Documentation ¶
Overview ¶
Package ring implements RNS-accelerated modular arithmetic operations for polynomials, including: RNS basis extension; RNS rescaling; number theoretic transform (NTT); uniform, Gaussian and ternary sampling.
Index ¶
- Constants
- Variables
- func AutomorphismNTTIndex(N int, NthRoot, GalEl uint64) (index []uint64, err error)
- func BRed(x, y, q uint64, bredconstant [2]uint64) (r uint64)
- func BRedAdd(a, q uint64, bredconstant [2]uint64) (r uint64)
- func BRedAddLazy(x, q uint64, bredconstant [2]uint64) uint64
- func BRedLazy(x, y, q uint64, bredconstant [2]uint64) (r uint64)
- func CRed(a, q uint64) uint64
- func CheckFactors(m uint64, factors []uint64) (err error)
- func CheckPrimitiveRoot(g, q uint64, factors []uint64) (err error)
- func EvalPolyModP(x uint64, poly []uint64, p uint64) (y uint64)
- func GenBRedConstant(q uint64) [2]uint64
- func GenMRedConstant(q uint64) (mredconstant uint64)
- func IMForm(a, q, mredconstant uint64) (r uint64)
- func IMFormLazy(a, q, mredconstant uint64) (r uint64)
- func INTTConjugateInvariant(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, roots []uint64)
- func INTTConjugateInvariantLazy(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, roots []uint64)
- func INTTStandard(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, roots []uint64)
- func INTTStandardLazy(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, roots []uint64)
- func IsPrime(x uint64) bool
- func MForm(a, q uint64, bredconstant [2]uint64) (r uint64)
- func MFormLazy(a, q uint64, bredconstant [2]uint64) (r uint64)
- func MRed(x, y, q, mredconstant uint64) (r uint64)
- func MRedLazy(x, y, q, mredconstant uint64) (r uint64)
- func MapSmallDimensionToLargerDimensionNTT(polSmall, polLarge Poly)
- func MaskVec(p1 []uint64, w int, mask uint64, p2 []uint64)
- func Min(x, y int) int
- func ModExp(x, e, p uint64) (result uint64)
- func ModExpPow2(x, e, p uint64) (result uint64)
- func ModUpExact(p1, p2 [][]uint64, ringQ, ringP *Ring, MUC ModUpConstants)
- func ModexpMontgomery(x uint64, e int, q, mredconstant uint64, bredconstant [2]uint64) (result uint64)
- func NTTConjugateInvariant(p1, p2 []uint64, N int, Q, MRedConstant uint64, BRedConstant [2]uint64, ...)
- func NTTConjugateInvariantLazy(p1, p2 []uint64, N int, Q, MRedConstant uint64, roots []uint64)
- func NTTStandard(p1, p2 []uint64, N int, Q, MRedConstant uint64, BRedConstant [2]uint64, ...)
- func NTTStandardLazy(p1, p2 []uint64, N int, Q, MRedConstant uint64, roots []uint64)
- func PrimitiveRoot(q uint64, factors []uint64) (uint64, []uint64, error)
- func RandUniform(prng sampling.PRNG, v uint64, mask uint64) (randomInt uint64)
- func ZeroVec(p1 []uint64)
- type BasisExtender
- func (be *BasisExtender) ModDownQPtoP(levelQ, levelP int, p1Q, p1P, p2P Poly)
- func (be *BasisExtender) ModDownQPtoQ(levelQ, levelP int, p1Q, p1P, p2Q Poly)
- func (be *BasisExtender) ModDownQPtoQNTT(levelQ, levelP int, p1Q, p1P, p2Q Poly)
- func (be *BasisExtender) ModUpPtoQ(levelP, levelQ int, polP, polQ Poly)
- func (be *BasisExtender) ModUpQtoP(levelQ, levelP int, polQ, polP Poly)
- func (be *BasisExtender) ShallowCopy() *BasisExtender
- type Decomposer
- type Dimensions
- type DiscreteGaussian
- type DistributionParameters
- type GaussianSampler
- type Interpolator
- type ModUpConstants
- type NTTFriendlyPrimesGenerator
- func (n *NTTFriendlyPrimesGenerator) NextAlternatingPrime() (uint64, error)
- func (n *NTTFriendlyPrimesGenerator) NextAlternatingPrimes(k int) (primes []uint64, err error)
- func (n *NTTFriendlyPrimesGenerator) NextDownstreamPrime() (uint64, error)
- func (n *NTTFriendlyPrimesGenerator) NextDownstreamPrimes(k int) (primes []uint64, err error)
- func (n *NTTFriendlyPrimesGenerator) NextUpstreamPrime() (uint64, error)
- func (n *NTTFriendlyPrimesGenerator) NextUpstreamPrimes(k int) (primes []uint64, err error)
- type NTTTable
- type NumberTheoreticTransformer
- type NumberTheoreticTransformerConjugateInvariant
- func (rntt NumberTheoreticTransformerConjugateInvariant) Backward(p1, p2 []uint64)
- func (rntt NumberTheoreticTransformerConjugateInvariant) BackwardLazy(p1, p2 []uint64)
- func (rntt NumberTheoreticTransformerConjugateInvariant) Forward(p1, p2 []uint64)
- func (rntt NumberTheoreticTransformerConjugateInvariant) ForwardLazy(p1, p2 []uint64)
- type NumberTheoreticTransformerStandard
- type Parameters
- type Poly
- func (pol Poly) BinarySize() (size int)
- func (pol *Poly) Copy(p1 Poly)
- func (pol *Poly) CopyLvl(level int, p1 Poly)
- func (pol Poly) CopyNew() *Poly
- func (pol Poly) Equal(other *Poly) bool
- func (pol Poly) Level() int
- func (pol Poly) MarshalBinary() (p []byte, err error)
- func (pol Poly) N() int
- func (pol *Poly) ReadFrom(r io.Reader) (n int64, err error)
- func (pol *Poly) Resize(level int)
- func (pol *Poly) UnmarshalBinary(p []byte) (err error)
- func (pol Poly) WriteTo(w io.Writer) (n int64, err error)
- func (pol Poly) Zero()
- type RNSScalar
- type Ring
- func (r Ring) Add(p1, p2, p3 Poly)
- func (r Ring) AddDoubleRNSScalar(p1 Poly, scalar0, scalar1 RNSScalar, p2 Poly)
- func (r Ring) AddLazy(p1, p2, p3 Poly)
- func (r Ring) AddScalar(p1 Poly, scalar uint64, p2 Poly)
- func (r Ring) AddScalarBigint(p1 Poly, scalar *big.Int, p2 Poly)
- func (r Ring) AtLevel(level int) *Ring
- func (r Ring) Automorphism(polIn Poly, gen uint64, polOut Poly)
- func (r Ring) AutomorphismNTT(polIn Poly, gen uint64, polOut Poly)
- func (r Ring) AutomorphismNTTWithIndex(polIn Poly, index []uint64, polOut Poly)
- func (r Ring) AutomorphismNTTWithIndexThenAddLazy(polIn Poly, index []uint64, polOut Poly)
- func (r Ring) BRedConstants() (BRC [][2]uint64)
- func (r Ring) ConjugateInvariantRing() (*Ring, error)
- func (r Ring) DivFloorByLastModulus(p0, p1 Poly)
- func (r Ring) DivFloorByLastModulusMany(nbRescales int, p0, buff, p1 Poly)
- func (r Ring) DivFloorByLastModulusManyNTT(nbRescales int, p0, buff, p1 Poly)
- func (r Ring) DivFloorByLastModulusNTT(p0, buff, p1 Poly)
- func (r Ring) DivRoundByLastModulus(p0, p1 Poly)
- func (r Ring) DivRoundByLastModulusMany(nbRescales int, p0, buff, p1 Poly)
- func (r Ring) DivRoundByLastModulusManyNTT(nbRescales int, p0, buff, p1 Poly)
- func (r Ring) DivRoundByLastModulusNTT(p0, buff, p1 Poly)
- func (r Ring) Equal(p1, p2 Poly) bool
- func (r Ring) EvalPolyScalar(p1 []Poly, scalar uint64, p2 Poly)
- func (r Ring) FoldStandardToConjugateInvariant(polyStandard Poly, permuteNTTIndexInv []uint64, polyConjugateInvariant Poly)
- func (r Ring) IMForm(p1, p2 Poly)
- func (r Ring) INTT(p1, p2 Poly)
- func (r Ring) INTTLazy(p1, p2 Poly)
- func (r *Ring) Inverse(a RNSScalar)
- func (r Ring) Level() int
- func (r Ring) Log2OfStandardDeviation(poly Poly) (std float64)
- func (r Ring) LogModuli() (logmod float64)
- func (r Ring) LogN() int
- func (r Ring) MForm(p1, p2 Poly)
- func (r Ring) MFormLazy(p1, p2 Poly)
- func (r *Ring) MFormRNSScalar(s1, s2 RNSScalar)
- func (r Ring) MRedConstants() (MRC []uint64)
- func (r Ring) MarshalBinary() (data []byte, err error)
- func (r Ring) MarshalJSON() (data []byte, err error)
- func (r Ring) MaxLevel() int
- func (r Ring) ModuliChain() (moduli []uint64)
- func (r Ring) ModuliChainLength() int
- func (r Ring) Modulus() *big.Int
- func (r Ring) MulByVectorMontgomery(p1 Poly, vector []uint64, p2 Poly)
- func (r Ring) MulByVectorMontgomeryThenAddLazy(p1 Poly, vector []uint64, p2 Poly)
- func (r Ring) MulCoeffsBarrett(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsBarrettLazy(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsBarrettThenAdd(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsBarrettThenAddLazy(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsMontgomery(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsMontgomeryLazy(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsMontgomeryLazyThenAddLazy(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsMontgomeryLazyThenNeg(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsMontgomeryLazyThenSubLazy(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsMontgomeryThenAdd(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsMontgomeryThenAddLazy(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsMontgomeryThenSub(p1, p2, p3 Poly)
- func (r Ring) MulCoeffsMontgomeryThenSubLazy(p1, p2, p3 Poly)
- func (r Ring) MulDoubleRNSScalar(p1 Poly, scalar0, scalar1 RNSScalar, p2 Poly)
- func (r Ring) MulDoubleRNSScalarThenAdd(p1 Poly, scalar0, scalar1 RNSScalar, p2 Poly)
- func (r *Ring) MulRNSScalar(s1, s2, sout RNSScalar)
- func (r Ring) MulRNSScalarMontgomery(p1 Poly, scalar RNSScalar, p2 Poly)
- func (r Ring) MulScalar(p1 Poly, scalar uint64, p2 Poly)
- func (r Ring) MulScalarBigint(p1 Poly, scalar *big.Int, p2 Poly)
- func (r Ring) MulScalarBigintThenAdd(p1 Poly, scalar *big.Int, p2 Poly)
- func (r Ring) MulScalarThenAdd(p1 Poly, scalar uint64, p2 Poly)
- func (r Ring) MulScalarThenSub(p1 Poly, scalar uint64, p2 Poly)
- func (r Ring) MultByMonomial(p1 Poly, k int, p2 Poly)
- func (r Ring) N() int
- func (r Ring) NTT(p1, p2 Poly)
- func (r Ring) NTTLazy(p1, p2 Poly)
- func (r Ring) Neg(p1, p2 Poly)
- func (r *Ring) NegRNSScalar(s1, s2 RNSScalar)
- func (r Ring) NewMonomialXi(i int) (p Poly)
- func (r Ring) NewPoly() Poly
- func (r *Ring) NewRNSScalar() RNSScalar
- func (r *Ring) NewRNSScalarFromBigint(v *big.Int) (rns RNSScalar)
- func (r *Ring) NewRNSScalarFromUInt64(v uint64) (rns RNSScalar)
- func (r Ring) NthRoot() uint64
- func (r Ring) PadDefaultRingToConjugateInvariant(polyStandard Poly, IsNTT bool, polyConjugateInvariant Poly)
- func (r Ring) PolyToBigint(p1 Poly, gap int, coeffsBigint []*big.Int)
- func (r Ring) PolyToBigintCentered(p1 Poly, gap int, coeffsBigint []*big.Int)
- func (r Ring) PolyToString(p1 Poly) []string
- func (r Ring) Reduce(p1, p2 Poly)
- func (r Ring) ReduceLazy(p1, p2 Poly)
- func (r Ring) SetCoefficientsBigint(coeffs []*big.Int, p1 Poly)
- func (r Ring) Shift(p1 Poly, k int, p2 Poly)
- func (r Ring) StandardRing() (*Ring, error)
- func (r Ring) Sub(p1, p2, p3 Poly)
- func (r Ring) SubDoubleRNSScalar(p1 Poly, scalar0, scalar1 RNSScalar, p2 Poly)
- func (r Ring) SubLazy(p1, p2, p3 Poly)
- func (r *Ring) SubRNSScalar(s1, s2, sout RNSScalar)
- func (r Ring) SubScalar(p1 Poly, scalar uint64, p2 Poly)
- func (r Ring) SubScalarBigint(p1 Poly, scalar *big.Int, p2 Poly)
- func (r *Ring) Type() Type
- func (r Ring) UnfoldConjugateInvariantToStandard(polyConjugateInvariant, polyStandard Poly)
- func (r *Ring) UnmarshalBinary(data []byte) (err error)
- func (r *Ring) UnmarshalJSON(data []byte) (err error)
- type Sampler
- type SubRing
- func (s *SubRing) Add(p1, p2, p3 []uint64)
- func (s *SubRing) AddLazy(p1, p2, p3 []uint64)
- func (s *SubRing) AddLazyThenMulScalarMontgomery(p1, p2 []uint64, scalarMont uint64, p3 []uint64)
- func (s *SubRing) AddScalar(p1 []uint64, scalar uint64, p2 []uint64)
- func (s *SubRing) AddScalarLazy(p1 []uint64, scalar uint64, p2 []uint64)
- func (s *SubRing) AddScalarLazyThenMulScalarMontgomery(p1 []uint64, scalar0, scalarMont1 uint64, p2 []uint64)
- func (s *SubRing) AddScalarLazyThenNegTwoModulusLazy(p1 []uint64, scalar uint64, p2 []uint64)
- func (s *SubRing) IMForm(p1, p2 []uint64)
- func (s *SubRing) INTT(p1, p2 []uint64)
- func (s *SubRing) INTTLazy(p1, p2 []uint64)
- func (s *SubRing) MForm(p1, p2 []uint64)
- func (s *SubRing) MFormLazy(p1, p2 []uint64)
- func (s *SubRing) MulCoeffsBarrett(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsBarrettLazy(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsBarrettThenAdd(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsBarrettThenAddLazy(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsLazy(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsLazyThenAddLazy(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsMontgomery(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsMontgomeryLazy(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsMontgomeryLazyThenAddLazy(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsMontgomeryLazyThenNeg(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsMontgomeryLazyThenSubLazy(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsMontgomeryThenAdd(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsMontgomeryThenAddLazy(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsMontgomeryThenSub(p1, p2, p3 []uint64)
- func (s *SubRing) MulCoeffsMontgomeryThenSubLazy(p1, p2, p3 []uint64)
- func (s *SubRing) MulScalarMontgomery(p1 []uint64, scalarMont uint64, p2 []uint64)
- func (s *SubRing) MulScalarMontgomeryLazy(p1 []uint64, scalarMont uint64, p2 []uint64)
- func (s *SubRing) MulScalarMontgomeryThenAdd(p1 []uint64, scalarMont uint64, p2 []uint64)
- func (s *SubRing) MulScalarMontgomeryThenAddScalar(p1 []uint64, scalar0, scalarMont1 uint64, p2 []uint64)
- func (s *SubRing) NTT(p1, p2 []uint64)
- func (s *SubRing) NTTLazy(p1, p2 []uint64)
- func (s *SubRing) Neg(p1, p2 []uint64)
- func (s *SubRing) Reduce(p1, p2 []uint64)
- func (s *SubRing) ReduceLazy(p1, p2 []uint64)
- func (s *SubRing) Sub(p1, p2, p3 []uint64)
- func (s *SubRing) SubLazy(p1, p2, p3 []uint64)
- func (s *SubRing) SubScalar(p1 []uint64, scalar uint64, p2 []uint64)
- func (s *SubRing) SubThenMulScalarMontgomeryTwoModulus(p1, p2 []uint64, scalarMont uint64, p3 []uint64)
- func (s *SubRing) Type() Type
- type Ternary
- type TernarySampler
- type Type
- type Uniform
- type UniformSampler
Constants ¶
const ( // GaloisGen is an integer of order N/2 modulo M that spans Z_M with the integer -1. // The j-th ring automorphism takes the root zeta to zeta^(5j). GaloisGen uint64 = 5 // MinimumRingDegreeForLoopUnrolledOperations is the minimum ring degree required to // safely perform loop-unrolled operations MinimumRingDegreeForLoopUnrolledOperations = 8 )
const ( Standard = Type(0) // Z[X]/(X^N + 1) (Default) ConjugateInvariant = Type(1) // Z[X+X^-1]/(X^2N + 1) )
RingStandard and RingConjugateInvariant are two types of Rings.
const ( // MinimumRingDegreeForLoopUnrolledNTT is the minimum ring degree // necessary for memory safe loop unrolling MinimumRingDegreeForLoopUnrolledNTT = 16 )
Variables ¶
var Pi60 = []uint64{0x1ffffffff6c80001, 0x1ffffffff6140001, 0x1ffffffff5f40001, 0x1ffffffff5700001,
0x1ffffffff4bc0001, 0x1ffffffff4380001, 0x1ffffffff3240001, 0x1ffffffff2dc0001,
0x1ffffffff1a40001, 0x1ffffffff11c0001, 0x1ffffffff0fc0001, 0x1ffffffff0d80001,
0x1ffffffff0c80001, 0x1ffffffff08c0001, 0x1fffffffefd00001, 0x1fffffffef9c0001,
0x1fffffffef600001, 0x1fffffffeef40001, 0x1fffffffeed40001, 0x1fffffffeed00001,
0x1fffffffeebc0001, 0x1fffffffed540001, 0x1fffffffed440001, 0x1fffffffed2c0001,
0x1fffffffed200001, 0x1fffffffec940001, 0x1fffffffec6c0001, 0x1fffffffebe80001,
0x1fffffffebac0001, 0x1fffffffeba40001, 0x1fffffffeb4c0001, 0x1fffffffeb280001}
Pi60 are the next [32:64] 61-bit close to 2^{62} NTT-friendly primes for N up to 2^{17}
var Qi60 = []uint64{0x1fffffffffe00001, 0x1fffffffffc80001, 0x1fffffffffb40001, 0x1fffffffff500001,
0x1fffffffff380001, 0x1fffffffff000001, 0x1ffffffffef00001, 0x1ffffffffee80001,
0x1ffffffffeb40001, 0x1ffffffffe780001, 0x1ffffffffe600001, 0x1ffffffffe4c0001,
0x1ffffffffdf40001, 0x1ffffffffdac0001, 0x1ffffffffda40001, 0x1ffffffffc680001,
0x1ffffffffc000001, 0x1ffffffffb880001, 0x1ffffffffb7c0001, 0x1ffffffffb300001,
0x1ffffffffb1c0001, 0x1ffffffffadc0001, 0x1ffffffffa400001, 0x1ffffffffa140001,
0x1ffffffff9d80001, 0x1ffffffff9140001, 0x1ffffffff8ac0001, 0x1ffffffff8a80001,
0x1ffffffff81c0001, 0x1ffffffff7800001, 0x1ffffffff7680001, 0x1ffffffff7080001}
Qi60 are the first [0:32] 61-bit close to 2^{62} NTT-friendly primes for N up to 2^{17}
Functions ¶
func AutomorphismNTTIndex ¶
AutomorphismNTTIndex computes the look-up table for the automorphism X^{i} -> X^{i*k mod NthRoot}.
func BRedAddLazy ¶
BRedAddLazy computes a mod q in constant time. The result is between 0 and 2*q-1.
func CheckFactors ¶
CheckFactors checks that the given list of factors contains all the unique primes of m.
func CheckPrimitiveRoot ¶
CheckPrimitiveRoot checks that g is a valid primitive root mod q, given the factors of q-1.
func EvalPolyModP ¶
EvalPolyModP evaluates y = sum poly[i] * x^{i} mod p.
func GenBRedConstant ¶
GenBRedConstant computes the constant for the BRed algorithm. Returns ((2^128)/q)/(2^64) and (2^128)/q mod 2^64.
func GenMRedConstant ¶
GenMRedConstant computes the constant mredconstant = (q^-1) mod 2^64 required for MRed.
func IMForm ¶
IMForm switches a from the Montgomery domain back to the standard domain by computing a*(1/2^64) mod q.
func IMFormLazy ¶
IMFormLazy switches a from the Montgomery domain back to the standard domain by computing a*(1/2^64) mod q in constant time. The result is between 0 and 2*q-1.
func INTTConjugateInvariant ¶
INTTConjugateInvariant evaluates p2 = INTT(p1) in the closed sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1).
func INTTConjugateInvariantLazy ¶
func INTTConjugateInvariantLazy(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, roots []uint64)
INTTConjugateInvariantLazy evaluates p2 = INTT(p1) in the closed sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1) with p2 in the range [0, 2*modulus-1].
func INTTStandard ¶
INTTStandard evaluates p2 = INTTStandard(p1) in the given SubRing.
func INTTStandardLazy ¶
INTTStandardLazy evaluates p2 = INTT(p1) in the given SubRing with p2 in [0, 2*modulus-1].
func MFormLazy ¶
MFormLazy switches a to the Montgomery domain by computing a*2^64 mod q in constant time. The result is between 0 and 2*q-1.
func MRedLazy ¶
MRedLazy computes x * y * (1/2^64) mod q in constant time. The result is between 0 and 2*q-1.
func MapSmallDimensionToLargerDimensionNTT ¶
func MapSmallDimensionToLargerDimensionNTT(polSmall, polLarge Poly)
MapSmallDimensionToLargerDimensionNTT maps Y = X^{N/n} -> X directly in the NTT domain
func MaskVec ¶
MaskVec evaluates p2 = vec(p1>>w) & mask Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func ModExp ¶
ModExp performs the modular exponentiation x^e mod p, x and p are required to be at most 64 bits to avoid an overflow.
func ModExpPow2 ¶
ModExpPow2 performs the modular exponentiation x^e mod p, where p is a power of two, x and p are required to be at most 64 bits to avoid an overflow.
func ModUpExact ¶
func ModUpExact(p1, p2 [][]uint64, ringQ, ringP *Ring, MUC ModUpConstants)
ModUpExact takes p1 mod Q and switches its basis to P, returning the result on p2. Caution: values are not centered and returned values are in [0, 2P-1].
func ModexpMontgomery ¶
func ModexpMontgomery(x uint64, e int, q, mredconstant uint64, bredconstant [2]uint64) (result uint64)
ModexpMontgomery performs the modular exponentiation x^e mod p, where x is in Montgomery form, and returns x^e in Montgomery form.
func NTTConjugateInvariant ¶
func NTTConjugateInvariant(p1, p2 []uint64, N int, Q, MRedConstant uint64, BRedConstant [2]uint64, roots []uint64)
NTTConjugateInvariant evaluates p2 = NTT(p1) in the sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1).
func NTTConjugateInvariantLazy ¶
NTTConjugateInvariantLazy evaluates p2 = NTT(p1) in the sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1) with p2 in the range [0, 2*modulus-1].
func NTTStandard ¶
func NTTStandard(p1, p2 []uint64, N int, Q, MRedConstant uint64, BRedConstant [2]uint64, roots []uint64)
NTTStandard computes the NTTStandard in the given SubRing.
func NTTStandardLazy ¶
NTTStandardLazy computes the NTTStandard in the given SubRing with p2 in [0, 2*modulus-1].
func PrimitiveRoot ¶
PrimitiveRoot computes the smallest primitive root of the given prime q The unique factors of q-1 can be given to speed up the search for the root.
func RandUniform ¶
RandUniform samples a uniform randomInt variable in the range [0, mask] until randomInt is in the range [0, v-1]. mask needs to be of the form 2^n -1.
Types ¶
type BasisExtender ¶
type BasisExtender struct {
// contains filtered or unexported fields
}
BasisExtender stores the necessary parameters for RNS basis extension. The used algorithm is from https://eprint.iacr.org/2018/117.pdf.
func NewBasisExtender ¶
func NewBasisExtender(ringQ, ringP *Ring) (be *BasisExtender)
NewBasisExtender creates a new BasisExtender, enabling RNS basis extension from Q to P and P to Q.
func (*BasisExtender) ModDownQPtoP ¶
func (be *BasisExtender) ModDownQPtoP(levelQ, levelP int, p1Q, p1P, p2P Poly)
ModDownQPtoP reduces the basis of a polynomial. Given a polynomial with coefficients in basis {Q0,Q1....QlevelQ} and {P0,P1...PlevelP}, it reduces its basis from {Q0,Q1....QlevelQ} and {P0,P1...PlevelP} to {P0,P1...PlevelP} and does a floored integer division of the result by Q.
func (*BasisExtender) ModDownQPtoQ ¶
func (be *BasisExtender) ModDownQPtoQ(levelQ, levelP int, p1Q, p1P, p2Q Poly)
ModDownQPtoQ reduces the basis of a polynomial. Given a polynomial with coefficients in basis {Q0,Q1....Qlevel} and {P0,P1...Pj}, it reduces its basis from {Q0,Q1....Qlevel} and {P0,P1...Pj} to {Q0,Q1....Qlevel} and does a rounded integer division of the result by P.
func (*BasisExtender) ModDownQPtoQNTT ¶
func (be *BasisExtender) ModDownQPtoQNTT(levelQ, levelP int, p1Q, p1P, p2Q Poly)
ModDownQPtoQNTT reduces the basis of a polynomial. Given a polynomial with coefficients in basis {Q0,Q1....Qi} and {P0,P1...Pj}, it reduces its basis from {Q0,Q1....Qi} and {P0,P1...Pj} to {Q0,Q1....Qi} and does a rounded integer division of the result by P. Inputs must be in the NTT domain.
func (*BasisExtender) ModUpPtoQ ¶
func (be *BasisExtender) ModUpPtoQ(levelP, levelQ int, polP, polQ Poly)
ModUpPtoQ extends the RNS basis of a polynomial from P to PQ. Given a polynomial with coefficients in basis {P0,P1....Plevel}, it extends its basis from {P0,P1....Plevel} to {Q0,Q1...Qj}
func (*BasisExtender) ModUpQtoP ¶
func (be *BasisExtender) ModUpQtoP(levelQ, levelP int, polQ, polP Poly)
ModUpQtoP extends the RNS basis of a polynomial from Q to QP. Given a polynomial with coefficients in basis {Q0,Q1....Qlevel}, it extends its basis from {Q0,Q1....Qlevel} to {Q0,Q1....Qlevel,P0,P1...Pj}
func (*BasisExtender) ShallowCopy ¶
func (be *BasisExtender) ShallowCopy() *BasisExtender
ShallowCopy creates a shallow copy of this basis extender in which the read-only data-structures are shared with the receiver.
type Decomposer ¶
type Decomposer struct { ModUpConstants [][][]ModUpConstants // contains filtered or unexported fields }
Decomposer is a structure that stores the parameters of the arbitrary decomposer. This decomposer takes a p(x)_Q (in basis Q) and returns p(x) mod qi in basis QP, where qi = prod(Q_i) for 0<=i<=L, where L is the number of factors in P.
func NewDecomposer ¶
func NewDecomposer(ringQ, ringP *Ring) (decomposer *Decomposer)
NewDecomposer creates a new Decomposer.
func (*Decomposer) DecomposeAndSplit ¶
func (decomposer *Decomposer) DecomposeAndSplit(levelQ, levelP, nbPi, BaseRNSDecompositionVectorSize int, p0Q, p1Q, p1P Poly)
DecomposeAndSplit decomposes a polynomial p(x) in basis Q, reduces it modulo qi, and returns the result in basis QP separately.
type Dimensions ¶
type Dimensions struct {
Rows, Cols int
}
type DiscreteGaussian ¶
DiscreteGaussian represents the parameters of a discrete Gaussian distribution with standard deviation Sigma and bounds [-Bound, Bound].
func (DiscreteGaussian) MarshalJSON ¶
func (d DiscreteGaussian) MarshalJSON() ([]byte, error)
func (DiscreteGaussian) Type ¶
func (d DiscreteGaussian) Type() string
type DistributionParameters ¶
type DistributionParameters interface { // Type returns a string representation of the distribution name. Type() string // contains filtered or unexported methods }
DistributionParameters is an interface for distribution parameters in the ring. There are three implementation of this interface:
- DiscreteGaussian for sampling polynomials with discretized gaussian coefficient of given standard deviation and bound.
- Ternary for sampling polynomials with coefficients in [-1, 1].
- Uniform for sampling polynomial with uniformly random coefficients in the ring.
func ParametersFromMap ¶
func ParametersFromMap(distDef map[string]interface{}) (DistributionParameters, error)
type GaussianSampler ¶
type GaussianSampler struct {
// contains filtered or unexported fields
}
GaussianSampler keeps the state of a truncated Gaussian polynomial sampler.
func NewGaussianSampler ¶
func NewGaussianSampler(prng sampling.PRNG, baseRing *Ring, X DiscreteGaussian, montgomery bool) (g *GaussianSampler)
NewGaussianSampler creates a new instance of GaussianSampler from a PRNG, a ring definition and the truncated Gaussian distribution parameters. Sigma is the desired standard deviation and bound is the maximum coefficient norm in absolute value.
func (*GaussianSampler) AtLevel ¶
func (g *GaussianSampler) AtLevel(level int) Sampler
AtLevel returns an instance of the target GaussianSampler that operates at the target level. This instance is not thread safe and cannot be used concurrently to the base instance.
func (*GaussianSampler) Read ¶
func (g *GaussianSampler) Read(pol Poly)
Read samples a truncated Gaussian polynomial on "pol" at the maximum level in the default ring, standard deviation and bound.
func (*GaussianSampler) ReadAndAdd ¶
func (g *GaussianSampler) ReadAndAdd(pol Poly)
ReadAndAdd samples a truncated Gaussian polynomial at the given level for the receiver's default standard deviation and bound and adds it on "pol".
func (*GaussianSampler) ReadNew ¶
func (g *GaussianSampler) ReadNew() (pol Poly)
ReadNew samples a new truncated Gaussian polynomial at the maximum level in the default ring, standard deviation and bound.
type Interpolator ¶
type Interpolator struct {
// contains filtered or unexported fields
}
Interpolator is a struct storing the necessary buffer and pre-computation for polynomial interpolation with coefficient in finite fields.
func NewInterpolator ¶
func NewInterpolator(degree int, T uint64) (itp *Interpolator, err error)
NewInterpolator creates a new Interpolator. Returns an error if T is not prime or not congruent to 1 mod 2N, where N is the next power of two greater than degree+1.
func (*Interpolator) Interpolate ¶
func (itp *Interpolator) Interpolate(roots []uint64) (coeffs []uint64)
Interpolate takes a list of roots the coefficients of P(roots) = 0 mod T.
type ModUpConstants ¶
type ModUpConstants struct {
// contains filtered or unexported fields
}
ModUpConstants stores the necessary parameters for RNS basis extension.
func GenModUpConstants ¶
func GenModUpConstants(Q, P []uint64) ModUpConstants
GenModUpConstants generates the ModUpConstants for basis extension from Q to P and P to Q.
type NTTFriendlyPrimesGenerator ¶
type NTTFriendlyPrimesGenerator struct { Size float64 NextPrime, PrevPrime, NthRoot uint64 CheckNextPrime, CheckPrevPrime bool }
NTTFriendlyPrimesGenerator is a struct used to generate NTT friendly primes.
func NewNTTFriendlyPrimesGenerator ¶
func NewNTTFriendlyPrimesGenerator(BitSize, NthRoot uint64) NTTFriendlyPrimesGenerator
NewNTTFriendlyPrimesGenerator instantiates a new NTTFriendlyPrimesGenerator. Primes generated are of the form 2^{BitSize} +/- k * {NthRoot} + 1.
func (*NTTFriendlyPrimesGenerator) NextAlternatingPrime ¶
func (n *NTTFriendlyPrimesGenerator) NextAlternatingPrime() (uint64, error)
NextAlternatingPrime returns the next prime of the form 2^{BitSize} +/- k * {NthRoot} + 1.
func (*NTTFriendlyPrimesGenerator) NextAlternatingPrimes ¶
func (n *NTTFriendlyPrimesGenerator) NextAlternatingPrimes(k int) (primes []uint64, err error)
NextAlternatingPrimes returns the next k primes of the form 2^{BitSize} +/- k * {NthRoot} + 1.
func (*NTTFriendlyPrimesGenerator) NextDownstreamPrime ¶
func (n *NTTFriendlyPrimesGenerator) NextDownstreamPrime() (uint64, error)
NextDownstreamPrime returns the next prime of the form 2^{BitSize} - k * {NthRoot} + 1.
func (*NTTFriendlyPrimesGenerator) NextDownstreamPrimes ¶
func (n *NTTFriendlyPrimesGenerator) NextDownstreamPrimes(k int) (primes []uint64, err error)
NextDownstreamPrimes returns the next k primes of the form 2^{BitSize} - k * {NthRoot} + 1.
func (*NTTFriendlyPrimesGenerator) NextUpstreamPrime ¶
func (n *NTTFriendlyPrimesGenerator) NextUpstreamPrime() (uint64, error)
NextUpstreamPrime returns the next prime of the form 2^{BitSize} + k * {NthRoot} + 1.
func (*NTTFriendlyPrimesGenerator) NextUpstreamPrimes ¶
func (n *NTTFriendlyPrimesGenerator) NextUpstreamPrimes(k int) (primes []uint64, err error)
NextUpstreamPrimes returns the next k primes of the form 2^{BitSize} + k * {NthRoot} + 1.
type NTTTable ¶
type NTTTable struct { NthRoot uint64 // Nthroot used for the NTT PrimitiveRoot uint64 // 2N-th primitive root RootsForward []uint64 //powers of the 2N-th primitive root in Montgomery form (in bit-reversed order) RootsBackward []uint64 //powers of the inverse of the 2N-th primitive root in Montgomery form (in bit-reversed order) NInv uint64 //[N^-1] mod Modulus in Montgomery form }
NTTTable store all the constants that are specifically tied to the NTT.
type NumberTheoreticTransformer ¶
type NumberTheoreticTransformer interface { Forward(p1, p2 []uint64) ForwardLazy(p1, p2 []uint64) Backward(p1, p2 []uint64) BackwardLazy(p1, p2 []uint64) }
NumberTheoreticTransformer is an interface to provide flexibility on what type of NTT is used by the struct Ring.
func NewNumberTheoreticTransformerConjugateInvariant ¶
func NewNumberTheoreticTransformerConjugateInvariant(r *SubRing, n int) NumberTheoreticTransformer
func NewNumberTheoreticTransformerStandard ¶
func NewNumberTheoreticTransformerStandard(r *SubRing, n int) NumberTheoreticTransformer
type NumberTheoreticTransformerConjugateInvariant ¶
type NumberTheoreticTransformerConjugateInvariant struct {
// contains filtered or unexported fields
}
NumberTheoreticTransformerConjugateInvariant computes the NTT in the ring Z[X+X^-1]/(X^2N+1). Z[X+X^-1]/(X^2N+1) is a closed sub-ring of Z[X]/(X^2N+1). Note that the input polynomial only needs to be size N since the right half does not provide any additional information. See "Approximate Homomorphic Encryption over the Conjugate-invariant Ring", https://eprint.iacr.org/2018/952. The implemented approach is more efficient than the one proposed in the referenced work. It avoids the linear map Z[X + X^-1]/(X^2N + 1) <-> Z[X]/(X^N - 1) by instead directly computing the left half of the NTT of Z[X + X^-1]/(X^2N + 1) since the right half provides no additional information, which allows to (re)use nega-cyclic NTT.
func (NumberTheoreticTransformerConjugateInvariant) Backward ¶
func (rntt NumberTheoreticTransformerConjugateInvariant) Backward(p1, p2 []uint64)
Backward writes the backward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2.
func (NumberTheoreticTransformerConjugateInvariant) BackwardLazy ¶
func (rntt NumberTheoreticTransformerConjugateInvariant) BackwardLazy(p1, p2 []uint64)
BackwardLazy writes the backward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2. Returns values in the range [0, 2q-1].
func (NumberTheoreticTransformerConjugateInvariant) Forward ¶
func (rntt NumberTheoreticTransformerConjugateInvariant) Forward(p1, p2 []uint64)
Forward writes the forward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2.
func (NumberTheoreticTransformerConjugateInvariant) ForwardLazy ¶
func (rntt NumberTheoreticTransformerConjugateInvariant) ForwardLazy(p1, p2 []uint64)
ForwardLazy writes the forward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2. Returns values in the range [0, 2q-1].
type NumberTheoreticTransformerStandard ¶
type NumberTheoreticTransformerStandard struct {
// contains filtered or unexported fields
}
NumberTheoreticTransformerStandard computes the standard nega-cyclic NTT in the ring Z[X]/(X^N+1).
func (NumberTheoreticTransformerStandard) Backward ¶
func (rntt NumberTheoreticTransformerStandard) Backward(p1, p2 []uint64)
Backward writes the backward NTT in Z[X]/(X^N+1) of p1 on p2.
func (NumberTheoreticTransformerStandard) BackwardLazy ¶
func (rntt NumberTheoreticTransformerStandard) BackwardLazy(p1, p2 []uint64)
BackwardLazy writes the backward NTT in Z[X]/(X^N+1) p1 on p2. Returns values in the range [0, 2q-1].
func (NumberTheoreticTransformerStandard) Forward ¶
func (rntt NumberTheoreticTransformerStandard) Forward(p1, p2 []uint64)
Forward writes the forward NTT in Z[X]/(X^N+1) of p1 on p2.
func (NumberTheoreticTransformerStandard) ForwardLazy ¶
func (rntt NumberTheoreticTransformerStandard) ForwardLazy(p1, p2 []uint64)
ForwardLazy writes the forward NTT in Z[X]/(X^N+1) of p1 on p2. Returns values in the range [0, 2q-1].
type Parameters ¶
type Parameters struct {
// contains filtered or unexported fields
}
Parameters is a struct storing test parameters for the package Ring.
type Poly ¶
Poly is the structure that contains the coefficients of a polynomial.
func (Poly) BinarySize ¶
BinarySize returns the serialized size of the object in bytes.
func (*Poly) Copy ¶
Copy copies the coefficients of p1 on the target polynomial. This method does nothing if the underlying arrays are the same. This method will resize the target polynomial to the level of the input polynomial.
func (*Poly) CopyLvl ¶
CopyLvl copies the coefficients of p1 on the target polynomial. This method does nothing if the underlying arrays are the same. Expects the degree of both polynomials to be identical.
func (Poly) Equal ¶
Equal returns true if the receiver Poly is equal to the provided other Poly. This function checks for strict equality between the polynomial coefficients (i.e., it does not consider congruence as equality within the ring like `Ring.Equal` does).
func (Poly) MarshalBinary ¶
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (Poly) N ¶
N returns the number of coefficients of the polynomial, which equals the degree of the Ring cyclotomic polynomial.
func (*Poly) ReadFrom ¶
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*Poly) Resize ¶
Resize resizes the level of the target polynomial to the provided level. If the provided level is larger than the current level, then allocates zero coefficients, otherwise dereferences the coefficients above the provided level.
func (*Poly) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or WriteTo on the object.
func (Poly) WriteTo ¶
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:
- When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
- When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
type RNSScalar ¶
type RNSScalar []uint64
RNSScalar represents a scalar value in the Ring (i.e., a degree-0 polynomial) in RNS form.
type Ring ¶
type Ring struct { SubRings []*SubRing // Product of the Moduli for each level ModulusAtLevel []*big.Int // Rescaling parameters (RNS division) RescaleConstants [][]uint64 // contains filtered or unexported fields }
Ring is a structure that keeps all the variables required to operate on a polynomial represented in this ring.
func NewRing ¶
NewRing creates a new RNS Ring with degree N and coefficient moduli Moduli with Standard NTT. N must be a power of two larger than 8. Moduli should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo 2*N. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.
func NewRingConjugateInvariant ¶
NewRingConjugateInvariant creates a new RNS Ring with degree N and coefficient moduli Moduli with Conjugate Invariant NTT. N must be a power of two larger than 8. Moduli should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo 4*N. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.
func NewRingFromType ¶
NewRingFromType creates a new RNS Ring with degree N and coefficient moduli Moduli for which the type of NTT is determined by the ringType argument. If ringType==Standard, the ring is instantiated with standard NTT with the Nth root of unity 2*N. If ringType==ConjugateInvariant, the ring is instantiated with a ConjugateInvariant NTT with Nth root of unity 4*N. N must be a power of two larger than 8. Moduli should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo the root of unity. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.
func NewRingWithCustomNTT ¶
func NewRingWithCustomNTT(N int, ModuliChain []uint64, ntt func(*SubRing, int) NumberTheoreticTransformer, NthRoot int) (r *Ring, err error)
NewRingWithCustomNTT creates a new RNS Ring with degree N and coefficient moduli Moduli with user-defined NTT transform and primitive Nth root of unity. ModuliChain should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo the root of unity. N must be a power of two larger than 8. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.
func (Ring) AddDoubleRNSScalar ¶
AddDoubleRNSScalar evaluates p2 = p1[:N/2] + scalar0 || p1[N/2] + scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level.
func (Ring) AddLazy ¶
AddLazy evaluates p3 = p1 + p2 coefficient-wise in the ring, with p3 in [0, 2*modulus-1].
func (Ring) AddScalarBigint ¶
AddScalarBigint evaluates p2 = p1 + scalar coefficient-wise in the ring.
func (Ring) AtLevel ¶
AtLevel returns an instance of the target ring that operates at the target level. This instance is thread safe and can be use concurrently with the base ring.
func (Ring) Automorphism ¶
Automorphism applies the automorphism X^{i} -> X^{i*gen} on a polynomial outside of the NTT domain. It must be noted that the result cannot be in-place.
func (Ring) AutomorphismNTT ¶
AutomorphismNTT applies the automorphism X^{i} -> X^{i*gen} on a polynomial in the NTT domain. It must be noted that the result cannot be in-place.
func (Ring) AutomorphismNTTWithIndex ¶
AutomorphismNTTWithIndex applies the automorphism X^{i} -> X^{i*gen} on a polynomial in the NTT domain. `index` is the lookup table storing the mapping of the automorphism. It must be noted that the result cannot be in-place.
func (Ring) AutomorphismNTTWithIndexThenAddLazy ¶
AutomorphismNTTWithIndexThenAddLazy applies the automorphism X^{i} -> X^{i*gen} on a polynomial in the NTT domain . `index` is the lookup table storing the mapping of the automorphism. The result of the automorphism is added on polOut.
func (Ring) BRedConstants ¶
BRedConstants returns the concatenation of the Barrett constants of the target ring.
func (Ring) ConjugateInvariantRing ¶
ConjugateInvariantRing returns the conjugate invariant ring of the receiver ring. If `r.Type()==ConjugateInvariant`, then the method returns the receiver. if `r.Type()==Standard`, then the method returns a ring with ring degree N/2. The returned Ring is a shallow copy of the receiver.
func (Ring) DivFloorByLastModulus ¶
DivFloorByLastModulus divides (floored) the polynomial by its last modulus. Output poly level must be equal or one less than input level.
func (Ring) DivFloorByLastModulusMany ¶
DivFloorByLastModulusMany divides (floored) sequentially nbRescales times the polynomial by its last modulus. Output poly level must be equal or nbRescales less than input level.
func (Ring) DivFloorByLastModulusManyNTT ¶
DivFloorByLastModulusManyNTT divides (floored) sequentially nbRescales times the polynomial by its last modulus. Input must be in the NTT domain. Output poly level must be equal or nbRescales less than input level.
func (Ring) DivFloorByLastModulusNTT ¶
DivFloorByLastModulusNTT divides (floored) the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or one less than input level.
func (Ring) DivRoundByLastModulus ¶
DivRoundByLastModulus divides (rounded) the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or one less than input level.
func (Ring) DivRoundByLastModulusMany ¶
DivRoundByLastModulusMany divides (rounded) sequentially nbRescales times the polynomial by its last modulus. Output poly level must be equal or nbRescales less than input level.
func (Ring) DivRoundByLastModulusManyNTT ¶
DivRoundByLastModulusManyNTT divides (rounded) sequentially nbRescales times the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or nbRescales less than input level.
func (Ring) DivRoundByLastModulusNTT ¶
DivRoundByLastModulusNTT divides (rounded) the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or one less than input level.
func (Ring) EvalPolyScalar ¶
EvalPolyScalar evaluate p2 = p1(scalar) coefficient-wise in the ring.
func (Ring) FoldStandardToConjugateInvariant ¶
func (r Ring) FoldStandardToConjugateInvariant(polyStandard Poly, permuteNTTIndexInv []uint64, polyConjugateInvariant Poly)
FoldStandardToConjugateInvariant folds [X]/(X^N+1) to [X+X^-1]/(X^N+1) in compressed form (N/2 coefficients). Requires degree(polyConjugateInvariant) = 2*degree(polyStandard). Requires that polyStandard and polyConjugateInvariant share the same moduli.
func (*Ring) Inverse ¶
Inverse computes the modular inverse of a scalar a expressed in a CRT decomposition. The inversion is done in-place and assumes that a is in Montgomery form.
func (Ring) Log2OfStandardDeviation ¶
Log2OfStandardDeviation returns base 2 logarithm of the standard deviation of the coefficients of the polynomial.
func (Ring) MFormLazy ¶
MFormLazy evaluates p2 = p1 * (2^64)^-1 coefficient-wise in the ring with p2 in [0, 2*modulus-1].
func (*Ring) MFormRNSScalar ¶
MFormRNSScalar switches an RNS scalar to the Montgomery domain. s2 = s1<<64 mod Q
func (Ring) MRedConstants ¶
MRedConstants returns the concatenation of the Montgomery constants of the target ring.
func (Ring) MarshalBinary ¶
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (Ring) MarshalJSON ¶
MarshalJSON encodes the object into a binary form on a newly allocated slice of bytes with the json codec.
func (Ring) ModuliChain ¶
ModuliChain returns the list of primes in the modulus chain.
func (Ring) ModuliChainLength ¶
ModuliChainLength returns the number of primes in the RNS basis of the ring.
func (Ring) Modulus ¶
Modulus returns the modulus of the target ring at the currently set level in *big.Int.
func (Ring) MulByVectorMontgomery ¶
MulByVectorMontgomery evaluates p2 = p1 * vector coefficient-wise in the ring.
func (Ring) MulByVectorMontgomeryThenAddLazy ¶
MulByVectorMontgomeryThenAddLazy evaluates p2 = p2 + p1 * vector coefficient-wise in the ring.
func (Ring) MulCoeffsBarrett ¶
MulCoeffsBarrett evaluates p3 = p1 * p2 coefficient-wise in the ring, with Barrett reduction.
func (Ring) MulCoeffsBarrettLazy ¶
MulCoeffsBarrettLazy evaluates p3 = p1 * p2 coefficient-wise in the ring, with Barrett reduction, with p3 in [0, 2*modulus-1].
func (Ring) MulCoeffsBarrettThenAdd ¶
MulCoeffsBarrettThenAdd evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Barrett reduction.
func (Ring) MulCoeffsBarrettThenAddLazy ¶
MulCoeffsBarrettThenAddLazy evaluates p3 = p1 * p2 coefficient-wise in the ring, with Barrett reduction, with p3 in [0, 2*modulus-1].
func (Ring) MulCoeffsMontgomery ¶
MulCoeffsMontgomery evaluates p3 = p1 * p2 coefficient-wise in the ring, with Montgomery reduction.
func (Ring) MulCoeffsMontgomeryLazy ¶
MulCoeffsMontgomeryLazy evaluates p3 = p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].
func (Ring) MulCoeffsMontgomeryLazyThenAddLazy ¶
MulCoeffsMontgomeryLazyThenAddLazy evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 3*modulus-2].
func (Ring) MulCoeffsMontgomeryLazyThenNeg ¶
MulCoeffsMontgomeryLazyThenNeg evaluates p3 = -p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].
func (Ring) MulCoeffsMontgomeryLazyThenSubLazy ¶
MulCoeffsMontgomeryLazyThenSubLazy evaluates p3 = p3 - p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 3*modulus-2].
func (Ring) MulCoeffsMontgomeryThenAdd ¶
MulCoeffsMontgomeryThenAdd evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].
func (Ring) MulCoeffsMontgomeryThenAddLazy ¶
MulCoeffsMontgomeryThenAddLazy evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].
func (Ring) MulCoeffsMontgomeryThenSub ¶
MulCoeffsMontgomeryThenSub evaluates p3 = p3 - p1 * p2 coefficient-wise in the ring, with Montgomery reduction.
func (Ring) MulCoeffsMontgomeryThenSubLazy ¶
MulCoeffsMontgomeryThenSubLazy evaluates p3 = p3 - p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].
func (Ring) MulDoubleRNSScalar ¶
MulDoubleRNSScalar evaluates p2 = p1[:N/2] * scalar0 || p1[N/2] * scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level.
func (Ring) MulDoubleRNSScalarThenAdd ¶
MulDoubleRNSScalarThenAdd evaluates p2 = p2 + p1[:N/2] * scalar0 || p1[N/2] * scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level.
func (*Ring) MulRNSScalar ¶
MulRNSScalar multiplies s1 and s2 and stores the result in sout. Multiplication is operated with Montgomery.
func (Ring) MulRNSScalarMontgomery ¶
MulRNSScalarMontgomery evaluates p2 = p1 * scalar coefficient-wise in the ring, with a scalar value expressed in the CRT decomposition at a given level. It assumes the scalar decomposition to be in Montgomery form.
func (Ring) MulScalarBigint ¶
MulScalarBigint evaluates p2 = p1 * scalar coefficient-wise in the ring.
func (Ring) MulScalarBigintThenAdd ¶
MulScalarBigintThenAdd evaluates p2 = p1 * scalar coefficient-wise in the ring.
func (Ring) MulScalarThenAdd ¶
MulScalarThenAdd evaluates p2 = p2 + p1 * scalar coefficient-wise in the ring.
func (Ring) MulScalarThenSub ¶
MulScalarThenSub evaluates p2 = p2 - p1 * scalar coefficient-wise in the ring.
func (Ring) MultByMonomial ¶
MultByMonomial evaluates p2 = p1 * X^k coefficient-wise in the ring.
func (*Ring) NegRNSScalar ¶
NegRNSScalar evaluates s2 = -s1.
func (Ring) NewMonomialXi ¶
NewMonomialXi returns a polynomial X^{i}.
func (*Ring) NewRNSScalar ¶
NewRNSScalar creates a new Scalar value.
func (*Ring) NewRNSScalarFromBigint ¶
NewRNSScalarFromBigint creates a new Scalar initialized with value v.
func (*Ring) NewRNSScalarFromUInt64 ¶
NewRNSScalarFromUInt64 creates a new Scalar initialized with value v.
func (Ring) PadDefaultRingToConjugateInvariant ¶
func (r Ring) PadDefaultRingToConjugateInvariant(polyStandard Poly, IsNTT bool, polyConjugateInvariant Poly)
PadDefaultRingToConjugateInvariant converts a polynomial in Z[X]/(X^N +1) to a polynomial in Z[X+X^-1]/(X^2N+1).
func (Ring) PolyToBigint ¶
PolyToBigint reconstructs p1 and returns the result in an array of Int. gap defines coefficients X^{i*gap} that will be reconstructed. For example, if gap = 1, then all coefficients are reconstructed, while if gap = 2 then only coefficients X^{2*i} are reconstructed.
func (Ring) PolyToBigintCentered ¶
PolyToBigintCentered reconstructs p1 and returns the result in an array of Int. Coefficients are centered around Q/2 gap defines coefficients X^{i*gap} that will be reconstructed. For example, if gap = 1, then all coefficients are reconstructed, while if gap = 2 then only coefficients X^{2*i} are reconstructed.
func (Ring) PolyToString ¶
PolyToString reconstructs p1 and returns the result in an array of string.
func (Ring) ReduceLazy ¶
ReduceLazy evaluates p2 = p1 coefficient-wise mod modulus in the ring, with p2 in [0, 2*modulus-1].
func (Ring) SetCoefficientsBigint ¶
SetCoefficientsBigint sets the coefficients of p1 from an array of Int variables.
func (Ring) StandardRing ¶
StandardRing returns the standard ring of the receiver ring. If `r.Type()==Standard`, then the method returns the receiver. if `r.Type()==ConjugateInvariant`, then the method returns a ring with ring degree 2N. The returned Ring is a shallow copy of the receiver.
func (Ring) SubDoubleRNSScalar ¶
SubDoubleRNSScalar evaluates p2 = p1[:N/2] - scalar0 || p1[N/2] - scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level.
func (Ring) SubLazy ¶
SubLazy evaluates p3 = p1 - p2 coefficient-wise in the ring, with p3 in [0, 2*modulus-1].
func (*Ring) SubRNSScalar ¶
SubRNSScalar subtracts s2 to s1 and stores the result in sout.
func (Ring) SubScalarBigint ¶
SubScalarBigint evaluates p2 = p1 - scalar coefficient-wise in the ring.
func (*Ring) Type ¶
Type returns the Type of the first subring which might be either `Standard` or `ConjugateInvariant`.
func (Ring) UnfoldConjugateInvariantToStandard ¶
UnfoldConjugateInvariantToStandard maps the compressed representation (N/2 coefficients) of Z_Q[X+X^-1]/(X^2N + 1) to full representation in Z_Q[X]/(X^2N+1). Requires degree(polyConjugateInvariant) = 2*degree(polyStandard). Requires that polyStandard and polyConjugateInvariant share the same moduli.
func (*Ring) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or MarshalJSON on the object.
func (*Ring) UnmarshalJSON ¶
UnmarshalJSON decodes a slice of bytes generated by MarshalJSON or MarshalBinary on the object.
type Sampler ¶
type Sampler interface { Read(pol Poly) ReadNew() (pol Poly) ReadAndAdd(pol Poly) AtLevel(level int) Sampler }
Sampler is an interface for random polynomial samplers. It has a single Read method which takes as argument the polynomial to be populated according to the Sampler's distribution.
func NewSampler ¶
type SubRing ¶
type SubRing struct { // Polynomial nb.Coefficients N int // Modulus Modulus uint64 // Unique factors of Modulus-1 Factors []uint64 // 2^bit_length(Modulus) - 1 Mask uint64 // Fast reduction constants BRedConstant [2]uint64 // Barrett Reduction MRedConstant uint64 // Montgomery Reduction *NTTTable // NTT related constants // contains filtered or unexported fields }
SubRing is a struct storing precomputation for fast modular reduction and NTT for a given modulus.
func NewSubRing ¶
NewSubRing creates a new SubRing with the standard NTT. NTT constants still need to be generated using .GenNTTConstants(NthRoot uint64).
func NewSubRingWithCustomNTT ¶
func NewSubRingWithCustomNTT(N int, Modulus uint64, ntt func(*SubRing, int) NumberTheoreticTransformer, NthRoot int) (s *SubRing, err error)
NewSubRingWithCustomNTT creates a new SubRing with degree N and modulus Modulus with user-defined NTT transform and primitive Nth root of unity. Modulus should be equal to 1 modulo the root of unity. N must be a power of two larger than 8. An error is returned with a nil *SubRing in the case of non NTT-enabling parameters.
func (*SubRing) Add ¶
Add evaluates p3 = p1 + p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) AddLazy ¶
AddLazy evaluates p3 = p1 + p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) AddLazyThenMulScalarMontgomery ¶
AddLazyThenMulScalarMontgomery evaluates p3 = (p1+p2)*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) AddScalar ¶
AddScalar evaluates p2 = p1 + scalar (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) AddScalarLazy ¶
AddScalarLazy evaluates p2 = p1 + scalar. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) AddScalarLazyThenMulScalarMontgomery ¶
func (s *SubRing) AddScalarLazyThenMulScalarMontgomery(p1 []uint64, scalar0, scalarMont1 uint64, p2 []uint64)
AddScalarLazyThenMulScalarMontgomery evaluates p3 = (scalarMont0+p2)*scalarMont1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) AddScalarLazyThenNegTwoModulusLazy ¶
AddScalarLazyThenNegTwoModulusLazy evaluates p2 = 2*modulus - p1 + scalar. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) IMForm ¶
IMForm evaluates p2 = p1 * (2^64)^-1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MForm ¶
MForm evaluates p2 = p1 * 2^64 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MFormLazy ¶
MFormLazy evaluates p2 = p1 * 2^64 (mod modulus) with p2 in the range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsBarrett ¶
MulCoeffsBarrett evaluates p3 = p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsBarrettLazy ¶
MulCoeffsBarrettLazy evaluates p3 = p1*p2 (mod modulus) with p3 in [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsBarrettThenAdd ¶
MulCoeffsBarrettThenAdd evaluates p3 = p3 + (p1*p2) (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsBarrettThenAddLazy ¶
MulCoeffsBarrettThenAddLazy evaluates p3 = p3 + p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsLazy ¶
MulCoeffsLazy evaluates p3 = p1*p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsLazyThenAddLazy ¶
MulCoeffsLazyThenAddLazy evaluates p3 = p3 + p1*p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsMontgomery ¶
MulCoeffsMontgomery evaluates p3 = p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsMontgomeryLazy ¶
MulCoeffsMontgomeryLazy evaluates p3 = p1*p2 (mod modulus) with p3 in range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsMontgomeryLazyThenAddLazy ¶
MulCoeffsMontgomeryLazyThenAddLazy evaluates p3 = p3 + p1*p2 (mod modulus) with p3 in range [0, 3modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsMontgomeryLazyThenNeg ¶
MulCoeffsMontgomeryLazyThenNeg evaluates p3 = - p1*p2 (mod modulus) with p3 in range [0, 2*modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsMontgomeryLazyThenSubLazy ¶
MulCoeffsMontgomeryLazyThenSubLazy evaluates p3 = p3 - p1*p2 (mod modulus) with p3 in range [0, 3*modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsMontgomeryThenAdd ¶
MulCoeffsMontgomeryThenAdd evaluates p3 = p3 + (p1*p2) (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsMontgomeryThenAddLazy ¶
MulCoeffsMontgomeryThenAddLazy evaluates p3 = p3 + (p1*p2 (mod modulus)). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsMontgomeryThenSub ¶
MulCoeffsMontgomeryThenSub evaluates p3 = p3 - p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulCoeffsMontgomeryThenSubLazy ¶
MulCoeffsMontgomeryThenSubLazy evaluates p3 = p3 - p1*p2 (mod modulus) with p3 in range [0, 2*modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulScalarMontgomery ¶
MulScalarMontgomery evaluates p2 = p1*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulScalarMontgomeryLazy ¶
MulScalarMontgomeryLazy evaluates p2 = p1*scalarMont (mod modulus) with p2 in range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulScalarMontgomeryThenAdd ¶
MulScalarMontgomeryThenAdd evaluates p2 = p2 + p1*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) MulScalarMontgomeryThenAddScalar ¶
func (s *SubRing) MulScalarMontgomeryThenAddScalar(p1 []uint64, scalar0, scalarMont1 uint64, p2 []uint64)
MulScalarMontgomeryThenAddScalar evaluates p2 = scalar + p1*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) Neg ¶
Neg evaluates p2 = -p1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) Reduce ¶
Reduce evaluates p2 = p1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) ReduceLazy ¶
ReduceLazy evaluates p2 = p1 (mod modulus) with p2 in range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) Sub ¶
Sub evaluates p3 = p1 - p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) SubLazy ¶
SubLazy evaluates p3 = p1 - p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) SubScalar ¶
SubScalar evaluates p2 = p1 - scalar (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
func (*SubRing) SubThenMulScalarMontgomeryTwoModulus ¶
func (s *SubRing) SubThenMulScalarMontgomeryTwoModulus(p1, p2 []uint64, scalarMont uint64, p3 []uint64)
SubThenMulScalarMontgomeryTwoModulus evaluates p3 = (p1 + twomodulus - p2) * scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.
type Ternary ¶
Ternary represent the parameters of a distribution with coefficients in [-1, 0, 1]. Only one of its field must be set to a non-zero value:
- If P is set, each coefficient in the polynomial is sampled in [-1, 0, 1] with probabilities [0.5*P, 1-P, 0.5*P].
- if H is set, the coefficients are sampled uniformly in the set of ternary polynomials with H non-zero coefficients (i.e., of hamming weight H).
func (Ternary) MarshalJSON ¶
type TernarySampler ¶
type TernarySampler struct {
// contains filtered or unexported fields
}
TernarySampler keeps the state of a polynomial sampler in the ternary distribution.
func NewTernarySampler ¶
func NewTernarySampler(prng sampling.PRNG, baseRing *Ring, X Ternary, montgomery bool) (ts *TernarySampler, err error)
NewTernarySampler creates a new instance of TernarySampler from a PRNG, the ring definition and the distribution parameters (see type Ternary). If "montgomery" is set to true, polynomials read from this sampler are in Montgomery form.
func (*TernarySampler) AtLevel ¶
func (ts *TernarySampler) AtLevel(level int) Sampler
AtLevel returns an instance of the target TernarySampler to sample at the given level. The returned sampler cannot be used concurrently to the original sampler.
func (*TernarySampler) Read ¶
func (ts *TernarySampler) Read(pol Poly)
Read samples a polynomial into pol.
func (*TernarySampler) ReadAndAdd ¶
func (ts *TernarySampler) ReadAndAdd(pol Poly)
func (*TernarySampler) ReadNew ¶
func (ts *TernarySampler) ReadNew() (pol Poly)
ReadNew allocates and samples a polynomial at the max level.
type Type ¶
type Type int
Type is the type of ring used by the cryptographic scheme
func (Type) MarshalJSON ¶
MarshalJSON marshals the receiver Type into a JSON []byte
func (*Type) UnmarshalJSON ¶
UnmarshalJSON reads a JSON byte slice into the receiver Type
type Uniform ¶
type Uniform struct{}
Uniform represents the parameters of a uniform distribution i.e., with coefficients uniformly distributed in the given ring.
func (Uniform) MarshalJSON ¶
type UniformSampler ¶
type UniformSampler struct {
// contains filtered or unexported fields
}
UniformSampler wraps a util.PRNG and represents the state of a sampler of uniform polynomials.
func NewUniformSampler ¶
func NewUniformSampler(prng sampling.PRNG, baseRing *Ring) (u *UniformSampler)
NewUniformSampler creates a new instance of UniformSampler from a PRNG and ring definition.
func (*UniformSampler) AtLevel ¶
func (u *UniformSampler) AtLevel(level int) Sampler
AtLevel returns an instance of the target UniformSampler to sample at the given level. The returned sampler cannot be used concurrently to the original sampler.
func (*UniformSampler) Read ¶
func (u *UniformSampler) Read(pol Poly)
func (*UniformSampler) ReadAndAdd ¶
func (u *UniformSampler) ReadAndAdd(pol Poly)
func (*UniformSampler) ReadNew ¶
func (u *UniformSampler) ReadNew() (pol Poly)
ReadNew generates a new polynomial with coefficients following a uniform distribution over [0, Qi-1]. Polynomial is created at the max level.
func (*UniformSampler) WithPRNG ¶
func (u *UniformSampler) WithPRNG(prng sampling.PRNG) *UniformSampler