rlwe

package
v5.0.0-...-72ea290 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

README

References

  1. Somewhat Practical Fully Homomorphic Encryption (https://eprint.iacr.org/2012/144)
  2. Fully Homomorphic Encryption without Bootstrapping (https://eprint.iacr.org/2011/277)
  3. Efficient Homomorphic Conversion Between (Ring) LWE Ciphertexts (https://eprint.iacr.org/2020/015)
  4. HERMES: Efficient Ring Packing using MLWE Ciphertexts and Application to Transciphering (https://eprint.iacr.org/2023/1244)

Documentation

Overview

Package rlwe implements the generic cryptographic functionalities and operations that are common to R-LWE schemes. The other implemented schemes extend this package with their specific operations and structures.

Index

Constants

View Source
const (
	// XsUniformTernary is the standard deviation of a ternary key with uniform distribution
	XsUniformTernary = 0.816496580927726 //Sqrt(2/3)

	// DefaultNoise is the default standard deviation of the error
	DefaultNoise = 3.2

	// DefaultNoiseBound is the default bound (in number of standard deviation) of the noise bound
	DefaultNoiseBound = 19.2 // 6*3.2
)
View Source
const GaloisGen uint64 = ring.GaloisGen

GaloisGen is an integer of order N=2^d modulo M=2N and that spans Z_M with the integer -1. The j-th ring automorphism takes the root zeta to zeta^(5j).

View Source
const MaxLogN = 20

MaxLogN is the log2 of the largest supported polynomial modulus degree.

View Source
const MaxModuliSize = 60

MaxModuliSize is the largest bit-length supported for the moduli in the RNS representation.

View Source
const MinLogN = 4

MinLogN is the log2 of the smallest supported polynomial modulus degree (needed to ensure the NTT correctness).

View Source
const (
	// ScalePrecision is the default precision of the scale.
	ScalePrecision = uint(128)
)

Variables

DefaultXe is the default discrete Gaussian distribution.

View Source
var DefaultXs = ring.Ternary{P: 2 / 3.0}
View Source
var (
	// ExampleParameterLogN14LogQP438 is an example parameters set with logN=14 and logQP=438
	// offering 128-bit of security.
	ExampleParametersLogN14LogQP438 = ParametersLiteral{
		LogN:    14,
		Q:       []uint64{0x200000440001, 0x7fff80001, 0x800280001, 0x7ffd80001, 0x7ffc80001},
		P:       []uint64{0x3ffffffb80001, 0x4000000800001},
		NTTFlag: true,
	}
)
View Source
var ScalePrecisionLog10 = int(math.Ceil(float64(ScalePrecision) / math.Log2(10)))

Functions

func AddPolyTimesGadgetVectorToGadgetCiphertext

func AddPolyTimesGadgetVectorToGadgetCiphertext(pt ring.Poly, cts []GadgetCiphertext, ringQP ringqp.Ring, buff ring.Poly) (err error)

AddPolyTimesGadgetVectorToGadgetCiphertext takes a plaintext polynomial and a list of Ciphertexts and adds the plaintext times the RNS and BIT decomposition to the i-th element of the i-th Ciphertexts. This method return an error if len(cts) > 2.

func CheckModuli

func CheckModuli(q, p []uint64) error

CheckModuli checks that the provided q and p correspond to a valid moduli chain.

func ExtendBasisSmallNormAndCenterNTTMontgomery

func ExtendBasisSmallNormAndCenterNTTMontgomery(rQ, rP *ring.Ring, polQ, buff, polP ring.Poly)

ExtendBasisSmallNormAndCenterNTTMontgomery extends a small-norm polynomial polQ in R_Q to a polynomial polP in R_P. This method can be used to extend from Q0 to QL. Input and output are in the NTT and Montgomery domain.

func GaloisElementsForExpand

func GaloisElementsForExpand(params ParameterProvider, logN int) (galEls []uint64)

GaloisElementsForExpand returns the list of Galois elements required to perform the `Expand` operation with parameter `logN`.

func GaloisElementsForInnerSum

func GaloisElementsForInnerSum(params ParameterProvider, batch, n int) (galEls []uint64)

GaloisElementsForInnerSum returns the list of Galois elements necessary to apply the method `InnerSum` operation with parameters `batch` and `n`.

func GaloisElementsForPack

func GaloisElementsForPack(params ParameterProvider, logGap int) (galEls []uint64)

GaloisElementsForPack returns the list of Galois elements required to perform the `Pack` operation.

func GaloisElementsForReplicate

func GaloisElementsForReplicate(params ParameterProvider, batch, n int) (galEls []uint64)

GaloisElementsForReplicate returns the list of Galois elements necessary to perform the `Replicate` operation with parameters `batch` and `n`.

func GaloisElementsForTrace

func GaloisElementsForTrace(params ParameterProvider, logN int) (galEls []uint64)

GaloisElementsForTrace returns the list of Galois elements requored for the for the `Trace` operation. Trace maps X -> sum((-1)^i * X^{i*n+1}) for 2^{LogN} <= i < N.

func GenModuli

func GenModuli(LogNthRoot int, logQ, logP []int) (q, p []uint64, err error)

GenModuli generates a valid moduli chain from the provided moduli sizes.

func GenXPow2

func GenXPow2(r *ring.Ring, logN int, div bool) (xPow []ring.Poly)

func NTTSparseAndMontgomery

func NTTSparseAndMontgomery(r *ring.Ring, metadata *MetaData, pol ring.Poly)

NTTSparseAndMontgomery takes a polynomial Z[Y] outside of the NTT domain and maps it to a polynomial Z[X] in the NTT domain where Y = X^(gap). This method is used to accelerate the NTT of polynomials that encode sparse polynomials.

func NoiseEvaluationKey

func NoiseEvaluationKey(evk *EvaluationKey, skIn, skOut *SecretKey, params Parameters) float64

NoiseEvaluationKey the log2 of the standard deviation of the noise of the input Galois key key with respect to the given secret-key and paramters.

func NoiseGadgetCiphertext

func NoiseGadgetCiphertext(gct *GadgetCiphertext, pt ring.Poly, sk *SecretKey, params Parameters) float64

NoiseGadgetCiphertext returns the log2 of the standard devaition of the noise of the input gadget ciphertext with respect to the given plaintext, secret-key and parameters. The polynomial pt is expected to be in the NTT and Montgomery domain.

func NoiseGaloisKey

func NoiseGaloisKey(gk *GaloisKey, sk *SecretKey, params Parameters) float64

NoiseGaloisKey the log2 of the standard deviation of the noise of the input Galois key key with respect to the given secret-key and paramters.

func NoisePublicKey

func NoisePublicKey(pk *PublicKey, sk *SecretKey, params Parameters) float64

NoisePublicKey returns the log2 of the standard deviation of the input public-key with respect to the given secret-key and parameters.

func NoiseRelinearizationKey

func NoiseRelinearizationKey(rlk *RelinearizationKey, sk *SecretKey, params Parameters) float64

NoiseRelinearizationKey the log2 of the standard deviation of the noise of the input relinearization key with respect to the given secret-key and paramters.

func Norm

func Norm(ct *Ciphertext, dec *Decryptor) (std, min, max float64)

Norm returns the log2 of the standard deviation, minimum and maximum absolute norm of the decrypted Ciphertext, before the decoding (i.e. including the error).

func NormStats

func NormStats(vec []*big.Int) (float64, float64, float64)

func PopulateElementRandom

func PopulateElementRandom(prng sampling.PRNG, params ParameterProvider, ct *Element[ring.Poly])

PopulateElementRandom creates a new rlwe.Element with random coefficients.

func ResolveEvaluationKeyParameters

func ResolveEvaluationKeyParameters(params Parameters, evkParams []EvaluationKeyParameters) (levelQ, levelP, BaseTwoDecomposition int)

func SwitchCiphertextRingDegree

func SwitchCiphertextRingDegree(ctIn, opOut *Element[ring.Poly])

SwitchCiphertextRingDegree changes the ring degree of ctIn to the one of opOut. Maps Y^{N/n} -> X^{N} or X^{N} -> Y^{N/n}. If the ring degree of opOut is larger than the one of ctIn, then the ringQ of ctIn must be provided (otherwise, a nil pointer).

func SwitchCiphertextRingDegreeNTT

func SwitchCiphertextRingDegreeNTT(ctIn *Element[ring.Poly], ringQLargeDim *ring.Ring, opOut *Element[ring.Poly])

SwitchCiphertextRingDegreeNTT changes the ring degree of ctIn to the one of opOut. Maps Y^{N/n} -> X^{N} or X^{N} -> Y^{N/n}. If the ring degree of opOut is larger than the one of ctIn, then the ringQ of opOut must be provided (otherwise, a nil pointer). The ctIn must be in the NTT domain and opOut will be in the NTT domain.

Types

type Ciphertext

type Ciphertext struct {
	Element[ring.Poly]
}

Ciphertext is a generic type for RLWE ciphertexts.

func NewCiphertext

func NewCiphertext(params ParameterProvider, degree int, level ...int) (ct *Ciphertext)

NewCiphertext returns a new Ciphertext with zero values and an associated MetaData set to the Parameters default value.

func NewCiphertextAtLevelFromPoly

func NewCiphertextAtLevelFromPoly(level int, poly []ring.Poly) (*Ciphertext, error)

NewCiphertextAtLevelFromPoly constructs a new Ciphertext at a specific level where the message is set to the passed poly. No checks are performed on poly and the returned Ciphertext will share its backing array of coefficients. Returned Ciphertext's MetaData is allocated but empty .

func NewCiphertextRandom

func NewCiphertextRandom(prng sampling.PRNG, params ParameterProvider, degree, level int) (ciphertext *Ciphertext)

NewCiphertextRandom generates a new uniformly distributed Ciphertext of degree, level.

func (Ciphertext) Copy

func (ct Ciphertext) Copy(ctxCopy *Ciphertext)

Copy copies the input element and its parameters on the target element.

func (Ciphertext) CopyNew

func (ct Ciphertext) CopyNew() *Ciphertext

CopyNew creates a new element as a copy of the target element.

func (Ciphertext) Equal

func (ct Ciphertext) Equal(other *Ciphertext) bool

Equal performs a deep equal.

type CiphertextMetaData

type CiphertextMetaData struct {
	// IsNTT is a flag indicating if the ciphertext is in the NTT domain.
	IsNTT bool
	// IsMontgomery is a flag indicating if the ciphertext is in the Montgomery domain.
	IsMontgomery bool
}

CiphertextMetaData is a struct storing metadata related to the ciphertext.

func (*CiphertextMetaData) BinarySize

func (m *CiphertextMetaData) BinarySize() int

BinarySize returns the size in bytes that the object once marshalled into a binary form.

func (*CiphertextMetaData) Equal

func (m *CiphertextMetaData) Equal(other *CiphertextMetaData) (res bool)

Equal returns true if two MetaData structs are identical.

func (CiphertextMetaData) MarshalBinary

func (m CiphertextMetaData) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (CiphertextMetaData) MarshalJSON

func (m CiphertextMetaData) MarshalJSON() (p []byte, err error)

func (*CiphertextMetaData) ReadFrom

func (m *CiphertextMetaData) ReadFrom(r io.Reader) (int64, error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*CiphertextMetaData) UnmarshalBinary

func (m *CiphertextMetaData) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (*CiphertextMetaData) UnmarshalJSON

func (m *CiphertextMetaData) UnmarshalJSON(p []byte) (err error)

func (*CiphertextMetaData) WriteTo

func (m *CiphertextMetaData) WriteTo(w io.Writer) (int64, error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type Decryptor

type Decryptor struct {
	// contains filtered or unexported fields
}

Decryptor is a structure used to decrypt Ciphertext. It stores the secret-key.

func NewDecryptor

func NewDecryptor(params ParameterProvider, sk *SecretKey) *Decryptor

NewDecryptor instantiates a new generic RLWE Decryptor.

func (Decryptor) Decrypt

func (d Decryptor) Decrypt(ct *Ciphertext, pt *Plaintext)

Decrypt decrypts the Ciphertext and writes the result in pt. The level of the output Plaintext is min(ct.Level(), pt.Level()) Output pt MetaData will match the input ct MetaData.

func (Decryptor) DecryptNew

func (d Decryptor) DecryptNew(ct *Ciphertext) (pt *Plaintext)

DecryptNew decrypts the Ciphertext and returns the result in a new Plaintext. Output pt MetaData will match the input ct MetaData.

func (Decryptor) GetRLWEParameters

func (d Decryptor) GetRLWEParameters() *Parameters

GetRLWEParameters returns the underlying rlwe.Parameters.

func (Decryptor) ShallowCopy

func (d Decryptor) ShallowCopy() *Decryptor

ShallowCopy creates a shallow copy of Decryptor in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned Decryptor can be used concurrently.

func (Decryptor) WithKey

func (d Decryptor) WithKey(sk *SecretKey) *Decryptor

WithKey creates a shallow copy of Decryptor with a new decryption key, in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned Decryptor can be used concurrently.

type Distribution

type Distribution struct {
	ring.DistributionParameters
	Std      float64
	AbsBound float64
}

func NewDistribution

func NewDistribution(params ring.DistributionParameters, logN int) (d Distribution)

type DistributionLiteral

type DistributionLiteral interface{}

type Element

type Element[T ring.Poly | ringqp.Poly] struct {
	*MetaData
	Value structs.Vector[T]
}

Element is a generic struct to store a vector of T along with some metadata.

func GetSmallestLargest

func GetSmallestLargest[T ring.Poly | ringqp.Poly](el0, el1 *Element[T]) (smallest, largest *Element[T], sameDegree bool)

GetSmallestLargest returns the provided element that has the smallest degree as a first returned value and the largest degree as second return value. If the degree match, the order is the same as for the input.

func NewElement

func NewElement(params ParameterProvider, degree int, levelQ ...int) *Element[ring.Poly]

NewElement allocates a new Element[ring.Poly].

func NewElementAtLevelFromPoly

func NewElementAtLevelFromPoly(level int, poly []ring.Poly) (*Element[ring.Poly], error)

NewElementAtLevelFromPoly constructs a new Element at a specific level where the message is set to the passed poly. No checks are performed on poly and the returned Element will share its backing array of coefficients. Returned Element's MetaData is nil.

func NewElementExtended

func NewElementExtended(params ParameterProvider, degree, levelQ, levelP int) *Element[ringqp.Poly]

NewElementExtended allocates a new Element[ringqp.Poly].

func (Element[T]) BinarySize

func (op Element[T]) BinarySize() (size int)

BinarySize returns the serialized size of the object in bytes.

func (*Element[T]) Copy

func (op *Element[T]) Copy(opCopy *Element[T])

Copy copies opCopy on op, up to the capacity of op (similarely to copy([]byte, []byte)).

func (Element[T]) CopyNew

func (op Element[T]) CopyNew() *Element[T]

CopyNew creates a deep copy of the object and returns it.

func (Element[T]) Degree

func (op Element[T]) Degree() int

Degree returns the degree of the target Element.

func (*Element[T]) El

func (op *Element[T]) El() *Element[T]

func (Element[T]) Equal

func (op Element[T]) Equal(other *Element[T]) bool

Equal performs a deep equal.

func (Element[T]) Level

func (op Element[T]) Level() int

Level returns the level of the target Element.

func (Element[T]) LevelP

func (op Element[T]) LevelP() int

func (Element[T]) LevelQ

func (op Element[T]) LevelQ() int

func (Element[T]) MarshalBinary

func (op Element[T]) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*Element[T]) ReadFrom

func (op *Element[T]) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*Element[T]) Resize

func (op *Element[T]) Resize(degree, level int)

Resize resizes the degree of the target element. Sets the NTT flag of the added poly equal to the NTT flag to the poly at degree zero.

func (*Element[T]) UnmarshalBinary

func (op *Element[T]) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (Element[T]) WriteTo

func (op Element[T]) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type ElementInterface

type ElementInterface[T ring.Poly | ringqp.Poly] interface {
	El() *Element[T]
	Degree() int
	Level() int
}

ElementInterface is a common interface for Ciphertext and Plaintext types.

type EncryptionKey

type EncryptionKey interface {
	// contains filtered or unexported methods
}

EncryptionKey is an interface for encryption keys. Valid encryption keys are the SecretKey and PublicKey types.

type Encryptor

type Encryptor struct {
	// contains filtered or unexported fields
}

func NewEncryptor

func NewEncryptor(params ParameterProvider, key EncryptionKey) *Encryptor

NewEncryptor creates a new Encryptor from either a public key or a private key.

func (Encryptor) Encrypt

func (enc Encryptor) Encrypt(pt *Plaintext, ct interface{}) (err error)

Encrypt encrypts the input plaintext using the stored encryption key and writes the result on ct. The method currently accepts only *rlwe.Ciphertext as ct. If a Plaintext is given, then the output Ciphertext MetaData will match the Plaintext MetaData. The method returns an error if the ct has an unsupported type or if no encryption key is stored in the Encryptor.

The encryption procedure masks the plaintext by adding a fresh encryption of zero. The encryption procedure depends on the parameters: If the auxiliary modulus P is defined, the encryption of zero is sampled in QP before being rescaled by P; otherwise, it is directly sampled in Q.

func (Encryptor) EncryptNew

func (enc Encryptor) EncryptNew(pt *Plaintext) (ct *Ciphertext, err error)

EncryptNew encrypts the input plaintext using the stored encryption key and returns a newly allocated Ciphertext containing the result. If a Plaintext is provided, then the output ciphertext MetaData will match the Plaintext MetaData. The method returns an error if the ct has an unsupported type or if no encryption key is stored in the Encryptor.

The encryption procedure masks the plaintext by adding a fresh encryption of zero. The encryption procedure depends on the parameters: If the auxiliary modulus P is defined, the encryption of zero is sampled in QP before being rescaled by P; otherwise, it is directly sampled in Q.

func (Encryptor) EncryptZero

func (enc Encryptor) EncryptZero(ct interface{}) (err error)

EncryptZero generates an encryption of zero under the stored encryption key and writes the result on ct. The method accepts only *rlwe.Ciphertext as input. The method returns an error if the ct has an unsupported type or if no encryption key is stored in the Encryptor.

The encryption procedure depends on the parameters: If the auxiliary modulus P is defined, the encryption of zero is sampled in QP before being rescaled by P; otherwise, it is directly sampled in Q. The zero encryption is generated according to the given Ciphertext MetaData.

func (Encryptor) EncryptZeroNew

func (enc Encryptor) EncryptZeroNew(level int) (ct *Ciphertext)

EncryptZeroNew generates an encryption of zero under the stored encryption key and returns a newly allocated Ciphertext containing the result. The method returns an error if no encryption key is stored in the Encryptor. The encryption procedure depends on the parameters: If the auxiliary modulus P is defined, the encryption of zero is sampled in QP before being rescaled by P; otherwise, it is directly sampled in Q.

func (Encryptor) GetRLWEParameters

func (enc Encryptor) GetRLWEParameters() *Parameters

GetRLWEParameters returns the underlying rlwe.Parameters.

func (Encryptor) ShallowCopy

func (enc Encryptor) ShallowCopy() *Encryptor

func (Encryptor) WithKey

func (enc Encryptor) WithKey(key EncryptionKey) *Encryptor

func (*Encryptor) WithPRNG

func (enc *Encryptor) WithPRNG(prng sampling.PRNG) *Encryptor

WithPRNG returns this encryptor with prng as its source of randomness for the uniform element c1. The returned encryptor isn't safe to use concurrently with the original encryptor.

type EvaluationKey

type EvaluationKey struct {
	GadgetCiphertext
}

EvaluationKey is a public key indented to be used during the evaluation phase of a homomorphic circuit. It provides a one way public and non-interactive re-encryption from a ciphertext encrypted under `skIn` to a ciphertext encrypted under `skOut`.

Such re-encryption is for example used for:

  • Homomorphic relinearization: re-encryption of a quadratic ciphertext (that requires (1, sk sk^2) to be decrypted) to a linear ciphertext (that required (1, sk) to be decrypted). In this case skIn = sk^2 an skOut = sk.
  • Homomorphic automorphisms: an automorphism in the ring Z[X]/(X^{N}+1) is defined as pi_k: X^{i} -> X^{i^k} with k coprime to 2N. Pi_sk is for exampled used during homomorphic slot rotations. Applying pi_k to a ciphertext encrypted under sk generates a new ciphertext encrypted under pi_k(sk), and an Evaluationkey skIn = pi_k(sk) to skOut = sk is used to bring it back to its original key.

func NewEvaluationKey

func NewEvaluationKey(params ParameterProvider, evkParams ...EvaluationKeyParameters) *EvaluationKey

NewEvaluationKey returns a new EvaluationKey with pre-allocated zero-value.

func (EvaluationKey) CopyNew

func (evk EvaluationKey) CopyNew() *EvaluationKey

CopyNew creates a deep copy of the target EvaluationKey and returns it.

func (EvaluationKey) Equal

func (evk EvaluationKey) Equal(other *EvaluationKey) bool

Equal performs a deep equal.

type EvaluationKeyParameters

type EvaluationKeyParameters struct {
	LevelQ               *int
	LevelP               *int
	BaseTwoDecomposition *int
}

type EvaluationKeySet

type EvaluationKeySet interface {

	// GetGaloisKey retrieves the Galois key for the automorphism X^{i} -> X^{i*galEl}.
	GetGaloisKey(galEl uint64) (evk *GaloisKey, err error)

	// GetGaloisKeysList returns the list of all the Galois elements
	// for which a Galois key exists in the object.
	GetGaloisKeysList() (galEls []uint64)

	// GetRelinearizationKey retrieves the RelinearizationKey.
	GetRelinearizationKey() (evk *RelinearizationKey, err error)
}

EvaluationKeySet is an interface implementing methods to load the RelinearizationKey and GaloisKeys in the Evaluator. Implementations of this interface must be safe for concurrent use.

type Evaluator

type Evaluator struct {
	EvaluationKeySet
	*EvaluatorBuffers

	BasisExtender *ring.BasisExtender
	Decomposer    *ring.Decomposer
	// contains filtered or unexported fields
}

Evaluator is a struct that holds the necessary elements to execute general homomorphic operation on RLWE ciphertexts, such as automorphisms, key-switching and relinearization.

func NewEvaluator

func NewEvaluator(params ParameterProvider, evk EvaluationKeySet) (eval *Evaluator)

NewEvaluator creates a new Evaluator.

func (Evaluator) ApplyEvaluationKey

func (eval Evaluator) ApplyEvaluationKey(ctIn *Ciphertext, evk *EvaluationKey, opOut *Ciphertext) (err error)

ApplyEvaluationKey is a generic method to apply an EvaluationKey on a ciphertext. An EvaluationKey is a type of public key that is be used during the evaluation of a homomorphic circuit to provide additional functionalities, like relinearization or rotations.

In a nutshell, an Evaluationkey encrypts a secret skIn under a secret skOut and enables the public and non interactive re-encryption of any ciphertext encrypted under skIn to a new ciphertext encrypted under skOut.

The method will return an error if either ctIn or opOut degree isn't 1.

This method can also be used to switch a ciphertext to one with a different ring degree. Note that the parameters of the smaller ring degree must be the same or a subset of the moduli Q and P of the one for the larger ring degree.

To do so, it must be provided with the appropriate EvaluationKey, and have the operands matching the target ring degrees.

To switch a ciphertext to a smaller ring degree:

  • ctIn ring degree must match the evaluator's ring degree.
  • opOut ring degree must match the smaller ring degree.
  • evk must have been generated using the key-generator of the large ring degree with as input large-key -> small-key.

To switch a ciphertext to a smaller ring degree:

  • ctIn ring degree must match the smaller ring degree.
  • opOut ring degree must match the evaluator's ring degree.
  • evk must have been generated using the key-generator of the large ring degree with as input small-key -> large-key.

func (Evaluator) Automorphism

func (eval Evaluator) Automorphism(ctIn *Ciphertext, galEl uint64, opOut *Ciphertext) (err error)

Automorphism computes phi(ct), where phi is the map X -> X^galEl. The method requires that the corresponding RotationKey has been added to the Evaluator. The method will return an error if either ctIn or opOut degree is not equal to 1.

func (Evaluator) AutomorphismHoisted

func (eval Evaluator) AutomorphismHoisted(level int, ctIn *Ciphertext, c1DecompQP []ringqp.Poly, galEl uint64, opOut *Ciphertext) (err error)

AutomorphismHoisted is similar to Automorphism, except that it takes as input ctIn and c1DecompQP, where c1DecompQP is the RNS decomposition of its element of degree 1. This decomposition can be obtained with DecomposeNTT. The method requires that the corresponding RotationKey has been added to the Evaluator. The method will return an error if either ctIn or opOut degree is not equal to 1.

func (Evaluator) AutomorphismHoistedLazy

func (eval Evaluator) AutomorphismHoistedLazy(levelQ int, ctIn *Ciphertext, c1DecompQP []ringqp.Poly, galEl uint64, ctQP *Element[ringqp.Poly]) (err error)

AutomorphismHoistedLazy is similar to AutomorphismHoisted, except that it returns a ciphertext modulo QP and scaled by P. The method requires that the corresponding RotationKey has been added to the Evaluator. Result NTT domain is returned according to the NTT flag of ctQP.

func (Evaluator) AutomorphismIndex

func (eval Evaluator) AutomorphismIndex(galEl uint64) []uint64

func (Evaluator) CheckAndGetGaloisKey

func (eval Evaluator) CheckAndGetGaloisKey(galEl uint64) (evk *GaloisKey, err error)

CheckAndGetGaloisKey returns an error if the GaloisKey for the given Galois element is missing or the EvaluationKey interface is nil.

func (Evaluator) CheckAndGetRelinearizationKey

func (eval Evaluator) CheckAndGetRelinearizationKey() (evk *RelinearizationKey, err error)

CheckAndGetRelinearizationKey returns an error if the RelinearizationKey is missing or the EvaluationKey interface is nil.

func (Evaluator) DecomposeNTT

func (eval Evaluator) DecomposeNTT(levelQ, levelP, nbPi int, c2 ring.Poly, c2IsNTT bool, decompQP []ringqp.Poly)

DecomposeNTT applies the full RNS basis decomposition on c2. Expects the IsNTT flag of c2 to correctly reflect the domain of c2. BuffQPDecompQ and BuffQPDecompQ are vectors of polynomials (mod Q and mod P) that store the special RNS decomposition of c2 (in the NTT domain)

func (Evaluator) DecomposeSingleNTT

func (eval Evaluator) DecomposeSingleNTT(levelQ, levelP, nbPi, BaseRNSDecompositionVectorSize int, c2NTT, c2InvNTT, c2QiQ, c2QiP ring.Poly)

DecomposeSingleNTT takes the input polynomial c2 (c2NTT and c2InvNTT, respectively in the NTT and out of the NTT domain) modulo the RNS basis, and returns the result on c2QiQ and c2QiP, the receiver polynomials respectively mod Q and mod P (in the NTT domain)

func (Evaluator) Expand

func (eval Evaluator) Expand(ctIn *Ciphertext, logN, logGap int) (opOut []*Ciphertext, err error)

Expand expands a RLWE Ciphertext encrypting sum ai * X^i to 2^logN ciphertexts, each encrypting ai * X^0 for 0 <= i < 2^LogN. That is, it extracts the first 2^logN coefficients, whose degree is a multiple of 2^logGap, of ctIn and returns an RLWE Ciphertext for each coefficient extracted.

The method will return an error if:

  • The input ciphertext degree is not one
  • The ring type is not ring.Standard

func (Evaluator) GadgetProduct

func (eval Evaluator) GadgetProduct(levelQ int, cx ring.Poly, gadgetCt *GadgetCiphertext, ct *Ciphertext)

GadgetProduct evaluates poly x Gadget -> RLWE where

ct = [<decomp(cx), gadget[0]>, <decomp(cx), gadget[1]>] mod Q

Expects the flag IsNTT of ct to correctly reflect the domain of cx.

func (Evaluator) GadgetProductHoisted

func (eval Evaluator) GadgetProductHoisted(levelQ int, BuffQPDecompQP []ringqp.Poly, gadgetCt *GadgetCiphertext, ct *Ciphertext)

GadgetProductHoisted applies the key-switch to the decomposed polynomial c2 mod QP (BuffQPDecompQP) and divides the result by P, reducing the basis from QP to Q.

ct = [<BuffQPDecompQP, gadgetCt[0]) mod Q

BuffQPDecompQP is expected to be in the NTT domain.

Result NTT domain is returned according to the NTT flag of ct.

func (Evaluator) GadgetProductHoistedLazy

func (eval Evaluator) GadgetProductHoistedLazy(levelQ int, BuffQPDecompQP []ringqp.Poly, gadgetCt *GadgetCiphertext, ct *Element[ringqp.Poly])

GadgetProductHoistedLazy applies the gadget product to the decomposed polynomial c2 mod QP (BuffQPDecompQ and BuffQPDecompP)

BuffQP2 = dot(BuffQPDecompQ||BuffQPDecompP * gadgetCt[0]) mod QP BuffQP3 = dot(BuffQPDecompQ||BuffQPDecompP * gadgetCt[1]) mod QP

BuffQPDecompQP is expected to be in the NTT domain.

Result NTT domain is returned according to the NTT flag of ct.

func (Evaluator) GadgetProductLazy

func (eval Evaluator) GadgetProductLazy(levelQ int, cx ring.Poly, gadgetCt *GadgetCiphertext, ct *Element[ringqp.Poly])

GadgetProductLazy evaluates poly x Gadget -> RLWE where

ct = [<decomp(cx), gadget[0]>, <decomp(cx), gadget[1]>] mod QP

Expects the flag IsNTT of ct to correctly reflect the domain of cx.

Result NTT domain is returned according to the NTT flag of ct.

func (Evaluator) GetBuffCt

func (eval Evaluator) GetBuffCt() *Ciphertext

func (Evaluator) GetBuffDecompQP

func (eval Evaluator) GetBuffDecompQP() []ringqp.Poly

func (Evaluator) GetBuffQP

func (eval Evaluator) GetBuffQP() [6]ringqp.Poly

func (Evaluator) GetEvaluatorBuffer

func (eval Evaluator) GetEvaluatorBuffer() *EvaluatorBuffers

func (*Evaluator) GetRLWEParameters

func (eval *Evaluator) GetRLWEParameters() *Parameters

func (Evaluator) InitOutputBinaryOp

func (eval Evaluator) InitOutputBinaryOp(op0, op1 *Element[ring.Poly], opInTotalMaxDegree int, opOut *Element[ring.Poly]) (degree, level int, err error)

InitOutputBinaryOp initializes the output Element opOut for receiving the result of a binary operation over op0 and op1. The method also performs the following checks:

1. Inputs are not nil 2. MetaData are not nil 3. op0.Degree() + op1.Degree() != 0 (i.e at least one Element is a ciphertext) 4. op0.IsNTT == op1.IsNTT == DefaultNTTFlag 5. op0.IsBatched == op1.IsBatched

The opOut metadata are initilized as: IsNTT <- DefaultNTTFlag IsBatched <- op0.IsBatched LogDimensions <- max(op0.LogDimensions, op1.LogDimensions)

The method returns max(op0.Degree(), op1.Degree(), opOut.Degree()) and min(op0.Level(), op1.Level(), opOut.Level())

func (Evaluator) InitOutputUnaryOp

func (eval Evaluator) InitOutputUnaryOp(op0, opOut *Element[ring.Poly]) (degree, level int, err error)

InitOutputUnaryOp initializes the output Element opOut for receiving the result of a unary operation over op0. The method also performs the following checks:

1. Input and output are not nil 2. Inoutp and output Metadata are not nil 2. op0.IsNTT == DefaultNTTFlag

The method will also update the metadata of opOut:

IsNTT <- NTTFlag IsBatched <- op0.IsBatched LogDimensions <- op0.LogDimensions

The method returns max(op0.Degree(), opOut.Degree()) and min(op0.Level(), opOut.Level()).

func (Evaluator) InnerFunction

func (eval Evaluator) InnerFunction(ctIn *Ciphertext, batchSize, n int, f func(a, b, c *Ciphertext) (err error), opOut *Ciphertext) (err error)

InnerFunction applies an user defined function on the Ciphertext with a tree-like combination requiring log2(n) + HW(n) rotations.

InnerFunction with f = eval.Add(a, b, c) is equivalent to InnerSum (although slightly slower).

The operation assumes that `ctIn` encrypts Slots/`batchSize` sub-vectors of size `batchSize` and will add them together (in parallel) in groups of `n`. It outputs in opOut a Ciphertext for which the "leftmost" sub-vector of each group is equal to the pair-wise recursive evaluation of function over the group.

The inner function is computed in a tree fashion. Example for batchSize=2 & n=4 (garbage slots are marked by 'x'):

1) [{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}]

  1. [{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}] f [{c, d}, {e, f}, {g, h}, {x, x}, {c, d}, {e, f}, {g, h}, {x, x}] (rotate batchSize * 2^{0}) = [{f(a, c), f(b, d)}, {f(c, e), f(d, f)}, {f(e, g), f(f, h)}, {x, x}, {f(a, c), f(b, d)}, {f(c, e), f(d, f)}, {f(e, g), f(f, h)}, {x, x}]

  2. [{f(a, c), f(b, d)}, {x, x}, {f(e, g), f(f, h)}, {x, x}, {f(a, c), f(b, d)}, {x, x}, {f(e, g), f(f, h)}, {x, x}] (rotate batchSize * 2^{1}) + [{f(e, g), f(f, h)}, {x, x}, {x, x}, {x, x}, {f(e, g), f(f, h)}, {x, x}, {x, x}, {x, x}] = = [{f(f(a,c),f(e,g)), f(f(b, d), f(f, h))}, {x, x}, {x, x}, {x, x}, {f(f(a,c),f(e,g)), f(f(b, d), f(f, h))}, {x, x}, {x, x}, {x, x}]

func (Evaluator) InnerSum

func (eval Evaluator) InnerSum(ctIn *Ciphertext, batchSize, n int, opOut *Ciphertext) (err error)

InnerSum applies an optimized inner sum on the Ciphertext (log2(n) + HW(n) rotations with double hoisting). The operation assumes that `ctIn` encrypts Slots/`batchSize` sub-vectors of size `batchSize` and will add them together (in parallel) in groups of `n`. It outputs in opOut a Ciphertext for which the "leftmost" sub-vector of each group is equal to the sum of the group.

The inner sum is computed in a tree fashion. Example for batchSize=2 & n=4 (garbage slots are marked by 'x'):

1) [{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}]

  1. [{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}] + [{c, d}, {e, f}, {g, h}, {x, x}, {c, d}, {e, f}, {g, h}, {x, x}] (rotate batchSize * 2^{0}) = [{a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}, {a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}]

  2. [{a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}, {a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}] (rotate batchSize * 2^{1}) + [{e+g, f+h}, {x, x}, {x, x}, {x, x}, {e+g, f+h}, {x, x}, {x, x}, {x, x}] = = [{a+c+e+g, b+d+f+h}, {x, x}, {x, x}, {x, x}, {a+c+e+g, b+d+f+h}, {x, x}, {x, x}, {x, x}]

func (Evaluator) ModDown

func (eval Evaluator) ModDown(levelQ, levelP int, ctQP *Element[ringqp.Poly], ct *Ciphertext)

ModDown takes ctQP (mod QP) and returns ct = (ctQP/P) (mod Q).

func (Evaluator) ModDownQPtoQNTT

func (eval Evaluator) ModDownQPtoQNTT(levelQ, levelP int, p1Q, p1P, p2Q ring.Poly)

func (Evaluator) Pack

func (eval Evaluator) Pack(cts map[int]*Ciphertext, inputLogGap int, zeroGarbageSlots bool) (ct *Ciphertext, err error)

Pack packs a batch of RLWE ciphertexts, packing the batch of ciphertexts into a single ciphertext. The number of key-switching operations is inputLogGap - log2(gap) + len(cts), where log2(gap) is the minimum distance between two keys of the map cts[int]*Ciphertext.

Input:

	cts: a map of Ciphertext, where the index in the map is the future position of the first coefficient
	      of the indexed ciphertext in the final ciphertext (see example). Ciphertexts can be in or out of the NTT domain.
	logGap: all coefficients of the input ciphertexts that are not a multiple of X^{2^{logGap}} will be zeroed
	        during the merging (see example). This is equivalent to skipping the first 2^{logGap} steps of the
	        algorithm, i.e. having as input ciphertexts that are already partially packed.
 zeroGarbageSlots: if set to true, slots which are not multiples of X^{2^{logGap}} will be zeroed during the procedure.
                   this will greatly increase the noise and increase the number of key-switching operations to inputLogGap + len(cts).

Output: a ciphertext packing all input ciphertexts

Example: we want to pack 4 ciphertexts into one, and keep only coefficients which are a multiple of X^{4}.

To do so, we must set logGap = 2.
Here the `X` slots are treated as garbage slots that we want to discard during the procedure.

input: map[int]{
   0: [x00, X, X, X, x01, X, X, X],   with logGap = 2
   1: [x10, X, X, X, x11, X, X, X],
   2: [x20, X, X, X, x21, X, X, X],
   3: [x30, X, X, X, x31, X, X, X],
	}

 Step 1:
         map[0]: 2^{-1} * (map[0] + X^2 * map[2] + phi_{5^2}(map[0] - X^2 * map[2]) = [x00, X, x20, X, x01, X, x21, X]
         map[1]: 2^{-1} * (map[1] + X^2 * map[3] + phi_{5^2}(map[1] - X^2 * map[3]) = [x10, X, x30, X, x11, X, x31, X]
 Step 2:
         map[0]: 2^{-1} * (map[0] + X^1 * map[1] + phi_{5^4}(map[0] - X^1 * map[1]) = [x00, x10, x20, x30, x01, x11, x21, x22]

func (Evaluator) Relinearize

func (eval Evaluator) Relinearize(ctIn *Ciphertext, opOut *Ciphertext) (err error)

Relinearize applies the relinearization procedure on ct0 and returns the result in opOut. Relinearization is a special procedure required to ensure ciphertext compactness. It takes as input a quadratic ciphertext, that decrypts with the key (1, sk, sk^2) and outputs a linear ciphertext that decrypts with the key (1, sk). In a nutshell, the relinearization re-encrypt the term that decrypts using sk^2 to one that decrypts using sk. The method will return an error if:

  • The input ciphertext degree isn't 2.
  • The corresponding relinearization key to the ciphertext degree

is missing.

func (Evaluator) Replicate

func (eval Evaluator) Replicate(ctIn *Ciphertext, batchSize, n int, opOut *Ciphertext) (err error)

Replicate applies an optimized replication on the Ciphertext (log2(n) + HW(n) rotations with double hoisting). It acts as the inverse of a inner sum (summing elements from left to right). The replication is parameterized by the size of the sub-vectors to replicate "batchSize" and the number of times 'n' they need to be replicated. To ensure correctness, a gap of zero values of size batchSize * (n-1) must exist between two consecutive sub-vectors to replicate. This method is faster than Replicate when the number of rotations is large and it uses log2(n) + HW(n) instead of 'n'.

func (Evaluator) ShallowCopy

func (eval Evaluator) ShallowCopy() *Evaluator

ShallowCopy creates a shallow copy of this Evaluator in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned Evaluators can be used concurrently.

func (Evaluator) Trace

func (eval Evaluator) Trace(ctIn *Ciphertext, logN int, opOut *Ciphertext) (err error)

Trace maps X -> sum((-1)^i * X^{i*n+1}) for n <= i < N Monomial X^k vanishes if k is not divisible by (N/n), otherwise it is multiplied by (N/n). Ciphertext is pre-multiplied by (N/n)^-1 to remove the (N/n) factor. Examples of full Trace for [0 + 1X + 2X^2 + 3X^3 + 4X^4 + 5X^5 + 6X^6 + 7X^7]

1.

  [1 + 2X + 3X^2 + 4X^3 + 5X^4 + 6X^5 + 7X^6 + 8X^7]
+ [1 - 6X - 3X^2 + 8X^3 + 5X^4 + 2X^5 - 7X^6 - 4X^7]  {X-> X^(i * 5^1)}
= [2 - 4X + 0X^2 +12X^3 +10X^4 + 8X^5 - 0X^6 + 4X^7]

2.

  [2 - 4X + 0X^2 +12X^3 +10X^4 + 8X^5 - 0X^6 + 4X^7]
+ [2 + 4X + 0X^2 -12X^3 +10X^4 - 8X^5 + 0X^6 - 4X^7]  {X-> X^(i * 5^2)}
= [4 + 0X + 0X^2 - 0X^3 +20X^4 + 0X^5 + 0X^6 - 0X^7]

3.

  [4 + 0X + 0X^2 - 0X^3 +20X^4 + 0X^5 + 0X^6 - 0X^7]
+ [4 + 0X + 0X^2 - 0X^3 -20X^4 + 0X^5 + 0X^6 - 0X^7]  {X-> X^(i * -1)}
= [8 + 0X + 0X^2 - 0X^3 + 0X^4 + 0X^5 + 0X^6 - 0X^7]

The method will return an error if the input and output ciphertexts degree is not one.

func (Evaluator) WithKey

func (eval Evaluator) WithKey(evk EvaluationKeySet) *Evaluator

WithKey creates a shallow copy of the receiver Evaluator for which the new EvaluationKey is evaluationKey and where the temporary buffers are shared. The receiver and the returned Evaluators cannot be used concurrently.

type EvaluatorBuffers

type EvaluatorBuffers struct {
	BuffCt *Ciphertext
	// BuffQP[0-1]: Key-Switch output Key-Switch on the fly decomp(c2)
	// BuffQP[2-5]: Available
	BuffQP        [6]ringqp.Poly
	BuffInvNTT    ring.Poly
	BuffDecompQP  []ringqp.Poly // Memory Buff for the basis extension in hoisting
	BuffBitDecomp []uint64
}

func NewEvaluatorBuffers

func NewEvaluatorBuffers(params Parameters) *EvaluatorBuffers

type GadgetCiphertext

type GadgetCiphertext struct {
	BaseTwoDecomposition int
	Value                structs.Matrix[VectorQP]
}

GadgetCiphertext is a struct for storing an encrypted plaintext times the gadget power matrix.

func NewGadgetCiphertext

func NewGadgetCiphertext(params ParameterProvider, Degree, LevelQ, LevelP, BaseTwoDecomposition int) *GadgetCiphertext

NewGadgetCiphertext returns a new Ciphertext key with pre-allocated zero-value. Ciphertext is always in the NTT domain. A GadgetCiphertext is created by default at degree 1 with the the maximum levelQ and levelP and with no base 2 decomposition. Give the optional GadgetCiphertextParameters struct to create a GadgetCiphertext with at a specific degree, levelQ, levelP and/or base 2 decomposition.

func (GadgetCiphertext) BaseRNSDecompositionVectorSize

func (ct GadgetCiphertext) BaseRNSDecompositionVectorSize() int

BaseRNSDecompositionVectorSize returns the number of element in the RNS decomposition basis.

func (GadgetCiphertext) BaseTwoDecompositionVectorSize

func (ct GadgetCiphertext) BaseTwoDecompositionVectorSize() (base []int)

BaseTwoDecompositionVectorSize returns the number of element in the Power of two decomposition basis for each prime of Q.

func (GadgetCiphertext) BinarySize

func (ct GadgetCiphertext) BinarySize() (dataLen int)

BinarySize returns the serialized size of the object in bytes.

func (GadgetCiphertext) CopyNew

func (ct GadgetCiphertext) CopyNew() (ctCopy *GadgetCiphertext)

CopyNew creates a deep copy of the receiver Ciphertext and returns it.

func (GadgetCiphertext) Equal

func (ct GadgetCiphertext) Equal(other *GadgetCiphertext) bool

Equal checks two Ciphertexts for equality.

func (GadgetCiphertext) LevelP

func (ct GadgetCiphertext) LevelP() int

LevelP returns the level of the modulus P of the target Ciphertext.

func (GadgetCiphertext) LevelQ

func (ct GadgetCiphertext) LevelQ() int

LevelQ returns the level of the modulus Q of the target Ciphertext.

func (GadgetCiphertext) MarshalBinary

func (ct GadgetCiphertext) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*GadgetCiphertext) ReadFrom

func (ct *GadgetCiphertext) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*GadgetCiphertext) UnmarshalBinary

func (ct *GadgetCiphertext) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (GadgetCiphertext) WriteTo

func (ct GadgetCiphertext) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type GadgetPlaintext

type GadgetPlaintext struct {
	Value structs.Vector[ring.Poly]
}

GadgetPlaintext stores a plaintext value times the gadget vector.

func NewGadgetPlaintext

func NewGadgetPlaintext(params Parameters, value interface{}, levelQ, levelP, baseTwoDecomposition int) (pt *GadgetPlaintext, err error)

NewGadgetPlaintext creates a new gadget plaintext from value, which can be either uint64, int64 or *ring.Poly. Plaintext is returned in the NTT and Montgomery domain.

type GaloisKey

type GaloisKey struct {
	GaloisElement uint64
	NthRoot       uint64
	EvaluationKey
}

GaloisKey is a type of evaluation key used to evaluate automorphisms on ciphertext. An automorphism pi: X^{i} -> X^{i*GaloisElement} changes the key under which the ciphertext is encrypted from s to pi(s). Thus, the ciphertext must be re-encrypted from pi(s) to s to ensure correctness, which is done with the corresponding GaloisKey.

Lattice implements automorphisms differently than the usual way (which is to first apply the automorphism and then the evaluation key). Instead the order of operations is reversed, the GaloisKey for pi^{-1} is evaluated on the ciphertext, outputting a ciphertext encrypted under pi^{-1}(s), and then the automorphism pi is applied. This enables a more efficient evaluation, by only having to apply the automorphism on the final result (instead of having to apply it on the decomposed ciphertext).

func NewGaloisKey

func NewGaloisKey(params ParameterProvider, evkParams ...EvaluationKeyParameters) *GaloisKey

NewGaloisKey allocates a new GaloisKey with zero coefficients and GaloisElement set to zero.

func (GaloisKey) BinarySize

func (gk GaloisKey) BinarySize() (size int)

BinarySize returns the serialized size of the object in bytes.

func (GaloisKey) CopyNew

func (gk GaloisKey) CopyNew() *GaloisKey

CopyNew creates a deep copy of the object and returns it

func (GaloisKey) Equal

func (gk GaloisKey) Equal(other *GaloisKey) bool

Equal returns true if the two objects are equal.

func (GaloisKey) MarshalBinary

func (gk GaloisKey) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*GaloisKey) ReadFrom

func (gk *GaloisKey) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*GaloisKey) UnmarshalBinary

func (gk *GaloisKey) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (GaloisKey) WriteTo

func (gk GaloisKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type KeyGenerator

type KeyGenerator struct {
	*Encryptor
}

KeyGenerator is a structure that stores the elements required to create new keys, as well as a memory buffer for intermediate values.

func NewKeyGenerator

func NewKeyGenerator(params ParameterProvider) *KeyGenerator

NewKeyGenerator creates a new KeyGenerator, from which the secret and public keys, as well as EvaluationKeys.

func (KeyGenerator) GenEvaluationKey

func (kgen KeyGenerator) GenEvaluationKey(skInput, skOutput *SecretKey, evk *EvaluationKey)

GenEvaluationKey generates an EvaluationKey, that will re-encrypt a Ciphertext encrypted under the input key into the output key. If the ringDegree(skOutput) > ringDegree(skInput), generates [-a*SkOut + w*P*skIn_{Y^{N/n}} + e, a] in X^{N}. If the ringDegree(skOutput) < ringDegree(skInput), generates [-a*skOut_{Y^{N/n}} + w*P*skIn + e_{N}, a_{N}] in X^{N}. Else generates [-a*skOut + w*P*skIn + e, a] in X^{N}. The output EvaluationKey is always given in max(N, n) and in the moduli of the output EvaluationKey. When re-encrypting a Ciphertext from Y^{N/n} to X^{N}, the Ciphertext must first be mapped to X^{N} using SwitchCiphertextRingDegreeNTT(ctSmallDim, nil, ctLargeDim). When re-encrypting a Ciphertext from X^{N} to Y^{N/n}, the output of the re-encryption is in still X^{N} and must be mapped Y^{N/n} using SwitchCiphertextRingDegreeNTT(ctLargeDim, ringQLargeDim, ctSmallDim).

func (KeyGenerator) GenEvaluationKeyNew

func (kgen KeyGenerator) GenEvaluationKeyNew(skInput, skOutput *SecretKey, evkParams ...EvaluationKeyParameters) (evk *EvaluationKey)

GenEvaluationKeyNew generates a new EvaluationKey, that will re-encrypt a Ciphertext encrypted under the input key into the output key. If the ringDegree(skOutput) > ringDegree(skInput), generates [-a*SkOut + w*P*skIn_{Y^{N/n}} + e, a] in X^{N}. If the ringDegree(skOutput) < ringDegree(skInput), generates [-a*skOut_{Y^{N/n}} + w*P*skIn + e_{N}, a_{N}] in X^{N}. Else generates [-a*skOut + w*P*skIn + e, a] in X^{N}. The output EvaluationKey is always given in max(N, n) and in the moduli of the output EvaluationKey. When re-encrypting a Ciphertext from Y^{N/n} to X^{N}, the Ciphertext must first be mapped to X^{N} using SwitchCiphertextRingDegreeNTT(ctSmallDim, nil, ctLargeDim). When re-encrypting a Ciphertext from X^{N} to Y^{N/n}, the output of the re-encryption is in still X^{N} and must be mapped Y^{N/n} using SwitchCiphertextRingDegreeNTT(ctLargeDim, ringQLargeDim, ctSmallDim).

func (KeyGenerator) GenEvaluationKeysForRingSwapNew

func (kgen KeyGenerator) GenEvaluationKeysForRingSwapNew(skStd, skConjugateInvariant *SecretKey, evkParams ...EvaluationKeyParameters) (stdToci, ciToStd *EvaluationKey)

GenEvaluationKeysForRingSwapNew generates the necessary EvaluationKeys to switch from a standard ring to to a conjugate invariant ring and vice-versa.

func (KeyGenerator) GenGaloisKey

func (kgen KeyGenerator) GenGaloisKey(galEl uint64, sk *SecretKey, gk *GaloisKey)

GenGaloisKey generates a GaloisKey, enabling the automorphism X^{i} -> X^{i * galEl}.

func (KeyGenerator) GenGaloisKeyNew

func (kgen KeyGenerator) GenGaloisKeyNew(galEl uint64, sk *SecretKey, evkParams ...EvaluationKeyParameters) (gk *GaloisKey)

GenGaloisKeyNew generates a new GaloisKey, enabling the automorphism X^{i} -> X^{i * galEl}.

func (KeyGenerator) GenGaloisKeys

func (kgen KeyGenerator) GenGaloisKeys(galEls []uint64, sk *SecretKey, gks []*GaloisKey)

GenGaloisKeys generates the GaloisKey objects for all galois elements in galEls, and stores the resulting key for galois element i in gks[i]. The galEls and gks parameters must have the same length.

func (KeyGenerator) GenGaloisKeysNew

func (kgen KeyGenerator) GenGaloisKeysNew(galEls []uint64, sk *SecretKey, evkParams ...EvaluationKeyParameters) (gks []*GaloisKey)

GenGaloisKeysNew generates the GaloisKey objects for all galois elements in galEls, and returns the resulting keys in a newly allocated []*GaloisKey.

func (KeyGenerator) GenKeyPairNew

func (kgen KeyGenerator) GenKeyPairNew() (sk *SecretKey, pk *PublicKey)

GenKeyPairNew generates a new SecretKey and a corresponding public key. Distribution is of the SecretKey set according to `rlwe.Parameters.HammingWeight()`.

func (KeyGenerator) GenPublicKey

func (kgen KeyGenerator) GenPublicKey(sk *SecretKey, pk *PublicKey)

GenPublicKey generates a public key from the provided SecretKey.

func (KeyGenerator) GenPublicKeyNew

func (kgen KeyGenerator) GenPublicKeyNew(sk *SecretKey) (pk *PublicKey)

GenPublicKeyNew generates a new public key from the provided SecretKey.

func (KeyGenerator) GenRelinearizationKey

func (kgen KeyGenerator) GenRelinearizationKey(sk *SecretKey, rlk *RelinearizationKey)

GenRelinearizationKey generates an EvaluationKey that will be used to relinearize Ciphertexts during multiplication.

func (KeyGenerator) GenRelinearizationKeyNew

func (kgen KeyGenerator) GenRelinearizationKeyNew(sk *SecretKey, evkParams ...EvaluationKeyParameters) (rlk *RelinearizationKey)

GenRelinearizationKeyNew generates a new EvaluationKey that will be used to relinearize Ciphertexts during multiplication.

func (KeyGenerator) GenSecretKey

func (kgen KeyGenerator) GenSecretKey(sk *SecretKey)

GenSecretKey generates a SecretKey. Distribution is set according to `rlwe.Parameters.HammingWeight()`.

func (KeyGenerator) GenSecretKeyNew

func (kgen KeyGenerator) GenSecretKeyNew() (sk *SecretKey)

GenSecretKeyNew generates a new SecretKey. Distribution is set according to `rlwe.Parameters.HammingWeight()`.

func (KeyGenerator) GenSecretKeyWithHammingWeight

func (kgen KeyGenerator) GenSecretKeyWithHammingWeight(hw int, sk *SecretKey)

GenSecretKeyWithHammingWeight generates a SecretKey with exactly hw non-zero coefficients.

func (*KeyGenerator) GenSecretKeyWithHammingWeightNew

func (kgen *KeyGenerator) GenSecretKeyWithHammingWeightNew(hw int) (sk *SecretKey)

GenSecretKeyWithHammingWeightNew generates a new SecretKey with exactly hw non-zero coefficients.

type MemEvaluationKeySet

type MemEvaluationKeySet struct {
	RelinearizationKey *RelinearizationKey
	GaloisKeys         structs.Map[uint64, GaloisKey]
}

MemEvaluationKeySet is a basic in-memory implementation of the EvaluationKeySet interface.

func NewMemEvaluationKeySet

func NewMemEvaluationKeySet(relinKey *RelinearizationKey, galoisKeys ...*GaloisKey) (eks *MemEvaluationKeySet)

NewMemEvaluationKeySet returns a new EvaluationKeySet with the provided RelinearizationKey and GaloisKeys.

func (MemEvaluationKeySet) BinarySize

func (evk MemEvaluationKeySet) BinarySize() (size int)

func (MemEvaluationKeySet) GetGaloisKey

func (evk MemEvaluationKeySet) GetGaloisKey(galEl uint64) (gk *GaloisKey, err error)

GetGaloisKey retrieves the Galois key for the automorphism X^{i} -> X^{i*galEl}.

func (MemEvaluationKeySet) GetGaloisKeysList

func (evk MemEvaluationKeySet) GetGaloisKeysList() (galEls []uint64)

GetGaloisKeysList returns the list of all the Galois elements for which a Galois key exists in the object.

func (MemEvaluationKeySet) GetRelinearizationKey

func (evk MemEvaluationKeySet) GetRelinearizationKey() (rk *RelinearizationKey, err error)

GetRelinearizationKey retrieves the RelinearizationKey.

func (MemEvaluationKeySet) MarshalBinary

func (evk MemEvaluationKeySet) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*MemEvaluationKeySet) ReadFrom

func (evk *MemEvaluationKeySet) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*MemEvaluationKeySet) UnmarshalBinary

func (evk *MemEvaluationKeySet) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (MemEvaluationKeySet) WriteTo

func (evk MemEvaluationKeySet) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type MetaData

type MetaData struct {
	PlaintextMetaData
	CiphertextMetaData
}

MetaData is a struct storing metadata.

func (MetaData) BinarySize

func (m MetaData) BinarySize() int

BinarySize returns the size in bytes that the object once marshalled into a binary form.

func (MetaData) CopyNew

func (m MetaData) CopyNew() *MetaData

CopyNew returns a copy of the target.

func (*MetaData) Equal

func (m *MetaData) Equal(other *MetaData) (res bool)

func (MetaData) MarshalBinary

func (m MetaData) MarshalBinary() (p []byte, err error)

func (MetaData) MarshalJSON

func (m MetaData) MarshalJSON() (p []byte, err error)

func (*MetaData) ReadFrom

func (m *MetaData) ReadFrom(r io.Reader) (int64, error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*MetaData) UnmarshalBinary

func (m *MetaData) UnmarshalBinary(p []byte) (err error)

func (*MetaData) UnmarshalJSON

func (m *MetaData) UnmarshalJSON(p []byte) (err error)

func (MetaData) WriteTo

func (m MetaData) WriteTo(w io.Writer) (int64, error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

type Operand

type Operand interface {
}

Operand is an empty interface aimed at providing an anchor for documentation.

This interface is deliberately left empty for backward and forward compatibility. It aims at representing all types of operands that can be passed as argument to homomorphic evaluators.

type ParameterProvider

type ParameterProvider interface {
	GetRLWEParameters() *Parameters
}

type Parameters

type Parameters struct {
	// contains filtered or unexported fields
}

Parameters represents a set of generic RLWE parameters. Its fields are private and immutable. See ParametersLiteral for user-specified parameters.

func NewParameters

func NewParameters(logn int, q, p []uint64, xs, xe DistributionLiteral, ringType ring.Type, defaultScale Scale, NTTFlag bool) (params Parameters, err error)

NewParameters returns a new set of generic RLWE parameters from the given ring degree logn, moduli q and p, and error distribution Xs (secret) and Xe (error). It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.

func NewParametersFromLiteral

func NewParametersFromLiteral(paramDef ParametersLiteral) (params Parameters, err error)

NewParametersFromLiteral instantiate a set of generic RLWE parameters from a ParametersLiteral specification. It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.

If the moduli chain is specified through the LogQ and LogP fields, the method generates a moduli chain matching the specified sizes (see `GenModuli`).

If the secrets' density parameter (H) is left unset, its value is set to 2^(paramDef.LogN-1) to match the standard ternary distribution.

If the error variance is left unset, its value is set to `DefaultError`.

If the RingType is left unset, the default value is ring.Standard.

func (Parameters) BaseRNSDecompositionVectorSize

func (p Parameters) BaseRNSDecompositionVectorSize(levelQ, levelP int) int

BaseRNSDecompositionVectorSize returns the number of element in the RNS decomposition basis: Ceil(lenQi / lenPi)

func (Parameters) BaseTwoDecompositionVectorSize

func (p Parameters) BaseTwoDecompositionVectorSize(levelQ, levelP, Base2Decomposition int) (base []int)

BaseTwoDecompositionVectorSize returns ceil(bits(qi))/Base2Decomposition for each qi. If levelP > 0 or Base2Decomposition == 0, then returns 1 for all qi.

func (Parameters) DefaultScale

func (p Parameters) DefaultScale() Scale

DefaultScale returns the default scaling factor of the plaintext, if any.

func (Parameters) Equal

func (p Parameters) Equal(other *Parameters) (res bool)

Equal checks two Parameter structs for equality.

func (Parameters) GaloisElement

func (p Parameters) GaloisElement(k int) uint64

GaloisElement takes an integer k and returns GaloisGen^{k} mod NthRoot.

func (Parameters) GaloisElementOrderTwoOrthogonalSubgroup

func (p Parameters) GaloisElementOrderTwoOrthogonalSubgroup() uint64

GaloisElementOrderTwoOrthogonalSubgroup returns GaloisGen^{-1} mod NthRoot

func (Parameters) GaloisElements

func (p Parameters) GaloisElements(k []int) (galEls []uint64)

GaloisElements takes a list of integers k and returns the list [GaloisGen^{k[i]} mod NthRoot, ...].

func (Parameters) GetRLWEParameters

func (p Parameters) GetRLWEParameters() *Parameters

GetRLWEParameters returns a pointer to the underlying RLWE parameters.

func (Parameters) LogN

func (p Parameters) LogN() int

LogN returns the log of the degree of the polynomial ring

func (Parameters) LogNthRoot

func (p Parameters) LogNthRoot() int

LogNthRoot returns the log2(NthRoot) of the ring.

func (Parameters) LogP

func (p Parameters) LogP() (logp float64)

LogP returns the size of the extended modulus P in bits

func (Parameters) LogPi

func (p Parameters) LogPi() (logpi []int)

LogPi returns the round(log2) of each primes of the modulus P.

func (Parameters) LogQ

func (p Parameters) LogQ() (logq float64)

LogQ returns the size of the extended modulus Q in bits

func (Parameters) LogQP

func (p Parameters) LogQP() (logqp float64)

LogQP returns the size of the extended modulus QP in bits

func (Parameters) LogQi

func (p Parameters) LogQi() (logqi []int)

LogQi returns round(log2) of each primes of the modulus Q.

func (Parameters) MarshalBinary

func (p Parameters) MarshalBinary() ([]byte, error)

MarshalBinary returns a []byte representation of the parameter set. This representation corresponds to the MarshalJSON representation.

func (Parameters) MarshalJSON

func (p Parameters) MarshalJSON() ([]byte, error)

MarshalJSON returns a JSON representation of this parameter set. See `Marshal` from the `encoding/json` package.

func (Parameters) MaxBit

func (p Parameters) MaxBit(levelQ, levelP int) (c int)

MaxBit returns max(max(bitLen(Q[:levelQ+1])), max(bitLen(P[:levelP+1])).

func (Parameters) MaxLevel

func (p Parameters) MaxLevel() int

MaxLevel returns the maximum level of a ciphertext.

func (Parameters) MaxLevelP

func (p Parameters) MaxLevelP() int

MaxLevelP returns the maximum level of the modulus P.

func (Parameters) MaxLevelQ

func (p Parameters) MaxLevelQ() int

MaxLevelQ returns the maximum level of the modulus Q.

func (Parameters) ModInvGaloisElement

func (p Parameters) ModInvGaloisElement(galEl uint64) uint64

ModInvGaloisElement takes a Galois element of the form GaloisGen^{k} mod NthRoot and returns GaloisGen^{-k} mod NthRoot.

func (Parameters) N

func (p Parameters) N() int

N returns the ring degree

func (Parameters) NTTFlag

func (p Parameters) NTTFlag() bool

NTTFlag returns a boolean indicating if elements are stored by default in the NTT domain.

func (Parameters) NewScale

func (p Parameters) NewScale(scale interface{}) Scale

NewScale creates a new scale using the stored default scale as template.

func (Parameters) NoiseBound

func (p Parameters) NoiseBound() float64

NoiseBound returns truncation bound for the error distribution.

func (Parameters) NoiseFreshPK

func (p Parameters) NoiseFreshPK() (std float64)

NoiseFreshPK returns the standard deviation of a fresh encryption with the public key.

func (Parameters) NoiseFreshSK

func (p Parameters) NoiseFreshSK() (std float64)

NoiseFreshSK returns the standard deviation of a fresh encryption with the secret key.

func (Parameters) NthRoot

func (p Parameters) NthRoot() int

NthRoot returns the NthRoot of the ring.

func (Parameters) P

func (p Parameters) P() []uint64

P returns a new slice with the factors of the ciphertext modulus extension P

func (Parameters) PBigInt

func (p Parameters) PBigInt() *big.Int

PBigInt return the ciphertext-space extension modulus P in big.Integer, reconstructed, representation.

func (Parameters) PCount

func (p Parameters) PCount() int

PCount returns the number of factors of the ciphertext modulus extension P

func (Parameters) ParametersLiteral

func (p Parameters) ParametersLiteral() ParametersLiteral

ParametersLiteral returns the ParametersLiteral of the target Parameters.

func (Parameters) PiOverflowMargin

func (p Parameters) PiOverflowMargin(level int) int

PiOverflowMargin returns floor(2^64 / max(Pi)), i.e. the number of times elements of Z_max{Pi} can be added together before overflowing 2^64.

func (Parameters) Q

func (p Parameters) Q() []uint64

Q returns a new slice with the factors of the ciphertext modulus q

func (Parameters) QBigInt

func (p Parameters) QBigInt() *big.Int

QBigInt return the ciphertext-space modulus Q in big.Integer, reconstructed, representation.

func (Parameters) QCount

func (p Parameters) QCount() int

QCount returns the number of factors of the ciphertext modulus Q

func (Parameters) QP

func (p Parameters) QP() []uint64

QP return the extended ciphertext-space modulus QP in RNS representation.

func (Parameters) QPBigInt

func (p Parameters) QPBigInt() *big.Int

QPBigInt return the extended ciphertext-space modulus QP in big.Integer, reconstructed, representation.

func (Parameters) QPCount

func (p Parameters) QPCount() int

QPCount returns the number of factors of the ciphertext modulus + the modulus extension P

func (Parameters) QiOverflowMargin

func (p Parameters) QiOverflowMargin(level int) int

QiOverflowMargin returns floor(2^64 / max(Qi)), i.e. the number of times elements of Z_max{Qi} can be added together before overflowing 2^64.

func (Parameters) RingP

func (p Parameters) RingP() *ring.Ring

RingP returns a pointer to ringP

func (Parameters) RingQ

func (p Parameters) RingQ() *ring.Ring

RingQ returns a pointer to ringQ

func (Parameters) RingQP

func (p Parameters) RingQP() *ringqp.Ring

RingQP returns a pointer to ringQP

func (Parameters) RingType

func (p Parameters) RingType() ring.Type

RingType returns the type of the underlying ring.

func (Parameters) SolveDiscreteLogGaloisElement

func (p Parameters) SolveDiscreteLogGaloisElement(galEl uint64) (k int)

SolveDiscreteLogGaloisElement takes a Galois element of the form GaloisGen^{k} mod NthRoot and returns k.

func (Parameters) StandardParameters

func (p Parameters) StandardParameters() (pci Parameters, err error)

StandardParameters returns a RLWE parameter set that corresponds to the standard dual of a conjugate invariant parameter set. If the receiver is already a standard set, then the method returns the receiver.

func (*Parameters) UnmarshalBinary

func (p *Parameters) UnmarshalBinary(data []byte) (err error)

UnmarshalBinary decodes a slice of bytes on the target Parameters.

func (*Parameters) UnmarshalJSON

func (p *Parameters) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON reads a JSON representation of a parameter set into the receiver Parameter. See `Unmarshal` from the `encoding/json` package.

func (Parameters) UnpackLevelParams

func (p Parameters) UnpackLevelParams(args []int) (levelQ, levelP int)

UnpackLevelParams is an internal function for unpacking level values passed as variadic function parameters.

func (Parameters) Xe

Xe returns Distribution of the error

func (Parameters) Xs

Xs returns the Distribution of the secret

func (Parameters) XsHammingWeight

func (p Parameters) XsHammingWeight() int

XsHammingWeight returns the expected Hamming weight of the secret.

type ParametersLiteral

type ParametersLiteral struct {
	LogN         int
	LogNthRoot   int                         `json:",omitempty"`
	Q            []uint64                    `json:",omitempty"`
	P            []uint64                    `json:",omitempty"`
	LogQ         []int                       `json:",omitempty"`
	LogP         []int                       `json:",omitempty"`
	Xe           ring.DistributionParameters `json:",omitempty"`
	Xs           ring.DistributionParameters `json:",omitempty"`
	RingType     ring.Type                   `json:",omitempty"`
	DefaultScale Scale                       `json:",omitempty"`
	NTTFlag      bool                        `json:",omitempty"`
}

ParametersLiteral is a literal representation of RLWE parameters. It has public fields and is used to express unchecked user-defined parameters literally into Go programs. The NewParametersFromLiteral function is used to generate the actual checked parameters from the literal representation.

Users must set the polynomial degree (LogN) and the coefficient modulus, by either setting the Q and P fields to the desired moduli chain, or by setting the LogQ and LogP fields to the desired moduli sizes.

Optionally, users may specify

  • the base 2 decomposition for the gadget ciphertexts
  • the error variance (Sigma) and secrets' density (H) and the ring type (RingType).

If left unset, standard default values for these field are substituted at parameter creation (see NewParametersFromLiteral).

func (*ParametersLiteral) UnmarshalJSON

func (p *ParametersLiteral) UnmarshalJSON(b []byte) (err error)

type Plaintext

type Plaintext struct {
	Element[ring.Poly]
	Value ring.Poly
}

Plaintext is a common base type for RLWE plaintexts.

func NewPlaintext

func NewPlaintext(params ParameterProvider, level ...int) (pt *Plaintext)

NewPlaintext creates a new Plaintext at level `level` from the parameters.

func NewPlaintextAtLevelFromPoly

func NewPlaintextAtLevelFromPoly(level int, poly ring.Poly) (pt *Plaintext, err error)

NewPlaintextAtLevelFromPoly constructs a new Plaintext at a specific level where the message is set to the passed poly. No checks are performed on poly and the returned Plaintext will share its backing array of coefficients. Returned plaintext's MetaData is allocated but empty.

func NewPlaintextRandom

func NewPlaintextRandom(prng sampling.PRNG, params ParameterProvider, level int) (pt *Plaintext)

NewPlaintextRandom generates a new uniformly distributed Plaintext.

func (Plaintext) Copy

func (pt Plaintext) Copy(other *Plaintext)

Copy copies the `other` plaintext value into the receiver plaintext.

func (Plaintext) CopyNew

func (pt Plaintext) CopyNew() (ptCpy *Plaintext)

func (Plaintext) Equal

func (pt Plaintext) Equal(other *Plaintext) bool

Equal performs a deep equal.

func (*Plaintext) ReadFrom

func (pt *Plaintext) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*Plaintext) UnmarshalBinary

func (pt *Plaintext) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or Read on the objeop.

type PlaintextMetaData

type PlaintextMetaData struct {
	// Scale is the scaling factor of the plaintext.
	Scale Scale

	// LogDimensions is the Log2 of the 2D plaintext matrix dimensions.
	LogDimensions ring.Dimensions

	// IsBatched is a flag indicating if the underlying plaintext is encoded
	// in such a way that product in R[X]/(X^N+1) acts as a point-wise multiplication
	// in the plaintext space.
	IsBatched bool
}

PlaintextMetaData is a struct storing metadata related to the plaintext.

func (PlaintextMetaData) BinarySize

func (m PlaintextMetaData) BinarySize() int

BinarySize returns the size in bytes that the object once marshalled into a binary form.

func (*PlaintextMetaData) Equal

func (m *PlaintextMetaData) Equal(other *PlaintextMetaData) (res bool)

func (PlaintextMetaData) LogScale

func (m PlaintextMetaData) LogScale() float64

LogScale returns log2(scale).

func (PlaintextMetaData) LogSlots

func (m PlaintextMetaData) LogSlots() int

LogSlots returns the log2 of the total number of slots that the plaintext holds.

func (PlaintextMetaData) MarshalBinary

func (m PlaintextMetaData) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (PlaintextMetaData) MarshalJSON

func (m PlaintextMetaData) MarshalJSON() (p []byte, err error)

func (*PlaintextMetaData) ReadFrom

func (m *PlaintextMetaData) ReadFrom(r io.Reader) (int64, error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (PlaintextMetaData) Slots

func (m PlaintextMetaData) Slots() int

Slots returns the total number of slots that the plaintext holds.

func (*PlaintextMetaData) UnmarshalBinary

func (m *PlaintextMetaData) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (*PlaintextMetaData) UnmarshalJSON

func (m *PlaintextMetaData) UnmarshalJSON(p []byte) (err error)

func (PlaintextMetaData) WriteTo

func (m PlaintextMetaData) WriteTo(w io.Writer) (int64, error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type PublicKey

type PublicKey struct {
	Value VectorQP
}

PublicKey is a type for generic RLWE public keys. The Value field stores the polynomials in NTT and Montgomery form.

func NewPublicKey

func NewPublicKey(params ParameterProvider) (pk *PublicKey)

NewPublicKey returns a new PublicKey with zero values.

func (PublicKey) BinarySize

func (p PublicKey) BinarySize() int

func (PublicKey) CopyNew

func (p PublicKey) CopyNew() *PublicKey

CopyNew creates a deep copy of the target PublicKey and returns it.

func (PublicKey) Equal

func (p PublicKey) Equal(other *PublicKey) bool

Equal performs a deep equal.

func (PublicKey) LevelP

func (p PublicKey) LevelP() int

func (PublicKey) LevelQ

func (p PublicKey) LevelQ() int

func (PublicKey) MarshalBinary

func (p PublicKey) MarshalBinary() ([]byte, error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*PublicKey) ReadFrom

func (p *PublicKey) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*PublicKey) UnmarshalBinary

func (p *PublicKey) UnmarshalBinary(b []byte) error

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (PublicKey) WriteTo

func (p PublicKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type RelinearizationKey

type RelinearizationKey struct {
	EvaluationKey
}

RelinearizationKey is type of evaluation key used for ciphertext multiplication compactness. The Relinearization key encrypts s^{2} under s and is used to homomorphically re-encrypt the degree 2 term of a ciphertext (the term that decrypt with s^{2}) into a degree 1 term (a term that decrypts with s).

func NewRelinearizationKey

func NewRelinearizationKey(params ParameterProvider, evkParams ...EvaluationKeyParameters) *RelinearizationKey

NewRelinearizationKey allocates a new RelinearizationKey with zero coefficients.

func (RelinearizationKey) CopyNew

func (rlk RelinearizationKey) CopyNew() *RelinearizationKey

CopyNew creates a deep copy of the object and returns it.

func (RelinearizationKey) Equal

func (rlk RelinearizationKey) Equal(other *RelinearizationKey) bool

Equal performs a deep equal.

type Scale

type Scale struct {
	Value big.Float //`json:",omitempty"`
	Mod   *big.Int  //`json:",omitempty"`
}

Scale is a struct used to track the scaling factor of Plaintext and Ciphertext structs. The scale is managed as an 128-bit precision real and can be either a floating point value or a mod T prime integer, which is determined at instantiation.

func NewScale

func NewScale(s interface{}) Scale

NewScale instantiates a new floating point Scale. Accepted types for s are int, int64, uint64, float64, *big.Int, *big.Float and *Scale. If the input type is not an accepted type, returns an error.

func NewScaleModT

func NewScaleModT(s interface{}, mod uint64) Scale

NewScaleModT instantiates a new integer mod T Scale. Accepted types for s are int, int64, uint64, float64, *big.Int, *big.Float and *Scale. If the input type is not an accepted type, returns an error.

func (Scale) BigInt

func (s Scale) BigInt() (sInt *big.Int)

BigInt returns the scale as a big.Int, truncating the rational part and rounding ot the nearest integer. The rounding assumes that the scale is a positive value.

func (Scale) BinarySize

func (s Scale) BinarySize() int

BinarySize returns the serialized size of the object in bytes. Each value is encoded with .Text('x', ceil(ScalePrecision / log2(10))).

func (Scale) Cmp

func (s Scale) Cmp(s1 Scale) (cmp int)

Cmp compares the target scale with s1. Returns 0 if the scales are equal, 1 if the target scale is greater and -1 if the target scale is smaller.

func (Scale) Div

func (s Scale) Div(s1 Scale) Scale

Div multiplies the target s with s1^-1, returning the result in a new Scale struct. If mod is specified, performs the multiplication modulo t with the multiplicative inverse of s1. Otherwise, performs the quotient operation.

func (Scale) Equal

func (s Scale) Equal(s1 Scale) bool

Equal returns true if a == b.

func (Scale) Float64

func (s Scale) Float64() float64

Float64 returns the underlying scale as a float64 value.

func (Scale) InDelta

func (s Scale) InDelta(s1 Scale, log2Delta float64) bool

InDelta returns true if abs(a-b) <= 2^{-log2Delta}

func (Scale) Log2Delta

func (s Scale) Log2Delta(s1 Scale) float64

Log2Delta returns -log2(abs(a-b)/max(a, b))

func (Scale) MarshalBinary

func (s Scale) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (Scale) MarshalJSON

func (s Scale) MarshalJSON() (p []byte, err error)

MarshalJSON encodes the object into a binary form on a newly allocated slice of bytes.

func (Scale) Max

func (s Scale) Max(s1 Scale) (max Scale)

Max returns the a new scale which is the maximum between the target scale and s1.

func (Scale) Min

func (s Scale) Min(s1 Scale) (max Scale)

Min returns the a new scale which is the minimum between the target scale and s1.

func (Scale) Mul

func (s Scale) Mul(s1 Scale) Scale

Mul multiplies the target s with s1, returning the result in a new Scale struct. If mod is specified, performs the multiplication modulo mod.

func (Scale) Uint64

func (s Scale) Uint64() uint64

Uint64 returns the underlying scale as an uint64 value.

func (Scale) UnmarshalBinary

func (s Scale) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (*Scale) UnmarshalJSON

func (s *Scale) UnmarshalJSON(p []byte) (err error)

type SecretKey

type SecretKey struct {
	Value ringqp.Poly
}

SecretKey is a type for generic RLWE secret keys. The Value field stores the polynomial in NTT and Montgomery form.

func NewSecretKey

func NewSecretKey(params ParameterProvider) *SecretKey

NewSecretKey generates a new SecretKey with zero values.

func (SecretKey) BinarySize

func (sk SecretKey) BinarySize() (dataLen int)

BinarySize returns the serialized size of the object in bytes.

func (SecretKey) CopyNew

func (sk SecretKey) CopyNew() *SecretKey

CopyNew creates a deep copy of the receiver secret key and returns it.

func (SecretKey) Equal

func (sk SecretKey) Equal(other *SecretKey) bool

func (SecretKey) LevelP

func (sk SecretKey) LevelP() int

LevelP returns the level of the modulus P of the target. Returns -1 if P is absent.

func (SecretKey) LevelQ

func (sk SecretKey) LevelQ() int

LevelQ returns the level of the modulus Q of the target.

func (SecretKey) MarshalBinary

func (sk SecretKey) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*SecretKey) ReadFrom

func (sk *SecretKey) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*SecretKey) UnmarshalBinary

func (sk *SecretKey) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (SecretKey) WriteTo

func (sk SecretKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

type TestParametersLiteral

type TestParametersLiteral struct {
	BaseTwoDecomposition int
	ParametersLiteral
}

type VectorQP

type VectorQP []ringqp.Poly

func NewVectorQP

func NewVectorQP(params ParameterProvider, size, levelQ, levelP int) (v VectorQP)

NewVectorQP returns a new PublicKey with zero values.

func (VectorQP) BinarySize

func (p VectorQP) BinarySize() int

func (VectorQP) CopyNew

func (p VectorQP) CopyNew() *VectorQP

CopyNew creates a deep copy of the target PublicKey and returns it.

func (VectorQP) Equal

func (p VectorQP) Equal(other *VectorQP) (equal bool)

Equal performs a deep equal.

func (VectorQP) LevelP

func (p VectorQP) LevelP() int

LevelP returns the level of the modulus P of the first element of the VectorQP. Returns -1 if the size of the vector is zero or has no modulus P.

func (VectorQP) LevelQ

func (p VectorQP) LevelQ() int

LevelQ returns the level of the modulus Q of the first element of the VectorQP. Returns -1 if the size of the vector is zero or has no modulus Q.

func (VectorQP) MarshalBinary

func (p VectorQP) MarshalBinary() ([]byte, error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (*VectorQP) ReadFrom

func (p *VectorQP) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattice/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

func (*VectorQP) UnmarshalBinary

func (p *VectorQP) UnmarshalBinary(b []byte) error

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (VectorQP) WriteTo

func (p VectorQP) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattice/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattice/utils/buffer/buffer.go).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL