bfv

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 1, 2019 License: Apache-2.0 Imports: 7 Imported by: 0

README

BFV

The package BFV is an RNS-accelerated implementation of the Fan-Vercauteren version of Brakerski's scale invariant homomorphic encryption scheme. It provides modular arithmetic over the integers.

Brief description

This scheme can be used to do arithmetic over   equation.

The plaintext space and the ciphertext space share the same domain

,

with a power of 2.

The batch encoding of this scheme

maps an array of integers to a polynomial with the property:

,

where represents a component-wise product, and represents a nega-cyclic convolution.

Security parameters

equation: the ring dimension, which defines the degree of the cyclotomic polynomial, and the number of coefficients of the plaintext/ciphertext polynomials; it should always be a power of two. This parameter has an impact on both security and performance (security increases with N and performance decreases with N). It should be chosen carefully to suit the intended use of the scheme.

equation: the ciphertext modulus. In Lattigo, it is chosen to be the product of small coprime moduli equation verifying equation in order to enable both the RNS and NTT representation. The used moduli equation are chosen to be of size 50 to 60 bits for the best performance. This parameter has an impact on both security and performance (for a fixed equation, a higher equation implies both lower security and lower performance). It is closely related to equation and should be chosen carefully to suit the intended use of the scheme.

equation: the variance used for the error polynomials. This parameter is closely tied to the security of the scheme (a higher equation implies higher security).

Other parameters

equation: the extended ciphertext modulus. This modulus is used during the multiplication, and it has no impact on the security. It is also defined as the product of small coprime moduli equation and should be chosen such that equation by a small margin (~20 bits). This can be done by using one more small coprime modulus than equation.

equation: the plaintext modulus. This parameter defines the maximum value that a plaintext coefficient can take. If a computation leads to a higher value, this value will be reduced modulo the plaintext modulus. It can be initialized with any value, but in order to enable batching, it must be prime and verify equation. It has no impact on the security.

Choosing security parameters

The BFV scheme supports the standard recommended parameters chosen to offer a security of 128 bits for a secret key with uniform ternary distribution equation, according to the Homomorphic Encryption Standards group (https://homomorphicencryption.org/standard/).

Each set of parameters is defined by the tuple equation:

  • {11, 54, 3.2}
  • {12, 109, 3.2}
  • {13, 218, 3.2}
  • {14, 438, 3.2}
  • {15, 881, 3.2}

These parameter sets are hard-coded in the file params.go. By default the variance should always be set to 3.2 unless the user is perfectly aware of the security implications of changing this parameter.

Finally, it is worth noting that these security parameters are computed for fully entropic ternary keys (with probability distribution {1/3,1/3,1/3} for values {-1,0,1}). Lattigo uses this fully-entropic key configuration by default. It is possible, though, to generate keys with lower entropy, by modifying their distribution to {(1-p)/2, p, (1-p)/2}, for any p between 0 and 1, which for p>>1/3 can result in low Hamming weight keys (sparse keys). We recall that it has been shown that the security of sparse keys can be considerably lower than that of fully entropic keys, and the BFV security parameters should be re-evaluated if sparse keys are used.

Documentation

Overview

Package bfv implements a RNS-accelerated Fan-Vercauteren version of Brakerski's scale invariant homomorphic encryption scheme. It provides modular arithmetic over the integers.

Index

Constants

View Source 
const MaxModuliCount = 34

MaxModuliCount is the largest supported number of 60 moduli in the RNS representation

View Source 
const MaxN = 1 << 16

MaxN is the largest supported polynomial modulus degree

Variables

View Source 
var DefaultParams = []Parameters{
	{4096, 65537, logN12Q109, Pi60[len(Pi60)-len(logN12Q109)-1:], 3.19},
	{8192, 65537, logN13Q218, Pi60[len(Pi60)-len(logN13Q218):], 3.19},
	{16384, 65537, logN14Q438, Pi60[len(Pi60)-len(logN14Q438):], 3.19},
	{32768, 65537, logN15Q881, Pi60[len(Pi60)-len(logN15Q881):], 3.19},
}

DefaultParams is an array default parameters with increasing homomorphic capacity. These parameters correspond to 128 bit security level for secret keys in the ternary distribution (see //https://projects.csail.mit.edu/HEWorkshop/HomomorphicEncryptionStandard2018.pdf).

View Source 
var Pi60 = []uint64{0xffffffffe400001, 0xffffffffd000001, 0xffffffffa200001, 0xffffffff9600001,
	0xfffffffeb200001, 0xfffffffea400001, 0xfffffffe8000001, 0xfffffffe3e00001,
	0xfffffffe2200001, 0xfffffffe0800001, 0xfffffffdd400001, 0xfffffffd9000001,
	0xfffffffcea00001, 0xfffffffcdc00001, 0xfffffffc7200001, 0xfffffffc5a00001,
	0xfffffffc5400001, 0xfffffffc4200001, 0xfffffffc2e00001, 0xfffffffbfa00001,
	0xfffffffbf200001, 0xfffffffbce00001, 0xfffffffba400001, 0xfffffffba000001,
	0xfffffffb8c00001, 0xfffffffb1400001, 0xfffffffafc00001, 0xfffffffaf800001,
	0xfffffffa6600001, 0xfffffffa5000001, 0xfffffff9ee00001, 0xfffffff9d600001,
	0xfffffff9ba00001, 0xfffffff99a00001, 0xfffffff94800001, 0xfffffff91000001,
	0xfffffff90600001, 0xfffffff8e600001, 0xfffffff8a400001, 0xfffffff88200001}
View Source 
var TBatching = map[uint64][]uint64{
	4096: {40961, 114689, 188417, 417793, 1032193, 2056193, 4169729, 8380417, 16760833, 33538049, 67084289, 134176769,
		268369921, 536813569, 1073692673, 2147377153, 4294828033},
	8192: {65537, 114689, 163841, 1032193, 1785857, 4079617, 8273921, 16760833, 33538049, 67043329, 133857281,
		268369921, 536690689, 1073692673, 2147352577, 4294475777},
	16384: {65537, 163841, 786433, 1769473, 3735553, 8257537, 16580609, 33292289, 67043329, 133857281, 268369921,
		536641537, 1073643521, 2147352577, 4294475777},
	32768: {65537, 786433, 1769473, 3735553, 8257537, 16580609, 33292289, 67043329, 132710401, 268369921, 536608769,
		1073479681, 2147352577, 4293918721},
}

Plaintext modulus allowing batching for the corresponding N in ascending bitsize.

View Source 
var Tpow2 = []uint64{2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536, 131072, 262144,
	524288, 1048576, 2097152, 4194304, 8388608, 16777216, 33554432, 67108864, 134217728, 268435456, 536870912,
	1073741824, 2147483648, 4294967296}

Power of 2 plaintext modulus

Functions

This section is empty.

Types

type BatchEncoder 

type BatchEncoder struct {
	// contains filtered or unexported fields
}

BatchEncoder is a structure storing the parameters encode values on a plaintext in a SIMD fashion.

func (*BatchEncoder) DecodeInt 

func (batchencoder *BatchEncoder) DecodeInt(plaintext *Plaintext) (coeffs []int64)

DecodeInt decodes a batched plaintext and returns the coefficients in an int64 slice. Also decodes the sign (by centering the values around the plaintext modulus).

func (*BatchEncoder) DecodeUint 

func (batchencoder *BatchEncoder) DecodeUint(plaintext *Plaintext) (coeffs []uint64)

DecodeUint decodes a batched plaintext and returns the coefficients in a uint64 slice.

func (*BatchEncoder) EncodeInt 

func (batchencoder *BatchEncoder) EncodeInt(coeffs []int64, plaintext *Plaintext) error

EncodeInt encodes an int64 slice of size at most N on a plaintext. Also encodes the sign of the given integer (as its inverse modulo the plaintext modulus). The sign will correctly decode as long as the absolute value of the coefficient do not exceed half of the plaintext modulus.

func (*BatchEncoder) EncodeUint 

func (batchencoder *BatchEncoder) EncodeUint(coeffs []uint64, plaintext *Plaintext) error

EncodeUint encodes an uint64 slice of size at most N on a plaintext.

type BfvContext 

type BfvContext struct {
	// contains filtered or unexported fields
}

BfvContext is a struct which contains all the elements required to instantiate the BFV Scheme. This includes the parameters (N, plaintext modulus, ciphertext modulus, sampling, polynomial contexts and other parameters required for the homomorphic operations).

func NewBfvContext 

func NewBfvContext() *BfvContext

NewBfvContext creates a new empty BfvContext.

func NewBfvContextWithParam 

func NewBfvContextWithParam(params *Parameters) (newbfvcontext *BfvContext, err error)

NewBfvContextWithParam creates a new BfvContext with the given parameters. Returns an error if one of the parameters would not ensure the correctness of the scheme (however it doesn't check for security).

Parameters :

- N : the ring degree (must be a power of 2).

- t : the plaintext modulus (must be a prime congruent to 1 mod 2N to enable batching).

- ModuliQ : the ciphertext modulus composed primes congruent to 1 mod 2N.

- ModuliP : the secondary ciphertext modulus used during the multiplication, composed of primes congruent to 1 mod 2N. Must be bigger than ModuliQ by a margin of ~20 bits.

- sigma : the variance of the gaussian sampling.

func (*BfvContext) ContextP added in v1.1.0 

func (bfvContext *BfvContext) ContextP() *ring.Context

ContextP returns the polynomial (ring) context of the secondary ciphertext modulus, of the target bfvcontext.

func (*BfvContext) ContextQ added in v1.1.0 

func (bfvContext *BfvContext) ContextQ() *ring.Context

ContextQ returns the polynomial (ring) context of the ciphertext modulus, of the target bfvcontext.

func (*BfvContext) ContextQP added in v1.1.0 

func (bfvContext *BfvContext) ContextQP() *ring.Context

ContextQP returns the polynomial (ring) context of the extended ciphertext modulus, of the target bfvcontext.

func (*BfvContext) ContextT added in v1.1.0 

func (bfvContext *BfvContext) ContextT() *ring.Context

ContextT returns the polynomial (ring) context of the plaintext modulus, of the target bfvcontext.

func (*BfvContext) Delta 

func (bfvContext *BfvContext) Delta() []uint64

Delta returns t/Q, modulo each Qi, where t is the plaintext modulus, Q is the product of all the Qi, of the target bfvcontext.

func (*BfvContext) LogP added in v1.1.0 

func (bfvContext *BfvContext) LogP() uint64

LogP returns logQ which is the total bitzise of the secondary ciphertext modulus.

func (*BfvContext) LogQ added in v1.1.0 

func (bfvContext *BfvContext) LogQ() uint64

LogQ returns logQ which is the total bitzise of the ciphertext modulus.

func (*BfvContext) N added in v1.1.0 

func (bfvContext *BfvContext) N() uint64

N returns N which is the degree of the ring, of the target bfvcontext.

func (*BfvContext) NewBatchEncoder 

func (bfvcontext *BfvContext) NewBatchEncoder() (batchencoder *BatchEncoder, err error)

NewBatchEncoder creates a new BatchEncoder from the target bfvcontext.

func (*BfvContext) NewBfvElement added in v1.1.0 

func (bfvcontext *BfvContext) NewBfvElement(degree uint64) *bfvElement

NewCiphertext creates a new empty ciphertext of degree degree.

func (*BfvContext) NewCiphertext 

func (bfvcontext *BfvContext) NewCiphertext(degree uint64) *Ciphertext

NewCiphertext creates a new empty ciphertext of degree degree.

func (*BfvContext) NewCiphertextBig 

func (bfvcontext *BfvContext) NewCiphertextBig(degree uint64) *Ciphertext

NewCiphertextBig creates a new empty ciphertext of degree degree in the extended ciphertext context (Q + P).

func (*BfvContext) NewDecryptor 

func (bfvcontext *BfvContext) NewDecryptor(sk *SecretKey) (decryptor *Decryptor, err error)

NewDecryptor creates a new Decryptor from the target bfvcontext with the secret-key given as input.

func (*BfvContext) NewEncryptorFromPk added in v1.1.0 

func (bfvcontext *BfvContext) NewEncryptorFromPk(pk *PublicKey) (*Encryptor, error)

NewEncryptorFromPk creates a new Encryptor with the provided public-key. This encryptor can be used to encrypt plaintexts, using the stored key.

func (*BfvContext) NewEncryptorFromSk added in v1.1.0 

func (bfvcontext *BfvContext) NewEncryptorFromSk(sk *SecretKey) (*Encryptor, error)

NewEncryptorFromSk creates a new Encryptor with the provided secret-key. This encryptor can be used to encrypt plaintexts, using the stored key.

func (*BfvContext) NewEvaluator 

func (bfvcontext *BfvContext) NewEvaluator() (evaluator *Evaluator)

NewEvaluator creates a new Evaluator, that can be used to do homomorphic operations on the ciphertexts and/or plaintexts. It stores a small pool of polynomials and ciphertexts that will be used for intermediate values.

func (*BfvContext) NewIntEncoder 

func (bfvcontext *BfvContext) NewIntEncoder(base int64) *IntEncoder

NewIntEncoder creates a new IntEncoder fromt the target bfvcontext. The base given as input will be used to decompose the values to encode before putting them in the polynomial plaintext.

func (*BfvContext) NewKeyGenerator 

func (bfvcontext *BfvContext) NewKeyGenerator() (keygen *KeyGenerator)

NewKeyGenerator creates a new KeyGenerator, from which the secret and public keys, as well as the evaluation, rotation and switching keys can be generated.

func (*BfvContext) NewPlaintext 

func (bfvcontext *BfvContext) NewPlaintext() *Plaintext

NewPlaintext creates a new plaintext from the target bfvcontext.

func (*BfvContext) NewRandomCiphertext 

func (bfvcontext *BfvContext) NewRandomCiphertext(degree uint64) *Ciphertext

NewRandomCiphertext creates a new ciphertext with uniform coefficients.

func (*BfvContext) NewRandomPlaintextCoeffs 

func (bfvcontext *BfvContext) NewRandomPlaintextCoeffs() (coeffs []uint64)

NewRandomPlaintextCoeffs generates a slice of random coefficient sampled within the plaintext modulus.

func (*BfvContext) SetParameters 

func (bfvContext *BfvContext) SetParameters(params *Parameters) (err error)

SetParameters populates a new BfvContext with the given parameters. Returns an error if one of the parameters would not ensure the correctness of the scheme (however it doesn't check for security).

Parameters :

- N : the ring degree (must be a power of 2).

- t : the plaintext modulus (must be a prime congruent to 1 mod 2N to enable batching).

- ModuliQ : the ciphertext modulus composed primes congruent to 1 mod 2N.

- ModuliP : the secondary ciphertext modulus used during the multiplication, composed of primes congruent to 1 mod 2N. Must be bigger than ModuliQ by a margin of ~20 bits.

- sigma : the variance of the gaussian sampling.

func (*BfvContext) Sigma added in v1.1.0 

func (bfvContext *BfvContext) Sigma() float64

Sigma returns sigma, which is the variance used for the gaussian sampling of the target bfvcontext.

func (*BfvContext) T added in v1.1.0 

func (bfvContext *BfvContext) T() uint64

PlaintextModulus returns the plaintext modulus of the target bfvcontext.

type Ciphertext 

type Ciphertext struct {
	// contains filtered or unexported fields
}

Ciphertext is a *ring.Poly array representing a polynomial of degree > 0 where coefficients are in R_Q.

func (Ciphertext) Ciphertext added in v1.1.0 

func (el Ciphertext) Ciphertext() *Ciphertext

func (Ciphertext) Copy 

func (el Ciphertext) Copy(ctxCopy *bfvElement) error

Copy copies the value and parameters of the input on the target ciphertext.

func (Ciphertext) CopyNew 

func (el Ciphertext) CopyNew() *bfvElement

CopyNew creates a new ciphertext which is a copy of the target ciphertext. Returns the value as a Element.

func (Ciphertext) Degree 

func (el Ciphertext) Degree() uint64

Degree returns the degree of the target ciphertext.

func (Ciphertext) Element added in v1.1.0 

func (el Ciphertext) Element() *bfvElement

func (Ciphertext) InvNTT 

func (el Ciphertext) InvNTT(bfvcontext *BfvContext, c *bfvElement) error

InvNTT puts the target ciphertext outside of the NTT domain, and sets its isNTT flag to false. If it is not in the NTT domain, does nothing.

func (Ciphertext) IsNTT 

func (el Ciphertext) IsNTT() bool

IsNTT returns true if the target ciphertext is in the NTT domain, else false.

func (*Ciphertext) MarshalBinary 

func (ciphertext *Ciphertext) MarshalBinary() ([]byte, error)

MarshalBinary encodes a ciphertext on a byte slice. The total size in byte is 4 + 8* N * numberModuliQ * (degree + 1).

func (Ciphertext) NTT 

func (el Ciphertext) NTT(bfvcontext *BfvContext, c *bfvElement) error

NTT puts the target ciphertext in the NTT domain and sets its isNTT flag to true. If it is already in the NTT domain, does nothing.

func (Ciphertext) Plaintext added in v1.1.0 

func (el Ciphertext) Plaintext() *Plaintext

func (Ciphertext) Resize 

func (el Ciphertext) Resize(bfvcontext *BfvContext, degree uint64)

Resize resizes the target ciphertext degree to the degree given as input. If the input degree is bigger then it will append new empty polynomials, if the degree is smaller, it will delete polynomials until the degree matches the input degree.

func (Ciphertext) SetIsNTT 

func (el Ciphertext) SetIsNTT(value bool)

SetIsNTT assigns the input bolean value to the isNTT flag of the target ciphertext.

func (Ciphertext) SetValue 

func (el Ciphertext) SetValue(value []*ring.Poly)

SetValue assigns the input slice of polynomials to the target ciphertext value.

func (*Ciphertext) UnMarshalBinary added in v1.1.0 

func (ciphertext *Ciphertext) UnMarshalBinary(data []byte) error

UnMarshalBinary decodes a previously marshaled ciphertext on the target ciphertext. The target ciphertext must be of the appropriate format and size, it can be created with the methode NewCiphertext(uint64).

func (Ciphertext) Value 

func (el Ciphertext) Value() []*ring.Poly

Value returns the value of the target ciphertext (as a slice of polynomials in CRT form).

type Decryptor 

type Decryptor struct {
	// contains filtered or unexported fields
}

Decryptor is a structure used to decrypt ciphertext. It stores the secret-key.

func (*Decryptor) Decrypt 

func (decryptor *Decryptor) Decrypt(ciphertext *Ciphertext, plaintext *Plaintext)

Decrypt decrypts the input ciphertext and returns the result on the provided receiver plaintext.

func (*Decryptor) DecryptNew 

func (decryptor *Decryptor) DecryptNew(ciphertext *Ciphertext) (plaintext *Plaintext)

DecryptNew decrypts the input ciphertext and returns the result on a new plaintext.

type Encryptor 

type Encryptor struct {
	// contains filtered or unexported fields
}

Encryptor is a structure holding the parameters needed to encrypt plaintexts.

func (*Encryptor) Encrypt 

func (encryptor *Encryptor) Encrypt(plaintext *Plaintext, ciphertext *Ciphertext) (err error)

EncryptFromPk encrypts the input plaintext using the stored public-key, and returns the result on the reciver ciphertext. It will encrypt the plaintext with the stored key, which can be private or public, a private-key encryption puts initial noise.

encrypt with pk : ciphertext = [pk[0]*u + m + e_0, pk[1]*u + e_1] encrypt with sk : ciphertext = [-a*sk + m + e, a]

func (*Encryptor) EncryptNew 

func (encryptor *Encryptor) EncryptNew(plaintext *Plaintext) (ciphertext *Ciphertext, err error)

EncryptFromPkNew encrypts the input plaintext using the stored public-key and returns the result on a newly created ciphertext. It will encrypt the plaintext with the stored key, which can be private or public, a private-key encryption puts initial noise.

encrypt with pk : ciphertext = [pk[0]*u + m + e_0, pk[1]*u + e_1] encrypt with sk : ciphertext = [-a*sk + m + e, a]

type EvaluationKey 

type EvaluationKey struct {
	// contains filtered or unexported fields
}

Evaluationkey is a structure that stores the switching-keys required during the relinearization.

func (*EvaluationKey) Get 

func (evk *EvaluationKey) Get() []*SwitchingKey

Get returns the slice of switchintkeys of the evaluation-key.

func (*EvaluationKey) MarshalBinary 

func (evaluationkey *EvaluationKey) MarshalBinary() ([]byte, error)

MarshalBinary encodes an evaluation key on a byte slice. The total size depends on each modulus size and the bit decomp. It will approximately be 5 + maxDegree * numberModuli * ( 1 + 2 * 8 * N * numberModuli * logQi/bitDecomp).

func (*EvaluationKey) SetRelinKeys added in v1.1.0 

func (newevakey *EvaluationKey) SetRelinKeys(rlk [][][][2]*ring.Poly, bitDecomp uint64)

SetRelinKeys sets the polynomial of the target evaluation-key as the input polynomials.

func (*EvaluationKey) UnMarshalBinary 

func (evaluationkey *EvaluationKey) UnMarshalBinary(data []byte) error

UnMarshalBinary decodes a previously marshaled evaluation-key on the target evaluation-key. The target evaluation-key must have the appropriate format and size, it can be created with the methode NewRelinKeyEmpty(uint64, uint64).

type Evaluator 

type Evaluator struct {
	// contains filtered or unexported fields
}

Evaluator is a struct holding the necessary elements to operates the homomorphic operations between ciphertext and/or plaintexts. It also holds a small memory pool used to store intermediate computations.

func (*Evaluator) Add 

func (evaluator *Evaluator) Add(op0, op1 Operand, ctOut *Ciphertext) (err error)

Add adds op0 to op1 and returns the result on ctOut.

func (*Evaluator) AddNew 

func (evaluator *Evaluator) AddNew(op0, op1 Operand) (ctOut *Ciphertext, err error)

AddNew adds op0 to op1 and creates a new element ctOut to store the result.

func (*Evaluator) AddNoMod 

func (evaluator *Evaluator) AddNoMod(op0, op1 Operand, ctOut *Ciphertext) (err error)

AddNoMod adds op0 to op1 without modular reduction, and returns the result on cOut.

func (*Evaluator) AddNoModNew 

func (evaluator *Evaluator) AddNoModNew(op0, op1 Operand) (ctOut *Ciphertext, err error)

AddNoModNew adds op0 to op1 without modular reduction and creates a new element ctOut to store the result.

func (*Evaluator) InnerSum 

func (evaluator *Evaluator) InnerSum(ct0 *Ciphertext, evakey *RotationKeys, ctOut *Ciphertext) error

InnerSum computs the inner sum of ct0 and returns the result on ctOut. It requires a rotation key storing all the left power of two rotations. The resulting vector will be of the form [sum, sum, .., sum, sum ].

func (*Evaluator) Mul 

func (evaluator *Evaluator) Mul(op0 *Ciphertext, op1 Operand, ctOut *Ciphertext) (err error)

Mul multiplies op0 by op1 and returns the result on ctOut.

func (*Evaluator) MulNew 

func (evaluator *Evaluator) MulNew(op0 *Ciphertext, op1 Operand) (ctOut *Ciphertext, err error)

MulNew multiplies op0 by op1 and creates a new element ctOut to store the result.

func (*Evaluator) MulScalar 

func (evaluator *Evaluator) MulScalar(op Operand, scalar uint64, ctOut *Ciphertext) error

MulScalar multiplies op by an uint64 scalar and returns the result on ctOut.

func (*Evaluator) MulScalarNew 

func (evaluator *Evaluator) MulScalarNew(op Operand, scalar uint64) (ctOut *Ciphertext, err error)

MulScalarNew multiplies op by an uint64 scalar and creates a new element ctOut to store the result.

func (*Evaluator) Neg 

func (evaluator *Evaluator) Neg(op Operand, ctOut *Ciphertext) error

Neg negates op and returns the result on ctOut.

func (*Evaluator) NegNew 

func (evaluator *Evaluator) NegNew(op Operand) (ctOut *Ciphertext, err error)

Neg negates op and creates a new element to store the result.

func (*Evaluator) Reduce 

func (evaluator *Evaluator) Reduce(op Operand, ctOut *Ciphertext) error

Reduce applies a modular reduction on op and returns the result on ctOut.

func (*Evaluator) ReduceNew 

func (evaluator *Evaluator) ReduceNew(op Operand) (ctOut *Ciphertext, err error)

Reduce applies a modular reduction on op and creates a new element ctOut to store the result.

func (*Evaluator) Relinearize 

func (evaluator *Evaluator) Relinearize(ct0 *Ciphertext, evakey *EvaluationKey, ctOut *Ciphertext) error

Relinearize relinearize the ciphertext ct0 of degree > 1 until it is of degree 1 and returns the result on cOut.

Requires a correct evaluation key as additional input :

- it must match the secret-key that was used to create the public key under which the current ct0 is encrypted.

- it must be of degree high enough to relinearize the input ciphertext to degree 1 (ex. a ciphertext of degree 3 will require that the evaluation key stores the keys for both degree 3 and 2 ciphertexts).

func (*Evaluator) RelinearizeNew 

func (evaluator *Evaluator) RelinearizeNew(ct0 *Ciphertext, evakey *EvaluationKey) (ctOut *Ciphertext, err error)

Relinearize relinearize the ciphertext ct0 of degree > 1 until it is of degree 1 and creates a new ciphertext to store the result.

Requires a correct evaluation key as additional input :

- it must match the secret-key that was used to create the public key under which the current ct0 is encrypted

- it must be of degree high enough to relinearize the input ciphertext to degree 1 (ex. a ciphertext of degree 3 will require that the evaluation key stores the keys for both degree 3 and 2 ciphertexts).

func (*Evaluator) RotateColumns 

func (evaluator *Evaluator) RotateColumns(ct0 *Ciphertext, k uint64, evakey *RotationKeys, ctOut *Ciphertext) (err error)

RotateColumns rotates the columns of ct0 by k position to the left and returns the result on ctOut. As an additional input it requires a rotationkeys :

- it must either store all the left and right power of 2 rotations or the specific rotation that is asked.

If only the power of two rotations are stored, the numbers k and n/2-k will be decomposed in base 2 and the rotation with the least hamming weight will be chosen, then the specific rotation will be computed as a sum of powers of two rotations.

func (*Evaluator) RotateRows 

func (evaluator *Evaluator) RotateRows(ct0 *Ciphertext, evakey *RotationKeys, ctOut *Ciphertext) error

RotateRows swaps the rows of ct0 and returns the result on ctOut.

func (*Evaluator) Sub 

func (evaluator *Evaluator) Sub(op0, op1 Operand, ctOut *Ciphertext) (err error)

Sub subtracts op1 to op0 and returns the result on cOut.

func (*Evaluator) SubNew 

func (evaluator *Evaluator) SubNew(op0, op1 Operand) (ctOut *Ciphertext, err error)

SubNew subtracts op0 to op1 and creates a new element ctOut to store the result.

func (*Evaluator) SubNoMod 

func (evaluator *Evaluator) SubNoMod(op0, op1 Operand, ctOut *Ciphertext) (err error)

SubNoMod subtracts op0 to op1 without modular reduction and returns the result on ctOut.

func (*Evaluator) SubNoModNew 

func (evaluator *Evaluator) SubNoModNew(op0, op1 Operand) (ctOut *Ciphertext, err error)

SubNoModNew subtracts op0 to op1 without modular reduction and creates a new element ctOut to store the result.

func (*Evaluator) SwitchKeys 

func (evaluator *Evaluator) SwitchKeys(ct0 *Ciphertext, switchkey *SwitchingKey, ctOut *Ciphertext) (err error)

SwitchKeys applies the key-switching procedure to the ciphertext ct0 and returns the result on ctOut. It requires as an additional input a valide switching-key : it must encrypt the target key under the public key under which ct0 is currently encrypted.

func (*Evaluator) SwitchKeysNew 

func (evaluator *Evaluator) SwitchKeysNew(ct0 *Ciphertext, switchkey *SwitchingKey) (ctOut *Ciphertext, err error)

SwitchKeys applies the key-switching procedure to the ciphertext ct0 and creates a new ciphertext to store the result. It requires as an additional input a valide switching-key : it must encrypt the target key under the public key under which ct0 is currently encrypted.

type IntEncoder 

type IntEncoder struct {
	// contains filtered or unexported fields
}

IntEncoder is a structure holding the parameters to encode single integers on a plaintext. It uses base decomposition to encode the values.

func (*IntEncoder) Decode 

func (encoder *IntEncoder) Decode(plaintext *Plaintext) int64

Decode reconstructs a value from the input plaintext coefficients, treating each of its coefficients as a power of the base w.

func (*IntEncoder) Encode 

func (encoder *IntEncoder) Encode(msg int64, plaintext *Plaintext)

Encode encodes the input value on the input plaintext, by decomposing the value with the base w and putting each power of the base w in a coefficient.

type KeyGenerator 

type KeyGenerator struct {
	// contains filtered or unexported fields
}

KeyGenerator is a structure that stores the elements required to create new keys, as well as a small memory pool for intermediate values.

func (*KeyGenerator) NewKeyPair 

func (keygen *KeyGenerator) NewKeyPair() (sk *SecretKey, pk *PublicKey)

NewKeyPair generates a new secret-key with distribution [1/3, 1/3, 1/3] and a corresponding public-key.

func (*KeyGenerator) NewPublicKey 

func (keygen *KeyGenerator) NewPublicKey(sk *SecretKey) (pk *PublicKey)

Newpublickey generates a new publickkey from the provided secret-key

func (*KeyGenerator) NewPublicKeyEmpty added in v1.1.0 

func (keygen *KeyGenerator) NewPublicKeyEmpty() (pk *PublicKey)

func (*KeyGenerator) NewRelinKey 

func (keygen *KeyGenerator) NewRelinKey(sk *SecretKey, maxDegree, bitDecomp uint64) (newEvakey *EvaluationKey)

NewRelinKey generates a new evaluation key from the provided secret-key. It will be used to relinearize a ciphertext (encrypted under a public-key generated from the provided secret-key) of degree > 1 to a ciphertext of degree 1. Max degree is the maximum degree of the ciphertext allowed to relinearize. Bitdecomp is the power of two binary decomposition of the key. A higher bigdecomp will induce smaller keys, faster key-switching, but at the cost of more noise.

func (*KeyGenerator) NewRelinKeyEmpty added in v1.1.0 

func (keygen *KeyGenerator) NewRelinKeyEmpty(maxDegree, bitDecomp uint64) (evakey *EvaluationKey)

func (*KeyGenerator) NewRotationKeys 

func (keygen *KeyGenerator) NewRotationKeys(sk *SecretKey, bitDecomp uint64, rotLeft []uint64, rotRight []uint64, row bool) (rotKey *RotationKeys)

Newrotationkeys generates a new struct of rotationkeys storing the keys for the specified rotations. The provided secret-key must be the secret-key used to generate the public-key under which the ciphertexts to rotate are encrypted under. Bitdecomp is the power of two binary decomposition of the key. A higher bigdecomp will induce smaller keys, faster key-switching, but at the cost of more noise. rotLeft and rotRight must be a slice of uint64 rotations, row is a boolean value indicating if the key for the row rotation must be generated.

func (*KeyGenerator) NewRotationKeysEmpty added in v1.1.0 

func (keygen *KeyGenerator) NewRotationKeysEmpty() (rotKey *RotationKeys)

func (*KeyGenerator) NewRotationKeysPow2 

func (keygen *KeyGenerator) NewRotationKeysPow2(sk *SecretKey, bitDecomp uint64, row bool) (rotKey *RotationKeys)

Newrotationkeys generates a new struct of rotationkeys storing the keys of all the left and right powers of two rotations. The provided secret-key must be the secret-key used to generate the public-key under which the ciphertexts to rotate are encrypted under. rows is a boolean value indicatig if the keys for the row rotation have to be generated. Bitdecomp is the power of two binary decomposition of the key. A higher bigdecomp will induce smaller keys, faster key-switching, but at the cost of more noise.

func (*KeyGenerator) NewSecretKey 

func (keygen *KeyGenerator) NewSecretKey() (sk *SecretKey)

Newsecretkey creates a new SecretKey with the distribution [1/3, 1/3, 1/3]

func (*KeyGenerator) NewSecretKeyEmpty added in v1.1.0 

func (keygen *KeyGenerator) NewSecretKeyEmpty() *SecretKey

NewSecretKeyEmpty creates a new SecretKey with all coeffcients set to zero, ready to received a marshaled SecretKey.

func (*KeyGenerator) NewSecretkeyWithDistrib added in v1.1.0 

func (keygen *KeyGenerator) NewSecretkeyWithDistrib(p float64) (sk *SecretKey, err error)

Newsecretkey creates a new SecretKey with the distribution [(p-1)/2, p, (p-1)/2]

func (*KeyGenerator) NewSwitchingKey 

func (keygen *KeyGenerator) NewSwitchingKey(sk_input, sk_output *SecretKey, bitDecomp uint64) (newevakey *SwitchingKey)

Newswitchintkey generates a new key-switching key, that will allow to re-encrypt under the output-key a ciphertext encrypted under the input-key. Bitdecomp is the power of two binary decomposition of the key. A higher bigdecomp will induce smaller keys, faster key-switching, but at the cost of more noise.

func (*KeyGenerator) NewSwitchingKeyEmpty added in v1.1.0 

func (keygen *KeyGenerator) NewSwitchingKeyEmpty(bitDecomp uint64) (evakey *SwitchingKey)

type Operand added in v1.1.0 

type Operand interface {
	Element() *bfvElement
	Degree() uint64
}

type Parameters 

type Parameters struct {
	N     uint64
	T     uint64
	Qi    []uint64
	Pi    []uint64
	Sigma float64
}

Parameters represents a given parameter set for the BFV cryptosystem.

func (*Parameters) Equals 

func (p *Parameters) Equals(other *Parameters) bool

Equals compares two sets of parameters for equality

func (*Parameters) MarshalBinary 

func (p *Parameters) MarshalBinary() ([]byte, error)

MarshalBinary returns a []byte representation of the parameter set

func (*Parameters) UnMarshalBinary 

func (p *Parameters) UnMarshalBinary(data []byte) error

UnMarshalBinary decodes a []byte into a parameter set struct

type Plaintext 

type Plaintext struct {
	// contains filtered or unexported fields
}

Plaintext is a BigPoly of degree 0.

func (Plaintext) Ciphertext added in v1.1.0 

func (el Plaintext) Ciphertext() *Ciphertext

func (Plaintext) Copy 

func (el Plaintext) Copy(ctxCopy *bfvElement) error

Copy copies the value and parameters of the input on the target ciphertext.

func (Plaintext) CopyNew 

func (el Plaintext) CopyNew() *bfvElement

CopyNew creates a new ciphertext which is a copy of the target ciphertext. Returns the value as a Element.

func (Plaintext) Degree 

func (el Plaintext) Degree() uint64

Degree returns the degree of the target ciphertext.

func (*Plaintext) EMB 

func (P *Plaintext) EMB(bfvcontext *BfvContext) error

EMB applies the NTT on a plaintext within the plaintext modulus.

func (*Plaintext) EMBInv 

func (P *Plaintext) EMBInv(bfvcontext *BfvContext) error

EMBInv applies the InvNTT on a plaintext within the plaintext modulus.

func (Plaintext) Element added in v1.1.0 

func (el Plaintext) Element() *bfvElement

func (*Plaintext) GetCoefficients 

func (P *Plaintext) GetCoefficients() [][]uint64

GetCoefficients returns the coefficients of the plaintext in their CRT representation (double-slice).

func (Plaintext) InvNTT 

func (el Plaintext) InvNTT(bfvcontext *BfvContext, c *bfvElement) error

InvNTT puts the target ciphertext outside of the NTT domain, and sets its isNTT flag to false. If it is not in the NTT domain, does nothing.

func (Plaintext) IsNTT 

func (el Plaintext) IsNTT() bool

IsNTT returns true if the target ciphertext is in the NTT domain, else false.

func (*Plaintext) Lift 

func (P *Plaintext) Lift(bfvcontext *BfvContext)

Lift scales the coefficient of the plaintext by Q/t (ciphertext modulus / plaintext modulus) and switches its modulus from t to Q.

func (Plaintext) NTT 

func (el Plaintext) NTT(bfvcontext *BfvContext, c *bfvElement) error

NTT puts the target ciphertext in the NTT domain and sets its isNTT flag to true. If it is already in the NTT domain, does nothing.

func (Plaintext) Plaintext added in v1.1.0 

func (el Plaintext) Plaintext() *Plaintext

func (Plaintext) Resize 

func (el Plaintext) Resize(bfvcontext *BfvContext, degree uint64)

Resize resizes the target ciphertext degree to the degree given as input. If the input degree is bigger then it will append new empty polynomials, if the degree is smaller, it will delete polynomials until the degree matches the input degree.

func (Plaintext) SetIsNTT 

func (el Plaintext) SetIsNTT(value bool)

SetIsNTT assigns the input bolean value to the isNTT flag of the target ciphertext.

func (Plaintext) SetValue 

func (el Plaintext) SetValue(value []*ring.Poly)

SetValue assigns the input slice of polynomials to the target ciphertext value.

func (Plaintext) Value 

func (el Plaintext) Value() []*ring.Poly

Value returns the value of the target ciphertext (as a slice of polynomials in CRT form).

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

Publickey is a structure that stores the public-key

func (*PublicKey) Get 

func (pk *PublicKey) Get() [2]*ring.Poly

Get returns the polynomials of the public-key.

func (*PublicKey) MarshalBinary 

func (pk *PublicKey) MarshalBinary() ([]byte, error)

MarshalBinary encodes a public-key on a byte slice. The total size is 2 + 16 * N * numberModuliQ.

func (*PublicKey) Set 

func (pk *PublicKey) Set(p [2]*ring.Poly)

Set sets the polynomial of the public-key as the input polynomials.

func (*PublicKey) UnMarshalBinary 

func (pk *PublicKey) UnMarshalBinary(data []byte) error

UnMarshalBinary decodes a previously marshaled public-key on the target public-key. The target public-key must have the appropriate format and size, it can be created with the methode NewPublicKeyEmpty().

type RotationKeys 

type RotationKeys struct {
	// contains filtered or unexported fields
}

Rotationkeys is a structure that stores the switching-keys required during the homomorphic rotations.

func (*RotationKeys) MarshalBinary 

func (rotationkey *RotationKeys) MarshalBinary() ([]byte, error)

MarshalBinary encodes a rotationkeys structure on a byte slice. The total size in byte is approximately 5 + 4*(nb left rot + num right rot) + (nb left rot + num right rot + 1 (if rotate row)) * numberModuli * ( 1 + 2 * 8 * N * numberModuli * logQi/bitDecomp).

func (*RotationKeys) UnMarshalBinary 

func (rotationkey *RotationKeys) UnMarshalBinary(data []byte) error

UnMarshalBinary decodes a previously marshaled rotation-keys on the target rotation-keys. In contrary to all the other structures, the unmarshaling for rotationkeys only need an empty receiver, as it is not possible to create receiver of the correct format and size without knowing all the content of the marshaled rotationkeys. The memory will be allocated on the fly.

type SecretKey 

type SecretKey struct {
	// contains filtered or unexported fields
}

Secretkey is a structure that stores the secret-key

func (*SecretKey) Get 

func (sk *SecretKey) Get() *ring.Poly

Get returns the polynomial of the target secret-key.

func (*SecretKey) MarshalBinary 

func (sk *SecretKey) MarshalBinary() ([]byte, error)

MarshalBinary encodes a secret-key on a byte slice. The total size in byte is 1 + N/4.

func (*SecretKey) Set 

func (sk *SecretKey) Set(poly *ring.Poly)

Set sets the polynomial of the target secret key as the input polynomial.

func (*SecretKey) UnMarshalBinary 

func (sk *SecretKey) UnMarshalBinary(data []byte) error

UnMarshalBinary decode a previously marshaled secret-key on the target secret-key. The target secret-key must be of the appropriate format, it can be created with the methode NewSecretKeyEmpty().

type SwitchingKey 

type SwitchingKey struct {
	// contains filtered or unexported fields
}

Switchingkey is a structure that stores the switching-keys required during the key-switching.

func (*SwitchingKey) MarshalBinary added in v1.1.0 

func (switchkey *SwitchingKey) MarshalBinary() ([]byte, error)

MarshalBinary encodes an switching-key on a byte slice. The total size in byte will be approximately 5 + numberModuli * ( 1 + 2 * 8 * N * numberModuli * logQi/bitDecomp).

func (*SwitchingKey) UnMarshalBinary added in v1.1.0 

func (switchkey *SwitchingKey) UnMarshalBinary(data []byte) error

UnMarshalBinary decode a previously marshaled switching-key on the target switching-key. The target switching-key must have the appropriate format and size, it can be created with the methode NewSwitchingKeyEmpty(uint64).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.