeySwitch or the destination public-key (a rlwe.PublicKey) in PublicKeySwitch.
  • Each party discloses its mhe.KeySwitchShare over the public channel. The shares are aggregated with the (Public)KeySwitchProtocol.AggregateShares method.
  • From the aggregated mhe.KeySwitchShare, any party can derive the ciphertext re-encrypted under s' by using the (Public)KeySwitchProtocol.KeySwitch method.
2.iii.b Decryption

Once the receivers have obtained the ciphertext re-encrypted under their respective keys, they can use the usual decryption algorithm of the single-party scheme to obtain the plaintext result (see rlwe.Decryptor.

References

  1. Multiparty Homomorphic Encryption from Ring-Learning-With-Errors (https://eprint.iacr.org/2020/304)
  2. An Efficient Threshold Access-Structure for RLWE-Based Multiparty Homomorphic Encryption (https://eprint.iacr.org/2022/780)

Documentation

Overview

Package mhe implements RLWE-based scheme agnostic multiparty key-generation and proxy re-rencryption. See README.md for more details about multiparty homomorphic encryption.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NoiseEvaluationKey 

func NoiseEvaluationKey(params rlwe.Parameters, nbParties int) (std float64)

NoiseEvaluationKey returns the standard deviation of the noise of each individual elements in a collective EvaluationKey.

func NoiseGaloisKey 

func NoiseGaloisKey(params rlwe.Parameters, nbParties int) (std float64)

NoiseGaloisKey returns the standard deviation of the noise of each individual elements in a collective GaloisKey.

func NoiseKeySwitch 

func NoiseKeySwitch(params rlwe.Parameters, nbParties int, noisect, noiseflood float64) (std float64)

NoiseKeySwitch returns the standard deviation of the noise of a ciphertext after the KeySwitch protocol

func NoisePublicKeySwitch 

func NoisePublicKeySwitch(params rlwe.Parameters, nbParties int, noisect, noiseflood float64) (std float64)

func NoiseRelinearizationKey 

func NoiseRelinearizationKey(params rlwe.Parameters, nbParties int) (std float64)

NoiseRelinearizationKey returns the standard deviation of the noise of each individual elements in the collective RelinearizationKey.

Types

type AdditiveShare 

type AdditiveShare struct {
	Value ring.Poly
}

AdditiveShare is a type for storing additively shared values in Z_Q[X] (RNS domain).

func NewAdditiveShare 

func NewAdditiveShare(r *ring.Ring) AdditiveShare

NewAdditiveShare instantiates a new additive share struct for the ring defined by the given parameters at maximum level.

type AdditiveShareBigint 

type AdditiveShareBigint struct {
	Value []*big.Int
}

AdditiveShareBigint is a type for storing additively shared values in Z (positional domain).

func NewAdditiveShareBigint 

func NewAdditiveShareBigint(n int) AdditiveShareBigint

NewAdditiveShareBigint instantiates a new additive share struct composed of n big.Int elements.

type CRS 

type CRS interface {
	sampling.PRNG
}

CRS is an interface for Common Reference Strings. CRSs are PRNGs for which the read bits are the same for all parties.

type Combiner 

type Combiner struct {
	// contains filtered or unexported fields
}

Combiner is a type for generating t-out-of-t additive shares from local t-out-of-N shares. It implements the `Combine` operation as presented in "An Efficient Threshold Access-Structure for RLWE-Based Multiparty Homomorphic Encryption" (2022) by Mouchet, C., Bertrand, E., and Hubaux, J. P. (https://eprint.iacr.org/2022/780).

func NewCombiner 

func NewCombiner(params rlwe.Parameters, own ShamirPublicPoint, others []ShamirPublicPoint, threshold int) Combiner

NewCombiner creates a new Combiner struct from the parameters and the set of ShamirPublicPoints. Note that the other parameter may contain the instantiator's own ShamirPublicPoint.

func (Combiner) GenAdditiveShare 

func (cmb Combiner) GenAdditiveShare(activesPoints []ShamirPublicPoint, ownPoint ShamirPublicPoint, ownShare ShamirSecretShare, skOut *rlwe.SecretKey) (err error)

GenAdditiveShare generates a t-out-of-t additive share of the secret from a local aggregated share ownSecret and the set of active identities, identified by their ShamirPublicPoint. It stores the resulting additive share in skOut.

type EvaluationKeyGenCRP 

type EvaluationKeyGenCRP struct {
	Value structs.Matrix[ringqp.Poly]
}

EvaluationKeyGenCRP is a type for common reference polynomials in the EvaluationKey Generation protocol.

func (EvaluationKeyGenCRP) BaseRNSDecompositionVectorSize 

func (crp EvaluationKeyGenCRP) BaseRNSDecompositionVectorSize() int

BaseRNSDecompositionVectorSize returns the number of element in the RNS decomposition basis: Ceil(lenQi / lenPi)

func (EvaluationKeyGenCRP) BaseTwoDecompositionVectorSize 

func (crp EvaluationKeyGenCRP) BaseTwoDecompositionVectorSize() (base []int)

BaseTwoDecompositionVectorSize returns the number of element in the Power of two decomposition basis for each prime of Q.

func (EvaluationKeyGenCRP) LevelP 

func (crp EvaluationKeyGenCRP) LevelP() int

LevelP returns the level of the auxiliary switching key modulus of the target share.

func (EvaluationKeyGenCRP) LevelQ 

func (crp EvaluationKeyGenCRP) LevelQ() int

LevelQ returns the level of the ciphertext modulus of the target share.

type EvaluationKeyGenProtocol 

type EvaluationKeyGenProtocol struct {
	// contains filtered or unexported fields
}

EvaluationKeyGenProtocol is the structure storing the parameters for the collective EvaluationKey generation.

func NewEvaluationKeyGenProtocol 

func NewEvaluationKeyGenProtocol(params rlwe.ParameterProvider) (evkg EvaluationKeyGenProtocol)

NewEvaluationKeyGenProtocol creates a EvaluationKeyGenProtocol instance.

func (EvaluationKeyGenProtocol) AggregateShares 

func (evkg EvaluationKeyGenProtocol) AggregateShares(share1, share2 EvaluationKeyGenShare, share3 *EvaluationKeyGenShare) (err error)

AggregateShares computes share3 = share1 + share2.

func (EvaluationKeyGenProtocol) AllocateShare 

func (evkg EvaluationKeyGenProtocol) AllocateShare(evkParams ...rlwe.EvaluationKeyParameters) EvaluationKeyGenShare

AllocateShare allocates a party's share in the EvaluationKey Generation.

func (EvaluationKeyGenProtocol) GenEvaluationKey 

func (evkg EvaluationKeyGenProtocol) GenEvaluationKey(share EvaluationKeyGenShare, crp EvaluationKeyGenCRP, evk *rlwe.EvaluationKey) (err error)

GenEvaluationKey finalizes the EvaluationKey Generation and populates the input Evaluationkey with the computed collective EvaluationKey.

func (EvaluationKeyGenProtocol) GenShare 

func (evkg EvaluationKeyGenProtocol) GenShare(skIn, skOut *rlwe.SecretKey, crp EvaluationKeyGenCRP, shareOut *EvaluationKeyGenShare) (err error)

GenShare generates a party's share in the EvaluationKey Generation.

func (EvaluationKeyGenProtocol) SampleCRP 

func (evkg EvaluationKeyGenProtocol) SampleCRP(crs CRS, evkParams ...rlwe.EvaluationKeyParameters) EvaluationKeyGenCRP

SampleCRP samples a common random polynomial to be used in the EvaluationKey Generation from the provided common reference string.

func (EvaluationKeyGenProtocol) ShallowCopy 

func (evkg EvaluationKeyGenProtocol) ShallowCopy() EvaluationKeyGenProtocol

ShallowCopy creates a shallow copy of EvaluationKeyGenProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned EvaluationKeyGenProtocol can be used concurrently.

type EvaluationKeyGenShare 

type EvaluationKeyGenShare struct {
	rlwe.GadgetCiphertext
}

EvaluationKeyGenShare is represent a Party's share in the EvaluationKey Generation protocol.

func (EvaluationKeyGenShare) BinarySize 

func (share EvaluationKeyGenShare) BinarySize() int

BinarySize returns the serialized size of the object in bytes.

func (EvaluationKeyGenShare) MarshalBinary 

func (share EvaluationKeyGenShare) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*EvaluationKeyGenShare) ReadFrom 

func (share *EvaluationKeyGenShare) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*EvaluationKeyGenShare) UnmarshalBinary 

func (share *EvaluationKeyGenShare) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (EvaluationKeyGenShare) WriteTo 

func (share EvaluationKeyGenShare) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type GaloisKeyGenCRP 

type GaloisKeyGenCRP struct {
	EvaluationKeyGenCRP
}

GaloisKeyGenCRP is a type for common reference polynomials in the GaloisKey Generation protocol.

type GaloisKeyGenProtocol 

type GaloisKeyGenProtocol struct {
	EvaluationKeyGenProtocol
	// contains filtered or unexported fields
}

GaloisKeyGenProtocol is the structure storing the parameters for the collective GaloisKeys generation.

func NewGaloisKeyGenProtocol 

func NewGaloisKeyGenProtocol(params rlwe.ParameterProvider) (gkg GaloisKeyGenProtocol)

NewGaloisKeyGenProtocol creates a GaloisKeyGenProtocol instance.

func (GaloisKeyGenProtocol) AggregateShares 

func (gkg GaloisKeyGenProtocol) AggregateShares(share1, share2 GaloisKeyGenShare, share3 *GaloisKeyGenShare) (err error)

AggregateShares computes share3 = share1 + share2.

func (GaloisKeyGenProtocol) AllocateShare 

func (gkg GaloisKeyGenProtocol) AllocateShare(evkParams ...rlwe.EvaluationKeyParameters) (gkgShare GaloisKeyGenShare)

AllocateShare allocates a party's share in the GaloisKey Generation.

func (GaloisKeyGenProtocol) GenGaloisKey 

func (gkg GaloisKeyGenProtocol) GenGaloisKey(share GaloisKeyGenShare, crp GaloisKeyGenCRP, gk *rlwe.GaloisKey) (err error)

GenGaloisKey finalizes the GaloisKey Generation and populates the input GaloisKey with the computed collective GaloisKey.

func (GaloisKeyGenProtocol) GenShare 

func (gkg GaloisKeyGenProtocol) GenShare(sk *rlwe.SecretKey, galEl uint64, crp GaloisKeyGenCRP, shareOut *GaloisKeyGenShare) (err error)

GenShare generates a party's share in the GaloisKey Generation.

func (GaloisKeyGenProtocol) SampleCRP 

func (gkg GaloisKeyGenProtocol) SampleCRP(crs CRS, evkParams ...rlwe.EvaluationKeyParameters) GaloisKeyGenCRP

SampleCRP samples a common random polynomial to be used in the GaloisKey Generation from the provided common reference string.

func (GaloisKeyGenProtocol) ShallowCopy 

func (gkg GaloisKeyGenProtocol) ShallowCopy() GaloisKeyGenProtocol

ShallowCopy creates a shallow copy of GaloisKeyGenProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned GaloisKeyGenProtocol can be used concurrently.

type GaloisKeyGenShare 

type GaloisKeyGenShare struct {
	GaloisElement uint64
	EvaluationKeyGenShare
}

GaloisKeyGenShare is represent a Party's share in the GaloisKey Generation protocol.

func (GaloisKeyGenShare) BinarySize 

func (share GaloisKeyGenShare) BinarySize() int

BinarySize returns the serialized size of the object in bytes.

func (GaloisKeyGenShare) MarshalBinary 

func (share GaloisKeyGenShare) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*GaloisKeyGenShare) ReadFrom 

func (share *GaloisKeyGenShare) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*GaloisKeyGenShare) UnmarshalBinary 

func (share *GaloisKeyGenShare) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (GaloisKeyGenShare) WriteTo 

func (share GaloisKeyGenShare) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type KeySwitchCRP 

type KeySwitchCRP struct {
	Value ring.Poly
}

KeySwitchCRP is a type for common reference polynomials in the KeySwitch protocol.

type KeySwitchProtocol 

type KeySwitchProtocol struct {
	// contains filtered or unexported fields
}

KeySwitchProtocol is the structure storing the parameters and and precomputations for the collective key-switching protocol.

func NewKeySwitchProtocol 

func NewKeySwitchProtocol(params rlwe.ParameterProvider, noiseFlooding ring.DistributionParameters) (KeySwitchProtocol, error)

NewKeySwitchProtocol creates a new KeySwitchProtocol that will be used to perform a collective key-switching on a ciphertext encrypted under a collective public-key, whose secret-shares are distributed among j parties, re-encrypting the ciphertext under another public-key, whose secret-shares are also known to the parties.

func (KeySwitchProtocol) AggregateShares 

func (cks KeySwitchProtocol) AggregateShares(share1, share2 KeySwitchShare, shareOut *KeySwitchShare) (err error)

AggregateShares is the second part of the unique round of the KeySwitchProtocol protocol. Upon receiving the j-1 elements each party computes :

[ctx[0] + sum((skInput_i - skOutput_i) * ctx[0] + e_i), ctx[1]]

func (KeySwitchProtocol) AllocateShare 

func (cks KeySwitchProtocol) AllocateShare(level int) KeySwitchShare

AllocateShare allocates the shares of the KeySwitchProtocol

func (KeySwitchProtocol) GenShare 

func (cks KeySwitchProtocol) GenShare(skInput, skOutput *rlwe.SecretKey, ct *rlwe.Ciphertext, shareOut *KeySwitchShare)

GenShare computes a party's share in the KeySwitchcol from secret-key skInput to secret-key skOutput. ct is the rlwe.Ciphertext to keyswitch. Note that ct.Value[0] is not used by the function and can be nil/zero.

Expected noise: ctNoise + encFreshSk + smudging

func (KeySwitchProtocol) KeySwitch 

func (cks KeySwitchProtocol) KeySwitch(ctIn *rlwe.Ciphertext, combined KeySwitchShare, opOut *rlwe.Ciphertext)

KeySwitch performs the actual keyswitching operation on a ciphertext ct and put the result in opOut

func (KeySwitchProtocol) SampleCRP 

func (cks KeySwitchProtocol) SampleCRP(level int, crs CRS) KeySwitchCRP

SampleCRP samples a common random polynomial to be used in the KeySwitch protocol from the provided common reference string.

func (KeySwitchProtocol) ShallowCopy 

func (cks KeySwitchProtocol) ShallowCopy() KeySwitchProtocol

ShallowCopy creates a shallow copy of KeySwitchProtocol in which all the read-only data-structures are shared with the receiver and the temporary bufers are reallocated. The receiver and the returned KeySwitchProtocol can be used concurrently.

type KeySwitchShare 

type KeySwitchShare struct {
	Value ring.Poly
}

KeySwitchShare is a type for the KeySwitch protocol shares.

func (KeySwitchShare) BinarySize 

func (ckss KeySwitchShare) BinarySize() int

BinarySize returns the serialized size of the object in bytes.

func (KeySwitchShare) Level 

func (ckss KeySwitchShare) Level() int

Level returns the level of the target share.

func (KeySwitchShare) MarshalBinary 

func (ckss KeySwitchShare) MarshalBinary() (p []byte, err error)

MarshalBinary encodes a KeySwitch share on a slice of bytes.

func (*KeySwitchShare) ReadFrom 

func (ckss *KeySwitchShare) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*KeySwitchShare) UnmarshalBinary 

func (ckss *KeySwitchShare) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (KeySwitchShare) WriteTo 

func (ckss KeySwitchShare) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type PublicKeyGenCRP 

type PublicKeyGenCRP struct {
	Value ringqp.Poly
}

PublicKeyGenCRP is a type for common reference polynomials in the PublicKeyGen protocol.

type PublicKeyGenProtocol 

type PublicKeyGenProtocol struct {
	// contains filtered or unexported fields
}

PublicKeyGenProtocol is the structure storing the parameters and and precomputations for the collective encryption key generation protocol.

func NewPublicKeyGenProtocol 

func NewPublicKeyGenProtocol(params rlwe.ParameterProvider) PublicKeyGenProtocol

NewPublicKeyGenProtocol creates a new PublicKeyGenProtocol instance

func (PublicKeyGenProtocol) AggregateShares 

func (ckg PublicKeyGenProtocol) AggregateShares(share1, share2 PublicKeyGenShare, shareOut *PublicKeyGenShare)

AggregateShares aggregates a new share to the aggregate key

func (PublicKeyGenProtocol) AllocateShare 

func (ckg PublicKeyGenProtocol) AllocateShare() PublicKeyGenShare

AllocateShare allocates the share of the PublicKeyGen protocol.

func (PublicKeyGenProtocol) GenPublicKey 

func (ckg PublicKeyGenProtocol) GenPublicKey(roundShare PublicKeyGenShare, crp PublicKeyGenCRP, pubkey *rlwe.PublicKey)

GenPublicKey return the current aggregation of the received shares as a bfv.PublicKey.

func (PublicKeyGenProtocol) GenShare 

func (ckg PublicKeyGenProtocol) GenShare(sk *rlwe.SecretKey, crp PublicKeyGenCRP, shareOut *PublicKeyGenShare)

GenShare generates the party's public key share from its secret key as:

crp*s_i + e_i

for the receiver protocol. Has no effect is the share was already generated.

func (PublicKeyGenProtocol) SampleCRP 

func (ckg PublicKeyGenProtocol) SampleCRP(crs CRS) PublicKeyGenCRP

SampleCRP samples a common random polynomial to be used in the PublicKeyGen protocol from the provided common reference string.

func (PublicKeyGenProtocol) ShallowCopy 

func (ckg PublicKeyGenProtocol) ShallowCopy() PublicKeyGenProtocol

ShallowCopy creates a shallow copy of PublicKeyGenProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned PublicKeyGenProtocol can be used concurrently.

type PublicKeyGenShare 

type PublicKeyGenShare struct {
	Value ringqp.Poly
}

PublicKeyGenShare is a struct storing the PublicKeyGen protocol's share.

func (PublicKeyGenShare) BinarySize 

func (share PublicKeyGenShare) BinarySize() int

BinarySize returns the serialized size of the object in bytes.

func (PublicKeyGenShare) MarshalBinary 

func (share PublicKeyGenShare) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*PublicKeyGenShare) ReadFrom 

func (share *PublicKeyGenShare) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*PublicKeyGenShare) UnmarshalBinary 

func (share *PublicKeyGenShare) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (PublicKeyGenShare) WriteTo 

func (share PublicKeyGenShare) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type PublicKeySwitchProtocol 

type PublicKeySwitchProtocol struct {
	*rlwe.Encryptor
	// contains filtered or unexported fields
}

PublicKeySwitchProtocol is the structure storing the parameters for the collective public key-switching.

func NewPublicKeySwitchProtocol 

func NewPublicKeySwitchProtocol(params rlwe.ParameterProvider, noiseFlooding ring.DistributionParameters) (pcks PublicKeySwitchProtocol, err error)

NewPublicKeySwitchProtocol creates a new PublicKeySwitchProtocol object and will be used to re-encrypt a ciphertext ctx encrypted under a secret-shared key among j parties under a new collective public-key.

func (PublicKeySwitchProtocol) AggregateShares 

func (pcks PublicKeySwitchProtocol) AggregateShares(share1, share2 PublicKeySwitchShare, shareOut *PublicKeySwitchShare) (err error)

AggregateShares is the second part of the first and unique round of the PublicKeySwitchProtocol protocol. Each party upon receiving the j-1 elements from the other parties computes :

[ctx[0] + sum(s_i * ctx[0] + u_i * pk[0] + e_0i), sum(u_i * pk[1] + e_1i)]

func (PublicKeySwitchProtocol) AllocateShare 

func (pcks PublicKeySwitchProtocol) AllocateShare(levelQ int) (s PublicKeySwitchShare)

AllocateShare allocates the shares of the PublicKeySwitch protocol.

func (PublicKeySwitchProtocol) GenShare 

func (pcks PublicKeySwitchProtocol) GenShare(sk *rlwe.SecretKey, pk *rlwe.PublicKey, ct *rlwe.Ciphertext, shareOut *PublicKeySwitchShare)

GenShare computes a party's share in the PublicKeySwitch protocol from secret-key sk to public-key pk. ct is the rlwe.Ciphertext to keyswitch. Note that ct.Value[0] is not used by the function and can be nil/zero.

Expected noise: ctNoise + encFreshPk + smudging

func (PublicKeySwitchProtocol) KeySwitch 

func (pcks PublicKeySwitchProtocol) KeySwitch(ctIn *rlwe.Ciphertext, combined PublicKeySwitchShare, opOut *rlwe.Ciphertext)

KeySwitch performs the actual keyswitching operation on a ciphertext ct and put the result in opOut

func (PublicKeySwitchProtocol) ShallowCopy 

func (pcks PublicKeySwitchProtocol) ShallowCopy() PublicKeySwitchProtocol

ShallowCopy creates a shallow copy of PublicKeySwitchProtocol in which all the read-only data-structures are shared with the receiver and the temporary bufers are reallocated. The receiver and the returned PublicKeySwitchProtocol can be used concurrently.

type PublicKeySwitchShare 

type PublicKeySwitchShare struct {
	rlwe.Element[ring.Poly]
}

PublicKeySwitchShare represents a party's share in the PublicKeySwitch protocol.

func (PublicKeySwitchShare) BinarySize 

func (share PublicKeySwitchShare) BinarySize() int

BinarySize returns the serialized size of the object in bytes.

func (PublicKeySwitchShare) MarshalBinary 

func (share PublicKeySwitchShare) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*PublicKeySwitchShare) ReadFrom 

func (share *PublicKeySwitchShare) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*PublicKeySwitchShare) UnmarshalBinary 

func (share *PublicKeySwitchShare) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (PublicKeySwitchShare) WriteTo 

func (share PublicKeySwitchShare) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type RefreshShare 

type RefreshShare struct {
	EncToShareShare KeySwitchShare
	ShareToEncShare KeySwitchShare
}

RefreshShare is a struct storing the decryption and recryption shares.

func (RefreshShare) BinarySize 

func (share RefreshShare) BinarySize() int

BinarySize returns the serialized size of the object in bytes.

func (RefreshShare) MarshalBinary 

func (share RefreshShare) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*RefreshShare) ReadFrom 

func (share *RefreshShare) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*RefreshShare) UnmarshalBinary 

func (share *RefreshShare) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (RefreshShare) WriteTo 

func (share RefreshShare) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type RelinearizationKeyGenCRP 

type RelinearizationKeyGenCRP struct {
	Value structs.Matrix[ringqp.Poly]
}

RelinearizationKeyGenCRP is a type for common reference polynomials in the RelinearizationKeyGen protocol.

type RelinearizationKeyGenProtocol 

type RelinearizationKeyGenProtocol struct {
	// contains filtered or unexported fields
}

RelinearizationKeyGenProtocol is the structure storing the parameters and and precomputations for the collective relinearization key generation protocol.

func NewRelinearizationKeyGenProtocol 

func NewRelinearizationKeyGenProtocol(params rlwe.ParameterProvider) RelinearizationKeyGenProtocol

NewRelinearizationKeyGenProtocol creates a new RelinearizationKeyGen protocol struct.

func (RelinearizationKeyGenProtocol) AggregateShares 

func (ekg RelinearizationKeyGenProtocol) AggregateShares(share1, share2 RelinearizationKeyGenShare, shareOut *RelinearizationKeyGenShare)

AggregateShares combines two RelinearizationKeyGen shares into a single one.

func (RelinearizationKeyGenProtocol) AllocateShare 

func (ekg RelinearizationKeyGenProtocol) AllocateShare(evkParams ...rlwe.EvaluationKeyParameters) (ephSk *rlwe.SecretKey, r1 RelinearizationKeyGenShare, r2 RelinearizationKeyGenShare)

AllocateShare allocates the share of the EKG protocol.

func (RelinearizationKeyGenProtocol) GenRelinearizationKey 

func (ekg RelinearizationKeyGenProtocol) GenRelinearizationKey(round1 RelinearizationKeyGenShare, round2 RelinearizationKeyGenShare, evalKeyOut *rlwe.RelinearizationKey)

GenRelinearizationKey computes the generated RLK from the public shares and write the result in evalKeyOut.

round1 = [u * a + s * P + e0, s * a + e1]

round2 = sum([s_i * {u * a + s * P + e0} + e_i2, (u_i - s_i) * {s * a + e1} + e_i3]) 

= [-sua + P*s^2 + s*e0 + e2, sua + ue1 - s^2a -s*e1 + e3]

[round2[0] + round2[1], round1[1]] = [- s^2a - s*e1 + P*s^2 + s*e0 + u*e1 + e2 + e3, s * a + e1] 

= [s * b + P * s^2 + s*e0 + u*e1 + e2 + e3, b]

func (RelinearizationKeyGenProtocol) GenShareRoundOne 

func (ekg RelinearizationKeyGenProtocol) GenShareRoundOne(sk *rlwe.SecretKey, crp RelinearizationKeyGenCRP, ephSkOut *rlwe.SecretKey, shareOut *RelinearizationKeyGenShare)

GenShareRoundOne is the first of three rounds of the RelinearizationKeyGenProtocol protocol. Each party generates a pseudo encryption of its secret share of the key s_i under its ephemeral key u_i : [-u_i*a + s_i*w + e_i] and broadcasts it to the other j-1 parties.

round1 = [-u_i * a + s_i * P + e_0i, s_i* a + e_i1]

func (RelinearizationKeyGenProtocol) GenShareRoundTwo 

func (ekg RelinearizationKeyGenProtocol) GenShareRoundTwo(ephSk, sk *rlwe.SecretKey, round1 RelinearizationKeyGenShare, shareOut *RelinearizationKeyGenShare)

GenShareRoundTwo is the second of three rounds of the RelinearizationKeyGenProtocol protocol. Upon receiving the j-1 shares, each party computes :

round1 = sum([-u_i * a + s_i * P + e_0i, s_i* a + e_i1]) 

= [u * a + s * P + e0, s * a + e1]

round2 = [s_i * round1[0] + e_i2, (u_i - s_i) * round1[1] + e_i3] 

= [s_i * {u * a + s * P + e0} + e_i2, (u_i - s_i) * {s * a + e1} + e_i3]

and broadcasts both values to the other j-1 parties.

func (RelinearizationKeyGenProtocol) SampleCRP 

func (ekg RelinearizationKeyGenProtocol) SampleCRP(crs CRS, evkParams ...rlwe.EvaluationKeyParameters) RelinearizationKeyGenCRP

SampleCRP samples a common random polynomial to be used in the RelinearizationKeyGen protocol from the provided common reference string.

func (*RelinearizationKeyGenProtocol) ShallowCopy 

func (ekg *RelinearizationKeyGenProtocol) ShallowCopy() RelinearizationKeyGenProtocol

ShallowCopy creates a shallow copy of RelinearizationKeyGenProtocol in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned RelinearizationKeyGenProtocol can be used concurrently.

type RelinearizationKeyGenShare 

type RelinearizationKeyGenShare struct {
	rlwe.GadgetCiphertext
}

RelinearizationKeyGenShare is a share in the RelinearizationKeyGen protocol.

func (RelinearizationKeyGenShare) BinarySize 

func (share RelinearizationKeyGenShare) BinarySize() int

BinarySize returns the serialized size of the object in bytes.

func (RelinearizationKeyGenShare) MarshalBinary 

func (share RelinearizationKeyGenShare) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*RelinearizationKeyGenShare) ReadFrom 

func (share *RelinearizationKeyGenShare) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*RelinearizationKeyGenShare) UnmarshalBinary 

func (share *RelinearizationKeyGenShare) UnmarshalBinary(data []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (RelinearizationKeyGenShare) WriteTo 

func (share RelinearizationKeyGenShare) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type ShamirPolynomial 

type ShamirPolynomial struct {
	Value structs.Vector[ringqp.Poly]
}

ShamirPolynomial represents a polynomial with ringqp.Poly coefficients. It is used by the Thresholdizer type to produce t-out-of-N-threshold shares of an ringqp.Poly.

See Thresholdizer type.

type ShamirPublicPoint 

type ShamirPublicPoint uint64

ShamirPublicPoint is a type for Shamir public point associated with a party identity within the t-out-of-N-threshold scheme.

See Thresholdizer and Combiner types.

type ShamirSecretShare 

type ShamirSecretShare struct {
	ringqp.Poly
}

ShamirSecretShare represents a t-out-of-N-threshold secret-share.

See Thresholdizer and Combiner types.

func (ShamirSecretShare) BinarySize 

func (s ShamirSecretShare) BinarySize() int

BinarySize returns the serialized size of the object in bytes.

func (ShamirSecretShare) MarshalBinary 

func (s ShamirSecretShare) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*ShamirSecretShare) ReadFrom 

func (s *ShamirSecretShare) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*ShamirSecretShare) UnmarshalBinary 

func (s *ShamirSecretShare) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (ShamirSecretShare) WriteTo 

func (s ShamirSecretShare) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type TestParametersLiteral 

type TestParametersLiteral struct {
	BaseTwoDecomposition int
	rlwe.ParametersLiteral
}

type Thresholdizer 

type Thresholdizer struct {
	// contains filtered or unexported fields
}

Thresholdizer is a type for generating secret-shares of ringqp.Poly types such that the resulting sharing has a t-out-of-N-threshold access-structure. It implements the `Thresholdize` operation as presented in "An Efficient Threshold Access-Structure for RLWE-Based Multiparty Homomorphic Encryption" (2022) by Mouchet, C., Bertrand, E., and Hubaux, J. P. (https://eprint.iacr.org/2022/780).

See the `mhe` package README.md.

func NewThresholdizer 

func NewThresholdizer(params rlwe.ParameterProvider) Thresholdizer

NewThresholdizer creates a new Thresholdizer instance from parameters.

func (Thresholdizer) AggregateShares 

func (thr Thresholdizer) AggregateShares(share1, share2 ShamirSecretShare, outShare *ShamirSecretShare) (err error)

AggregateShares aggregates two ShamirSecretShare and stores the result in outShare.

func (Thresholdizer) AllocateThresholdSecretShare 

func (thr Thresholdizer) AllocateThresholdSecretShare() ShamirSecretShare

AllocateThresholdSecretShare allocates a ShamirSecretShare struct.

func (Thresholdizer) GenShamirPolynomial 

func (thr Thresholdizer) GenShamirPolynomial(threshold int, secret *rlwe.SecretKey) (ShamirPolynomial, error)

GenShamirPolynomial generates a new secret ShamirPolynomial to be used in the Thresholdizer.GenShamirSecretShare method. It does so by sampling a random polynomial of degree threshold - 1 and with its constant term equal to secret.

func (Thresholdizer) GenShamirSecretShare 

func (thr Thresholdizer) GenShamirSecretShare(recipient ShamirPublicPoint, secretPoly ShamirPolynomial, shareOut *ShamirSecretShare)

GenShamirSecretShare generates a secret share for the given recipient, identified by its ShamirPublicPoint. The result is stored in ShareOut and should be sent to this party.

Source Files

View all Source files

Directories

Path Synopsis
Package mhefloat implements homomorphic decryption to Linear-Secret-Shared-Shares (LSSS) and homomorphic re-encryption from LSSS, as well as interactive bootstrapping for the package `he/hefloat` See `mhe/README.md` for additional information on multiparty schemes.
 Package mhefloat implements homomorphic decryption to Linear-Secret-Shared-Shares (LSSS) and homomorphic re-encryption from LSSS, as well as interactive bootstrapping for the package `he/hefloat` See `mhe/README.md` for additional information on multiparty schemes.
Package mheint implements homomorphic decryption to Linear-Secret-Shared-Shares (LSSS) and homomorphic re-encryption from LSSS, as well as interactive bootstrapping for the package `he/heint` See `mhe/README.md` for additional information on multiparty schemes.
 Package mheint implements homomorphic decryption to Linear-Secret-Shared-Shares (LSSS) and homomorphic re-encryption from LSSS, as well as interactive bootstrapping for the package `he/heint` See `mhe/README.md` for additional information on multiparty schemes.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.