Documentation ¶
Overview ¶
Package rlwe implements the generic cryptographic functionalities and operations that are common to R-LWE schemes. The other implemented schemes extend this package with their specific operations and structures.
Index ¶
- Constants
- Variables
- func AddPolyTimesGadgetVectorToGadgetCiphertext(pt ring.Poly, cts []GadgetCiphertext, ringQP ringqp.Ring, buff ring.Poly) (err error)
- func CheckModuli(q, p []uint64) error
- func ExtendBasisSmallNormAndCenterNTTMontgomery(rQ, rP *ring.Ring, polQ, buff, polP ring.Poly)
- func GaloisElementsForExpand(params ParameterProvider, logN int) (galEls []uint64)
- func GaloisElementsForInnerSum(params ParameterProvider, batch, n int) (galEls []uint64)
- func GaloisElementsForPack(params ParameterProvider, logGap int) (galEls []uint64)
- func GaloisElementsForReplicate(params ParameterProvider, batch, n int) (galEls []uint64)
- func GaloisElementsForTrace(params ParameterProvider, logN int) (galEls []uint64)
- func GenModuli(LogNthRoot int, logQ, logP []int) (q, p []uint64, err error)
- func GenXPow2NTT(r *ring.Ring, logN int, div bool) (xPow []ring.Poly)
- func NTTSparseAndMontgomery(r *ring.Ring, metadata *MetaData, pol ring.Poly)
- func NoiseEvaluationKey(evk *EvaluationKey, skIn, skOut *SecretKey, params Parameters) float64
- func NoiseGadgetCiphertext(gct *GadgetCiphertext, pt ring.Poly, sk *SecretKey, params Parameters) float64
- func NoiseGaloisKey(gk *GaloisKey, sk *SecretKey, params Parameters) float64
- func NoisePublicKey(pk *PublicKey, sk *SecretKey, params Parameters) float64
- func NoiseRelinearizationKey(rlk *RelinearizationKey, sk *SecretKey, params Parameters) float64
- func Norm(ct *Ciphertext, dec *Decryptor) (std, min, max float64)
- func NormStats(vec []*big.Int) (float64, float64, float64)
- func PopulateElementRandom(prng sampling.PRNG, params ParameterProvider, ct *Element[ring.Poly])
- func ResolveEvaluationKeyParameters(params Parameters, evkParams []EvaluationKeyParameters) (levelQ, levelP, BaseTwoDecomposition int, compressed bool)
- func SwitchCiphertextRingDegree(ctIn, opOut *Element[ring.Poly])
- func SwitchCiphertextRingDegreeNTT(ctIn *Element[ring.Poly], ringQLargeDim *ring.Ring, opOut *Element[ring.Poly])
- type Ciphertext
- type CiphertextMetaData
- func (m *CiphertextMetaData) BinarySize() int
- func (m *CiphertextMetaData) Equal(other *CiphertextMetaData) (res bool)
- func (m CiphertextMetaData) MarshalBinary() (p []byte, err error)
- func (m CiphertextMetaData) MarshalJSON() (p []byte, err error)
- func (m *CiphertextMetaData) ReadFrom(r io.Reader) (int64, error)
- func (m *CiphertextMetaData) UnmarshalBinary(p []byte) (err error)
- func (m *CiphertextMetaData) UnmarshalJSON(p []byte) (err error)
- func (m *CiphertextMetaData) WriteTo(w io.Writer) (int64, error)
- type Decryptor
- type Distribution
- type DistributionLiteral
- type Element
- func GetSmallestLargest[T ring.Poly | ringqp.Poly](el0, el1 *Element[T]) (smallest, largest *Element[T], sameDegree bool)
- func NewElement(params ParameterProvider, degree int, levelQ ...int) *Element[ring.Poly]
- func NewElementAtLevelFromPoly(level int, poly []ring.Poly) (*Element[ring.Poly], error)
- func NewElementExtended(params ParameterProvider, degree, levelQ, levelP int) *Element[ringqp.Poly]
- func (op Element[T]) BinarySize() (size int)
- func (op *Element[T]) Copy(opCopy *Element[T])
- func (op Element[T]) CopyNew() *Element[T]
- func (op Element[T]) Degree() int
- func (op *Element[T]) El() *Element[T]
- func (op Element[T]) Equal(other *Element[T]) bool
- func (op Element[T]) Level() int
- func (op Element[T]) LevelP() int
- func (op Element[T]) LevelQ() int
- func (op Element[T]) LogN() int
- func (op Element[T]) MarshalBinary() (data []byte, err error)
- func (op Element[T]) N() int
- func (op *Element[T]) ReadFrom(r io.Reader) (n int64, err error)
- func (op *Element[T]) Resize(degree, level int)
- func (op *Element[T]) UnmarshalBinary(p []byte) (err error)
- func (op Element[T]) WriteTo(w io.Writer) (n int64, err error)
- type ElementInterface
- type EncryptionKey
- type Encryptor
- func (enc Encryptor) Encrypt(pt *Plaintext, ct interface{}) (err error)
- func (enc Encryptor) EncryptNew(pt *Plaintext) (ct *Ciphertext, err error)
- func (enc Encryptor) EncryptZero(ct interface{}) (err error)
- func (enc Encryptor) EncryptZeroNew(level int) (ct *Ciphertext)
- func (enc Encryptor) GetRLWEParameters() *Parameters
- func (enc Encryptor) ShallowCopy() *Encryptor
- func (enc Encryptor) WithKey(key EncryptionKey) *Encryptor
- func (enc Encryptor) WithPRNG(prng sampling.PRNG) *Encryptor
- type EvaluationKey
- type EvaluationKeyParameters
- type EvaluationKeySet
- type Evaluator
- func (eval Evaluator) ApplyEvaluationKey(ctIn *Ciphertext, evk *EvaluationKey, opOut *Ciphertext) (err error)
- func (eval Evaluator) Automorphism(ctIn *Ciphertext, galEl uint64, opOut *Ciphertext) (err error)
- func (eval Evaluator) AutomorphismHoisted(level int, ctIn *Ciphertext, c1DecompQP []ringqp.Poly, galEl uint64, ...) (err error)
- func (eval Evaluator) AutomorphismHoistedLazy(levelQ int, ctIn *Ciphertext, c1DecompQP []ringqp.Poly, galEl uint64, ...) (err error)
- func (eval Evaluator) AutomorphismIndex(galEl uint64) []uint64
- func (eval Evaluator) CheckAndGetGaloisKey(galEl uint64) (evk *GaloisKey, err error)
- func (eval Evaluator) CheckAndGetRelinearizationKey() (evk *RelinearizationKey, err error)
- func (eval Evaluator) DecomposeNTT(levelQ, levelP, nbPi int, c2 ring.Poly, c2IsNTT bool, decompQP []ringqp.Poly)
- func (eval Evaluator) DecomposeSingleNTT(levelQ, levelP, nbPi, BaseRNSDecompositionVectorSize int, ...)
- func (eval Evaluator) GadgetProduct(levelQ int, cx ring.Poly, gadgetCt *GadgetCiphertext, ct *Ciphertext)
- func (eval Evaluator) GadgetProductHoisted(levelQ int, BuffQPDecompQP []ringqp.Poly, gadgetCt *GadgetCiphertext, ...)
- func (eval Evaluator) GadgetProductHoistedLazy(levelQ int, BuffQPDecompQP []ringqp.Poly, gadgetCt *GadgetCiphertext, ...) (err error)
- func (eval Evaluator) GadgetProductLazy(levelQ int, cx ring.Poly, gadgetCt *GadgetCiphertext, ...) (err error)
- func (eval Evaluator) GetBuffCt() *Ciphertext
- func (eval Evaluator) GetBuffDecompQP() []ringqp.Poly
- func (eval Evaluator) GetBuffQP() [6]ringqp.Poly
- func (eval Evaluator) GetEvaluatorBuffer() *EvaluatorBuffers
- func (eval *Evaluator) GetRLWEParameters() *Parameters
- func (eval Evaluator) InitOutputBinaryOp(op0, op1 *Element[ring.Poly], opInTotalMaxDegree int, ...) (degree, level int, err error)
- func (eval Evaluator) InitOutputUnaryOp(op0, opOut *Element[ring.Poly]) (degree, level int, err error)
- func (eval Evaluator) InnerFunction(ctIn *Ciphertext, batchSize, n int, f func(a, b, c *Ciphertext) (err error), ...) (err error)
- func (eval Evaluator) InnerSum(ctIn *Ciphertext, batchSize, n int, opOut *Ciphertext) (err error)
- func (eval Evaluator) ModDown(levelQ, levelP int, ctQP *Element[ringqp.Poly], ct *Ciphertext)
- func (eval Evaluator) ModDownQPtoQNTT(levelQ, levelP int, p1Q, p1P, p2Q ring.Poly)
- func (eval Evaluator) Relinearize(ctIn *Ciphertext, opOut *Ciphertext) (err error)
- func (eval Evaluator) Replicate(ctIn *Ciphertext, batchSize, n int, opOut *Ciphertext) (err error)
- func (eval Evaluator) ShallowCopy() *Evaluator
- func (eval Evaluator) Trace(ctIn *Ciphertext, logN int, opOut *Ciphertext) (err error)
- func (eval Evaluator) WithKey(evk EvaluationKeySet) *Evaluator
- type EvaluatorBuffers
- type EvaluatorProvider
- type GadgetCiphertext
- func (ct GadgetCiphertext) BaseRNSDecompositionVectorSize() int
- func (ct GadgetCiphertext) BaseTwoDecompositionVectorSize() (base []int)
- func (ct GadgetCiphertext) BinarySize() (dataLen int)
- func (ct GadgetCiphertext) CopyNew() (ctCopy *GadgetCiphertext)
- func (ct GadgetCiphertext) Degree() int
- func (ct GadgetCiphertext) Equal(other *GadgetCiphertext) bool
- func (ct GadgetCiphertext) LevelP() int
- func (ct GadgetCiphertext) LevelQ() int
- func (ct GadgetCiphertext) MarshalBinary() (data []byte, err error)
- func (ct *GadgetCiphertext) ReadFrom(r io.Reader) (n int64, err error)
- func (ct *GadgetCiphertext) UnmarshalBinary(p []byte) (err error)
- func (ct GadgetCiphertext) WriteTo(w io.Writer) (n int64, err error)
- type GadgetPlaintext
- type GaloisKey
- func (gk GaloisKey) BinarySize() (size int)
- func (gk GaloisKey) CopyNew() *GaloisKey
- func (gk GaloisKey) MarshalBinary() (p []byte, err error)
- func (gk *GaloisKey) ReadFrom(r io.Reader) (n int64, err error)
- func (gk *GaloisKey) UnmarshalBinary(p []byte) (err error)
- func (gk GaloisKey) WriteTo(w io.Writer) (n int64, err error)
- type KeyGenerator
- func (kgen KeyGenerator) GenEvaluationKey(skInput, skOutput *SecretKey, evk *EvaluationKey)
- func (kgen KeyGenerator) GenEvaluationKeyNew(skInput, skOutput *SecretKey, evkParams ...EvaluationKeyParameters) (evk *EvaluationKey)
- func (kgen KeyGenerator) GenEvaluationKeysForRingSwapNew(skStd, skConjugateInvariant *SecretKey, evkParams ...EvaluationKeyParameters) (stdToci, ciToStd *EvaluationKey)
- func (kgen KeyGenerator) GenGaloisKey(galEl uint64, sk *SecretKey, gk *GaloisKey)
- func (kgen KeyGenerator) GenGaloisKeyNew(galEl uint64, sk *SecretKey, evkParams ...EvaluationKeyParameters) (gk *GaloisKey)
- func (kgen KeyGenerator) GenGaloisKeys(galEls []uint64, sk *SecretKey, gks []*GaloisKey)
- func (kgen KeyGenerator) GenGaloisKeysNew(galEls []uint64, sk *SecretKey, evkParams ...EvaluationKeyParameters) (gks []*GaloisKey)
- func (kgen KeyGenerator) GenKeyPairNew() (sk *SecretKey, pk *PublicKey)
- func (kgen KeyGenerator) GenPublicKey(sk *SecretKey, pk *PublicKey)
- func (kgen KeyGenerator) GenPublicKeyNew(sk *SecretKey) (pk *PublicKey)
- func (kgen KeyGenerator) GenRelinearizationKey(sk *SecretKey, rlk *RelinearizationKey)
- func (kgen KeyGenerator) GenRelinearizationKeyNew(sk *SecretKey, evkParams ...EvaluationKeyParameters) (rlk *RelinearizationKey)
- func (kgen KeyGenerator) GenSecretKey(sk *SecretKey)
- func (kgen KeyGenerator) GenSecretKeyNew() (sk *SecretKey)
- func (kgen KeyGenerator) GenSecretKeyWithHammingWeight(hw int, sk *SecretKey)
- func (kgen *KeyGenerator) GenSecretKeyWithHammingWeightNew(hw int) (sk *SecretKey)
- type MemEvaluationKeySet
- func (evk MemEvaluationKeySet) BinarySize() (size int)
- func (evk MemEvaluationKeySet) GetGaloisKey(galEl uint64) (gk *GaloisKey, err error)
- func (evk MemEvaluationKeySet) GetGaloisKeysList() (galEls []uint64)
- func (evk MemEvaluationKeySet) GetRelinearizationKey() (rk *RelinearizationKey, err error)
- func (evk MemEvaluationKeySet) MarshalBinary() (p []byte, err error)
- func (evk *MemEvaluationKeySet) ReadFrom(r io.Reader) (n int64, err error)
- func (evk *MemEvaluationKeySet) ShallowCopy() EvaluationKeySet
- func (evk *MemEvaluationKeySet) UnmarshalBinary(p []byte) (err error)
- func (evk MemEvaluationKeySet) WriteTo(w io.Writer) (n int64, err error)
- type MetaData
- func (m MetaData) BinarySize() int
- func (m MetaData) CopyNew() *MetaData
- func (m *MetaData) Equal(other *MetaData) (res bool)
- func (m MetaData) MarshalBinary() (p []byte, err error)
- func (m MetaData) MarshalJSON() (p []byte, err error)
- func (m *MetaData) ReadFrom(r io.Reader) (int64, error)
- func (m *MetaData) UnmarshalBinary(p []byte) (err error)
- func (m *MetaData) UnmarshalJSON(p []byte) (err error)
- func (m MetaData) WriteTo(w io.Writer) (int64, error)
- type Operand
- type ParameterProvider
- type Parameters
- func (p Parameters) BaseRNSDecompositionVectorSize(levelQ, levelP int) int
- func (p Parameters) BaseTwoDecompositionVectorSize(levelQ, levelP, Base2Decomposition int) (base []int)
- func (p Parameters) BinarySize() int
- func (p Parameters) DefaultScale() Scale
- func (p Parameters) Equal(other *Parameters) (res bool)
- func (p Parameters) GaloisElement(k int) uint64
- func (p Parameters) GaloisElementOrderTwoOrthogonalSubgroup() uint64
- func (p Parameters) GaloisElements(k []int) (galEls []uint64)
- func (p Parameters) GetRLWEParameters() *Parameters
- func (p Parameters) LogN() int
- func (p Parameters) LogNthRoot() int
- func (p Parameters) LogP() (logp float64)
- func (p Parameters) LogPi() (logpi []int)
- func (p Parameters) LogQ() (logq float64)
- func (p Parameters) LogQP() (logqp float64)
- func (p Parameters) LogQi() (logqi []int)
- func (p Parameters) MarshalBinary() ([]byte, error)
- func (p Parameters) MarshalJSON() ([]byte, error)
- func (p Parameters) MaxBit(levelQ, levelP int) (c int)
- func (p Parameters) MaxLevel() int
- func (p Parameters) MaxLevelP() int
- func (p Parameters) MaxLevelQ() int
- func (p Parameters) ModInvGaloisElement(galEl uint64) uint64
- func (p Parameters) N() int
- func (p Parameters) NTTFlag() bool
- func (p Parameters) NewScale(scale interface{}) Scale
- func (p Parameters) NoiseBound() float64
- func (p Parameters) NoiseFreshPK() (std float64)
- func (p Parameters) NoiseFreshSK() (std float64)
- func (p Parameters) NthRoot() int
- func (p Parameters) P() []uint64
- func (p Parameters) PBigInt() *big.Int
- func (p Parameters) PCount() int
- func (p Parameters) ParametersLiteral() ParametersLiteral
- func (p Parameters) PiOverflowMargin(level int) int
- func (p Parameters) Q() []uint64
- func (p Parameters) QBigInt() *big.Int
- func (p Parameters) QCount() int
- func (p Parameters) QP() []uint64
- func (p Parameters) QPBigInt() *big.Int
- func (p Parameters) QPCount() int
- func (p Parameters) QiOverflowMargin(level int) int
- func (p *Parameters) ReadFrom(r io.Reader) (n int64, err error)
- func (p Parameters) RingP() *ring.Ring
- func (p Parameters) RingQ() *ring.Ring
- func (p Parameters) RingQP() *ringqp.Ring
- func (p Parameters) RingType() ring.Type
- func (p Parameters) SolveDiscreteLogGaloisElement(galEl uint64) (k int)
- func (p Parameters) StandardParameters() (pci Parameters, err error)
- func (p *Parameters) UnmarshalBinary(data []byte) (err error)
- func (p *Parameters) UnmarshalJSON(data []byte) (err error)
- func (p Parameters) UnpackLevelParams(args []int) (levelQ, levelP int)
- func (p Parameters) WriteTo(w io.Writer) (n int64, err error)
- func (p Parameters) Xe() ring.DistributionParameters
- func (p Parameters) Xs() ring.DistributionParameters
- func (p Parameters) XsHammingWeight() int
- type ParametersLiteral
- type Plaintext
- type PlaintextMetaData
- func (m PlaintextMetaData) BinarySize() int
- func (m *PlaintextMetaData) Equal(other *PlaintextMetaData) (res bool)
- func (m PlaintextMetaData) LogScale() float64
- func (m PlaintextMetaData) LogSlots() int
- func (m PlaintextMetaData) MarshalBinary() (p []byte, err error)
- func (m PlaintextMetaData) MarshalJSON() (p []byte, err error)
- func (m *PlaintextMetaData) ReadFrom(r io.Reader) (int64, error)
- func (m PlaintextMetaData) Slots() int
- func (m *PlaintextMetaData) UnmarshalBinary(p []byte) (err error)
- func (m *PlaintextMetaData) UnmarshalJSON(p []byte) (err error)
- func (m PlaintextMetaData) WriteTo(w io.Writer) (int64, error)
- type PublicKey
- func (p PublicKey) BinarySize() int
- func (p PublicKey) CopyNew() *PublicKey
- func (p PublicKey) Equal(other *PublicKey) bool
- func (p PublicKey) LevelP() int
- func (p PublicKey) LevelQ() int
- func (p PublicKey) MarshalBinary() ([]byte, error)
- func (p *PublicKey) ReadFrom(r io.Reader) (n int64, err error)
- func (p *PublicKey) UnmarshalBinary(b []byte) error
- func (p PublicKey) WriteTo(w io.Writer) (n int64, err error)
- type RelinearizationKey
- type RingPackingEvaluationKey
- func (rpk *RingPackingEvaluationKey) GenExtractEvaluationKeys(params ParameterProvider, sk *SecretKey, evkParams EvaluationKeyParameters)
- func (rpk *RingPackingEvaluationKey) GenRepackEvaluationKeys(params ParameterProvider, sk *SecretKey, evkParams EvaluationKeyParameters)
- func (rpk *RingPackingEvaluationKey) GenRingSwitchingKeys(params ParameterProvider, sk *SecretKey, minLogN int, ...) (ski map[int]*SecretKey, err error)
- func (rpk RingPackingEvaluationKey) MaxLogN() (maxLogN int)
- func (rpk RingPackingEvaluationKey) MinLogN() (minLogN int)
- type RingPackingEvaluator
- func (eval RingPackingEvaluator) Expand(ct *Ciphertext, logGap int) (cts map[int]*Ciphertext, err error)
- func (eval RingPackingEvaluator) Extract(ct *Ciphertext, idx map[int]bool) (cts map[int]*Ciphertext, err error)
- func (eval RingPackingEvaluator) ExtractNaive(ct *Ciphertext, idx map[int]bool) (cts map[int]*Ciphertext, err error)
- func (eval RingPackingEvaluator) Merge(ctEvenNHalf, ctOddNHalf, ctN *Ciphertext) (err error)
- func (eval RingPackingEvaluator) MergeNew(ctEvenNHalf, ctOddNHalf *Ciphertext) (ctN *Ciphertext, err error)
- func (eval RingPackingEvaluator) Pack(cts map[int]*Ciphertext, inputLogGap int, zeroGarbageSlots bool) (ct *Ciphertext, err error)
- func (eval RingPackingEvaluator) Repack(cts map[int]*Ciphertext) (ct *Ciphertext, err error)
- func (eval RingPackingEvaluator) RepackNaive(cts map[int]*Ciphertext) (ct *Ciphertext, err error)
- func (eval RingPackingEvaluator) ShallowCopy() *RingPackingEvaluator
- func (eval RingPackingEvaluator) Split(ctN, ctEvenNHalf, ctOddNHalf *Ciphertext) (err error)
- func (eval RingPackingEvaluator) SplitNew(ctN *Ciphertext) (ctEvenNHalf, ctOddNHalf *Ciphertext, err error)
- type Scale
- func (s Scale) BigInt() (sInt *big.Int)
- func (s Scale) BinarySize() int
- func (s Scale) Cmp(s1 Scale) (cmp int)
- func (s Scale) Div(s1 Scale) Scale
- func (s Scale) Equal(s1 Scale) bool
- func (s Scale) Float64() float64
- func (s Scale) InDelta(s1 Scale, log2Delta float64) bool
- func (s Scale) Log2() float64
- func (s Scale) Log2Delta(s1 Scale) float64
- func (s Scale) MarshalBinary() (p []byte, err error)
- func (s Scale) MarshalJSON() (p []byte, err error)
- func (s Scale) Max(s1 Scale) (max Scale)
- func (s Scale) Min(s1 Scale) (max Scale)
- func (s Scale) Mul(s1 Scale) Scale
- func (s Scale) Uint64() uint64
- func (s Scale) UnmarshalBinary(p []byte) (err error)
- func (s *Scale) UnmarshalJSON(p []byte) (err error)
- type SecretKey
- func (sk SecretKey) BinarySize() (dataLen int)
- func (sk SecretKey) CopyNew() *SecretKey
- func (sk SecretKey) Equal(other *SecretKey) bool
- func (sk SecretKey) LevelP() int
- func (sk SecretKey) LevelQ() int
- func (sk SecretKey) MarshalBinary() (p []byte, err error)
- func (sk *SecretKey) ReadFrom(r io.Reader) (n int64, err error)
- func (sk *SecretKey) UnmarshalBinary(p []byte) (err error)
- func (sk SecretKey) WriteTo(w io.Writer) (n int64, err error)
- type TestParametersLiteral
- type VectorQP
- func (p VectorQP) BinarySize() int
- func (p VectorQP) CopyNew() *VectorQP
- func (p VectorQP) Equal(other *VectorQP) (equal bool)
- func (p VectorQP) LevelP() int
- func (p VectorQP) LevelQ() int
- func (p VectorQP) MarshalBinary() ([]byte, error)
- func (p *VectorQP) ReadFrom(r io.Reader) (n int64, err error)
- func (p *VectorQP) UnmarshalBinary(b []byte) error
- func (p VectorQP) WriteTo(w io.Writer) (n int64, err error)
Constants ¶
const ( // XsUniformTernary is the standard deviation of a ternary key with uniform distribution XsUniformTernary = 0.816496580927726 //Sqrt(2/3) // DefaultNoise is the default standard deviation of the error DefaultNoise = 3.2 // DefaultNoiseBound is the default bound (in number of standard deviation) of the noise bound DefaultNoiseBound = 19.2 // 6*3.2 )
const GaloisGen uint64 = ring.GaloisGen
GaloisGen is an integer of order N=2^d modulo M=2N and that spans Z_M with the integer -1. The j-th ring automorphism takes the root zeta to zeta^(5j).
const MaxLogN = 20
MaxLogN is the log2 of the largest supported polynomial modulus degree.
const MaxModuliSize = 60
MaxModuliSize is the largest bit-length supported for the moduli in the RNS representation.
const MinLogN = 4
MinLogN is the log2 of the smallest supported polynomial modulus degree (needed to ensure the NTT correctness).
const ( // ScalePrecision is the default precision of the scale. ScalePrecision = uint(128) )
Variables ¶
var DefaultXe = ring.DiscreteGaussian{Sigma: DefaultNoise, Bound: DefaultNoiseBound}
DefaultXe is the default discrete Gaussian distribution.
var DefaultXs = ring.Ternary{P: 2 / 3.0}
var ( // ExampleParameterLogN14LogQP438 is an example parameters set with logN=14 and logQP=438 // offering 128-bit of security. ExampleParametersLogN14LogQP438 = ParametersLiteral{ LogN: 14, Q: []uint64{0x200000440001, 0x7fff80001, 0x800280001, 0x7ffd80001, 0x7ffc80001}, P: []uint64{0x3ffffffb80001, 0x4000000800001}, NTTFlag: true, } )
var ScalePrecisionLog10 = int(math.Ceil(float64(ScalePrecision) / math.Log2(10)))
Functions ¶
func AddPolyTimesGadgetVectorToGadgetCiphertext ¶
func AddPolyTimesGadgetVectorToGadgetCiphertext(pt ring.Poly, cts []GadgetCiphertext, ringQP ringqp.Ring, buff ring.Poly) (err error)
AddPolyTimesGadgetVectorToGadgetCiphertext takes a plaintext polynomial and a list of GadgetCiphertext and adds the plaintext times the RNS and BIT decomposition to the i-th element of the i-th ciphertexts. This method return an error if len(cts) > 2.
func CheckModuli ¶
CheckModuli checks that the provided q and p correspond to a valid moduli chain.
func ExtendBasisSmallNormAndCenterNTTMontgomery ¶
ExtendBasisSmallNormAndCenterNTTMontgomery extends a small-norm polynomial polQ in R_Q to a polynomial polP in R_P. This method can be used to extend from Q0 to QL. Input and output are in the NTT and Montgomery domain.
func GaloisElementsForExpand ¶
func GaloisElementsForExpand(params ParameterProvider, logN int) (galEls []uint64)
GaloisElementsForExpand returns the list of Galois elements required to perform the `Expand` operation with parameter `logN`.
func GaloisElementsForInnerSum ¶
func GaloisElementsForInnerSum(params ParameterProvider, batch, n int) (galEls []uint64)
GaloisElementsForInnerSum returns the list of Galois elements necessary to apply the method Evaluator.InnerSum operation with parameters batch and n.
func GaloisElementsForPack ¶
func GaloisElementsForPack(params ParameterProvider, logGap int) (galEls []uint64)
GaloisElementsForPack returns the list of Galois elements required to perform the `Pack` operation.
func GaloisElementsForReplicate ¶
func GaloisElementsForReplicate(params ParameterProvider, batch, n int) (galEls []uint64)
GaloisElementsForReplicate returns the list of Galois elements necessary to perform the Evaluator.Replicate operation with parameters batch and n.
func GaloisElementsForTrace ¶
func GaloisElementsForTrace(params ParameterProvider, logN int) (galEls []uint64)
GaloisElementsForTrace returns the list of Galois elements required for the for the `Trace` operation. Trace maps X -> sum((-1)^i * X^{i*n+1}) for 2^{LogN} <= i < N.
func GenXPow2NTT ¶
GenXPow2NTT generates X^({-1 if div else 1} * {2^{0 <= i < LogN}}) in NTT.
func NTTSparseAndMontgomery ¶
NTTSparseAndMontgomery takes a polynomial Z[Y] outside of the NTT domain and maps it to a polynomial Z[X] in the NTT domain where Y = X^(gap). This method is used to accelerate the NTT of polynomials that encode sparse polynomials.
func NoiseEvaluationKey ¶
func NoiseEvaluationKey(evk *EvaluationKey, skIn, skOut *SecretKey, params Parameters) float64
NoiseEvaluationKey the log2 of the standard deviation of the noise of the input GaloisKey with respect to the given SecretKey and Parameters.
func NoiseGadgetCiphertext ¶
func NoiseGadgetCiphertext(gct *GadgetCiphertext, pt ring.Poly, sk *SecretKey, params Parameters) float64
NoiseGadgetCiphertext returns the log2 of the standard deviation of the noise of the input GadgetCiphertext with respect to the given Plaintext, SecretKey and Parameters. The polynomial pt is expected to be in the NTT and Montgomery domain.
func NoiseGaloisKey ¶
func NoiseGaloisKey(gk *GaloisKey, sk *SecretKey, params Parameters) float64
NoiseGaloisKey the log2 of the standard deviation of the noise of the input GaloisKey key with respect to the given SecretKey and paramters.
func NoisePublicKey ¶
func NoisePublicKey(pk *PublicKey, sk *SecretKey, params Parameters) float64
NoisePublicKey returns the log2 of the standard deviation of the input PublicKey with respect to the given [Secret] and parameters.
func NoiseRelinearizationKey ¶
func NoiseRelinearizationKey(rlk *RelinearizationKey, sk *SecretKey, params Parameters) float64
NoiseRelinearizationKey the log2 of the standard deviation of the noise of the input RelinearizationKey with respect to the given [Secret] and paramters.
func Norm ¶
func Norm(ct *Ciphertext, dec *Decryptor) (std, min, max float64)
Norm returns the log2 of the standard deviation, minimum and maximum absolute norm of the decrypted Ciphertext, before the decoding (i.e. including the error).
func PopulateElementRandom ¶
PopulateElementRandom creates a new Element with random coefficients.
func ResolveEvaluationKeyParameters ¶
func ResolveEvaluationKeyParameters(params Parameters, evkParams []EvaluationKeyParameters) (levelQ, levelP, BaseTwoDecomposition int, compressed bool)
func SwitchCiphertextRingDegree ¶
SwitchCiphertextRingDegree changes the ring degree of ctIn to the one of opOut. Maps Y^{N/n} -> X^{N} or X^{N} -> Y^{N/n}. If the ring degree of opOut is larger than the one of ctIn, then the ringQ of ctIn must be provided (otherwise, a nil pointer).
func SwitchCiphertextRingDegreeNTT ¶
func SwitchCiphertextRingDegreeNTT(ctIn *Element[ring.Poly], ringQLargeDim *ring.Ring, opOut *Element[ring.Poly])
SwitchCiphertextRingDegreeNTT changes the ring degree of ctIn to the one of opOut. Maps Y^{N/n} -> X^{N} or X^{N} -> Y^{N/n}. If the ring degree of opOut is larger than the one of ctIn, then the ringQ of opOut must be provided (otherwise, a nil pointer). The ctIn must be in the NTT domain and opOut will be in the NTT domain.
Types ¶
type Ciphertext ¶
Ciphertext is a generic type for RLWE ciphertexts.
func NewCiphertext ¶
func NewCiphertext(params ParameterProvider, degree int, level ...int) (ct *Ciphertext)
NewCiphertext returns a new Ciphertext with zero values and an associated MetaData set to the Parameters default value.
func NewCiphertextAtLevelFromPoly ¶
func NewCiphertextAtLevelFromPoly(level int, poly []ring.Poly) (*Ciphertext, error)
NewCiphertextAtLevelFromPoly constructs a new Ciphertext at a specific level where the message is set to the passed poly. No checks are performed on poly and the returned Ciphertext will share its backing array of coefficients. Returned Ciphertext's MetaData is allocated but empty.
func NewCiphertextRandom ¶
func NewCiphertextRandom(prng sampling.PRNG, params ParameterProvider, degree, level int) (ciphertext *Ciphertext)
NewCiphertextRandom generates a new uniformly distributed Ciphertext of degree, level.
func (Ciphertext) Copy ¶
func (ct Ciphertext) Copy(ctxCopy *Ciphertext)
Copy copies the input element and its parameters on the target element.
func (Ciphertext) CopyNew ¶
func (ct Ciphertext) CopyNew() *Ciphertext
CopyNew creates a new element as a copy of the target element.
func (Ciphertext) Equal ¶
func (ct Ciphertext) Equal(other *Ciphertext) bool
Equal performs a deep equal.
func (Ciphertext) Plaintext ¶ added in v6.1.0
func (ct Ciphertext) Plaintext() *Plaintext
Plaintext casts the target ciphertext into a plaintext type. This method is allocation free.
type CiphertextMetaData ¶
type CiphertextMetaData struct { // IsNTT is a flag indicating if the ciphertext is in the NTT domain. IsNTT bool // IsMontgomery is a flag indicating if the ciphertext is in the Montgomery domain. IsMontgomery bool }
CiphertextMetaData is a struct storing metadata related to the ciphertext.
func (*CiphertextMetaData) BinarySize ¶
func (m *CiphertextMetaData) BinarySize() int
BinarySize returns the size in bytes that the object once marshalled into a binary form.
func (*CiphertextMetaData) Equal ¶
func (m *CiphertextMetaData) Equal(other *CiphertextMetaData) (res bool)
Equal returns true if two MetaData structs are identical.
func (CiphertextMetaData) MarshalBinary ¶
func (m CiphertextMetaData) MarshalBinary() (p []byte, err error)
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (CiphertextMetaData) MarshalJSON ¶
func (m CiphertextMetaData) MarshalJSON() (p []byte, err error)
func (*CiphertextMetaData) ReadFrom ¶
func (m *CiphertextMetaData) ReadFrom(r io.Reader) (int64, error)
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*CiphertextMetaData) UnmarshalBinary ¶
func (m *CiphertextMetaData) UnmarshalBinary(p []byte) (err error)
UnmarshalBinary decodes a slice of bytes generated by CiphertextMetaData.MarshalBinary or CiphertextMetaData.WriteTo on the object.
func (*CiphertextMetaData) UnmarshalJSON ¶
func (m *CiphertextMetaData) UnmarshalJSON(p []byte) (err error)
func (*CiphertextMetaData) WriteTo ¶
func (m *CiphertextMetaData) WriteTo(w io.Writer) (int64, error)
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:
- When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
- When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
type Decryptor ¶
type Decryptor struct {
// contains filtered or unexported fields
}
Decryptor is a structure used to decrypt Ciphertext. It stores the secret-key.
func NewDecryptor ¶
func NewDecryptor(params ParameterProvider, sk *SecretKey) *Decryptor
NewDecryptor instantiates a new generic RLWE Decryptor.
func (Decryptor) Decrypt ¶
func (d Decryptor) Decrypt(ct *Ciphertext, pt *Plaintext)
Decrypt decrypts the Ciphertext and writes the result in pt. The level of the output Plaintext is min(ct.Level(), pt.Level()) Output pt MetaData will match the input ct MetaData.
func (Decryptor) DecryptNew ¶
func (d Decryptor) DecryptNew(ct *Ciphertext) (pt *Plaintext)
DecryptNew decrypts the Ciphertext and returns the result in a new Plaintext. Output pt MetaData will match the input ct MetaData.
func (Decryptor) GetRLWEParameters ¶
func (d Decryptor) GetRLWEParameters() *Parameters
GetRLWEParameters returns the underlying Parameters.
func (Decryptor) ShallowCopy ¶
ShallowCopy creates a shallow copy of Decryptor in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned Decryptor can be used concurrently.
type Distribution ¶
type Distribution struct { ring.DistributionParameters Std float64 AbsBound float64 }
func NewDistribution ¶
func NewDistribution(params ring.DistributionParameters, logN int) (d Distribution)
type DistributionLiteral ¶
type DistributionLiteral interface{}
type Element ¶
Element is a generic struct to store a vector of T along with some metadata.
func GetSmallestLargest ¶
func GetSmallestLargest[T ring.Poly | ringqp.Poly](el0, el1 *Element[T]) (smallest, largest *Element[T], sameDegree bool)
GetSmallestLargest returns the provided element that has the smallest degree as a first returned value and the largest degree as second return value. If the degree match, the order is the same as for the input.
func NewElement ¶
NewElement allocates a new Element[ring.Poly].
func NewElementAtLevelFromPoly ¶
NewElementAtLevelFromPoly constructs a new Element at a specific level where the message is set to the passed poly. No checks are performed on poly and the returned Element will share its backing array of coefficients. Returned Element's MetaData is nil.
func NewElementExtended ¶
func NewElementExtended(params ParameterProvider, degree, levelQ, levelP int) *Element[ringqp.Poly]
NewElementExtended allocates a new Element[ringqp.Poly].
func (Element[T]) BinarySize ¶
BinarySize returns the serialized size of the object in bytes.
func (*Element[T]) Copy ¶
Copy copies opCopy on op, up to the capacity of op (similarely to copy([]byte, []byte)).
func (Element[T]) MarshalBinary ¶
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (*Element[T]) ReadFrom ¶
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*Element[T]) Resize ¶
Resize resizes the degree of the target element. Sets the NTT flag of the added poly equal to the NTT flag to the poly at degree zero.
func (*Element[T]) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes generated by Element.MarshalBinary or Element.WriteTo on the object.
func (Element[T]) WriteTo ¶
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:
- When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
- When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
type ElementInterface ¶
type ElementInterface[T ring.Poly | ringqp.Poly] interface { N() int LogN() int El() *Element[T] Degree() int Level() int }
ElementInterface is a common interface for Ciphertext and Plaintext types.
type EncryptionKey ¶
type EncryptionKey interface {
// contains filtered or unexported methods
}
EncryptionKey is an interface for encryption keys. Valid encryption keys are the SecretKey and PublicKey types.
type Encryptor ¶
type Encryptor struct {
// contains filtered or unexported fields
}
func NewEncryptor ¶
func NewEncryptor(params ParameterProvider, key EncryptionKey) *Encryptor
NewEncryptor creates a new Encryptor from either a public key or a private key.
func (Encryptor) Encrypt ¶
Encrypt encrypts the input plaintext using the stored encryption key and writes the result on ct. The method currently accepts only *Ciphertext as ct. If a Plaintext is given, then the output Ciphertext MetaData will match the Plaintext MetaData. The method returns an error if the ct has an unsupported type or if no encryption key is stored in the Encryptor.
The encryption procedure masks the plaintext by adding a fresh encryption of zero. The encryption procedure depends on the parameters: If the auxiliary modulus P is defined, the encryption of zero is sampled in QP before being rescaled by P; otherwise, it is directly sampled in Q.
func (Encryptor) EncryptNew ¶
func (enc Encryptor) EncryptNew(pt *Plaintext) (ct *Ciphertext, err error)
EncryptNew encrypts the input plaintext using the stored encryption key and returns a newly allocated Ciphertext containing the result. If a Plaintext is provided, then the output Ciphertext MetaData will match the Plaintext MetaData. The method returns an error if the ct has an unsupported type or if no encryption key is stored in the Encryptor.
The encryption procedure masks the plaintext by adding a fresh encryption of zero. The encryption procedure depends on the parameters: If the auxiliary modulus P is defined, the encryption of zero is sampled in QP before being rescaled by P; otherwise, it is directly sampled in Q.
func (Encryptor) EncryptZero ¶
EncryptZero generates an encryption of zero under the stored encryption key and writes the result on ct. The method accepts only *Ciphertext as input. The method returns an error if the ct has an unsupported type or if no encryption key is stored in the Encryptor.
The encryption procedure depends on the parameters: If the auxiliary modulus P is defined, the encryption of zero is sampled in QP before being rescaled by P; otherwise, it is directly sampled in Q. The zero encryption is generated according to the given Ciphertext MetaData.
func (Encryptor) EncryptZeroNew ¶
func (enc Encryptor) EncryptZeroNew(level int) (ct *Ciphertext)
EncryptZeroNew generates an encryption of zero under the stored encryption key and returns a newly allocated Ciphertext containing the result. The method returns an error if no encryption key is stored in the Encryptor. The encryption procedure depends on the parameters: If the auxiliary modulus P is defined, the encryption of zero is sampled in QP before being rescaled by P; otherwise, it is directly sampled in Q.
func (Encryptor) GetRLWEParameters ¶
func (enc Encryptor) GetRLWEParameters() *Parameters
GetRLWEParameters returns the underlying Parameters.
func (Encryptor) ShallowCopy ¶
func (Encryptor) WithKey ¶
func (enc Encryptor) WithKey(key EncryptionKey) *Encryptor
type EvaluationKey ¶
type EvaluationKey struct { GadgetCiphertext Seed []byte }
EvaluationKey is a public key indented to be used during the evaluation phase of a homomorphic circuit. It provides a one way public and non-interactive re-encryption from a ciphertext encrypted under skIn to a ciphertext encrypted under skOut.
Such re-encryption is for example used for:
- Homomorphic relinearization: re-encryption of a quadratic ciphertext (that requires (1, sk sk^2) to be decrypted) to a linear ciphertext (that required (1, sk) to be decrypted). In this case skIn = sk^2 an skOut = sk.
- Homomorphic automorphisms: an automorphism in the ring Z[X]/(X^{N}+1) is defined as pi_k: X^{i} -> X^{i^k} with k coprime to 2N. Pi_sk is for exampled used during homomorphic slot rotations. Applying pi_k to a ciphertext encrypted under sk generates a new ciphertext encrypted under pi_k(sk), and an Evaluationkey skIn = pi_k(sk) to skOut = sk is used to bring it back to its original key.
func NewEvaluationKey ¶
func NewEvaluationKey(params ParameterProvider, evkParams ...EvaluationKeyParameters) *EvaluationKey
NewEvaluationKey returns a new EvaluationKey with pre-allocated zero-value.
func (EvaluationKey) CopyNew ¶
func (evk EvaluationKey) CopyNew() *EvaluationKey
CopyNew creates a deep copy of the target EvaluationKey and returns it.
func (EvaluationKey) Expand ¶ added in v6.1.0
func (evk EvaluationKey) Expand(params ParameterProvider, buffer *GadgetCiphertext) error
Expand decompresses a compressed EvaluationKey of the form (-a*sk + w*P*s' + e) to (-a*sk + w*P*s' + e, a). The user can provide a buffer GadgetCiphertext of degree 0 matching the size of the EvaluationKey. If no buffer is provided, the second component will be allocated. The method will return an error if:
- The EvaluationKey is not compressed
- The provided buffer is invalid.
func (EvaluationKey) IsCompressed ¶ added in v6.1.0
func (evk EvaluationKey) IsCompressed() bool
IsCompressed indicates whether the EvaluationKey is compressed or not.
type EvaluationKeyParameters ¶
type EvaluationKeySet ¶
type EvaluationKeySet interface { // GetGaloisKey retrieves the Galois key for the automorphism X^{i} -> X^{i*galEl}. GetGaloisKey(galEl uint64) (evk *GaloisKey, err error) // GetGaloisKeysList returns the list of all the Galois elements // for which a Galois key exists in the object. GetGaloisKeysList() (galEls []uint64) // GetRelinearizationKey retrieves the RelinearizationKey. GetRelinearizationKey() (evk *RelinearizationKey, err error) // ShallowCopy returns a thread-safe copy of the underlying object. ShallowCopy() EvaluationKeySet }
EvaluationKeySet is an interface implementing methods to load the RelinearizationKey and the GaloisKey in the Evaluator. Implementations of this interface must be safe for concurrent use.
type Evaluator ¶
type Evaluator struct { EvaluationKeySet *EvaluatorBuffers BasisExtender *ring.BasisExtender Decomposer *ring.Decomposer // contains filtered or unexported fields }
Evaluator is a struct that holds the necessary elements to execute general homomorphic operation on RLWE ciphertexts, such as automorphisms, key-switching and relinearization.
func NewEvaluator ¶
func NewEvaluator(params ParameterProvider, evk EvaluationKeySet) (eval *Evaluator)
NewEvaluator creates a new Evaluator.
func (Evaluator) ApplyEvaluationKey ¶
func (eval Evaluator) ApplyEvaluationKey(ctIn *Ciphertext, evk *EvaluationKey, opOut *Ciphertext) (err error)
ApplyEvaluationKey is a generic method to apply an EvaluationKey on a ciphertext. An EvaluationKey is a type of public key that is be used during the evaluation of a homomorphic circuit to provide additional functionalities, like relinearization or rotations.
In a nutshell, an EvaluationKey encrypts a secret skIn under a secret skOut and enables the public and non interactive re-encryption of any ciphertext encrypted under skIn to a new ciphertext encrypted under skOut.
The method will return an error if either ctIn or opOut degree isn't 1.
This method can also be used to switch a ciphertext to one with a different ring degree. Note that the parameters of the smaller ring degree must be the same or a subset of the moduli Q and P of the one for the larger ring degree.
To do so, it must be provided with the appropriate EvaluationKey, and have the operands matching the target ring degrees.
To switch a ciphertext to a smaller ring degree:
- ctIn ring degree must match the evaluator's ring degree.
- opOut ring degree must match the smaller ring degree.
- evk must have been generated using the key-generator of the large ring degree with as input large-key -> small-key.
To switch a ciphertext to a smaller ring degree:
- ctIn ring degree must match the smaller ring degree.
- opOut ring degree must match the evaluator's ring degree.
- evk must have been generated using the key-generator of the large ring degree with as input small-key -> large-key.
func (Evaluator) Automorphism ¶
func (eval Evaluator) Automorphism(ctIn *Ciphertext, galEl uint64, opOut *Ciphertext) (err error)
Automorphism computes phi(ct), where phi is the map X -> X^galEl. The method requires that the corresponding RotationKey has been added to the Evaluator. The method will return an error if either ctIn or opOut degree is not equal to 1.
func (Evaluator) AutomorphismHoisted ¶
func (eval Evaluator) AutomorphismHoisted(level int, ctIn *Ciphertext, c1DecompQP []ringqp.Poly, galEl uint64, opOut *Ciphertext) (err error)
AutomorphismHoisted is similar to Evaluator.Automorphism, except that it takes as input ctIn and c1DecompQP, where c1DecompQP is the RNS decomposition of its element of degree 1. This decomposition can be obtained with Evaluator.DecomposeNTT. The method requires that the corresponding RotationKey has been added to the Evaluator. The method will return an error if either ctIn or opOut degree is not equal to 1.
func (Evaluator) AutomorphismHoistedLazy ¶
func (eval Evaluator) AutomorphismHoistedLazy(levelQ int, ctIn *Ciphertext, c1DecompQP []ringqp.Poly, galEl uint64, ctQP *Element[ringqp.Poly]) (err error)
AutomorphismHoistedLazy is similar to Evaluator.AutomorphismHoisted, except that it returns a ciphertext modulo QP and scaled by P. The method requires that the corresponding RotationKey has been added to the Evaluator. Result NTT domain is returned according to the NTT flag of ctQP.
func (Evaluator) AutomorphismIndex ¶
func (Evaluator) CheckAndGetGaloisKey ¶
CheckAndGetGaloisKey returns an error if the GaloisKey for the given Galois element is missing or the EvaluationKey interface is nil.
func (Evaluator) CheckAndGetRelinearizationKey ¶
func (eval Evaluator) CheckAndGetRelinearizationKey() (evk *RelinearizationKey, err error)
CheckAndGetRelinearizationKey returns an error if the RelinearizationKey is missing or the EvaluationKey interface is nil.
func (Evaluator) DecomposeNTT ¶
func (eval Evaluator) DecomposeNTT(levelQ, levelP, nbPi int, c2 ring.Poly, c2IsNTT bool, decompQP []ringqp.Poly)
DecomposeNTT applies the full RNS basis decomposition on c2. Expects the IsNTT flag of c2 to correctly reflect the domain of c2. BuffQPDecompQ and BuffQPDecompQ are vectors of polynomials (mod Q and mod P) that store the special RNS decomposition of c2 (in the NTT domain)
func (Evaluator) DecomposeSingleNTT ¶
func (eval Evaluator) DecomposeSingleNTT(levelQ, levelP, nbPi, BaseRNSDecompositionVectorSize int, c2NTT, c2InvNTT, c2QiQ, c2QiP ring.Poly)
DecomposeSingleNTT takes the input polynomial c2 (c2NTT and c2InvNTT, respectively in the NTT and out of the NTT domain) modulo the RNS basis, and returns the result on c2QiQ and c2QiP, the receiver polynomials respectively mod Q and mod P (in the NTT domain)
func (Evaluator) GadgetProduct ¶
func (eval Evaluator) GadgetProduct(levelQ int, cx ring.Poly, gadgetCt *GadgetCiphertext, ct *Ciphertext)
GadgetProduct evaluates poly x Gadget -> RLWE where
ct = [<decomp(cx), gadget[0]>, <decomp(cx), gadget[1]>] mod Q
Expects the flag IsNTT of ct to correctly reflect the domain of cx.
func (Evaluator) GadgetProductHoisted ¶
func (eval Evaluator) GadgetProductHoisted(levelQ int, BuffQPDecompQP []ringqp.Poly, gadgetCt *GadgetCiphertext, ct *Ciphertext)
GadgetProductHoisted applies the key-switch to the decomposed polynomial c2 mod QP (BuffQPDecompQP) and divides the result by P, reducing the basis from QP to Q.
ct = [<BuffQPDecompQP, gadgetCt[0]) mod Q
BuffQPDecompQP is expected to be in the NTT domain.
Result NTT domain is returned according to the NTT flag of ct.
func (Evaluator) GadgetProductHoistedLazy ¶
func (eval Evaluator) GadgetProductHoistedLazy(levelQ int, BuffQPDecompQP []ringqp.Poly, gadgetCt *GadgetCiphertext, ctQP *Element[ringqp.Poly]) (err error)
GadgetProductHoistedLazy applies the gadget product to the decomposed polynomial c2 mod QP (BuffQPDecompQ and BuffQPDecompP)
BuffQP2 = dot(BuffQPDecompQ||BuffQPDecompP * gadgetCt[0]) mod QP BuffQP3 = dot(BuffQPDecompQ||BuffQPDecompP * gadgetCt[1]) mod QP
BuffQPDecompQP is expected to be in the NTT domain.
Result NTT domain is returned according to the NTT flag of ctQP.
The method will return an error if ctQP.Level() < gadgetCt.Level().
func (Evaluator) GadgetProductLazy ¶
func (eval Evaluator) GadgetProductLazy(levelQ int, cx ring.Poly, gadgetCt *GadgetCiphertext, ctQP *Element[ringqp.Poly]) (err error)
GadgetProductLazy evaluates poly x Gadget -> RLWE where
ctQP = [<decomp(cx), gadget[0]>, <decomp(cx), gadget[1]>] mod QP
Expects the flag IsNTT of ctQP to correctly reflect the domain of cx.
Result NTT domain is returned according to the NTT flag of ctQP.
The method will return an error if ctQP.Level() < gadgetCt.Level().
func (Evaluator) GetBuffCt ¶
func (eval Evaluator) GetBuffCt() *Ciphertext
func (Evaluator) GetBuffDecompQP ¶
func (Evaluator) GetEvaluatorBuffer ¶
func (eval Evaluator) GetEvaluatorBuffer() *EvaluatorBuffers
func (*Evaluator) GetRLWEParameters ¶
func (eval *Evaluator) GetRLWEParameters() *Parameters
func (Evaluator) InitOutputBinaryOp ¶
func (eval Evaluator) InitOutputBinaryOp(op0, op1 *Element[ring.Poly], opInTotalMaxDegree int, opOut *Element[ring.Poly]) (degree, level int, err error)
InitOutputBinaryOp initializes the output Element opOut for receiving the result of a binary operation over op0 and op1. The method also performs the following checks:
- Inputs are not nil
- MetaData are not nil
- op0.Degree() + op1.Degree() != 0 (i.e at least one Element is a ciphertext)
- op0.IsNTT == op1.IsNTT == DefaultNTTFlag
- op0.IsBatched == op1.IsBatched
The opOut metadata are initilized as: IsNTT <- DefaultNTTFlag IsBatched <- op0.IsBatched LogDimensions <- max(op0.LogDimensions, op1.LogDimensions)
The method returns max(op0.Degree(), op1.Degree(), opOut.Degree()) and min(op0.Level(), op1.Level(), opOut.Level())
func (Evaluator) InitOutputUnaryOp ¶
func (eval Evaluator) InitOutputUnaryOp(op0, opOut *Element[ring.Poly]) (degree, level int, err error)
InitOutputUnaryOp initializes the output Element opOut for receiving the result of a unary operation over op0. The method also performs the following checks:
- Input and output are not nil
- Inoutp and output Metadata are not nil
- op0.IsNTT == DefaultNTTFlag
The method will also update the metadata of opOut:
IsNTT <- NTTFlag IsBatched <- op0.IsBatched LogDimensions <- op0.LogDimensions
The method returns max(op0.Degree(), opOut.Degree()) and min(op0.Level(), opOut.Level()).
func (Evaluator) InnerFunction ¶
func (eval Evaluator) InnerFunction(ctIn *Ciphertext, batchSize, n int, f func(a, b, c *Ciphertext) (err error), opOut *Ciphertext) (err error)
InnerFunction applies an user defined function on the Ciphertext with a tree-like combination requiring log2(n) + HW(n) rotations.
InnerFunction with f = eval.Add(a, b, c) is equivalent to Evaluator.InnerSum (although slightly slower).
The operation assumes that `ctIn` encrypts Slots/`batchSize` sub-vectors of size `batchSize` and will add them together (in parallel) in groups of `n`. It outputs in opOut a Ciphertext for which the "leftmost" sub-vector of each group is equal to the pair-wise recursive evaluation of function over the group.
The inner function is computed in a tree fashion. Example for batchSize=2 & n=4 (garbage slots are marked by 'x'):
[{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}]
[{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}] f [{c, d}, {e, f}, {g, h}, {x, x}, {c, d}, {e, f}, {g, h}, {x, x}] (rotate batchSize * 2^{0}) = [{f(a, c), f(b, d)}, {f(c, e), f(d, f)}, {f(e, g), f(f, h)}, {x, x}, {f(a, c), f(b, d)}, {f(c, e), f(d, f)}, {f(e, g), f(f, h)}, {x, x}]
[{f(a, c), f(b, d)}, {x, x}, {f(e, g), f(f, h)}, {x, x}, {f(a, c), f(b, d)}, {x, x}, {f(e, g), f(f, h)}, {x, x}] (rotate batchSize * 2^{1}) + [{f(e, g), f(f, h)}, {x, x}, {x, x}, {x, x}, {f(e, g), f(f, h)}, {x, x}, {x, x}, {x, x}] = = [{f(f(a,c),f(e,g)), f(f(b, d), f(f, h))}, {x, x}, {x, x}, {x, x}, {f(f(a,c),f(e,g)), f(f(b, d), f(f, h))}, {x, x}, {x, x}, {x, x}]
func (Evaluator) InnerSum ¶
func (eval Evaluator) InnerSum(ctIn *Ciphertext, batchSize, n int, opOut *Ciphertext) (err error)
InnerSum applies an optimized inner sum on the Ciphertext (log2(n) + HW(n) rotations with double hoisting). The operation assumes that `ctIn` encrypts Slots/`batchSize` sub-vectors of size `batchSize` and will add them together (in parallel) in groups of `n`. It outputs in opOut a Ciphertext for which the "leftmost" sub-vector of each group is equal to the sum of the group.
The inner sum is computed in a tree fashion. Example for batchSize=2 & n=4 (garbage slots are marked by 'x'):
[{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}]
[{a, b}, {c, d}, {e, f}, {g, h}, {a, b}, {c, d}, {e, f}, {g, h}] + [{c, d}, {e, f}, {g, h}, {x, x}, {c, d}, {e, f}, {g, h}, {x, x}] (rotate batchSize * 2^{0}) = [{a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}, {a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}]
[{a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}, {a+c, b+d}, {x, x}, {e+g, f+h}, {x, x}] (rotate batchSize * 2^{1}) + [{e+g, f+h}, {x, x}, {x, x}, {x, x}, {e+g, f+h}, {x, x}, {x, x}, {x, x}] = = [{a+c+e+g, b+d+f+h}, {x, x}, {x, x}, {x, x}, {a+c+e+g, b+d+f+h}, {x, x}, {x, x}, {x, x}]
func (Evaluator) ModDownQPtoQNTT ¶
func (Evaluator) Relinearize ¶
func (eval Evaluator) Relinearize(ctIn *Ciphertext, opOut *Ciphertext) (err error)
Relinearize applies the relinearization procedure on ct0 and returns the result in opOut. Relinearization is a special procedure required to ensure ciphertext compactness. It takes as input a quadratic ciphertext, that decrypts with the key (1, sk, sk^2) and outputs a linear ciphertext that decrypts with the key (1, sk). In a nutshell, the relinearization re-encrypt the term that decrypts using sk^2 to one that decrypts using sk. The method will return an error if:
- The input ciphertext degree isn't 2.
- The corresponding relinearization key to the ciphertext degree
is missing.
func (Evaluator) Replicate ¶
func (eval Evaluator) Replicate(ctIn *Ciphertext, batchSize, n int, opOut *Ciphertext) (err error)
Replicate applies an optimized replication on the Ciphertext (log2(n) + HW(n) rotations with double hoisting). It acts as the inverse of a inner sum (summing elements from left to right). The replication is parameterized by the size of the sub-vectors to replicate batchSize and the number of times n they need to be replicated. To ensure correctness, a gap of zero values of size batchSize * (n-1) must exist between two consecutive sub-vectors to replicate. This method is faster than Replicate when the number of rotations is large and it uses log2(n) + HW(n) instead of n.
func (Evaluator) ShallowCopy ¶
ShallowCopy creates a shallow copy of this Evaluator in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned evaluators can be used concurrently.
func (Evaluator) Trace ¶
func (eval Evaluator) Trace(ctIn *Ciphertext, logN int, opOut *Ciphertext) (err error)
Trace maps X -> sum((-1)^i * X^{i*n+1}) for n <= i < N Monomial X^k vanishes if k is not divisible by (N/n), otherwise it is multiplied by (N/n). Ciphertext is pre-multiplied by (N/n)^-1 to remove the (N/n) factor. Examples of full Trace for [0 + 1X + 2X^2 + 3X^3 + 4X^4 + 5X^5 + 6X^6 + 7X^7]
1.
[1 + 2X + 3X^2 + 4X^3 + 5X^4 + 6X^5 + 7X^6 + 8X^7] + [1 - 6X - 3X^2 + 8X^3 + 5X^4 + 2X^5 - 7X^6 - 4X^7] {X-> X^(i * 5^1)} = [2 - 4X + 0X^2 +12X^3 +10X^4 + 8X^5 - 0X^6 + 4X^7]
2.
[2 - 4X + 0X^2 +12X^3 +10X^4 + 8X^5 - 0X^6 + 4X^7] + [2 + 4X + 0X^2 -12X^3 +10X^4 - 8X^5 + 0X^6 - 4X^7] {X-> X^(i * 5^2)} = [4 + 0X + 0X^2 - 0X^3 +20X^4 + 0X^5 + 0X^6 - 0X^7]
3.
[4 + 0X + 0X^2 - 0X^3 +20X^4 + 0X^5 + 0X^6 - 0X^7] + [4 + 0X + 0X^2 - 0X^3 -20X^4 + 0X^5 + 0X^6 - 0X^7] {X-> X^(i * -1)} = [8 + 0X + 0X^2 - 0X^3 + 0X^4 + 0X^5 + 0X^6 - 0X^7]
The method will return an error if the input and output ciphertexts degree is not one.
func (Evaluator) WithKey ¶
func (eval Evaluator) WithKey(evk EvaluationKeySet) *Evaluator
WithKey creates a shallow copy of the receiver Evaluator for which the new EvaluationKey is evaluationKey and where the temporary buffers are shared. The receiver and the returned evaluators cannot be used concurrently.
type EvaluatorBuffers ¶
type EvaluatorBuffers struct { BuffCt *Ciphertext // BuffQP[0-1]: Key-Switch output Key-Switch on the fly decomp(c2) // BuffQP[2-5]: Available BuffQP [6]ringqp.Poly BuffInvNTT ring.Poly BuffDecompQP []ringqp.Poly // Memory Buff for the basis extension in hoisting BuffBitDecomp []uint64 }
func NewEvaluatorBuffers ¶
func NewEvaluatorBuffers(params Parameters) *EvaluatorBuffers
type EvaluatorProvider ¶
type EvaluatorProvider interface { GetBuffQP() [6]ringqp.Poly GetBuffCt() *Ciphertext GetBuffDecompQP() []ringqp.Poly DecomposeNTT(level, levelP, pCount int, c1 ring.Poly, isNTT bool, BuffDecompQP []ringqp.Poly) CheckAndGetGaloisKey(galEl uint64) (evk *GaloisKey, err error) GadgetProductLazy(levelQ int, cx ring.Poly, gadgetCt *GadgetCiphertext, ct *Element[ringqp.Poly]) (err error) GadgetProductHoistedLazy(levelQ int, BuffQPDecompQP []ringqp.Poly, gadgetCt *GadgetCiphertext, ct *Element[ringqp.Poly]) (err error) AutomorphismHoistedLazy(levelQ int, ctIn *Ciphertext, c1DecompQP []ringqp.Poly, galEl uint64, ctQP *Element[ringqp.Poly]) (err error) ModDownQPtoQNTT(levelQ, levelP int, p1Q, p1P, p2Q ring.Poly) AutomorphismIndex(uint64) []uint64 }
type GadgetCiphertext ¶
GadgetCiphertext is a struct for storing an encrypted plaintext times the gadget power matrix.
func NewGadgetCiphertext ¶
func NewGadgetCiphertext(params ParameterProvider, Degree, LevelQ, LevelP, BaseTwoDecomposition int) *GadgetCiphertext
NewGadgetCiphertext returns a new GadgetCiphertext key with pre-allocated zero-value. GadgetCiphertext is always in the NTT domain. A GadgetCiphertext is created by default at degree 1 with the the maximum levelQ and levelP and with no base 2 decomposition. Give the optional GadgetCiphertextParameters struct to create a GadgetCiphertext with at a specific degree, levelQ, levelP and/or base 2 decomposition.
func (GadgetCiphertext) BaseRNSDecompositionVectorSize ¶
func (ct GadgetCiphertext) BaseRNSDecompositionVectorSize() int
BaseRNSDecompositionVectorSize returns the number of element in the RNS decomposition basis.
func (GadgetCiphertext) BaseTwoDecompositionVectorSize ¶
func (ct GadgetCiphertext) BaseTwoDecompositionVectorSize() (base []int)
BaseTwoDecompositionVectorSize returns the number of element in the power of two decomposition basis for each prime of Q.
func (GadgetCiphertext) BinarySize ¶
func (ct GadgetCiphertext) BinarySize() (dataLen int)
BinarySize returns the serialized size of the object in bytes.
func (GadgetCiphertext) CopyNew ¶
func (ct GadgetCiphertext) CopyNew() (ctCopy *GadgetCiphertext)
CopyNew creates a deep copy of the receiver ciphertext and returns it.
func (GadgetCiphertext) Degree ¶
func (ct GadgetCiphertext) Degree() int
Degree returns the degree of the target ciphertext.
func (GadgetCiphertext) Equal ¶
func (ct GadgetCiphertext) Equal(other *GadgetCiphertext) bool
Equal checks two ciphertexts for equality.
func (GadgetCiphertext) LevelP ¶
func (ct GadgetCiphertext) LevelP() int
LevelP returns the level of the modulus P of the target ciphertext.
func (GadgetCiphertext) LevelQ ¶
func (ct GadgetCiphertext) LevelQ() int
LevelQ returns the level of the modulus Q of the target ciphertext.
func (GadgetCiphertext) MarshalBinary ¶
func (ct GadgetCiphertext) MarshalBinary() (data []byte, err error)
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (*GadgetCiphertext) ReadFrom ¶
func (ct *GadgetCiphertext) ReadFrom(r io.Reader) (n int64, err error)
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*GadgetCiphertext) UnmarshalBinary ¶
func (ct *GadgetCiphertext) UnmarshalBinary(p []byte) (err error)
UnmarshalBinary decodes a slice of bytes generated by GadgetCiphertext.MarshalBinary or GadgetCiphertext.WriteTo on the object.
func (GadgetCiphertext) WriteTo ¶
func (ct GadgetCiphertext) WriteTo(w io.Writer) (n int64, err error)
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:
- When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
- When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
type GadgetPlaintext ¶
GadgetPlaintext stores a plaintext value times the gadget vector.
func NewGadgetPlaintext ¶
func NewGadgetPlaintext(params Parameters, value interface{}, levelQ, levelP, baseTwoDecomposition int) (pt *GadgetPlaintext, err error)
NewGadgetPlaintext creates a new GadgetPlaintext from value, which can be either uint64, int64 or *ring.Poly. Plaintext is returned in the NTT and Montgomery domain.
type GaloisKey ¶
type GaloisKey struct { GaloisElement uint64 NthRoot uint64 EvaluationKey }
GaloisKey is a type of EvaluationKey used to evaluate automorphisms on ciphertext. An automorphism pi: X^{i} -> X^{i*GaloisElement} changes the key under which the ciphertext is encrypted from s to pi(s). Thus, the ciphertext must be re-encrypted from pi(s) to s to ensure correctness, which is done with the corresponding GaloisKey.
Lattigo implements automorphisms differently than the usual way (which is to first apply the automorphism and then the evaluation key). Instead the order of operations is reversed, the GaloisKey for pi^{-1} is evaluated on the ciphertext, outputting a ciphertext encrypted under pi^{-1}(s), and then the automorphism pi is applied. This enables a more efficient evaluation, by only having to apply the automorphism on the final result (instead of having to apply it on the decomposed ciphertext).
func NewGaloisKey ¶
func NewGaloisKey(params ParameterProvider, evkParams ...EvaluationKeyParameters) *GaloisKey
NewGaloisKey allocates a new GaloisKey with zero coefficients and GaloisElement set to zero.
func (GaloisKey) BinarySize ¶
BinarySize returns the serialized size of the object in bytes.
func (GaloisKey) MarshalBinary ¶
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (*GaloisKey) ReadFrom ¶
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*GaloisKey) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes generated by GaloisKey.MarshalBinary or GaloisKey.WriteTo on the object.
func (GaloisKey) WriteTo ¶
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:
- When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
- When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
type KeyGenerator ¶
type KeyGenerator struct { *Encryptor // contains filtered or unexported fields }
KeyGenerator is a structure that stores the elements required to create new keys, as well as a memory buffer for intermediate values.
func NewKeyGenerator ¶
func NewKeyGenerator(params ParameterProvider) *KeyGenerator
NewKeyGenerator creates a new KeyGenerator, from which the secret and public keys, as well as EvaluationKey.
func (KeyGenerator) GenEvaluationKey ¶
func (kgen KeyGenerator) GenEvaluationKey(skInput, skOutput *SecretKey, evk *EvaluationKey)
GenEvaluationKey generates an EvaluationKey, that will re-encrypt a Ciphertext encrypted under the input key into the output key. If the ringDegree(skOutput) > ringDegree(skInput), generates [-a*SkOut + w*P*skIn_{Y^{N/n}} + e, a] in X^{N}. If the ringDegree(skOutput) < ringDegree(skInput), generates [-a*skOut_{Y^{N/n}} + w*P*skIn + e_{N}, a_{N}] in X^{N}. Else generates [-a*skOut + w*P*skIn + e, a] in X^{N}. The output EvaluationKey is always given in max(N, n) and in the moduli of the output EvaluationKey. When re-encrypting a Ciphertext from Y^{N/n} to X^{N}, the Ciphertext must first be mapped to X^{N} using SwitchCiphertextRingDegreeNTT(ctSmallDim, nil, ctLargeDim). When re-encrypting a Ciphertext from X^{N} to Y^{N/n}, the output of the re-encryption is in still X^{N} and must be mapped Y^{N/n} using SwitchCiphertextRingDegreeNTT(ctLargeDim, ringQLargeDim, ctSmallDim).
func (KeyGenerator) GenEvaluationKeyNew ¶
func (kgen KeyGenerator) GenEvaluationKeyNew(skInput, skOutput *SecretKey, evkParams ...EvaluationKeyParameters) (evk *EvaluationKey)
GenEvaluationKeyNew generates a new EvaluationKey, that will re-encrypt a Ciphertext encrypted under the input key into the output key. If the ringDegree(skOutput) > ringDegree(skInput), generates [-a*SkOut + w*P*skIn_{Y^{N/n}} + e, a] in X^{N}. If the ringDegree(skOutput) < ringDegree(skInput), generates [-a*skOut_{Y^{N/n}} + w*P*skIn + e_{N}, a_{N}] in X^{N}. Else generates [-a*skOut + w*P*skIn + e, a] in X^{N}. The output EvaluationKey is always given in max(N, n) and in the moduli of the output EvaluationKey. When re-encrypting a Ciphertext from Y^{N/n} to X^{N}, the Ciphertext must first be mapped to X^{N} using SwitchCiphertextRingDegreeNTT(ctSmallDim, nil, ctLargeDim). When re-encrypting a Ciphertext from X^{N} to Y^{N/n}, the output of the re-encryption is in still X^{N} and must be mapped Y^{N/n} using SwitchCiphertextRingDegreeNTT(ctLargeDim, ringQLargeDim, ctSmallDim).
func (KeyGenerator) GenEvaluationKeysForRingSwapNew ¶
func (kgen KeyGenerator) GenEvaluationKeysForRingSwapNew(skStd, skConjugateInvariant *SecretKey, evkParams ...EvaluationKeyParameters) (stdToci, ciToStd *EvaluationKey)
GenEvaluationKeysForRingSwapNew generates the necessary evaluation keys to switch from a standard ring to to a conjugate invariant ring and vice-versa.
func (KeyGenerator) GenGaloisKey ¶
func (kgen KeyGenerator) GenGaloisKey(galEl uint64, sk *SecretKey, gk *GaloisKey)
GenGaloisKey generates a GaloisKey, enabling the automorphism X^{i} -> X^{i * galEl}.
func (KeyGenerator) GenGaloisKeyNew ¶
func (kgen KeyGenerator) GenGaloisKeyNew(galEl uint64, sk *SecretKey, evkParams ...EvaluationKeyParameters) (gk *GaloisKey)
GenGaloisKeyNew generates a new GaloisKey, enabling the automorphism X^{i} -> X^{i * galEl}.
func (KeyGenerator) GenGaloisKeys ¶
func (kgen KeyGenerator) GenGaloisKeys(galEls []uint64, sk *SecretKey, gks []*GaloisKey)
GenGaloisKeys generates the GaloisKey objects for all galois elements in galEls, and stores the resulting key for galois element i in gks[i]. The galEls and gks parameters must have the same length.
func (KeyGenerator) GenGaloisKeysNew ¶
func (kgen KeyGenerator) GenGaloisKeysNew(galEls []uint64, sk *SecretKey, evkParams ...EvaluationKeyParameters) (gks []*GaloisKey)
GenGaloisKeysNew generates the GaloisKey objects for all galois elements in galEls, and returns the resulting keys in a newly allocated []*GaloisKey.
func (KeyGenerator) GenKeyPairNew ¶
func (kgen KeyGenerator) GenKeyPairNew() (sk *SecretKey, pk *PublicKey)
GenKeyPairNew generates a new SecretKey and a corresponding PublicKey. Distribution of the SecretKey set according to rlwe.Parameters.HammingWeight.
func (KeyGenerator) GenPublicKey ¶
func (kgen KeyGenerator) GenPublicKey(sk *SecretKey, pk *PublicKey)
GenPublicKey generates a PublicKey from the provided SecretKey.
func (KeyGenerator) GenPublicKeyNew ¶
func (kgen KeyGenerator) GenPublicKeyNew(sk *SecretKey) (pk *PublicKey)
GenPublicKeyNew generates a new PublicKey from the provided SecretKey.
func (KeyGenerator) GenRelinearizationKey ¶
func (kgen KeyGenerator) GenRelinearizationKey(sk *SecretKey, rlk *RelinearizationKey)
GenRelinearizationKey generates an EvaluationKey that will be used to relinearize [Ciphertexts] during multiplication.
func (KeyGenerator) GenRelinearizationKeyNew ¶
func (kgen KeyGenerator) GenRelinearizationKeyNew(sk *SecretKey, evkParams ...EvaluationKeyParameters) (rlk *RelinearizationKey)
GenRelinearizationKeyNew generates a new EvaluationKey that will be used to relinearize [Ciphertexts] during multiplication.
func (KeyGenerator) GenSecretKey ¶
func (kgen KeyGenerator) GenSecretKey(sk *SecretKey)
GenSecretKey generates a SecretKey. Distribution is set according to rlwe.Parameters.HammingWeight.
func (KeyGenerator) GenSecretKeyNew ¶
func (kgen KeyGenerator) GenSecretKeyNew() (sk *SecretKey)
GenSecretKeyNew generates a new SecretKey. Distribution is set according to rlwe.Parameters.HammingWeight.
func (KeyGenerator) GenSecretKeyWithHammingWeight ¶
func (kgen KeyGenerator) GenSecretKeyWithHammingWeight(hw int, sk *SecretKey)
GenSecretKeyWithHammingWeight generates a SecretKey with exactly hw non-zero coefficients.
func (*KeyGenerator) GenSecretKeyWithHammingWeightNew ¶
func (kgen *KeyGenerator) GenSecretKeyWithHammingWeightNew(hw int) (sk *SecretKey)
GenSecretKeyWithHammingWeightNew generates a new SecretKey with exactly hw non-zero coefficients.
type MemEvaluationKeySet ¶
type MemEvaluationKeySet struct { RelinearizationKey *RelinearizationKey GaloisKeys structs.Map[uint64, GaloisKey] }
MemEvaluationKeySet is a basic in-memory implementation of the EvaluationKeySet interface.
func NewMemEvaluationKeySet ¶
func NewMemEvaluationKeySet(relinKey *RelinearizationKey, galoisKeys ...*GaloisKey) (eks *MemEvaluationKeySet)
NewMemEvaluationKeySet returns a new EvaluationKeySet with the provided RelinearizationKey and the GaloisKey.
func (MemEvaluationKeySet) BinarySize ¶
func (evk MemEvaluationKeySet) BinarySize() (size int)
func (MemEvaluationKeySet) GetGaloisKey ¶
func (evk MemEvaluationKeySet) GetGaloisKey(galEl uint64) (gk *GaloisKey, err error)
GetGaloisKey retrieves the GaloisKey for the automorphism X^{i} -> X^{i*galEl}.
func (MemEvaluationKeySet) GetGaloisKeysList ¶
func (evk MemEvaluationKeySet) GetGaloisKeysList() (galEls []uint64)
GetGaloisKeysList returns the list of all the Galois elements for which a Galois key exists in the object.
func (MemEvaluationKeySet) GetRelinearizationKey ¶
func (evk MemEvaluationKeySet) GetRelinearizationKey() (rk *RelinearizationKey, err error)
GetRelinearizationKey retrieves the RelinearizationKey.
func (MemEvaluationKeySet) MarshalBinary ¶
func (evk MemEvaluationKeySet) MarshalBinary() (p []byte, err error)
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (*MemEvaluationKeySet) ReadFrom ¶
func (evk *MemEvaluationKeySet) ReadFrom(r io.Reader) (n int64, err error)
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*MemEvaluationKeySet) ShallowCopy ¶ added in v6.1.0
func (evk *MemEvaluationKeySet) ShallowCopy() EvaluationKeySet
ShallowCopy returns a thread-safe copy of the MemEvaluationKey object.
func (*MemEvaluationKeySet) UnmarshalBinary ¶
func (evk *MemEvaluationKeySet) UnmarshalBinary(p []byte) (err error)
UnmarshalBinary decodes a slice of bytes generated by MemEvaluationKeySet.MarshalBinary or MemEvaluationKeySet.WriteTo on the object.
func (MemEvaluationKeySet) WriteTo ¶
func (evk MemEvaluationKeySet) WriteTo(w io.Writer) (n int64, err error)
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:
- When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
- When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
type MetaData ¶
type MetaData struct { PlaintextMetaData CiphertextMetaData }
MetaData is a struct storing metadata.
func (MetaData) BinarySize ¶
BinarySize returns the size in bytes that the object once marshalled into a binary form.
func (MetaData) MarshalBinary ¶
func (MetaData) MarshalJSON ¶
func (*MetaData) ReadFrom ¶
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*MetaData) UnmarshalBinary ¶
func (*MetaData) UnmarshalJSON ¶
type Operand ¶
type Operand interface { }
Operand is an empty interface aimed at providing an anchor for documentation.
This interface is deliberately left empty for backward and forward compatibility. It aims at representing all types of operands that can be passed as argument to homomorphic evaluators.
type ParameterProvider ¶
type ParameterProvider interface {
GetRLWEParameters() *Parameters
}
type Parameters ¶
type Parameters struct {
// contains filtered or unexported fields
}
Parameters represents a set of generic RLWE parameters. Its fields are private and immutable. See ParametersLiteral for user-specified parameters.
func NewParameters ¶
func NewParameters(logn int, q, p []uint64, xs, xe DistributionLiteral, ringType ring.Type, defaultScale Scale, NTTFlag bool) (params Parameters, err error)
NewParameters returns a new set of generic RLWE parameters from the given ring degree logn, moduli q and p, and error distribution Xs (secret) and Xe (error). It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.
func NewParametersFromLiteral ¶
func NewParametersFromLiteral(paramDef ParametersLiteral) (params Parameters, err error)
NewParametersFromLiteral instantiate a set of generic RLWE parameters from a ParametersLiteral specification. It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.
If the moduli chain is specified through the LogQ and LogP fields, the method generates a moduli chain matching the specified sizes (see GenModuli).
If the secrets' density parameter (H) is left unset, its value is set to 2^(paramDef.LogN-1) to match the standard ternary distribution.
If the error variance is left unset, its value is set to [DefaultError].
If the RingType is left unset, the default value is ring.Standard.
func (Parameters) BaseRNSDecompositionVectorSize ¶
func (p Parameters) BaseRNSDecompositionVectorSize(levelQ, levelP int) int
BaseRNSDecompositionVectorSize returns the number of element in the RNS decomposition basis: Ceil(lenQi / lenPi)
func (Parameters) BaseTwoDecompositionVectorSize ¶
func (p Parameters) BaseTwoDecompositionVectorSize(levelQ, levelP, Base2Decomposition int) (base []int)
BaseTwoDecompositionVectorSize returns ceil(bits(qi))/Base2Decomposition for each qi. If levelP > 0 or Base2Decomposition == 0, then returns 1 for all qi.
func (Parameters) BinarySize ¶
func (p Parameters) BinarySize() int
BinarySize returns size in bytes of the marshalled Parameters object.
func (Parameters) DefaultScale ¶
func (p Parameters) DefaultScale() Scale
DefaultScale returns the default scaling factor of the plaintext, if any.
func (Parameters) Equal ¶
func (p Parameters) Equal(other *Parameters) (res bool)
Equal checks two Parameter structs for equality.
func (Parameters) GaloisElement ¶
func (p Parameters) GaloisElement(k int) uint64
GaloisElement takes an integer k and returns GaloisGen^{k} mod NthRoot.
func (Parameters) GaloisElementOrderTwoOrthogonalSubgroup ¶
func (p Parameters) GaloisElementOrderTwoOrthogonalSubgroup() uint64
GaloisElementOrderTwoOrthogonalSubgroup returns GaloisGen^{-1} mod NthRoot
func (Parameters) GaloisElements ¶
func (p Parameters) GaloisElements(k []int) (galEls []uint64)
GaloisElements takes a list of integers k and returns the list [GaloisGen^{k[i]} mod NthRoot, ...].
func (Parameters) GetRLWEParameters ¶
func (p Parameters) GetRLWEParameters() *Parameters
GetRLWEParameters returns a pointer to the underlying RLWE parameters.
func (Parameters) LogN ¶
func (p Parameters) LogN() int
LogN returns the log of the degree of the polynomial ring
func (Parameters) LogNthRoot ¶
func (p Parameters) LogNthRoot() int
LogNthRoot returns the log2(NthRoot) of the ring.
func (Parameters) LogP ¶
func (p Parameters) LogP() (logp float64)
LogP returns the size of the extended modulus P in bits
func (Parameters) LogPi ¶
func (p Parameters) LogPi() (logpi []int)
LogPi returns the round(log2) of each primes of the modulus P.
func (Parameters) LogQ ¶
func (p Parameters) LogQ() (logq float64)
LogQ returns the size of the extended modulus Q in bits
func (Parameters) LogQP ¶
func (p Parameters) LogQP() (logqp float64)
LogQP returns the size of the extended modulus QP in bits
func (Parameters) LogQi ¶
func (p Parameters) LogQi() (logqi []int)
LogQi returns round(log2) of each primes of the modulus Q.
func (Parameters) MarshalBinary ¶
func (p Parameters) MarshalBinary() ([]byte, error)
MarshalBinary returns a []byte representation of the parameter set. This representation corresponds to the Parameters.MarshalJSON representation.
func (Parameters) MarshalJSON ¶
func (p Parameters) MarshalJSON() ([]byte, error)
MarshalJSON returns a JSON representation of this parameter set. See Marshal from the encoding/json package.
func (Parameters) MaxBit ¶
func (p Parameters) MaxBit(levelQ, levelP int) (c int)
MaxBit returns max(max(bitLen(Q[:levelQ+1])), max(bitLen(P[:levelP+1])).
func (Parameters) MaxLevel ¶
func (p Parameters) MaxLevel() int
MaxLevel returns the maximum level of a ciphertext.
func (Parameters) MaxLevelP ¶
func (p Parameters) MaxLevelP() int
MaxLevelP returns the maximum level of the modulus P.
func (Parameters) MaxLevelQ ¶
func (p Parameters) MaxLevelQ() int
MaxLevelQ returns the maximum level of the modulus Q.
func (Parameters) ModInvGaloisElement ¶
func (p Parameters) ModInvGaloisElement(galEl uint64) uint64
ModInvGaloisElement takes a Galois element of the form GaloisGen^{k} mod NthRoot and returns GaloisGen^{-k} mod NthRoot.
func (Parameters) NTTFlag ¶
func (p Parameters) NTTFlag() bool
NTTFlag returns a boolean indicating if elements are stored by default in the NTT domain.
func (Parameters) NewScale ¶
func (p Parameters) NewScale(scale interface{}) Scale
NewScale creates a new scale using the stored default scale as template.
func (Parameters) NoiseBound ¶
func (p Parameters) NoiseBound() float64
NoiseBound returns truncation bound for the error distribution.
func (Parameters) NoiseFreshPK ¶
func (p Parameters) NoiseFreshPK() (std float64)
NoiseFreshPK returns the standard deviation of a fresh encryption with the public key.
func (Parameters) NoiseFreshSK ¶
func (p Parameters) NoiseFreshSK() (std float64)
NoiseFreshSK returns the standard deviation of a fresh encryption with the secret key.
func (Parameters) NthRoot ¶
func (p Parameters) NthRoot() int
NthRoot returns the NthRoot of the ring.
func (Parameters) P ¶
func (p Parameters) P() []uint64
P returns a new slice with the factors of the ciphertext modulus extension P
func (Parameters) PBigInt ¶
func (p Parameters) PBigInt() *big.Int
PBigInt return the ciphertext-space extension modulus P in big.Integer, reconstructed, representation.
func (Parameters) PCount ¶
func (p Parameters) PCount() int
PCount returns the number of factors of the ciphertext modulus extension P
func (Parameters) ParametersLiteral ¶
func (p Parameters) ParametersLiteral() ParametersLiteral
ParametersLiteral returns the ParametersLiteral of the target Parameters.
func (Parameters) PiOverflowMargin ¶
func (p Parameters) PiOverflowMargin(level int) int
PiOverflowMargin returns floor(2^64 / max(Pi)), i.e. the number of times elements of Z_max{Pi} can be added together before overflowing 2^64. The function returns -1 if the moduli array is empty.
func (Parameters) Q ¶
func (p Parameters) Q() []uint64
Q returns a new slice with the factors of the ciphertext modulus q
func (Parameters) QBigInt ¶
func (p Parameters) QBigInt() *big.Int
QBigInt return the ciphertext-space modulus Q in big.Integer, reconstructed, representation.
func (Parameters) QCount ¶
func (p Parameters) QCount() int
QCount returns the number of factors of the ciphertext modulus Q
func (Parameters) QP ¶
func (p Parameters) QP() []uint64
QP return the extended ciphertext-space modulus QP in RNS representation.
func (Parameters) QPBigInt ¶
func (p Parameters) QPBigInt() *big.Int
QPBigInt return the extended ciphertext-space modulus QP in big.Integer, reconstructed, representation.
func (Parameters) QPCount ¶
func (p Parameters) QPCount() int
QPCount returns the number of factors of the ciphertext modulus + the modulus extension P
func (Parameters) QiOverflowMargin ¶
func (p Parameters) QiOverflowMargin(level int) int
QiOverflowMargin returns floor(2^64 / max(Qi)), i.e. the number of times elements of Z_max{Qi} can be added together before overflowing 2^64. The function returns -1 if the moduli array is empty.
func (*Parameters) ReadFrom ¶
func (p *Parameters) ReadFrom(r io.Reader) (n int64, err error)
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (Parameters) RingQP ¶
func (p Parameters) RingQP() *ringqp.Ring
RingQP returns a pointer to ringQP
func (Parameters) RingType ¶
func (p Parameters) RingType() ring.Type
RingType returns the type of the underlying ring.
func (Parameters) SolveDiscreteLogGaloisElement ¶
func (p Parameters) SolveDiscreteLogGaloisElement(galEl uint64) (k int)
SolveDiscreteLogGaloisElement takes a Galois element of the form GaloisGen^{k} mod NthRoot and returns k.
func (Parameters) StandardParameters ¶
func (p Parameters) StandardParameters() (pci Parameters, err error)
StandardParameters returns a RLWE parameter set that corresponds to the standard dual of a conjugate invariant parameter set. If the receiver is already a standard set, then the method returns the receiver.
func (*Parameters) UnmarshalBinary ¶
func (p *Parameters) UnmarshalBinary(data []byte) (err error)
UnmarshalBinary decodes a slice of bytes on the target Parameters.
func (*Parameters) UnmarshalJSON ¶
func (p *Parameters) UnmarshalJSON(data []byte) (err error)
UnmarshalJSON reads a JSON representation of a parameter set into the receiver Parameter. See Unmarshal from the encoding/json package.
func (Parameters) UnpackLevelParams ¶
func (p Parameters) UnpackLevelParams(args []int) (levelQ, levelP int)
UnpackLevelParams is an internal function for unpacking level values passed as variadic function parameters.
func (Parameters) WriteTo ¶
func (p Parameters) WriteTo(w io.Writer) (n int64, err error)
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
func (Parameters) Xe ¶
func (p Parameters) Xe() ring.DistributionParameters
Xe returns Distribution of the error
func (Parameters) Xs ¶
func (p Parameters) Xs() ring.DistributionParameters
Xs returns the Distribution of the secret
func (Parameters) XsHammingWeight ¶
func (p Parameters) XsHammingWeight() int
XsHammingWeight returns the expected Hamming weight of the secret.
type ParametersLiteral ¶
type ParametersLiteral struct { LogN int LogNthRoot int `json:",omitempty"` Q []uint64 `json:",omitempty"` P []uint64 `json:",omitempty"` LogQ []int `json:",omitempty"` LogP []int `json:",omitempty"` Xe ring.DistributionParameters `json:",omitempty"` Xs ring.DistributionParameters `json:",omitempty"` RingType ring.Type `json:",omitempty"` DefaultScale Scale `json:",omitempty"` NTTFlag bool `json:",omitempty"` }
ParametersLiteral is a literal representation of RLWE parameters. It has public fields and is used to express unchecked user-defined parameters literally into Go programs. The NewParametersFromLiteral function is used to generate the actual checked parameters from the literal representation.
Users must set the polynomial degree (LogN) and the coefficient modulus, by either setting the Q and P fields to the desired moduli chain, or by setting the LogQ and LogP fields to the desired moduli sizes.
Optionally, users may specify
- the base 2 decomposition for the gadget ciphertexts
- the error variance (Sigma) and secrets' density (H) and the ring type (RingType).
If left unset, standard default values for these field are substituted at parameter creation (see NewParametersFromLiteral).
func (*ParametersLiteral) UnmarshalJSON ¶
func (p *ParametersLiteral) UnmarshalJSON(b []byte) (err error)
type Plaintext ¶
Plaintext is a common base type for RLWE plaintexts.
func NewPlaintext ¶
func NewPlaintext(params ParameterProvider, level ...int) (pt *Plaintext)
NewPlaintext creates a new Plaintext at the specified level from the parameters.
func NewPlaintextAtLevelFromPoly ¶
NewPlaintextAtLevelFromPoly constructs a new Plaintext at a specific level where the message is set to the passed poly. No checks are performed on poly and the returned Plaintext will share its backing array of coefficients. Returned plaintext's MetaData is allocated but empty.
func NewPlaintextRandom ¶
func NewPlaintextRandom(prng sampling.PRNG, params ParameterProvider, level int) (pt *Plaintext)
NewPlaintextRandom generates a new uniformly distributed Plaintext.
func (*Plaintext) ReadFrom ¶
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*Plaintext) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes generated by MarshalBinary or Read on the objeop.
type PlaintextMetaData ¶
type PlaintextMetaData struct { // Scale is the scaling factor of the plaintext. Scale Scale // LogDimensions is the Log2 of the 2D plaintext matrix dimensions. LogDimensions ring.Dimensions // IsBatched is a flag indicating if the underlying plaintext is encoded // in such a way that product in R[X]/(X^N+1) acts as a point-wise multiplication // in the plaintext space. IsBatched bool // IsBitReversed is a flag indicating if the underlying plaintext is // bit-reversed. This can be true for both batch and non-batched plaintexts. IsBitReversed bool }
PlaintextMetaData is a struct storing metadata related to the plaintext.
func (PlaintextMetaData) BinarySize ¶
func (m PlaintextMetaData) BinarySize() int
BinarySize returns the size in bytes that the object once marshalled into a binary form.
func (*PlaintextMetaData) Equal ¶
func (m *PlaintextMetaData) Equal(other *PlaintextMetaData) (res bool)
func (PlaintextMetaData) LogScale ¶
func (m PlaintextMetaData) LogScale() float64
LogScale returns log2(scale).
func (PlaintextMetaData) LogSlots ¶
func (m PlaintextMetaData) LogSlots() int
LogSlots returns the log2 of the total number of slots that the plaintext holds.
func (PlaintextMetaData) MarshalBinary ¶
func (m PlaintextMetaData) MarshalBinary() (p []byte, err error)
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (PlaintextMetaData) MarshalJSON ¶
func (m PlaintextMetaData) MarshalJSON() (p []byte, err error)
func (*PlaintextMetaData) ReadFrom ¶
func (m *PlaintextMetaData) ReadFrom(r io.Reader) (int64, error)
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (PlaintextMetaData) Slots ¶
func (m PlaintextMetaData) Slots() int
Slots returns the total number of slots that the plaintext holds.
func (*PlaintextMetaData) UnmarshalBinary ¶
func (m *PlaintextMetaData) UnmarshalBinary(p []byte) (err error)
UnmarshalBinary decodes a slice of bytes generated by PlaintextMetaData.MarshalBinary or PlaintextMetaData.WriteTo on the object.
func (*PlaintextMetaData) UnmarshalJSON ¶
func (m *PlaintextMetaData) UnmarshalJSON(p []byte) (err error)
func (PlaintextMetaData) WriteTo ¶
func (m PlaintextMetaData) WriteTo(w io.Writer) (int64, error)
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:
- When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
- When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
type PublicKey ¶
type PublicKey struct {
Value VectorQP
}
PublicKey is a type for generic RLWE public keys. The Value field stores the polynomials in NTT and Montgomery form.
func NewPublicKey ¶
func NewPublicKey(params ParameterProvider) (pk *PublicKey)
NewPublicKey returns a new PublicKey with zero values.
func (PublicKey) BinarySize ¶
func (PublicKey) MarshalBinary ¶
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (*PublicKey) ReadFrom ¶
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*PublicKey) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes generated by PublicKey.MarshalBinary or PublicKey.WriteTo on the object.
func (PublicKey) WriteTo ¶
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:
- When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
- When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
type RelinearizationKey ¶
type RelinearizationKey struct {
EvaluationKey
}
RelinearizationKey is type of EvaluationKey used for ciphertext multiplication compactness. The Relinearization key encrypts s^{2} under s and is used to homomorphically re-encrypt the degree 2 term of a ciphertext (the term that decrypt with s^{2}) into a degree 1 term (a term that decrypts with s).
func NewRelinearizationKey ¶
func NewRelinearizationKey(params ParameterProvider, evkParams ...EvaluationKeyParameters) *RelinearizationKey
NewRelinearizationKey allocates a new RelinearizationKey with zero coefficients.
func (RelinearizationKey) CopyNew ¶
func (rlk RelinearizationKey) CopyNew() *RelinearizationKey
CopyNew creates a deep copy of the object and returns it.
type RingPackingEvaluationKey ¶
type RingPackingEvaluationKey struct { // Parameters are the different Parameters among // which a ciphertext will be switched during the // procedure. These parameters share the same primes // but support different ring degrees. Parameters map[int]ParameterProvider // RingSwitchingKeys are the ring degree switching keys // indexed as map[inputLogN][outputLogN] RingSwitchingKeys map[int]map[int]*EvaluationKey // RepackKeys are the [EvaluationKey] used for the // RLWE repacking. RepackKeys map[int]EvaluationKeySet // ExtractKeys are the [EvaluationKey] used for the // RLWE extraction. ExtractKeys map[int]EvaluationKeySet }
RingPackingEvaluationKey is a struct storing the ring packing evaluation keys. All fields of this struct are public, enabling custom instantiations.
func (*RingPackingEvaluationKey) GenExtractEvaluationKeys ¶
func (rpk *RingPackingEvaluationKey) GenExtractEvaluationKeys(params ParameterProvider, sk *SecretKey, evkParams EvaluationKeyParameters)
GenExtractEvaluationKeys generates the set of params.LogN() [EvaluationKey]s necessary to perform the extraction operation. See RingPackingEvaluator.Extract for additional information.
func (*RingPackingEvaluationKey) GenRepackEvaluationKeys ¶
func (rpk *RingPackingEvaluationKey) GenRepackEvaluationKeys(params ParameterProvider, sk *SecretKey, evkParams EvaluationKeyParameters)
GenRepackEvaluationKeys generates the set of params.LogN() [EvaluationKey]s necessary to perform the repacking operation. See RingPackingEvaluator.Repack for additional information.
func (*RingPackingEvaluationKey) GenRingSwitchingKeys ¶
func (rpk *RingPackingEvaluationKey) GenRingSwitchingKeys(params ParameterProvider, sk *SecretKey, minLogN int, evkParams EvaluationKeyParameters) (ski map[int]*SecretKey, err error)
GenRingSwitchingKeys generates the [Parameter]s and [EvaluationKey]s to be able to split an Ciphertext into two [Ciphertext]s of half the ring degree and merge two [Ciphertext]s into one Ciphertext of twice the ring degree.
The method returns the [Parameter]s, [EvaluationKey]s and ephemeral [SecretKey]s used to generate the ring-switching [EvaluationKey]s.
See the methods RingPackingEvaluator.Split and RingPackingEvaluator.Repack.
This function will return an error if minLogN >= params.LogN().
func (RingPackingEvaluationKey) MaxLogN ¶
func (rpk RingPackingEvaluationKey) MaxLogN() (maxLogN int)
MaxLogN returns the maximum Log(N) among the supported ring degrees. This method requires that the field Parameters of RingPackingEvaluationKey has been populated.
func (RingPackingEvaluationKey) MinLogN ¶
func (rpk RingPackingEvaluationKey) MinLogN() (minLogN int)
MinLogN returns the minimum Log(N) among the supported ring degrees. This method requires that the field Parameters of RingPackingEvaluationKey has been populated.
type RingPackingEvaluator ¶
type RingPackingEvaluator struct { *RingPackingEvaluationKey Evaluators map[int]*Evaluator //XPow2NTT: [1, x, x^2, x^4, ..., x^2^s] / (X^2^s +1) XPow2NTT map[int][]ring.Poly //XInvPow2NTT: [1, x^-1, x^-2, x^-4, ..., x^-2^s/2] / (X^2^s +1) XInvPow2NTT map[int][]ring.Poly }
RingPackingEvaluator is an evaluator for Ring-LWE packing operations. All fields of this struct are public, enabling custom instantiations.
func NewRingPackingEvaluator ¶
func NewRingPackingEvaluator(evk *RingPackingEvaluationKey) *RingPackingEvaluator
NewRingPackingEvaluator instantiates a new RingPackingEvaluator from a RingPackingEvaluationKey.
func (RingPackingEvaluator) Expand ¶
func (eval RingPackingEvaluator) Expand(ct *Ciphertext, logGap int) (cts map[int]*Ciphertext, err error)
Expand expands a RLWE Ciphertext encrypting P(X) = ci * X^i and returns a map of ciphertexts, each encrypting P(X) = ci * X^0, indexed by i, for 0<= i < 2^{logN} and i divisible by 2^{logGap}.
This method is a used as a sub-routine of the Extract method.
The method will return an error if:
- The input ciphertext degree is not one
- The ring type is not ring.Standard
func (RingPackingEvaluator) Extract ¶
func (eval RingPackingEvaluator) Extract(ct *Ciphertext, idx map[int]bool) (cts map[int]*Ciphertext, err error)
Extract takes as input a ciphertext encrypting P(X) = c[i] * X^i and returns a map of ciphertexts of degree eval.MinLogN(), each encrypting P(X) = c[i] * X^{0} for i in idx. All non-constant coefficients are zeroed and thus correctness is ensured if this method is composed with either Repack or RepackNaive.
func (RingPackingEvaluator) ExtractNaive ¶
func (eval RingPackingEvaluator) ExtractNaive(ct *Ciphertext, idx map[int]bool) (cts map[int]*Ciphertext, err error)
ExtractNaive takes as input a ciphertext encrypting P(X) = c[i] * X^i and returns a map of ciphertexts of degree eval.MinLogN(), each encrypting P(X) = c[i] * X^{0} for i in idx. Non-constant coefficients are NOT zeroed thus correctness is only ensured if this method is composed with Repack.
If eval.MinLogN() = eval.MaxLogN(), no evaluation keys are required for this method. If eval.MinLogN() < eval.MaxLogN(), only RingSwitchingKeys are required for this method.
func (RingPackingEvaluator) Merge ¶
func (eval RingPackingEvaluator) Merge(ctEvenNHalf, ctOddNHalf, ctN *Ciphertext) (err error)
Merge merges two ciphertexts of degree N/2 into a ciphertext of degre N: ctN[X] = ctEvenNHalf[Y] + X * ctOddNHalf[Y] where Y = X^2.
func (RingPackingEvaluator) MergeNew ¶
func (eval RingPackingEvaluator) MergeNew(ctEvenNHalf, ctOddNHalf *Ciphertext) (ctN *Ciphertext, err error)
MergeNew merges two ciphertexts of degree N/2 into a ciphertext of degre N: ctN[X] = ctEvenNHalf[Y] + X * ctOddNHalf[Y] where Y = X^2.
func (RingPackingEvaluator) Pack ¶
func (eval RingPackingEvaluator) Pack(cts map[int]*Ciphertext, inputLogGap int, zeroGarbageSlots bool) (ct *Ciphertext, err error)
Pack packs a map of of ciphertexts, each encrypting Pi(X) = ci * X^{i} for 0 <= i * 2^{inputLogGap} < 2^{LogN} and indexed by j, for 0<= j < 2^{eval.MaxLogN()} and returns ciphertext encrypting P(X) = Pi(X) * X^i. zeroGarbageSlots: if set to true, slots which are not multiples of X^{2^{logGap}} will be zeroed during the procedure.
The method will return an error if:
- The number of ciphertexts is 0
- Any input ciphertext degree is not one
- Gaps between ciphertexts is smaller than inputLogGap > N
- The ring type is not ring.Standard
Example: we want to pack 4 ciphertexts into one, and keep only coefficients which are a multiple of X^{4}.
To do so, we must set logGap = 2. Here the `X` slots are treated as garbage slots that we want to discard during the procedure. input: map[int]{ 0: [x00, X, X, X, x01, X, X, X], with logGap = 2 1: [x10, X, X, X, x11, X, X, X], 2: [x20, X, X, X, x21, X, X, X], 3: [x30, X, X, X, x31, X, X, X], } Step 1: map[0]: 2^{-1} * (map[0] + X^2 * map[2] + phi_{5^2}(map[0] - X^2 * map[2]) = [x00, X, x20, X, x01, X, x21, X] map[1]: 2^{-1} * (map[1] + X^2 * map[3] + phi_{5^2}(map[1] - X^2 * map[3]) = [x10, X, x30, X, x11, X, x31, X] Step 2: map[0]: 2^{-1} * (map[0] + X^1 * map[1] + phi_{5^4}(map[0] - X^1 * map[1]) = [x00, x10, x20, x30, x01, x11, x21, x22]
func (RingPackingEvaluator) Repack ¶
func (eval RingPackingEvaluator) Repack(cts map[int]*Ciphertext) (ct *Ciphertext, err error)
Repack takes as input a map of ciphertext and repacks the constant coefficient each ciphertext into a single ciphertext of degree eval.MaxLogN() following the indexing of the map.
For example, if cts = map[int]*Ciphertext{0:ct0, 1:ct1, 4:ct2}, then the method will return a ciphertext encrypting P(X) = ct0[0] + ct1[0] * X + ct2[0] * X^4.
The method accepts ciphertexts of a ring degree between eval.MinLogN() and eval.MaxLogN().
All non-constant coefficient are zeroed during the repacking, thus correctness is ensured if this method can be composed with either Extract or ExtractNaive.
func (RingPackingEvaluator) RepackNaive ¶
func (eval RingPackingEvaluator) RepackNaive(cts map[int]*Ciphertext) (ct *Ciphertext, err error)
RepackNaive takes as input a map of ciphertext and repacks the constant coefficient each ciphertext into a single ciphertext of degree eval.MaxLogN() following the indexing of the map.
For example, if cts = map[int]*Ciphertext{0:ct0, 1:ct1, 4:ct2}, then the method will return a ciphertext encrypting P(X) = ct0[0] + ct1[0] * X + ct2[0] * X^4.
The method accepts ciphertexts of a ring degree between eval.MinLogN() and eval.MaxLogN().
If eval.MinLogN() = eval.MaxLogN(), no evaluation keys are required for this method. If eval.MinLogN() < eval.MaxLogN(), only RingSwitchingKeys are required for this method.
Unlike Repack, non-constant coefficient are NOT zeroed during the repacking, thus correctness is only ensured if this method is composed with either Extract.
func (RingPackingEvaluator) ShallowCopy ¶
func (eval RingPackingEvaluator) ShallowCopy() *RingPackingEvaluator
ShallowCopy creates a shallow copy of this struct in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned Evaluators can be used concurrently.
func (RingPackingEvaluator) Split ¶
func (eval RingPackingEvaluator) Split(ctN, ctEvenNHalf, ctOddNHalf *Ciphertext) (err error)
Split splits a ciphertext of degree N into two ciphertexts of degree N/2: ctN[X] = ctEvenNHalf[Y] + X * ctOddNHalf[Y] where Y = X^2.
func (RingPackingEvaluator) SplitNew ¶
func (eval RingPackingEvaluator) SplitNew(ctN *Ciphertext) (ctEvenNHalf, ctOddNHalf *Ciphertext, err error)
SplitNew splits a ciphertext of degree N into two ciphertexts of degree N/2: ctN[X] = ctEvenNHalf[Y] + X * ctOddNHalf[Y] where Y = X^2.
type Scale ¶
Scale is a struct used to track the scaling factor of Plaintext and Ciphertext structs. The scale is managed as an 128-bit precision real and can be either a floating point value or a mod T prime integer, which is determined at instantiation.
func NewScale ¶
func NewScale(s interface{}) Scale
NewScale instantiates a new floating point Scale. Accepted types for s are int, int64, uint64, float64, *big.Int, *big.Float and *Scale. If the input type is not an accepted type, returns an error.
func NewScaleModT ¶
NewScaleModT instantiates a new integer mod T Scale. Accepted types for s are int, int64, uint64, float64, *big.Int, *big.Float and *Scale. If the input type is not an accepted type, returns an error.
func (Scale) BigInt ¶
BigInt returns the scale as a big.Int, truncating the rational part and rounding ot the nearest integer. The rounding assumes that the scale is a positive value.
func (Scale) BinarySize ¶
BinarySize returns the serialized size of the object in bytes. Each value is encoded with .Text('e', ceil(ScalePrecision / log2(10))).
func (Scale) Cmp ¶
Cmp compares the target scale with s1. Returns 0 if the scales are equal, 1 if the target scale is greater and -1 if the target scale is smaller.
func (Scale) Div ¶
Div multiplies the target s with s1^-1, returning the result in a new Scale struct. If mod is specified, performs the multiplication modulo t with the multiplicative inverse of s1. Otherwise, performs the quotient operation.
func (Scale) MarshalBinary ¶
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (Scale) MarshalJSON ¶
MarshalJSON encodes the object into a binary form on a newly allocated slice of bytes.
func (Scale) Max ¶
Max returns the a new scale which is the maximum between the target scale and s1.
func (Scale) Min ¶
Min returns the a new scale which is the minimum between the target scale and s1.
func (Scale) Mul ¶
Mul multiplies the target s with s1, returning the result in a new Scale struct. If mod is specified, performs the multiplication modulo mod.
func (Scale) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes generated by Scale.MarshalBinary on the object.
func (*Scale) UnmarshalJSON ¶
type SecretKey ¶
SecretKey is a type for generic RLWE secret keys. The Value field stores the polynomial in NTT and Montgomery form.
func NewSecretKey ¶
func NewSecretKey(params ParameterProvider) *SecretKey
NewSecretKey generates a new SecretKey with zero values.
func (SecretKey) BinarySize ¶
BinarySize returns the serialized size of the object in bytes.
func (SecretKey) LevelP ¶
LevelP returns the level of the modulus P of the target. Returns -1 if P is absent.
func (SecretKey) MarshalBinary ¶
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (*SecretKey) ReadFrom ¶
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*SecretKey) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes generated by SecretKey.MarshalBinary or SecretKey.WriteTo on the object.
func (SecretKey) WriteTo ¶
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:
- When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
- When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
type TestParametersLiteral ¶
type TestParametersLiteral struct { BaseTwoDecomposition int Compressed bool ParametersLiteral }
type VectorQP ¶
func NewVectorQP ¶
func NewVectorQP(params ParameterProvider, size, levelQ, levelP int) (v VectorQP)
NewVectorQP returns a new PublicKey with zero values.
func (VectorQP) BinarySize ¶
func (VectorQP) LevelP ¶
LevelP returns the level of the modulus P of the first element of the VectorQP. Returns -1 if the size of the vector is zero or has no modulus P.
func (VectorQP) LevelQ ¶
LevelQ returns the level of the modulus Q of the first element of the VectorQP. Returns -1 if the size of the vector is zero or has no modulus Q.
func (VectorQP) MarshalBinary ¶
MarshalBinary encodes the object into a binary form on a newly allocated slice of bytes.
func (*VectorQP) ReadFrom ¶
ReadFrom reads on the object from an io.Writer. It implements the io.ReaderFrom interface.
Unless r implements the buffer.Reader interface (see see lattigo/utils/buffer/reader.go), it will be wrapped into a bufio.Reader. Since this requires allocation, it is preferable to pass a buffer.Reader directly:
- When reading multiple values from a io.Reader, it is preferable to first first wrap io.Reader in a pre-allocated bufio.Reader.
- When reading from a var b []byte, it is preferable to pass a buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
func (*VectorQP) UnmarshalBinary ¶
UnmarshalBinary decodes a slice of bytes generated by VectorQP.MarshalBinary or VectorQP.WriteTo on the object.
func (VectorQP) WriteTo ¶
WriteTo writes the object on an io.Writer. It implements the io.WriterTo interface, and will write exactly object.BinarySize() bytes on w.
Unless w implements the buffer.Writer interface (see lattigo/utils/buffer/writer.go), it will be wrapped into a bufio.Writer. Since this requires allocations, it is preferable to pass a buffer.Writer directly:
- When writing multiple times to a io.Writer, it is preferable to first wrap the io.Writer in a pre-allocated bufio.Writer.
- When writing to a pre-allocated var b []byte, it is preferable to pass buffer.NewBuffer(b) as w (see lattigo/utils/buffer/buffer.go).
Source Files ¶
- ciphertext.go
- decryptor.go
- distribution.go
- element.go
- encryptor.go
- evaluator.go
- evaluator_automorphism.go
- evaluator_evaluationkey.go
- evaluator_gadget_product.go
- example_parameters.go
- gadgetciphertext.go
- inner_sum.go
- keygenerator.go
- keys.go
- metadata.go
- operand.go
- params.go
- plaintext.go
- ring_packing.go
- ring_packing_keys.go
- rlwe.go
- scale.go
- security.go
- test_params.go
- utils.go