ring

package
v5.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 28, 2023 License: Apache-2.0 Imports: 15 Imported by: 37

README

References

  1. Faster arithmetic for number-theoretic transforms (https://arxiv.org/abs/1205.2926)
  2. Speeding up the Number Theoretic Transform for Faster Ideal Lattice-Based Cryptography (https://eprint.iacr.org/2016/504)
  3. Gaussian sampling in lattice-based cryptography (https://tel.archives-ouvertes.fr/tel-01245066v2)
  4. Post-quantum key exchange - a new hope (https://eprint.iacr.org/2015/1092)

Documentation

Overview

Package ring implements RNS-accelerated modular arithmetic operations for polynomials, including: RNS basis extension; RNS rescaling; number theoretic transform (NTT); uniform, Gaussian and ternary sampling.

Index

Constants

View Source 
const (
	// GaloisGen is an integer of order N/2 modulo M that spans Z_M with the integer -1.
	// The j-th ring automorphism takes the root zeta to zeta^(5j).
	GaloisGen uint64 = 5

	// MinimumRingDegreeForLoopUnrolledOperations is the minimum ring degree required to
	// safely perform loop-unrolled operations
	MinimumRingDegreeForLoopUnrolledOperations = 8
)
View Source 
const (
	Standard           = Type(0) // Z[X]/(X^N + 1) (Default)
	ConjugateInvariant = Type(1) // Z[X+X^-1]/(X^2N + 1)
)

RingStandard and RingConjugateInvariant are two types of Rings.

View Source 
const (
	// MinimumRingDegreeForLoopUnrolledNTT is the minimum ring degree
	// necessary for memory safe loop unrolling
	MinimumRingDegreeForLoopUnrolledNTT = 16
)

Variables

View Source 
var Pi60 = []uint64{0x1ffffffff6c80001, 0x1ffffffff6140001, 0x1ffffffff5f40001, 0x1ffffffff5700001,
	0x1ffffffff4bc0001, 0x1ffffffff4380001, 0x1ffffffff3240001, 0x1ffffffff2dc0001,
	0x1ffffffff1a40001, 0x1ffffffff11c0001, 0x1ffffffff0fc0001, 0x1ffffffff0d80001,
	0x1ffffffff0c80001, 0x1ffffffff08c0001, 0x1fffffffefd00001, 0x1fffffffef9c0001,
	0x1fffffffef600001, 0x1fffffffeef40001, 0x1fffffffeed40001, 0x1fffffffeed00001,
	0x1fffffffeebc0001, 0x1fffffffed540001, 0x1fffffffed440001, 0x1fffffffed2c0001,
	0x1fffffffed200001, 0x1fffffffec940001, 0x1fffffffec6c0001, 0x1fffffffebe80001,
	0x1fffffffebac0001, 0x1fffffffeba40001, 0x1fffffffeb4c0001, 0x1fffffffeb280001}

Pi60 are the next [32:64] 61-bit close to 2^{62} NTT-friendly primes for N up to 2^{17}

View Source 
var Qi60 = []uint64{0x1fffffffffe00001, 0x1fffffffffc80001, 0x1fffffffffb40001, 0x1fffffffff500001,
	0x1fffffffff380001, 0x1fffffffff000001, 0x1ffffffffef00001, 0x1ffffffffee80001,
	0x1ffffffffeb40001, 0x1ffffffffe780001, 0x1ffffffffe600001, 0x1ffffffffe4c0001,
	0x1ffffffffdf40001, 0x1ffffffffdac0001, 0x1ffffffffda40001, 0x1ffffffffc680001,
	0x1ffffffffc000001, 0x1ffffffffb880001, 0x1ffffffffb7c0001, 0x1ffffffffb300001,
	0x1ffffffffb1c0001, 0x1ffffffffadc0001, 0x1ffffffffa400001, 0x1ffffffffa140001,
	0x1ffffffff9d80001, 0x1ffffffff9140001, 0x1ffffffff8ac0001, 0x1ffffffff8a80001,
	0x1ffffffff81c0001, 0x1ffffffff7800001, 0x1ffffffff7680001, 0x1ffffffff7080001}

Qi60 are the first [0:32] 61-bit close to 2^{62} NTT-friendly primes for N up to 2^{17}

Functions

func AutomorphismNTTIndex 

func AutomorphismNTTIndex(N int, NthRoot, GalEl uint64) (index []uint64, err error)

AutomorphismNTTIndex computes the look-up table for the automorphism X^{i} -> X^{i*k mod NthRoot}.

func BRed 

func BRed(x, y, q uint64, u []uint64) (r uint64)

BRed computes x*y mod q.

func BRedAdd 

func BRedAdd(a, q uint64, u []uint64) (r uint64)

BRedAdd computes a mod q.

func BRedAddLazy 

func BRedAddLazy(x, q uint64, u []uint64) uint64

BRedAddLazy computes a mod q in constant time. The result is between 0 and 2*q-1.

func BRedConstant 

func BRedConstant(q uint64) (constant []uint64)

BRedConstant computes the constant for the BRed algorithm. Returns ((2^128)/q)/(2^64) and (2^128)/q mod 2^64.

func BRedLazy 

func BRedLazy(x, y, q uint64, u []uint64) (r uint64)

BRedLazy computes x*y mod q in constant time. The result is between 0 and 2*q-1.

func CRed 

func CRed(a, q uint64) uint64

CRed reduce returns a mod q where a is between 0 and 2*q-1.

func CheckFactors 

func CheckFactors(m uint64, factors []uint64) (err error)

CheckFactors checks that the given list of factors contains all the unique primes of m.

func CheckPrimitiveRoot 

func CheckPrimitiveRoot(g, q uint64, factors []uint64) (err error)

CheckPrimitiveRoot checks that g is a valid primitive root mod q, given the factors of q-1.

func EvalPolyModP 

func EvalPolyModP(x uint64, poly []uint64, p uint64) (y uint64)

EvalPolyModP evaluates y = sum poly[i] * x^{i} mod p.

func IMForm 

func IMForm(a, q, qInv uint64) (r uint64)

IMForm switches a from the Montgomery domain back to the standard domain by computing a*(1/2^64) mod q.

func IMFormLazy 

func IMFormLazy(a, q, qInv uint64) (r uint64)

IMFormLazy switches a from the Montgomery domain back to the standard domain by computing a*(1/2^64) mod q in constant time. The result is between 0 and 2*q-1.

func INTTConjugateInvariant 

func INTTConjugateInvariant(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, roots []uint64)

INTTConjugateInvariant evaluates p2 = INTT(p1) in the closed sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1).

func INTTConjugateInvariantLazy 

func INTTConjugateInvariantLazy(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, roots []uint64)

INTTConjugateInvariantLazy evaluates p2 = INTT(p1) in the closed sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1) with p2 in the range [0, 2*modulus-1].

func INTTStandard 

func INTTStandard(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, roots []uint64)

INTTStandard evalues p2 = INTTStandard(p1) in the given SubRing.

func INTTStandardLazy 

func INTTStandardLazy(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, roots []uint64)

INTTStandardLazy evalues p2 = INTT(p1) in the given SubRing with p2 in [0, 2*modulus-1].

func IsPrime 

func IsPrime(x uint64) bool

IsPrime applies the Baillie-PSW, which is 100% accurate for numbers bellow 2^64.

func MForm 

func MForm(a, q uint64, u []uint64) (r uint64)

MForm switches a to the Montgomery domain by computing a*2^64 mod q.

func MFormLazy 

func MFormLazy(a, q uint64, u []uint64) (r uint64)

MFormLazy switches a to the Montgomery domain by computing a*2^64 mod q in constant time. The result is between 0 and 2*q-1.

func MRed 

func MRed(x, y, q, qInv uint64) (r uint64)

MRed computes x * y * (1/2^64) mod q.

func MRedConstant 

func MRedConstant(q uint64) (qInv uint64)

MRedConstant computes the constant qInv = (q^-1) mod 2^64 required for MRed.

func MRedLazy 

func MRedLazy(x, y, q, qInv uint64) (r uint64)

MRedLazy computes x * y * (1/2^64) mod q in constant time. The result is between 0 and 2*q-1.

func MapSmallDimensionToLargerDimensionNTT 

func MapSmallDimensionToLargerDimensionNTT(polSmall, polLarge Poly)

MapSmallDimensionToLargerDimensionNTT maps Y = X^{N/n} -> X directly in the NTT domain

func MaskVec 

func MaskVec(p1 []uint64, w int, mask uint64, p2 []uint64)

MaskVec evaluates p2 = vec(p1>>w) & mask Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func Min 

func Min(x, y int) int

Min returns the minimum between to int

func ModExp 

func ModExp(x, e, p uint64) (result uint64)

ModExp performs the modular exponentiation x^e mod p, x and p are required to be at most 64 bits to avoid an overflow.

func ModExpPow2 

func ModExpPow2(x, e, p uint64) (result uint64)

ModExpPow2 performs the modular exponentiation x^e mod p, where p is a power of two, x and p are required to be at most 64 bits to avoid an overflow.

func ModUpExact 

func ModUpExact(p1, p2 [][]uint64, ringQ, ringP *Ring, MUC ModUpConstants)

ModUpExact takes p1 mod Q and switches its basis to P, returning the result on p2. Caution: values are not centered and returned values are in [0, 2P-1].

func ModexpMontgomery 

func ModexpMontgomery(x uint64, e int, q, qInv uint64, bredconstant []uint64) (result uint64)

ModexpMontgomery performs the modular exponentiation x^e mod p, where x is in Montgomery form, and returns x^e in Montgomery form.

func NTTConjugateInvariant 

func NTTConjugateInvariant(p1, p2 []uint64, N int, Q, MRedConstant uint64, BRedConstant, roots []uint64)

NTTConjugateInvariant evaluates p2 = NTT(p1) in the sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1).

func NTTConjugateInvariantLazy 

func NTTConjugateInvariantLazy(p1, p2 []uint64, N int, Q, MRedConstant uint64, roots []uint64)

NTTConjugateInvariantLazy evaluates p2 = NTT(p1) in the sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1) with p2 in the range [0, 2*modulus-1].

func NTTStandard 

func NTTStandard(p1, p2 []uint64, N int, Q, MRedConstant uint64, BRedConstant, roots []uint64)

NTTStandard computes the NTTStandard in the given SubRing.

func NTTStandardLazy 

func NTTStandardLazy(p1, p2 []uint64, N int, Q, MRedConstant uint64, roots []uint64)

NTTStandardLazy computes the NTTStandard in the given SubRing with p2 in [0, 2*modulus-1].

func PrimitiveRoot 

func PrimitiveRoot(q uint64, factors []uint64) (uint64, []uint64, error)

PrimitiveRoot computes the smallest primitive root of the given prime q The unique factors of q-1 can be given to speed up the search for the root.

func RandUniform 

func RandUniform(prng sampling.PRNG, v uint64, mask uint64) (randomInt uint64)

RandUniform samples a uniform randomInt variable in the range [0, mask] until randomInt is in the range [0, v-1]. mask needs to be of the form 2^n -1.

func ZeroVec 

func ZeroVec(p1 []uint64)

ZeroVec sets all values of p1 to zero. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

Types

type BasisExtender 

type BasisExtender struct {
	// contains filtered or unexported fields
}

BasisExtender stores the necessary parameters for RNS basis extension. The used algorithm is from https://eprint.iacr.org/2018/117.pdf.

func NewBasisExtender 

func NewBasisExtender(ringQ, ringP *Ring) (be *BasisExtender)

NewBasisExtender creates a new BasisExtender, enabling RNS basis extension from Q to P and P to Q.

func (*BasisExtender) ModDownQPtoP 

func (be *BasisExtender) ModDownQPtoP(levelQ, levelP int, p1Q, p1P, p2P Poly)

ModDownQPtoP reduces the basis of a polynomial. Given a polynomial with coefficients in basis {Q0,Q1....QlevelQ} and {P0,P1...PlevelP}, it reduces its basis from {Q0,Q1....QlevelQ} and {P0,P1...PlevelP} to {P0,P1...PlevelP} and does a floored integer division of the result by Q.

func (*BasisExtender) ModDownQPtoQ 

func (be *BasisExtender) ModDownQPtoQ(levelQ, levelP int, p1Q, p1P, p2Q Poly)

ModDownQPtoQ reduces the basis of a polynomial. Given a polynomial with coefficients in basis {Q0,Q1....Qlevel} and {P0,P1...Pj}, it reduces its basis from {Q0,Q1....Qlevel} and {P0,P1...Pj} to {Q0,Q1....Qlevel} and does a rounded integer division of the result by P.

func (*BasisExtender) ModDownQPtoQNTT 

func (be *BasisExtender) ModDownQPtoQNTT(levelQ, levelP int, p1Q, p1P, p2Q Poly)

ModDownQPtoQNTT reduces the basis of a polynomial. Given a polynomial with coefficients in basis {Q0,Q1....Qi} and {P0,P1...Pj}, it reduces its basis from {Q0,Q1....Qi} and {P0,P1...Pj} to {Q0,Q1....Qi} and does a rounded integer division of the result by P. Inputs must be in the NTT domain.

func (*BasisExtender) ModUpPtoQ 

func (be *BasisExtender) ModUpPtoQ(levelP, levelQ int, polP, polQ Poly)

ModUpPtoQ extends the RNS basis of a polynomial from P to PQ. Given a polynomial with coefficients in basis {P0,P1....Plevel}, it extends its basis from {P0,P1....Plevel} to {Q0,Q1...Qj}

func (*BasisExtender) ModUpQtoP 

func (be *BasisExtender) ModUpQtoP(levelQ, levelP int, polQ, polP Poly)

ModUpQtoP extends the RNS basis of a polynomial from Q to QP. Given a polynomial with coefficients in basis {Q0,Q1....Qlevel}, it extends its basis from {Q0,Q1....Qlevel} to {Q0,Q1....Qlevel,P0,P1...Pj}

func (*BasisExtender) ShallowCopy 

func (be *BasisExtender) ShallowCopy() *BasisExtender

ShallowCopy creates a shallow copy of this basis extender in which the read-only data-structures are shared with the receiver.

type Decomposer 

type Decomposer struct {
	ModUpConstants [][][]ModUpConstants
	// contains filtered or unexported fields
}

Decomposer is a structure that stores the parameters of the arbitrary decomposer. This decomposer takes a p(x)_Q (in basis Q) and returns p(x) mod qi in basis QP, where qi = prod(Q_i) for 0<=i<=L, where L is the number of factors in P.

func NewDecomposer 

func NewDecomposer(ringQ, ringP *Ring) (decomposer *Decomposer)

NewDecomposer creates a new Decomposer.

func (*Decomposer) DecomposeAndSplit 

func (decomposer *Decomposer) DecomposeAndSplit(levelQ, levelP, nbPi, BaseRNSDecompositionVectorSize int, p0Q, p1Q, p1P Poly)

DecomposeAndSplit decomposes a polynomial p(x) in basis Q, reduces it modulo qi, and returns the result in basis QP separately.

type Dimensions 

type Dimensions struct {
	Rows, Cols int
}

type DiscreteGaussian 

type DiscreteGaussian struct {
	Sigma float64
	Bound float64
}

DiscreteGaussian represents the parameters of a discrete Gaussian distribution with standard deviation Sigma and bounds [-Bound, Bound].

func (DiscreteGaussian) MarshalJSON 

func (d DiscreteGaussian) MarshalJSON() ([]byte, error)

func (DiscreteGaussian) Type 

func (d DiscreteGaussian) Type() string

type DistributionParameters 

type DistributionParameters interface {
	// Type returns a string representation of the distribution name.
	Type() string
	// contains filtered or unexported methods
}

DistributionParameters is an interface for distribution parameters in the ring. There are three implementation of this interface:

  • DiscreteGaussian for sampling polynomials with discretized gaussian coefficient of given standard deviation and bound.
  • Ternary for sampling polynomials with coefficients in [-1, 1].
  • Uniform for sampling polynomial with uniformly random coefficients in the ring.

func ParametersFromMap 

func ParametersFromMap(distDef map[string]interface{}) (DistributionParameters, error)

type GaussianSampler 

type GaussianSampler struct {
	// contains filtered or unexported fields
}

GaussianSampler keeps the state of a truncated Gaussian polynomial sampler.

func NewGaussianSampler 

func NewGaussianSampler(prng sampling.PRNG, baseRing *Ring, X DiscreteGaussian, montgomery bool) (g *GaussianSampler)

NewGaussianSampler creates a new instance of GaussianSampler from a PRNG, a ring definition and the truncated Gaussian distribution parameters. Sigma is the desired standard deviation and bound is the maximum coefficient norm in absolute value.

func (*GaussianSampler) AtLevel 

func (g *GaussianSampler) AtLevel(level int) Sampler

AtLevel returns an instance of the target GaussianSampler that operates at the target level. This instance is not thread safe and cannot be used concurrently to the base instance.

func (*GaussianSampler) Read 

func (g *GaussianSampler) Read(pol Poly)

Read samples a truncated Gaussian polynomial on "pol" at the maximum level in the default ring, standard deviation and bound.

func (*GaussianSampler) ReadAndAdd 

func (g *GaussianSampler) ReadAndAdd(pol Poly)

ReadAndAdd samples a truncated Gaussian polynomial at the given level for the receiver's default standard deviation and bound and adds it on "pol".

func (*GaussianSampler) ReadNew 

func (g *GaussianSampler) ReadNew() (pol Poly)

ReadNew samples a new truncated Gaussian polynomial at the maximum level in the default ring, standard deviation and bound.

type Interpolator 

type Interpolator struct {
	// contains filtered or unexported fields
}

Interpolator is a struct storing the necessary buffer and pre-computation for polynomial interpolation with coefficient in finite fields.

func NewInterpolator 

func NewInterpolator(degree int, T uint64) (itp *Interpolator, err error)

NewInterpolator creates a new Interpolator. Returns an error if T is not prime or not congruent to 1 mod 2N, where N is the next power of two greater than degree+1.

func (*Interpolator) Interpolate 

func (itp *Interpolator) Interpolate(roots []uint64) (coeffs []uint64)

Interpolate takes a list of roots the coefficients of P(roots) = 0 mod T.

func (*Interpolator) Lagrange 

func (itp *Interpolator) Lagrange(x, y []uint64) (coeffs []uint64, err error)

Lagrange takes as input (x, y) and returns P(xi) = yi mod T.

type ModUpConstants 

type ModUpConstants struct {
	// contains filtered or unexported fields
}

ModUpConstants stores the necessary parameters for RNS basis extension.

func GenModUpConstants 

func GenModUpConstants(Q, P []uint64) ModUpConstants

GenModUpConstants generates the ModUpConstants for basis extension from Q to P and P to Q.

type NTTFriendlyPrimesGenerator 

type NTTFriendlyPrimesGenerator struct {
	Size                           float64
	NextPrime, PrevPrime, NthRoot  uint64
	CheckNextPrime, CheckPrevPrime bool
}

NTTFriendlyPrimesGenerator is a struct used to generate NTT friendly primes.

func NewNTTFriendlyPrimesGenerator 

func NewNTTFriendlyPrimesGenerator(BitSize, NthRoot uint64) NTTFriendlyPrimesGenerator

NewNTTFriendlyPrimesGenerator instantiates a new NTTFriendlyPrimesGenerator. Primes generated are of the form 2^{BitSize} +/- k * {NthRoot} + 1.

func (*NTTFriendlyPrimesGenerator) NextAlternatingPrime 

func (n *NTTFriendlyPrimesGenerator) NextAlternatingPrime() (uint64, error)

NextAlternatingPrime returns the next prime of the form 2^{BitSize} +/- k * {NthRoot} + 1.

func (*NTTFriendlyPrimesGenerator) NextAlternatingPrimes 

func (n *NTTFriendlyPrimesGenerator) NextAlternatingPrimes(k int) (primes []uint64, err error)

NextAlternatingPrimes returns the next k primes of the form 2^{BitSize} +/- k * {NthRoot} + 1.

func (*NTTFriendlyPrimesGenerator) NextDownstreamPrime 

func (n *NTTFriendlyPrimesGenerator) NextDownstreamPrime() (uint64, error)

NextDownstreamPrime returns the next prime of the form 2^{BitSize} - k * {NthRoot} + 1.

func (*NTTFriendlyPrimesGenerator) NextDownstreamPrimes 

func (n *NTTFriendlyPrimesGenerator) NextDownstreamPrimes(k int) (primes []uint64, err error)

NextDownstreamPrimes returns the next k primes of the form 2^{BitSize} - k * {NthRoot} + 1.

func (*NTTFriendlyPrimesGenerator) NextUpstreamPrime 

func (n *NTTFriendlyPrimesGenerator) NextUpstreamPrime() (uint64, error)

NextUpstreamPrime returns the next prime of the form 2^{BitSize} + k * {NthRoot} + 1.

func (*NTTFriendlyPrimesGenerator) NextUpstreamPrimes 

func (n *NTTFriendlyPrimesGenerator) NextUpstreamPrimes(k int) (primes []uint64, err error)

NextUpstreamPrimes returns the next k primes of the form 2^{BitSize} + k * {NthRoot} + 1.

type NTTTable 

type NTTTable struct {
	NthRoot       uint64   // Nthroot used for the NTT
	PrimitiveRoot uint64   // 2N-th primitive root
	RootsForward  []uint64 //powers of the 2N-th primitive root in Montgomery form (in bit-reversed order)
	RootsBackward []uint64 //powers of the inverse of the 2N-th primitive root in Montgomery form (in bit-reversed order)
	NInv          uint64   //[N^-1] mod Modulus in Montgomery form
}

NTTTable store all the constants that are specifically tied to the NTT.

type NumberTheoreticTransformer 

type NumberTheoreticTransformer interface {
	Forward(p1, p2 []uint64)
	ForwardLazy(p1, p2 []uint64)
	Backward(p1, p2 []uint64)
	BackwardLazy(p1, p2 []uint64)
}

NumberTheoreticTransformer is an interface to provide flexibility on what type of NTT is used by the struct Ring.

func NewNumberTheoreticTransformerConjugateInvariant 

func NewNumberTheoreticTransformerConjugateInvariant(r *SubRing, n int) NumberTheoreticTransformer

func NewNumberTheoreticTransformerStandard 

func NewNumberTheoreticTransformerStandard(r *SubRing, n int) NumberTheoreticTransformer

type NumberTheoreticTransformerConjugateInvariant 

type NumberTheoreticTransformerConjugateInvariant struct {
	// contains filtered or unexported fields
}

NumberTheoreticTransformerConjugateInvariant computes the NTT in the ring Z[X+X^-1]/(X^2N+1). Z[X+X^-1]/(X^2N+1) is a closed sub-ring of Z[X]/(X^2N+1). Note that the input polynomial only needs to be size N since the right half does not provide any additional information. See "Approximate Homomorphic Encryption over the Conjugate-invariant Ring", https://eprint.iacr.org/2018/952. The implemented approach is more efficient than the one proposed in the referenced work. It avoids the linear map Z[X + X^-1]/(X^2N + 1) <-> Z[X]/(X^N - 1) by instead directly computing the left half of the NTT of Z[X + X^-1]/(X^2N + 1) since the right half provides no additional information, which allows to (re)use nega-cyclic NTT.

func (NumberTheoreticTransformerConjugateInvariant) Backward 

func (rntt NumberTheoreticTransformerConjugateInvariant) Backward(p1, p2 []uint64)

Backward writes the backward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2.

func (NumberTheoreticTransformerConjugateInvariant) BackwardLazy 

func (rntt NumberTheoreticTransformerConjugateInvariant) BackwardLazy(p1, p2 []uint64)

BackwardLazy writes the backward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2. Returns values in the range [0, 2q-1].

func (NumberTheoreticTransformerConjugateInvariant) Forward 

func (rntt NumberTheoreticTransformerConjugateInvariant) Forward(p1, p2 []uint64)

Forward writes the forward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2.

func (NumberTheoreticTransformerConjugateInvariant) ForwardLazy 

func (rntt NumberTheoreticTransformerConjugateInvariant) ForwardLazy(p1, p2 []uint64)

ForwardLazy writes the forward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2. Returns values in the range [0, 2q-1].

type NumberTheoreticTransformerStandard 

type NumberTheoreticTransformerStandard struct {
	// contains filtered or unexported fields
}

NumberTheoreticTransformerStandard computes the standard nega-cyclic NTT in the ring Z[X]/(X^N+1).

func (NumberTheoreticTransformerStandard) Backward 

func (rntt NumberTheoreticTransformerStandard) Backward(p1, p2 []uint64)

Backward writes the backward NTT in Z[X]/(X^N+1) of p1 on p2.

func (NumberTheoreticTransformerStandard) BackwardLazy 

func (rntt NumberTheoreticTransformerStandard) BackwardLazy(p1, p2 []uint64)

BackwardLazy writes the backward NTT in Z[X]/(X^N+1) p1 on p2. Returns values in the range [0, 2q-1].

func (NumberTheoreticTransformerStandard) Forward 

func (rntt NumberTheoreticTransformerStandard) Forward(p1, p2 []uint64)

Forward writes the forward NTT in Z[X]/(X^N+1) of p1 on p2.

func (NumberTheoreticTransformerStandard) ForwardLazy 

func (rntt NumberTheoreticTransformerStandard) ForwardLazy(p1, p2 []uint64)

ForwardLazy writes the forward NTT in Z[X]/(X^N+1) of p1 on p2. Returns values in the range [0, 2q-1].

type Parameters 

type Parameters struct {
	// contains filtered or unexported fields
}

Parameters is a struct storing test parameters for the package Ring.

type Poly 

type Poly struct {
	Coeffs structs.Matrix[uint64]
}

Poly is the structure that contains the coefficients of a polynomial.

func NewPoly 

func NewPoly(N, Level int) (pol Poly)

NewPoly creates a new polynomial with N coefficients set to zero and Level+1 moduli.

func (Poly) BinarySize 

func (pol Poly) BinarySize() (size int)

BinarySize returns the serialized size of the object in bytes.

func (*Poly) Copy 

func (pol *Poly) Copy(p1 Poly)

Copy copies the coefficients of p1 on the target polynomial. This method does nothing if the underlying arrays are the same. This method will resize the target polynomial to the level of the input polynomial.

func (*Poly) CopyLvl 

func (pol *Poly) CopyLvl(level int, p1 Poly)

CopyLvl copies the coefficients of p1 on the target polynomial. This method does nothing if the underlying arrays are the same. Expects the degree of both polynomials to be identical.

func (Poly) CopyNew 

func (pol Poly) CopyNew() *Poly

CopyNew creates an exact copy of the target polynomial.

func (Poly) Equal 

func (pol Poly) Equal(other *Poly) bool

Equal returns true if the receiver Poly is equal to the provided other Poly. This function checks for strict equality between the polynomial coefficients (i.e., it does not consider congruence as equality within the ring like `Ring.Equal` does).

func (Poly) Level 

func (pol Poly) Level() int

Level returns the current number of moduli minus 1.

func (Poly) MarshalBinary 

func (pol Poly) MarshalBinary() (p []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (Poly) N 

func (pol Poly) N() int

N returns the number of coefficients of the polynomial, which equals the degree of the Ring cyclotomic polynomial.

func (*Poly) ReadFrom 

func (pol *Poly) ReadFrom(r io.Reader) (n int64, err error)

ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.

Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:

  • When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
  • When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (*Poly) Resize 

func (pol *Poly) Resize(level int)

Resize resizes the level of the target polynomial to the provided level. If the provided level is larger than the current level, then allocates zero coefficients, otherwise dereferences the coefficients above the provided level.

func (*Poly) UnmarshalBinary 

func (pol *Poly) UnmarshalBinary(p []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.

func (Poly) WriteTo 

func (pol Poly) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.

Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:

  • When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
  • When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).

func (Poly) Zero 

func (pol Poly) Zero()

Zero sets all coefficients of the target polynomial to 0.

type RNSScalar 

type RNSScalar []uint64

RNSScalar represents a scalar value in the Ring (i.e., a degree-0 polynomial) in RNS form.

type Ring 

type Ring struct {
	SubRings []*SubRing

	// Product of the Moduli for each level
	ModulusAtLevel []*big.Int

	// Rescaling parameters (RNS division)
	RescaleConstants [][]uint64
	// contains filtered or unexported fields
}

Ring is a structure that keeps all the variables required to operate on a polynomial represented in this ring.

func NewRing 

func NewRing(N int, Moduli []uint64) (r *Ring, err error)

NewRing creates a new RNS Ring with degree N and coefficient moduli Moduli with Standard NTT. N must be a power of two larger than 8. Moduli should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo 2*N. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.

func NewRingConjugateInvariant 

func NewRingConjugateInvariant(N int, Moduli []uint64) (r *Ring, err error)

NewRingConjugateInvariant creates a new RNS Ring with degree N and coefficient moduli Moduli with Conjugate Invariant NTT. N must be a power of two larger than 8. Moduli should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo 4*N. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.

func NewRingFromType 

func NewRingFromType(N int, Moduli []uint64, ringType Type) (r *Ring, err error)

NewRingFromType creates a new RNS Ring with degree N and coefficient moduli Moduli for which the type of NTT is determined by the ringType argument. If ringType==Standard, the ring is instantiated with standard NTT with the Nth root of unity 2*N. If ringType==ConjugateInvariant, the ring is instantiated with a ConjugateInvariant NTT with Nth root of unity 4*N. N must be a power of two larger than 8. Moduli should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo the root of unity. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.

func NewRingWithCustomNTT 

func NewRingWithCustomNTT(N int, ModuliChain []uint64, ntt func(*SubRing, int) NumberTheoreticTransformer, NthRoot int) (r *Ring, err error)

NewRingWithCustomNTT creates a new RNS Ring with degree N and coefficient moduli Moduli with user-defined NTT transform and primitive Nth root of unity. ModuliChain should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo the root of unity. N must be a power of two larger than 8. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.

func (Ring) Add 

func (r Ring) Add(p1, p2, p3 Poly)

Add evaluates p3 = p1 + p2 coefficient-wise in the ring.

func (Ring) AddDoubleRNSScalar 

func (r Ring) AddDoubleRNSScalar(p1 Poly, scalar0, scalar1 RNSScalar, p2 Poly)

AddDoubleRNSScalar evaluates p2 = p1[:N/2] + scalar0 || p1[N/2] + scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level.

func (Ring) AddLazy 

func (r Ring) AddLazy(p1, p2, p3 Poly)

AddLazy evaluates p3 = p1 + p2 coefficient-wise in the ring, with p3 in [0, 2*modulus-1].

func (Ring) AddScalar 

func (r Ring) AddScalar(p1 Poly, scalar uint64, p2 Poly)

AddScalar evaluates p2 = p1 + scalar coefficient-wise in the ring.

func (Ring) AddScalarBigint 

func (r Ring) AddScalarBigint(p1 Poly, scalar *big.Int, p2 Poly)

AddScalarBigint evaluates p2 = p1 + scalar coefficient-wise in the ring.

func (Ring) AtLevel 

func (r Ring) AtLevel(level int) *Ring

AtLevel returns an instance of the target ring that operates at the target level. This instance is thread safe and can be use concurrently with the base ring.

func (Ring) Automorphism 

func (r Ring) Automorphism(polIn Poly, gen uint64, polOut Poly)

Automorphism applies the automorphism X^{i} -> X^{i*gen} on a polynomial outside of the NTT domain. It must be noted that the result cannot be in-place.

func (Ring) AutomorphismNTT 

func (r Ring) AutomorphismNTT(polIn Poly, gen uint64, polOut Poly)

AutomorphismNTT applies the automorphism X^{i} -> X^{i*gen} on a polynomial in the NTT domain. It must be noted that the result cannot be in-place.

func (Ring) AutomorphismNTTWithIndex 

func (r Ring) AutomorphismNTTWithIndex(polIn Poly, index []uint64, polOut Poly)

AutomorphismNTTWithIndex applies the automorphism X^{i} -> X^{i*gen} on a polynomial in the NTT domain. `index` is the lookup table storing the mapping of the automorphism. It must be noted that the result cannot be in-place.

func (Ring) AutomorphismNTTWithIndexThenAddLazy 

func (r Ring) AutomorphismNTTWithIndexThenAddLazy(polIn Poly, index []uint64, polOut Poly)

AutomorphismNTTWithIndexThenAddLazy applies the automorphism X^{i} -> X^{i*gen} on a polynomial in the NTT domain . `index` is the lookup table storing the mapping of the automorphism. The result of the automorphism is added on polOut.

func (Ring) BRedConstants 

func (r Ring) BRedConstants() (BRC [][]uint64)

BRedConstants returns the concatenation of the Barrett constants of the target ring.

func (Ring) ConjugateInvariantRing 

func (r Ring) ConjugateInvariantRing() (*Ring, error)

ConjugateInvariantRing returns the conjugate invariant ring of the receiver ring. If `r.Type()==ConjugateInvariant`, then the method returns the receiver. if `r.Type()==Standard`, then the method returns a ring with ring degree N/2. The returned Ring is a shallow copy of the receiver.

func (Ring) DivFloorByLastModulus 

func (r Ring) DivFloorByLastModulus(p0, p1 Poly)

DivFloorByLastModulus divides (floored) the polynomial by its last modulus. Output poly level must be equal or one less than input level.

func (Ring) DivFloorByLastModulusMany 

func (r Ring) DivFloorByLastModulusMany(nbRescales int, p0, buff, p1 Poly)

DivFloorByLastModulusMany divides (floored) sequentially nbRescales times the polynomial by its last modulus. Output poly level must be equal or nbRescales less than input level.

func (Ring) DivFloorByLastModulusManyNTT 

func (r Ring) DivFloorByLastModulusManyNTT(nbRescales int, p0, buff, p1 Poly)

DivFloorByLastModulusManyNTT divides (floored) sequentially nbRescales times the polynomial by its last modulus. Input must be in the NTT domain. Output poly level must be equal or nbRescales less than input level.

func (Ring) DivFloorByLastModulusNTT 

func (r Ring) DivFloorByLastModulusNTT(p0, buff, p1 Poly)

DivFloorByLastModulusNTT divides (floored) the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or one less than input level.

func (Ring) DivRoundByLastModulus 

func (r Ring) DivRoundByLastModulus(p0, p1 Poly)

DivRoundByLastModulus divides (rounded) the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or one less than input level.

func (Ring) DivRoundByLastModulusMany 

func (r Ring) DivRoundByLastModulusMany(nbRescales int, p0, buff, p1 Poly)

DivRoundByLastModulusMany divides (rounded) sequentially nbRescales times the polynomial by its last modulus. Output poly level must be equal or nbRescales less than input level.

func (Ring) DivRoundByLastModulusManyNTT 

func (r Ring) DivRoundByLastModulusManyNTT(nbRescales int, p0, buff, p1 Poly)

DivRoundByLastModulusManyNTT divides (rounded) sequentially nbRescales times the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or nbRescales less than input level.

func (Ring) DivRoundByLastModulusNTT 

func (r Ring) DivRoundByLastModulusNTT(p0, buff, p1 Poly)

DivRoundByLastModulusNTT divides (rounded) the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or one less than input level.

func (Ring) Equal 

func (r Ring) Equal(p1, p2 Poly) bool

Equal checks if p1 = p2 in the given Ring.

func (Ring) EvalPolyScalar 

func (r Ring) EvalPolyScalar(p1 []Poly, scalar uint64, p2 Poly)

EvalPolyScalar evaluate p2 = p1(scalar) coefficient-wise in the ring.

func (Ring) FoldStandardToConjugateInvariant 

func (r Ring) FoldStandardToConjugateInvariant(polyStandard Poly, permuteNTTIndexInv []uint64, polyConjugateInvariant Poly)

FoldStandardToConjugateInvariant folds [X]/(X^N+1) to [X+X^-1]/(X^N+1) in compressed form (N/2 coefficients). Requires degree(polyConjugateInvariant) = 2*degree(polyStandard). Requires that polyStandard and polyConjugateInvariant share the same moduli.

func (Ring) IMForm 

func (r Ring) IMForm(p1, p2 Poly)

IMForm evaluates p2 = p1 * 2^64 coefficient-wise in the ring.

func (Ring) INTT 

func (r Ring) INTT(p1, p2 Poly)

INTT evaluates p2 = INTT(p1).

func (Ring) INTTLazy 

func (r Ring) INTTLazy(p1, p2 Poly)

INTTLazy evaluates p2 = INTT(p1) with p2 in [0, 2*modulus-1].

func (*Ring) Inverse 

func (r *Ring) Inverse(a RNSScalar)

Inverse computes the modular inverse of a scalar a expressed in a CRT decomposition. The inversion is done in-place and assumes that a is in Montgomery form.

func (Ring) Level 

func (r Ring) Level() int

Level returns the level of the current ring.

func (Ring) Log2OfStandardDeviation 

func (r Ring) Log2OfStandardDeviation(poly Poly) (std float64)

Log2OfStandardDeviation returns base 2 logarithm of the standard deviation of the coefficients of the polynomial.

func (Ring) LogModuli 

func (r Ring) LogModuli() (logmod float64)

LogModuli returns the size of the extended modulus P in bits

func (Ring) LogN 

func (r Ring) LogN() int

LogN returns log2(ring degree).

func (Ring) MForm 

func (r Ring) MForm(p1, p2 Poly)

MForm evaluates p2 = p1 * (2^64)^-1 coefficient-wise in the ring.

func (Ring) MFormLazy 

func (r Ring) MFormLazy(p1, p2 Poly)

MFormLazy evaluates p2 = p1 * (2^64)^-1 coefficient-wise in the ring with p2 in [0, 2*modulus-1].

func (*Ring) MFormRNSScalar 

func (r *Ring) MFormRNSScalar(s1, s2 RNSScalar)

MFormRNSScalar switches an RNS scalar to the Montgomery domain. s2 = s1<<64 mod Q

func (Ring) MRedConstants 

func (r Ring) MRedConstants() (MRC []uint64)

MRedConstants returns the concatenation of the Montgomery constants of the target ring.

func (Ring) MarshalBinary 

func (r Ring) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.

func (Ring) MarshalJSON 

func (r Ring) MarshalJSON() (data []byte, err error)

MarshalJSON encodes the object into a binary form on a newly allocated slice of bytes with the json codec.

func (Ring) MaxLevel 

func (r Ring) MaxLevel() int

MaxLevel returns the maximum level allowed by the ring (#NbModuli -1).

func (Ring) ModuliChain 

func (r Ring) ModuliChain() (moduli []uint64)

ModuliChain returns the list of primes in the modulus chain.

func (Ring) ModuliChainLength 

func (r Ring) ModuliChainLength() int

ModuliChainLength returns the number of primes in the RNS basis of the ring.

func (Ring) Modulus 

func (r Ring) Modulus() *big.Int

Modulus returns the modulus of the target ring at the currently set level in *big.Int.

func (Ring) MulByVectorMontgomery 

func (r Ring) MulByVectorMontgomery(p1 Poly, vector []uint64, p2 Poly)

MulByVectorMontgomery evaluates p2 = p1 * vector coefficient-wise in the ring.

func (Ring) MulByVectorMontgomeryThenAddLazy 

func (r Ring) MulByVectorMontgomeryThenAddLazy(p1 Poly, vector []uint64, p2 Poly)

MulByVectorMontgomeryThenAddLazy evaluates p2 = p2 + p1 * vector coefficient-wise in the ring.

func (Ring) MulCoeffsBarrett 

func (r Ring) MulCoeffsBarrett(p1, p2, p3 Poly)

MulCoeffsBarrett evaluates p3 = p1 * p2 coefficient-wise in the ring, with Barrett reduction.

func (Ring) MulCoeffsBarrettLazy 

func (r Ring) MulCoeffsBarrettLazy(p1, p2, p3 Poly)

MulCoeffsBarrettLazy evaluates p3 = p1 * p2 coefficient-wise in the ring, with Barrett reduction, with p3 in [0, 2*modulus-1].

func (Ring) MulCoeffsBarrettThenAdd 

func (r Ring) MulCoeffsBarrettThenAdd(p1, p2, p3 Poly)

MulCoeffsBarrettThenAdd evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Barrett reduction.

func (Ring) MulCoeffsBarrettThenAddLazy 

func (r Ring) MulCoeffsBarrettThenAddLazy(p1, p2, p3 Poly)

MulCoeffsBarrettThenAddLazy evaluates p3 = p1 * p2 coefficient-wise in the ring, with Barrett reduction, with p3 in [0, 2*modulus-1].

func (Ring) MulCoeffsMontgomery 

func (r Ring) MulCoeffsMontgomery(p1, p2, p3 Poly)

MulCoeffsMontgomery evaluates p3 = p1 * p2 coefficient-wise in the ring, with Montgomery reduction.

func (Ring) MulCoeffsMontgomeryLazy 

func (r Ring) MulCoeffsMontgomeryLazy(p1, p2, p3 Poly)

MulCoeffsMontgomeryLazy evaluates p3 = p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].

func (Ring) MulCoeffsMontgomeryLazyThenAddLazy 

func (r Ring) MulCoeffsMontgomeryLazyThenAddLazy(p1, p2, p3 Poly)

MulCoeffsMontgomeryLazyThenAddLazy evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 3*modulus-2].

func (Ring) MulCoeffsMontgomeryLazyThenNeg 

func (r Ring) MulCoeffsMontgomeryLazyThenNeg(p1, p2, p3 Poly)

MulCoeffsMontgomeryLazyThenNeg evaluates p3 = -p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].

func (Ring) MulCoeffsMontgomeryLazyThenSubLazy 

func (r Ring) MulCoeffsMontgomeryLazyThenSubLazy(p1, p2, p3 Poly)

MulCoeffsMontgomeryLazyThenSubLazy evaluates p3 = p3 - p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 3*modulus-2].

func (Ring) MulCoeffsMontgomeryThenAdd 

func (r Ring) MulCoeffsMontgomeryThenAdd(p1, p2, p3 Poly)

MulCoeffsMontgomeryThenAdd evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].

func (Ring) MulCoeffsMontgomeryThenAddLazy 

func (r Ring) MulCoeffsMontgomeryThenAddLazy(p1, p2, p3 Poly)

MulCoeffsMontgomeryThenAddLazy evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].

func (Ring) MulCoeffsMontgomeryThenSub 

func (r Ring) MulCoeffsMontgomeryThenSub(p1, p2, p3 Poly)

MulCoeffsMontgomeryThenSub evaluates p3 = p3 - p1 * p2 coefficient-wise in the ring, with Montgomery reduction.

func (Ring) MulCoeffsMontgomeryThenSubLazy 

func (r Ring) MulCoeffsMontgomeryThenSubLazy(p1, p2, p3 Poly)

MulCoeffsMontgomeryThenSubLazy evaluates p3 = p3 - p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].

func (Ring) MulDoubleRNSScalar 

func (r Ring) MulDoubleRNSScalar(p1 Poly, scalar0, scalar1 RNSScalar, p2 Poly)

MulDoubleRNSScalar evaluates p2 = p1[:N/2] * scalar0 || p1[N/2] * scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level.

func (Ring) MulDoubleRNSScalarThenAdd 

func (r Ring) MulDoubleRNSScalarThenAdd(p1 Poly, scalar0, scalar1 RNSScalar, p2 Poly)

MulDoubleRNSScalarThenAdd evaluates p2 = p2 + p1[:N/2] * scalar0 || p1[N/2] * scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level.

func (*Ring) MulRNSScalar 

func (r *Ring) MulRNSScalar(s1, s2, sout RNSScalar)

MulRNSScalar multiplies s1 and s2 and stores the result in sout. Multiplication is operated with Montgomery.

func (Ring) MulRNSScalarMontgomery 

func (r Ring) MulRNSScalarMontgomery(p1 Poly, scalar RNSScalar, p2 Poly)

MulRNSScalarMontgomery evaluates p2 = p1 * scalar coefficient-wise in the ring, with a scalar value expressed in the CRT decomposition at a given level. It assumes the scalar decomposition to be in Montgomery form.

func (Ring) MulScalar 

func (r Ring) MulScalar(p1 Poly, scalar uint64, p2 Poly)

MulScalar evaluates p2 = p1 * scalar coefficient-wise in the ring.

func (Ring) MulScalarBigint 

func (r Ring) MulScalarBigint(p1 Poly, scalar *big.Int, p2 Poly)

MulScalarBigint evaluates p2 = p1 * scalar coefficient-wise in the ring.

func (Ring) MulScalarBigintThenAdd 

func (r Ring) MulScalarBigintThenAdd(p1 Poly, scalar *big.Int, p2 Poly)

MulScalarBigintThenAdd evaluates p2 = p1 * scalar coefficient-wise in the ring.

func (Ring) MulScalarThenAdd 

func (r Ring) MulScalarThenAdd(p1 Poly, scalar uint64, p2 Poly)

MulScalarThenAdd evaluates p2 = p2 + p1 * scalar coefficient-wise in the ring.

func (Ring) MulScalarThenSub 

func (r Ring) MulScalarThenSub(p1 Poly, scalar uint64, p2 Poly)

MulScalarThenSub evaluates p2 = p2 - p1 * scalar coefficient-wise in the ring.

func (Ring) MultByMonomial 

func (r Ring) MultByMonomial(p1 Poly, k int, p2 Poly)

MultByMonomial evaluates p2 = p1 * X^k coefficient-wise in the ring.

func (Ring) N 

func (r Ring) N() int

N returns the ring degree.

func (Ring) NTT 

func (r Ring) NTT(p1, p2 Poly)

NTT evaluates p2 = NTT(P1).

func (Ring) NTTLazy 

func (r Ring) NTTLazy(p1, p2 Poly)

NTTLazy evaluates p2 = NTT(p1) with p2 in [0, 2*modulus-1].

func (Ring) Neg 

func (r Ring) Neg(p1, p2 Poly)

Neg evaluates p2 = -p1 coefficient-wise in the ring.

func (*Ring) NegRNSScalar 

func (r *Ring) NegRNSScalar(s1, s2 RNSScalar)

NegRNSScalar evaluates s2 = -s1.

func (Ring) NewMonomialXi 

func (r Ring) NewMonomialXi(i int) (p Poly)

NewMonomialXi returns a polynomial X^{i}.

func (Ring) NewPoly 

func (r Ring) NewPoly() Poly

NewPoly creates a new polynomial with all coefficients set to 0.

func (*Ring) NewRNSScalar 

func (r *Ring) NewRNSScalar() RNSScalar

NewRNSScalar creates a new Scalar value.

func (*Ring) NewRNSScalarFromBigint 

func (r *Ring) NewRNSScalarFromBigint(v *big.Int) (rns RNSScalar)

NewRNSScalarFromBigint creates a new Scalar initialized with value v.

func (*Ring) NewRNSScalarFromUInt64 

func (r *Ring) NewRNSScalarFromUInt64(v uint64) (rns RNSScalar)

NewRNSScalarFromUInt64 creates a new Scalar initialized with value v.

func (Ring) NthRoot 

func (r Ring) NthRoot() uint64

NthRoot returns the multiplicative order of the primitive root.

func (Ring) PadDefaultRingToConjugateInvariant 

func (r Ring) PadDefaultRingToConjugateInvariant(polyStandard Poly, IsNTT bool, polyConjugateInvariant Poly)

PadDefaultRingToConjugateInvariant converts a polynomial in Z[X]/(X^N +1) to a polynomial in Z[X+X^-1]/(X^2N+1).

func (Ring) PolyToBigint 

func (r Ring) PolyToBigint(p1 Poly, gap int, coeffsBigint []*big.Int)

PolyToBigint reconstructs p1 and returns the result in an array of Int. gap defines coefficients X^{i*gap} that will be reconstructed. For example, if gap = 1, then all coefficients are reconstructed, while if gap = 2 then only coefficients X^{2*i} are reconstructed.

func (Ring) PolyToBigintCentered 

func (r Ring) PolyToBigintCentered(p1 Poly, gap int, coeffsBigint []*big.Int)

PolyToBigintCentered reconstructs p1 and returns the result in an array of Int. Coefficients are centered around Q/2 gap defines coefficients X^{i*gap} that will be reconstructed. For example, if gap = 1, then all coefficients are reconstructed, while if gap = 2 then only coefficients X^{2*i} are reconstructed.

func (Ring) PolyToString 

func (r Ring) PolyToString(p1 Poly) []string

PolyToString reconstructs p1 and returns the result in an array of string.

func (Ring) Reduce 

func (r Ring) Reduce(p1, p2 Poly)

Reduce evaluates p2 = p1 coefficient-wise mod modulus in the ring.

func (Ring) ReduceLazy 

func (r Ring) ReduceLazy(p1, p2 Poly)

ReduceLazy evaluates p2 = p1 coefficient-wise mod modulus in the ring, with p2 in [0, 2*modulus-1].

func (Ring) SetCoefficientsBigint 

func (r Ring) SetCoefficientsBigint(coeffs []*big.Int, p1 Poly)

SetCoefficientsBigint sets the coefficients of p1 from an array of Int variables.

func (Ring) Shift 

func (r Ring) Shift(p1 Poly, k int, p2 Poly)

Shift evaluates p2 = p2<<<k coefficient-wise in the ring.

func (Ring) StandardRing 

func (r Ring) StandardRing() (*Ring, error)

StandardRing returns the standard ring of the receiver ring. If `r.Type()==Standard`, then the method returns the receiver. if `r.Type()==ConjugateInvariant`, then the method returns a ring with ring degree 2N. The returned Ring is a shallow copy of the receiver.

func (Ring) Sub 

func (r Ring) Sub(p1, p2, p3 Poly)

Sub evaluates p3 = p1 - p2 coefficient-wise in the ring.

func (Ring) SubDoubleRNSScalar 

func (r Ring) SubDoubleRNSScalar(p1 Poly, scalar0, scalar1 RNSScalar, p2 Poly)

SubDoubleRNSScalar evaluates p2 = p1[:N/2] - scalar0 || p1[N/2] - scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level.

func (Ring) SubLazy 

func (r Ring) SubLazy(p1, p2, p3 Poly)

SubLazy evaluates p3 = p1 - p2 coefficient-wise in the ring, with p3 in [0, 2*modulus-1].

func (*Ring) SubRNSScalar 

func (r *Ring) SubRNSScalar(s1, s2, sout RNSScalar)

SubRNSScalar subtracts s2 to s1 and stores the result in sout.

func (Ring) SubScalar 

func (r Ring) SubScalar(p1 Poly, scalar uint64, p2 Poly)

SubScalar evaluates p2 = p1 - scalar coefficient-wise in the ring.

func (Ring) SubScalarBigint 

func (r Ring) SubScalarBigint(p1 Poly, scalar *big.Int, p2 Poly)

SubScalarBigint evaluates p2 = p1 - scalar coefficient-wise in the ring.

func (*Ring) Type 

func (r *Ring) Type() Type

Type returns the Type of the first subring which might be either `Standard` or `ConjugateInvariant`.

func (Ring) UnfoldConjugateInvariantToStandard 

func (r Ring) UnfoldConjugateInvariantToStandard(polyConjugateInvariant, polyStandard Poly)

UnfoldConjugateInvariantToStandard maps the compressed representation (N/2 coefficients) of Z_Q[X+X^-1]/(X^2N + 1) to full representation in Z_Q[X]/(X^2N+1). Requires degree(polyConjugateInvariant) = 2*degree(polyStandard). Requires that polyStandard and polyConjugateInvariant share the same moduli.

func (*Ring) UnmarshalBinary 

func (r *Ring) UnmarshalBinary(data []byte) (err error)

UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or MarshalJSON on the object.

func (*Ring) UnmarshalJSON 

func (r *Ring) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON decodes a slice of bytes generated by MarshalJSON or MarshalBinary on the object.

type Sampler 

type Sampler interface {
	Read(pol Poly)
	ReadNew() (pol Poly)
	ReadAndAdd(pol Poly)
	AtLevel(level int) Sampler
}

Sampler is an interface for random polynomial samplers. It has a single Read method which takes as argument the polynomial to be populated according to the Sampler's distribution.

func NewSampler 

func NewSampler(prng sampling.PRNG, baseRing *Ring, X DistributionParameters, montgomery bool) (Sampler, error)

type SubRing 

type SubRing struct {

	// Polynomial nb.Coefficients
	N int

	// Modulus
	Modulus uint64

	// Unique factors of Modulus-1
	Factors []uint64

	// 2^bit_length(Modulus) - 1
	Mask uint64

	// Fast reduction constants
	BRedConstant []uint64 // Barrett Reduction
	MRedConstant uint64   // Montgomery Reduction

	*NTTTable // NTT related constants
	// contains filtered or unexported fields
}

SubRing is a struct storing precomputation for fast modular reduction and NTT for a given modulus.

func NewSubRing 

func NewSubRing(N int, Modulus uint64) (s *SubRing, err error)

NewSubRing creates a new SubRing with the standard NTT. NTT constants still need to be generated using .GenNTTConstants(NthRoot uint64).

func NewSubRingWithCustomNTT 

func NewSubRingWithCustomNTT(N int, Modulus uint64, ntt func(*SubRing, int) NumberTheoreticTransformer, NthRoot int) (s *SubRing, err error)

NewSubRingWithCustomNTT creates a new SubRing with degree N and modulus Modulus with user-defined NTT transform and primitive Nth root of unity. Modulus should be equal to 1 modulo the root of unity. N must be a power of two larger than 8. An error is returned with a nil *SubRing in the case of non NTT-enabling parameters.

func (*SubRing) Add 

func (s *SubRing) Add(p1, p2, p3 []uint64)

Add evaluates p3 = p1 + p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddLazy 

func (s *SubRing) AddLazy(p1, p2, p3 []uint64)

AddLazy evaluates p3 = p1 + p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddLazyThenMulScalarMontgomery 

func (s *SubRing) AddLazyThenMulScalarMontgomery(p1, p2 []uint64, scalarMont uint64, p3 []uint64)

AddLazyThenMulScalarMontgomery evaluates p3 = (p1+p2)*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddScalar 

func (s *SubRing) AddScalar(p1 []uint64, scalar uint64, p2 []uint64)

AddScalar evaluates p2 = p1 + scalar (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddScalarLazy 

func (s *SubRing) AddScalarLazy(p1 []uint64, scalar uint64, p2 []uint64)

AddScalarLazy evaluates p2 = p1 + scalar. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddScalarLazyThenMulScalarMontgomery 

func (s *SubRing) AddScalarLazyThenMulScalarMontgomery(p1 []uint64, scalar0, scalarMont1 uint64, p2 []uint64)

AddScalarLazyThenMulScalarMontgomery evaluates p3 = (scalarMont0+p2)*scalarMont1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddScalarLazyThenNegTwoModulusLazy 

func (s *SubRing) AddScalarLazyThenNegTwoModulusLazy(p1 []uint64, scalar uint64, p2 []uint64)

AddScalarLazyThenNegTwoModulusLazy evaluates p2 = 2*modulus - p1 + scalar. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) IMForm 

func (s *SubRing) IMForm(p1, p2 []uint64)

IMForm evaluates p2 = p1 * (2^64)^-1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) INTT 

func (s *SubRing) INTT(p1, p2 []uint64)

INTT evaluates p2 = INTT(p1).

func (*SubRing) INTTLazy 

func (s *SubRing) INTTLazy(p1, p2 []uint64)

INTTLazy evaluates p2 = INTT(p1) with p2 in [0, 2*modulus-1].

func (*SubRing) MForm 

func (s *SubRing) MForm(p1, p2 []uint64)

MForm evaluates p2 = p1 * 2^64 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MFormLazy 

func (s *SubRing) MFormLazy(p1, p2 []uint64)

MFormLazy evaluates p2 = p1 * 2^64 (mod modulus) with p2 in the range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsBarrett 

func (s *SubRing) MulCoeffsBarrett(p1, p2, p3 []uint64)

MulCoeffsBarrett evaluates p3 = p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsBarrettLazy 

func (s *SubRing) MulCoeffsBarrettLazy(p1, p2, p3 []uint64)

MulCoeffsBarrettLazy evaluates p3 = p1*p2 (mod modulus) with p3 in [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsBarrettThenAdd 

func (s *SubRing) MulCoeffsBarrettThenAdd(p1, p2, p3 []uint64)

MulCoeffsBarrettThenAdd evaluates p3 = p3 + (p1*p2) (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsBarrettThenAddLazy 

func (s *SubRing) MulCoeffsBarrettThenAddLazy(p1, p2, p3 []uint64)

MulCoeffsBarrettThenAddLazy evaluates p3 = p3 + p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsLazy 

func (s *SubRing) MulCoeffsLazy(p1, p2, p3 []uint64)

MulCoeffsLazy evaluates p3 = p1*p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsLazyThenAddLazy 

func (s *SubRing) MulCoeffsLazyThenAddLazy(p1, p2, p3 []uint64)

MulCoeffsLazyThenAddLazy evaluates p3 = p3 + p1*p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomery 

func (s *SubRing) MulCoeffsMontgomery(p1, p2, p3 []uint64)

MulCoeffsMontgomery evaluates p3 = p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryLazy 

func (s *SubRing) MulCoeffsMontgomeryLazy(p1, p2, p3 []uint64)

MulCoeffsMontgomeryLazy evaluates p3 = p1*p2 (mod modulus) with p3 in range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryLazyThenAddLazy 

func (s *SubRing) MulCoeffsMontgomeryLazyThenAddLazy(p1, p2, p3 []uint64)

MulCoeffsMontgomeryLazyThenAddLazy evaluates p3 = p3 + p1*p2 (mod modulus) with p3 in range [0, 3modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryLazyThenNeg 

func (s *SubRing) MulCoeffsMontgomeryLazyThenNeg(p1, p2, p3 []uint64)

MulCoeffsMontgomeryLazyThenNeg evaluates p3 = - p1*p2 (mod modulus) with p3 in range [0, 2*modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryLazyThenSubLazy 

func (s *SubRing) MulCoeffsMontgomeryLazyThenSubLazy(p1, p2, p3 []uint64)

MulCoeffsMontgomeryLazyThenSubLazy evaluates p3 = p3 - p1*p2 (mod modulus) with p3 in range [0, 3*modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryThenAdd 

func (s *SubRing) MulCoeffsMontgomeryThenAdd(p1, p2, p3 []uint64)

MulCoeffsMontgomeryThenAdd evaluates p3 = p3 + (p1*p2) (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryThenAddLazy 

func (s *SubRing) MulCoeffsMontgomeryThenAddLazy(p1, p2, p3 []uint64)

MulCoeffsMontgomeryThenAddLazy evaluates p3 = p3 + (p1*p2 (mod modulus)). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryThenSub 

func (s *SubRing) MulCoeffsMontgomeryThenSub(p1, p2, p3 []uint64)

MulCoeffsMontgomeryThenSub evaluates p3 = p3 - p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryThenSubLazy 

func (s *SubRing) MulCoeffsMontgomeryThenSubLazy(p1, p2, p3 []uint64)

MulCoeffsMontgomeryThenSubLazy evaluates p3 = p3 - p1*p2 (mod modulus) with p3 in range [0, 2*modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulScalarMontgomery 

func (s *SubRing) MulScalarMontgomery(p1 []uint64, scalarMont uint64, p2 []uint64)

MulScalarMontgomery evaluates p2 = p1*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulScalarMontgomeryLazy 

func (s *SubRing) MulScalarMontgomeryLazy(p1 []uint64, scalarMont uint64, p2 []uint64)

MulScalarMontgomeryLazy evaluates p2 = p1*scalarMont (mod modulus) with p2 in range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulScalarMontgomeryThenAdd 

func (s *SubRing) MulScalarMontgomeryThenAdd(p1 []uint64, scalarMont uint64, p2 []uint64)

MulScalarMontgomeryThenAdd evaluates p2 = p2 + p1*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulScalarMontgomeryThenAddScalar 

func (s *SubRing) MulScalarMontgomeryThenAddScalar(p1 []uint64, scalar0, scalarMont1 uint64, p2 []uint64)

MulScalarMontgomeryThenAddScalar evaluates p2 = scalar + p1*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) NTT 

func (s *SubRing) NTT(p1, p2 []uint64)

NTT evaluates p2 = NTT(p1).

func (*SubRing) NTTLazy 

func (s *SubRing) NTTLazy(p1, p2 []uint64)

NTTLazy evaluates p2 = NTT(p1) with p2 in [0, 2*modulus-1].

func (*SubRing) Neg 

func (s *SubRing) Neg(p1, p2 []uint64)

Neg evaluates p2 = -p1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) Reduce 

func (s *SubRing) Reduce(p1, p2 []uint64)

Reduce evaluates p2 = p1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) ReduceLazy 

func (s *SubRing) ReduceLazy(p1, p2 []uint64)

ReduceLazy evaluates p2 = p1 (mod modulus) with p2 in range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) Sub 

func (s *SubRing) Sub(p1, p2, p3 []uint64)

Sub evaluates p3 = p1 - p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) SubLazy 

func (s *SubRing) SubLazy(p1, p2, p3 []uint64)

SubLazy evaluates p3 = p1 - p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) SubScalar 

func (s *SubRing) SubScalar(p1 []uint64, scalar uint64, p2 []uint64)

SubScalar evaluates p2 = p1 - scalar (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) SubThenMulScalarMontgomeryTwoModulus 

func (s *SubRing) SubThenMulScalarMontgomeryTwoModulus(p1, p2 []uint64, scalarMont uint64, p3 []uint64)

SubThenMulScalarMontgomeryTwoModulus evaluates p3 = (p1 + twomodulus - p2) * scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) Type 

func (s *SubRing) Type() Type

Type returns the Type of subring which might be either `Standard` or `ConjugateInvariant`.

type Ternary 

type Ternary struct {
	P float64
	H int
}

Ternary represent the parameters of a distribution with coefficients in [-1, 0, 1]. Only one of its field must be set to a non-zero value:

  • If P is set, each coefficient in the polynomial is sampled in [-1, 0, 1] with probabilities [0.5*P, 1-P, 0.5*P].
  • if H is set, the coefficients are sampled uniformly in the set of ternary polynomials with H non-zero coefficients (i.e., of hamming weight H).

func (Ternary) MarshalJSON 

func (d Ternary) MarshalJSON() ([]byte, error)

func (Ternary) Type 

func (d Ternary) Type() string

type TernarySampler 

type TernarySampler struct {
	// contains filtered or unexported fields
}

TernarySampler keeps the state of a polynomial sampler in the ternary distribution.

func NewTernarySampler 

func NewTernarySampler(prng sampling.PRNG, baseRing *Ring, X Ternary, montgomery bool) (ts *TernarySampler, err error)

NewTernarySampler creates a new instance of TernarySampler from a PRNG, the ring definition and the distribution parameters (see type Ternary). If "montgomery" is set to true, polynomials read from this sampler are in Montgomery form.

func (*TernarySampler) AtLevel 

func (ts *TernarySampler) AtLevel(level int) Sampler

AtLevel returns an instance of the target TernarySampler to sample at the given level. The returned sampler cannot be used concurrently to the original sampler.

func (*TernarySampler) Read 

func (ts *TernarySampler) Read(pol Poly)

Read samples a polynomial into pol.

func (*TernarySampler) ReadAndAdd 

func (ts *TernarySampler) ReadAndAdd(pol Poly)

func (*TernarySampler) ReadNew 

func (ts *TernarySampler) ReadNew() (pol Poly)

ReadNew allocates and samples a polynomial at the max level.

type Type 

type Type int

Type is the type of ring used by the cryptographic scheme

func (Type) MarshalJSON 

func (rt Type) MarshalJSON() ([]byte, error)

MarshalJSON marshals the receiver Type into a JSON []byte

func (Type) String 

func (rt Type) String() string

String returns the string representation of the ring Type

func (*Type) UnmarshalJSON 

func (rt *Type) UnmarshalJSON(b []byte) error

UnmarshalJSON reads a JSON byte slice into the receiver Type

type Uniform 

type Uniform struct{}

Uniform represents the parameters of a uniform distribution i.e., with coefficients uniformly distributed in the given ring.

func (Uniform) MarshalJSON 

func (d Uniform) MarshalJSON() ([]byte, error)

func (Uniform) Type 

func (d Uniform) Type() string

type UniformSampler 

type UniformSampler struct {
	// contains filtered or unexported fields
}

UniformSampler wraps a util.PRNG and represents the state of a sampler of uniform polynomials.

func NewUniformSampler 

func NewUniformSampler(prng sampling.PRNG, baseRing *Ring) (u *UniformSampler)

NewUniformSampler creates a new instance of UniformSampler from a PRNG and ring definition.

func (*UniformSampler) AtLevel 

func (u *UniformSampler) AtLevel(level int) Sampler

AtLevel returns an instance of the target UniformSampler to sample at the given level. The returned sampler cannot be used concurrently to the original sampler.

func (*UniformSampler) Read 

func (u *UniformSampler) Read(pol Poly)

func (*UniformSampler) ReadAndAdd 

func (u *UniformSampler) ReadAndAdd(pol Poly)

func (*UniformSampler) ReadNew 

func (u *UniformSampler) ReadNew() (pol Poly)

ReadNew generates a new polynomial with coefficients following a uniform distribution over [0, Qi-1]. Polynomial is created at the max level.

func (*UniformSampler) WithPRNG 

func (u *UniformSampler) WithPRNG(prng sampling.PRNG) *UniformSampler

Source Files

View all Source files

Directories

Path Synopsis
Package ringqp is implements a wrapper for both the ringQ and ringP.
 Package ringqp is implements a wrapper for both the ringQ and ringP.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.