dckks

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2019 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package dckks implements a distributed (or threshold) version of the CKKS scheme that enables secure multiparty computation solutions with secret-shared secret keys.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCRPGenerator 

func NewCRPGenerator(params *ckks.Parameters, key []byte) *ring.CRPGenerator

Types

type CKGProtocol added in v1.3.0 

type CKGProtocol struct {
	// contains filtered or unexported fields
}

CKGProtocol is the structure storing the parameters and state for a party in the collective key generation protocol.

func NewCKGProtocol added in v1.3.0 

func NewCKGProtocol(params *ckks.Parameters) *CKGProtocol

NewCKGProtocol creates a new CKGProtocol instance

func (*CKGProtocol) AggregateShares added in v1.3.0 

func (ckg *CKGProtocol) AggregateShares(share1, share2, shareOut CKGShare)

AggregateShares aggregates a new share to the aggregate key

func (*CKGProtocol) AllocateShares added in v1.3.0 

func (ckg *CKGProtocol) AllocateShares() CKGShare

AllocateShares allocates the share of the CKG protocol.

func (*CKGProtocol) GenPublicKey added in v1.3.0 

func (ckg *CKGProtocol) GenPublicKey(roundShare CKGShare, crs *ring.Poly, pubkey *ckks.PublicKey)

GenPublicKey return the current aggregation of the received shares as a bfv.PublicKey.

func (*CKGProtocol) GenShare added in v1.3.0 

func (ckg *CKGProtocol) GenShare(sk *ring.Poly, crs *ring.Poly, shareOut CKGShare)

GenShare generates the party's public key share from its secret key as:

crs*s_i + e_i

for the receiver protocol. Has no effect is the share was already generated.

type CKGShare added in v1.3.0 

type CKGShare *ring.Poly

CKGShare is a struct storing the CKG protocol's share.

type CKSProtocol added in v1.3.0 

type CKSProtocol struct {
	// contains filtered or unexported fields
}

CKSProtocol is a structure storing the parameters for the collective key-switching protocol.

func NewCKSProtocol added in v1.3.0 

func NewCKSProtocol(params *ckks.Parameters, sigmaSmudging float64) (cks *CKSProtocol)

NewCKSProtocol creates a new CKSProtocol that will be used to operate a collective key-switching on a ciphertext encrypted under a collective public-key, whose secret-shares are distributed among j parties, re-encrypting the ciphertext under another public-key, whose secret-shares are also known to the parties.

func (*CKSProtocol) AggregateShares added in v1.3.0 

func (cks *CKSProtocol) AggregateShares(share1, share2, shareOut CKSShare)

AggregateShares is the second part of the unique round of the CKSProtocol protocol. Upon receiving the j-1 elements each party computes :

[ctx[0] + sum((skInput_i - skOutput_i) * ctx[0] + e_i), ctx[1]]

func (*CKSProtocol) AllocateShare added in v1.3.0 

func (cks *CKSProtocol) AllocateShare() CKSShare

AllocateShare allocates the share of the CKS protocol.

func (*CKSProtocol) GenShare added in v1.3.0 

func (cks *CKSProtocol) GenShare(skInput, skOutput *ring.Poly, ct *ckks.Ciphertext, shareOut CKSShare)

GenShare is the first and unique round of the CKSProtocol protocol. Each party holding a ciphertext ctx encrypted under a collective publick-key must compute the following :

[(skInput_i - skOutput_i) * ctx[0] + e_i]

Each party then broadcasts the result of this computation to the other j-1 parties.

func (*CKSProtocol) KeySwitch added in v1.3.0 

func (cks *CKSProtocol) KeySwitch(combined CKSShare, ct *ckks.Ciphertext, ctOut *ckks.Ciphertext)

KeySwitch performs the actual keyswitching operation on a ciphertext ct and put the result in ctOut

type CKSShare added in v1.3.0 

type CKSShare *ring.Poly

CKSShare is a struct holding a share of the CKS protocol.

type PCKSProtocol added in v1.3.0 

type PCKSProtocol struct {
	// contains filtered or unexported fields
}

PCKSProtocol is the structure storing the parameters for the collective public key-switching.

func NewPCKSProtocol added in v1.3.0 

func NewPCKSProtocol(params *ckks.Parameters, sigmaSmudging float64) *PCKSProtocol

NewPCKSProtocol creates a new PCKSProtocol object and will be used to re-encrypt a ciphertext ctx encrypted under a secret-shared key mong j parties under a new collective public-key.

func (*PCKSProtocol) AggregateShares added in v1.3.0 

func (pcks *PCKSProtocol) AggregateShares(share1, share2, shareOut PCKSShare)

AggregateShares is the second part of the first and unique round of the PCKSProtocol protocol. Each party uppon receiving the j-1 elements from the other parties computes :

[ctx[0] + sum(s_i * ctx[0] + u_i * pk[0] + e_0i), sum(u_i * pk[1] + e_1i)]

func (*PCKSProtocol) AllocateShares added in v1.3.0 

func (pcks *PCKSProtocol) AllocateShares(level uint64) (s PCKSShare)

AllocateShares allocates the share of the PCKS protocol.

func (*PCKSProtocol) GenShare added in v1.3.0 

func (pcks *PCKSProtocol) GenShare(sk *ring.Poly, pk *ckks.PublicKey, ct *ckks.Ciphertext, shareOut PCKSShare)

GenShare is the first part of the unique round of the PCKSProtocol protocol. Each party computes the following :

[s_i * ctx[0] + u_i * pk[0] + e_0i, u_i * pk[1] + e_1i]

and broadcasts the result to the other j-1 parties.

func (*PCKSProtocol) KeySwitch added in v1.3.0 

func (pcks *PCKSProtocol) KeySwitch(combined PCKSShare, ct, ctOut *ckks.Ciphertext)

KeySwitch performs the actual keyswitching operation on a ciphertext ct and put the result in ctOut

type PCKSShare added in v1.3.0 

type PCKSShare [2]*ring.Poly

PCKSShare is a struct storing the share of the PCKS protocol.

type RKGNaiveShareRoundOne added in v1.3.0 

type RKGNaiveShareRoundOne [][2]*ring.Poly

RKGNaiveShareRoundOne is a struct storing the round one share of the RKG naive protocol.

type RKGNaiveShareRoundTwo added in v1.3.0 

type RKGNaiveShareRoundTwo [][2]*ring.Poly

RKGNaiveShareRoundTwo is a struct storing the round two share of the RKG naive protocol.

type RKGProtocol added in v1.3.0 

type RKGProtocol struct {
	// contains filtered or unexported fields
}

RKGProtocol is a structure storing the parameters for the collective evaluation-key generation.

func NewEkgProtocol 

func NewEkgProtocol(params *ckks.Parameters) *RKGProtocol

NewEkgProtocol creates a new RKGProtocol object that will be used to generate a collective evaluation-key.

func (*RKGProtocol) AggregateShareRoundOne added in v1.3.0 

func (ekg *RKGProtocol) AggregateShareRoundOne(share1, share2, shareOut RKGShareRoundOne)

AggregateShareRoundOne sums share1 with share2 on shareOut.

func (*RKGProtocol) AggregateShareRoundThree added in v1.3.0 

func (ekg *RKGProtocol) AggregateShareRoundThree(share1, share2, shareOut RKGShareRoundThree)

AggregateShareRoundThree sums share1 with share2 on shareOut.

func (*RKGProtocol) AggregateShareRoundTwo added in v1.3.0 

func (ekg *RKGProtocol) AggregateShareRoundTwo(share1, share2, shareOut RKGShareRoundTwo)

AggregateShareRoundTwo is the first part of the third and last round of the RKGProtocol protocol. Upon receiving the j-1 elements, each party computes :

[sum(s_j * (-u*a + s*w + e) + e_j1), sum(s_j*a + e_j2)]

= [s * (-u*a + s*w + e) + e_1, s*a + e_2].

func (*RKGProtocol) AllocateShares added in v1.3.0 

func (ekg *RKGProtocol) AllocateShares() (r1 RKGShareRoundOne, r2 RKGShareRoundTwo, r3 RKGShareRoundThree)

AllocateShares allocates the shares of the RKG protocol.

func (*RKGProtocol) GenRelinearizationKey added in v1.3.0 

func (ekg *RKGProtocol) GenRelinearizationKey(round2 RKGShareRoundTwo, round3 RKGShareRoundThree, evalKeyOut *ckks.EvaluationKey)

GenRelinearizationKey finalizes the protocol and returns the collective EvalutionKey.

func (*RKGProtocol) GenShareRoundOne added in v1.3.0 

func (ekg *RKGProtocol) GenShareRoundOne(u, sk *ring.Poly, crp []*ring.Poly, shareOut RKGShareRoundOne)

GenShareRoundOne is the first of three rounds of the RKGProtocol protocol. Each party generates a pseudo encryption of its secret share of the key s_i under its ephemeral key u_i : [-u_i*a + P*s_i + e_i] and broadcasts it to the other j-1 parties.

func (*RKGProtocol) GenShareRoundThree added in v1.3.0 

func (ekg *RKGProtocol) GenShareRoundThree(round2 RKGShareRoundTwo, u, sk *ring.Poly, shareOut RKGShareRoundThree)

GenShareRoundThree is the second pard of the third and last round of the RKGProtocol protocol. Each party operates a key-switch on [s*a + e_2], by computing :

[(u_i - s_i)*(s*a + e_2)]

and broadcasts the result to the other j-1 parties.

func (*RKGProtocol) GenShareRoundTwo added in v1.3.0 

func (ekg *RKGProtocol) GenShareRoundTwo(round1 RKGShareRoundOne, sk *ring.Poly, crp []*ring.Poly, shareOut RKGShareRoundTwo)

GenShareRoundTwo is the second of three rounds of the RKGProtocol protocol. Upon receiving the j-1 shares, each party computes :

[s_i * sum([-u_j*a + s_j*w + e_j]) + e_i1, s_i*a + e_i2]

= [s_i * (-u*a + s*w + e) + e_i1, s_i*a + e_i2]

and broadcasts both values to the other j-1 parties.

func (*RKGProtocol) NewEphemeralKey added in v1.3.0 

func (ekg *RKGProtocol) NewEphemeralKey(p float64) (ephemeralKey *ring.Poly)

NewEphemeralKey generates a new Ephemeral Key u_i (needs to be stored for the 3 first rounds). Each party is required to pre-compute a secret additional ephemeral key in addition to its share of the collective secret-key.

type RKGProtocolNaive added in v1.3.0 

type RKGProtocolNaive struct {
	// contains filtered or unexported fields
}

RKGProtocolNaive is a structure storing the parameters for the naive EKG protocol.

func NewRKGProtocolNaive added in v1.3.0 

func NewRKGProtocolNaive(params *ckks.Parameters) (rkg *RKGProtocolNaive)

NewRKGProtocolNaive creates a new RKGProtocolNaive object that will be used to generate a collective evaluation-key among j parties in the given context with the given bit-decomposition.

func (*RKGProtocolNaive) AggregateShareRoundOne added in v1.3.0 

func (rkg *RKGProtocolNaive) AggregateShareRoundOne(share1, share2, shareOut RKGNaiveShareRoundOne)

AggregateShareRoundOne is the second part of the first round of the naive EKG protocol. Upon receiving the j-1 elements, each party computes :

[sum(cpk[0] * u_j + P * s_j + e_0j), sum(cpk[1] * u_j + e_1j)]

= [cpk[0] * u + P * s + e_0, cpk[1]*u + e_1]

func (*RKGProtocolNaive) AggregateShareRoundTwo added in v1.3.0 

func (rkg *RKGProtocolNaive) AggregateShareRoundTwo(share1, share2, shareOut RKGNaiveShareRoundTwo)

AggregateShareRoundTwo is the second part of the second and last round of the naive EKG protocol. Upon receiving the j-1 elements, each party computes :

[ sum(cpk[0] * (u*s_i) + P * (s*s_i) + (s_i*e_0) + v_i*cpk[0] + e_2i), sum(cpk[1]*u*s_i + (s_i*e_1) + cpk[1] * v_i + e_3i)]

= [cpk[0] * (s*u + v) + (P * s^2 ) + s*e_0 + e_2, ckp[1] * (s*u + v) + s*e_1 + e_3]

= [-s*b + P * s^2 - (s*u + b) * e_cpk + s*e_0 + e_2, b + s*e_1 + e_3]

func (*RKGProtocolNaive) AllocateShares added in v1.3.0 

func (rkg *RKGProtocolNaive) AllocateShares() (r1 RKGNaiveShareRoundOne, r2 RKGNaiveShareRoundTwo)

AllocateShares allocates the share of the RKG naive protocol.

func (*RKGProtocolNaive) GenRelinearizationKey added in v1.3.0 

func (rkg *RKGProtocolNaive) GenRelinearizationKey(round2 RKGNaiveShareRoundTwo, evalKeyOut *ckks.EvaluationKey)

GenRelinearizationKey finalizes the protocol and returns the collective EvalutionKey.

func (*RKGProtocolNaive) GenShareRoundOne added in v1.3.0 

func (rkg *RKGProtocolNaive) GenShareRoundOne(sk *ring.Poly, pk [2]*ring.Poly, shareOut RKGNaiveShareRoundOne)

GenShareRoundOne is the first of two rounds of the naive EKG protocol. Using the shared public key "cpk", each party generates a pseudo-encryption of s*w of the form :

[cpk[0] * u_i + P * s_i + e_0i, cpk[1] * u_i + e_1i]

and broadcasts it to all other j-1 parties.

func (*RKGProtocolNaive) GenShareRoundTwo added in v1.3.0 

func (rkg *RKGProtocolNaive) GenShareRoundTwo(round1 RKGNaiveShareRoundOne, sk *ring.Poly, pk [2]*ring.Poly, shareOut RKGNaiveShareRoundTwo)

GenShareRoundTwo is the first part of the second round, each party computes :

[s_i * (cpk[0] * u + P * s + e_0) + v_i * cpk[0] + e_2i, s_i * (cpk[1] * u + e_1) + cpk[1] * v_i + e_3i]

= [ cpk[0] * (u * s_i) + P * (s * s_i) + (s_i * e_0) + v_i*cpk[0] + e_2i, cpk[1] * u * s_i + (s_i * e_1) + cpk[1] * v_i + e_3i]

And each party broadcasts this last result to the other j-1 parties.

type RKGShareRoundOne added in v1.3.0 

type RKGShareRoundOne []*ring.Poly

RKGShareRoundOne is a struct storing the round one share of the RKG protocol.

type RKGShareRoundThree added in v1.3.0 

type RKGShareRoundThree []*ring.Poly

RKGShareRoundThree is a struct storing the round three share of the RKG protocol.

type RKGShareRoundTwo added in v1.3.0 

type RKGShareRoundTwo [][2]*ring.Poly

RKGShareRoundTwo is a struct storing the round two share of the RKG protocol.

type RTGProtocol added in v1.3.0 

type RTGProtocol struct {
	// contains filtered or unexported fields
}

RTGProtocol is the structure storing the parameters for the collective rotation-keys generation.

func NewRotKGProtocol added in v1.3.0 

func NewRotKGProtocol(params *ckks.Parameters) (rtg *RTGProtocol)

NewRotKGProtocol creates a new rotkg object and will be used to generate collective rotation-keys from a shared secret-key among j parties.

func (*RTGProtocol) Aggregate added in v1.3.0 

func (rtg *RTGProtocol) Aggregate(share1, share2, shareOut RTGShare)

Aggregate is the second part of the unique round of the rotkg protocol. Uppon receiving the j-1 public shares, each party computes :

[sum(a*a_j + (pi(a_j) - a_j) + e_j), a]

func (*RTGProtocol) AllocateShare added in v1.3.0 

func (rtg *RTGProtocol) AllocateShare() (rtgShare RTGShare)

AllocateShare allocates the share the the RTG protocol.

func (*RTGProtocol) Finalize added in v1.3.0 

func (rtg *RTGProtocol) Finalize(params *ckks.Parameters, share RTGShare, crp []*ring.Poly, rotKey *ckks.RotationKeys)

Finalize finalizes the RTG protocol and populates the input RotationKey with the computed collective SwitchingKey.

func (*RTGProtocol) GenShare added in v1.3.0 

func (rtg *RTGProtocol) GenShare(rotType ckks.Rotation, k uint64, sk *ring.Poly, crp []*ring.Poly, shareOut *RTGShare)

GenShare is the first and unique round of the rotkg protocol. Each party, using its secret share of the collective secret-key and a collective random polynomial, a public share of the rotation-key by computing :

[a*s_i + (pi(s_i) - s_i) + e]

and broadcasts it to the other j-1 parties. The protocol must be repeated for each desired rotation.

type RTGShare added in v1.3.0 

type RTGShare struct {
	Type  ckks.Rotation
	K     uint64
	Value []*ring.Poly
}

RTGShare is a struct storing the share of the RTG protocol.

type RefreshProtocol added in v1.3.0 

type RefreshProtocol struct {
	// contains filtered or unexported fields
}

RefreshProtocol is a struct storing the parameters for the Refresh protocol.

func NewRefreshProtocol added in v1.3.0 

func NewRefreshProtocol(params *ckks.Parameters) (refreshProtocol *RefreshProtocol)

NewRefreshProtocol creates a new instance of the Refresh protocol.

func (*RefreshProtocol) Aggregate added in v1.3.0 

func (refreshProtocol *RefreshProtocol) Aggregate(share1, share2, shareOut *ring.Poly)

Aggregate adds share1 with share2 on shareOut.

func (*RefreshProtocol) AllocateShares added in v1.3.0 

func (refreshProtocol *RefreshProtocol) AllocateShares(levelStart uint64) (RefreshShareDecrypt, RefreshShareRecrypt)

AllocateShares allocates the shares of the Refresh protocol.

func (*RefreshProtocol) Decrypt added in v1.3.0 

func (refreshProtocol *RefreshProtocol) Decrypt(ciphertext *ckks.Ciphertext, shareDecrypt RefreshShareDecrypt)

Decrypt operates a masked decryption on the ciphertext with the given decryption share.

func (*RefreshProtocol) GenShares added in v1.3.0 

func (refreshProtocol *RefreshProtocol) GenShares(sk *ring.Poly, levelStart, nParties uint64, ciphertext *ckks.Ciphertext, crs *ring.Poly, shareDecrypt RefreshShareDecrypt, shareRecrypt RefreshShareRecrypt)

GenShares generates the decryption and recryption shares of the Refresh protocol.

func (*RefreshProtocol) Recode added in v1.3.0 

func (refreshProtocol *RefreshProtocol) Recode(ciphertext *ckks.Ciphertext)

Recode takes a masked decrypted ciphertext at modulus Q_0 and returns the same masked decrypted ciphertext at modulus Q_L, with Q_0 << Q_L.

func (*RefreshProtocol) Recrypt added in v1.3.0 

func (refreshProtocol *RefreshProtocol) Recrypt(ciphertext *ckks.Ciphertext, crs *ring.Poly, shareRecrypt RefreshShareRecrypt)

Recrypt operates a masked recryption on the masked decrypted ciphertext.

type RefreshShareDecrypt added in v1.3.0 

type RefreshShareDecrypt *ring.Poly

RefreshShareDecrypt is a struct storing the masked decryption share.

type RefreshShareRecrypt added in v1.3.0 

type RefreshShareRecrypt *ring.Poly

RefreshShareRecrypt is a struct storing the masked recryption share.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.