Deprecated: The latest supported version is github.com/tuneinsight/lattigo/v4.
Documentation
¶
Overview ¶
Package dckks implements a distributed (or threshold) version of the CKKS scheme that enables secure multiparty computation solutions with secret-shared secret keys.
Index ¶
- type CKG
- type CKS
- type CRPGenerator
- type EkgProtocol
- func (ekg *EkgProtocol) Aggregate(sk *ring.Poly, samples [][][]*ring.Poly, crp [][]*ring.Poly) (h [][][2]*ring.Poly)
- func (ekg *EkgProtocol) ComputeEVK(h1 [][][]*ring.Poly, h [][][2]*ring.Poly) (collectiveEVK [][][2]*ring.Poly)
- func (ekg *EkgProtocol) GenSamples(u, sk *ring.Poly, crp [][]*ring.Poly) (h [][]*ring.Poly)
- func (ekg *EkgProtocol) KeySwitch(u, sk *ring.Poly, samples [][][2]*ring.Poly) (h1 [][]*ring.Poly)
- func (ekg *EkgProtocol) NewEphemeralKey(p float64) (ephemeralKey *ring.Poly, err error)
- func (ekg *EkgProtocol) Sum(samples [][][][2]*ring.Poly) (h [][][2]*ring.Poly)
- type EkgProtocolNaive
- type PCKS
- type PRNG
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CKG ¶
type CKG struct {
// contains filtered or unexported fields
}
CKG is the structure storing the parameters for the collective key generation protocol.
func NewCKG ¶
NewCKG creates a new CKG instance that will be used to generate a collective public key among j parties, using a common reference poylnomial.
func (*CKG) AggregateShares ¶
AggregateShares is the second part of the first and unique round of the CKS protocol. Uppon receiving the j-1 shares, each party computes :
[sum(a* s_i + e_i), sum(a)] = [b * s + e, b]
func (*CKG) Finalize ¶
Finalize transforms the aggregated shares into a new public-key element and returns it.
type CKS ¶
type CKS struct {
// contains filtered or unexported fields
}
CKS is a structure storing the parameters for the collective key-switching protocol.
func NewCKS ¶
NewCKS creates a new CKS that will be used to operate a collective key-switching on a ciphertext encrypted under a collective public-key, whose secret-shares are distributed among j parties, re-encrypting the ciphertext under an other public-key, whose secret-shares are also known to the parties.
func (*CKS) Aggregate ¶
Aggregate is the second part of the unique round of the CKS protocol. Uppon receiving the j-1 elements each party computes :
[ctx[0] + sum((skInput_i - skOutput_i)*ctx[0] + e_i), ctx[1]]
func (*CKS) KeySwitch ¶
KeySwitch is the first and unique round of the CKS protocol. Each party holding a ciphertext ctx encrypted under a collective publick-key musth compute the following :
[(skInput_i - skOutput_i) * ctx[0] + e_i]
Each party then broadcast the result of this computation to the other j-1 parties.
type CRPGenerator ¶
type CRPGenerator struct {
// contains filtered or unexported fields
}
CRPGenerator is the structure storing the parameters for deterministicaly securely generating random polynomials using the structure PRNG.
func NewCRPGenerator ¶
func NewCRPGenerator(key []byte, context *ring.Context) (*CRPGenerator, error)
NewCRPGenerator creates a new CRPGenerator, that will deterministicaly and securely generate uniform polynomials in the input context using the hash function blake2b. The PRNG can be instantiated with a key on top of the public seed. If not key is used, set key=nil.
func (*CRPGenerator) Clock ¶
func (crpgenerator *CRPGenerator) Clock() *ring.Poly
Clock generates and returns a new uniform polynomial. Also increases the clock cycle by 1.
func (*CRPGenerator) GetClock ¶
func (crpgenerator *CRPGenerator) GetClock() uint64
GetClock returns the current clock of the CRPGenerator.
func (*CRPGenerator) GetSeed ¶
func (crpgenerator *CRPGenerator) GetSeed() []byte
GetSeed returns the seed of the CRPGenerator.
func (*CRPGenerator) Seed ¶
func (crpgenerator *CRPGenerator) Seed(seed []byte)
Seed resets the CRPGenerator and instantiate it with a new seed. Does not change the key.
func (*CRPGenerator) SetClock ¶
func (crpgenerator *CRPGenerator) SetClock(n uint64) error
SetClock sets the clock of the CRPGenerator to the given input by clocking it until the clock cycle reach the desired number. If the given input is smaller than the current clock, it will return an error.
type EkgProtocol ¶
type EkgProtocol struct {
// contains filtered or unexported fields
}
EkgProtocol is a structure storing the parameters for the collective evaluation-key generation.
func NewEkgProtocol ¶
func NewEkgProtocol(context *ring.Context, bitDecomp uint64) *EkgProtocol
NewEkgProtocol creates a new EkgProtocol object that will be used to generate a collective evaluation-key among j parties in the given context with the given bit-decomposition.
func (*EkgProtocol) Aggregate ¶
func (ekg *EkgProtocol) Aggregate(sk *ring.Poly, samples [][][]*ring.Poly, crp [][]*ring.Poly) (h [][][2]*ring.Poly)
Aggregate is the second of three rounds of the EkgProtocol protocol. Uppon received the j-1 shares, each party computes :
[s_i * sum([-u_j*a + s_j*w + e_j]) + e_i1, s_i*a + e_i2]
= [s_i * (-u*a + s*w + e) + e_i1, s_i*a + e_i2]
and broadcasts both values to the other j-1 parties.
func (*EkgProtocol) ComputeEVK ¶
func (ekg *EkgProtocol) ComputeEVK(h1 [][][]*ring.Poly, h [][][2]*ring.Poly) (collectiveEVK [][][2]*ring.Poly)
ComputeEVK is third part ot the third and last round of the EkgProtocol protocol. Uppon receiving the other j-1 elements, each party computes :
[s * (-u*a + s*w + e) + e_1 + sum([(u_j - s_j)*(s*a + e_2)])]
= [s * (-u*a + s*w + e) + e_1 + (u - s)*(s*a + e_2)]
= [-s*u*a + s^2*w + s*e + e_1 + s*u*a -s^2*a + (u - s)*e_2]
= [-s^2*a + s^2*w + e_1 + (u - s)*e_2]
= [-s^2*a + s^2*w + e]
The evaluation key is therefor : [-s*b + s^2*w + e, s*b]
func (*EkgProtocol) GenSamples ¶
GenSamples is the first of three rounds of the EkgProtocol protocol. Each party generates a pseudo encryption of its secret share of the key s_i under its ephemeral key u_i : [-u_i*a + s_i*w + e_i] and broadcasts it to the other j-1 parties.
func (*EkgProtocol) KeySwitch ¶
KeySwitch is the second pard of the third and last round of the EkgProtocol protocol. Each party operates a key-switch on [s*a + e_2], by computing :
[(u_i - s_i)*(s*a + e_2)]
and broadcasts the result the other j-1 parties.
func (*EkgProtocol) NewEphemeralKey ¶
func (ekg *EkgProtocol) NewEphemeralKey(p float64) (ephemeralKey *ring.Poly, err error)
NewEphemeralKey generates a new Ephemeral Key u_i (needs to be stored for the 3 first round). Each party is required to pre-compute a secret additional ephemeral key in addition to its share of the collective secret-key.
func (*EkgProtocol) Sum ¶
func (ekg *EkgProtocol) Sum(samples [][][][2]*ring.Poly) (h [][][2]*ring.Poly)
Sum is the first part of the third and last round of the EkgProtocol protocol. Uppon receiving the j-1 elements, each party computues :
[sum(s_j * (-u*a + s*w + e) + e_j1), sum(s_j*a + e_j2)]
= [s * (-u*a + s*w + e) + e_1, s*a + e_2].
type EkgProtocolNaive ¶
type EkgProtocolNaive struct {
// contains filtered or unexported fields
}
EkgProtocolNaive is a structure storing the parameters for the naive EKG protocol.
func NewEkgProtocolNaive ¶
func NewEkgProtocolNaive(context *ring.Context, bitDecomp uint64) *EkgProtocolNaive
NewEkgProtocolNaive creates a new EkgProtocolNaive object that will be used to generate a collective evaluation-key among j parties in the given context with the given bit-decomposition.
func (*EkgProtocolNaive) Aggregate ¶
func (ekg *EkgProtocolNaive) Aggregate(sk *ring.Poly, pk [2]*ring.Poly, samples [][][][2]*ring.Poly) [][][2]*ring.Poly
Aggregate is the first part of the second and last round of the naive EKG protocol. Uppon receiving the j-1 elements, each party computes :
[sum(cpk[0]*u_j + s_j * w + e_0j), sum(cpk[1]*u_j + e_1j)]
= [cpk[0]*u + s * w + e_0, cpk[1]*u + e_1]
Using this intermediate result, each party computes :
[s_i * (cpk[0]*u + s * w + e_0) + v_i*cpk[0] + e_2i, s_i*(cpk[1]*u + e_1) + cpk[1] * v_i + e_3i]
= [ cpk[0] * (u*s_i) + (s*s_i) * w + (s_i*e_0) + v_i*cpk[0] + e_2i, cpk[1]*u*s_i + (s_i*e_1) + cpk[1] * v_i + e_3i]
And party broadcast this last result to the other j-1 parties.
func (*EkgProtocolNaive) Finalize ¶
func (ekg *EkgProtocolNaive) Finalize(h [][][][2]*ring.Poly) [][][2]*ring.Poly
Finalize is the second part of the second and last round of the naive EKG protocol. Uppon receiving the j-1 elements, each party computes :
[ sum(cpk[0] * (u*s_i) + (s*s_i) * w + (s_i*e_0) + v_i*cpk[0] + e_2i), sum(cpk[1]*u*s_i + (s_i*e_1) + cpk[1] * v_i + e_3i)]
= [cpk[0] * (s*u + v) + (s^2 * w) + s*e_0 + e_2, ckp[1] * (s*u + v) + s*e_1 + e_3]
= [-s*b + s^2 * w - (s*u + b) * e_cpk + s*e_0 + e_2, b + s*e_1 + e_3]
func (*EkgProtocolNaive) GenSamples ¶
GenSamples is the first of two rounds of the naive EKG protocol. Using the shared public key "cpk", each party generates a pseudo-encryption of s*w of the form :
[cpk[0]*u_i + s_i * w + e_0i, cpk[1]*u_i + e_1i]
and broadcasts it to all other j-1 parties.
type PCKS ¶
type PCKS struct {
// contains filtered or unexported fields
}
PCKS is the structure storing the parameters for the collective public key-switching.
func NewPCKS ¶
func NewPCKS(skInput *ring.Poly, pkOutput [2]*ring.Poly, context *ring.Context, sigmaSmudging float64) *PCKS
NewPCKS creates a new PCKS object and will be used to re-encrypt a ciphertext ctx encrypted under a secret-shared key mong j parties under a new collective public-key.
func (*PCKS) Aggregate ¶
Aggregate is the second part of the first and unique round of the PCKS protocol. Each party uppon receiving the j-1 elements from the other parties computes :
[ctx[0] + sum(s_i * ctx[0] + u_i * pk[0] + e_0i), sum(u_i * pk[1] + e_1i)]
type PRNG ¶
type PRNG struct {
// contains filtered or unexported fields
}
PRNG is a structure storing the parameters used to securely and deterministicaly generate shared random bytes among different parties using the hash function blake2b.
func (*PRNG) Clock ¶
Clock returns the right 32 bytes of the digest value of the current PRNG state and reseeds the PRNG with the left 32 bytes of the digest value. Also increases the clock cycle by 1.
Source Files