ring

package
v5.0.0-...-7726d69 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package ring implements RNS-accelerated modular arithmetic operations for polynomials, including: RNS basis extension; RNS rescaling; number theoretic transform (NTT); uniform, Gaussian and ternary sampling.

Index

Constants

View Source 
const (
	Standard           = Type(0) // Z[X]/(X^N + 1) (Default)
	ConjugateInvariant = Type(1) // Z[X+X^-1]/(X^2N + 1)
)

RingStandard and RingConjugateInvariant are two types of Rings.

View Source 
const GaloisGen uint64 = 5

GaloisGen is an integer of order N/2 modulo M that spans Z_M with the integer -1. The j-th ring automorphism takes the root zeta to zeta^(5j).

Variables

View Source 
var DefaultParams = []Parameters{
	{12, Qi60[len(Qi60)-2:], Pi60[len(Pi60)-2:]},
	{13, Qi60[len(Qi60)-4:], Pi60[len(Pi60)-4:]},
	{14, Qi60[len(Qi60)-7:], Pi60[len(Pi60)-7:]},
	{15, Qi60[len(Qi60)-14:], Pi60[len(Pi60)-14:]},
	{16, Qi60[len(Qi60)-29:], Pi60[len(Pi60)-29:]},
}

DefaultParams is a struct storing default test parameters of the Qi and Pi moduli for the package Ring.

View Source 
var Pi60 = []uint64{0x1ffffffff6c80001, 0x1ffffffff6140001, 0x1ffffffff5f40001, 0x1ffffffff5700001,
	0x1ffffffff4bc0001, 0x1ffffffff4380001, 0x1ffffffff3240001, 0x1ffffffff2dc0001,
	0x1ffffffff1a40001, 0x1ffffffff11c0001, 0x1ffffffff0fc0001, 0x1ffffffff0d80001,
	0x1ffffffff0c80001, 0x1ffffffff08c0001, 0x1fffffffefd00001, 0x1fffffffef9c0001,
	0x1fffffffef600001, 0x1fffffffeef40001, 0x1fffffffeed40001, 0x1fffffffeed00001,
	0x1fffffffeebc0001, 0x1fffffffed540001, 0x1fffffffed440001, 0x1fffffffed2c0001,
	0x1fffffffed200001, 0x1fffffffec940001, 0x1fffffffec6c0001, 0x1fffffffebe80001,
	0x1fffffffebac0001, 0x1fffffffeba40001, 0x1fffffffeb4c0001, 0x1fffffffeb280001}

Pi60 are the next [32:64] 61-bit close to 2^{62} NTT-friendly primes for N up to 2^{17}

View Source 
var Qi60 = []uint64{0x1fffffffffe00001, 0x1fffffffffc80001, 0x1fffffffffb40001, 0x1fffffffff500001,
	0x1fffffffff380001, 0x1fffffffff000001, 0x1ffffffffef00001, 0x1ffffffffee80001,
	0x1ffffffffeb40001, 0x1ffffffffe780001, 0x1ffffffffe600001, 0x1ffffffffe4c0001,
	0x1ffffffffdf40001, 0x1ffffffffdac0001, 0x1ffffffffda40001, 0x1ffffffffc680001,
	0x1ffffffffc000001, 0x1ffffffffb880001, 0x1ffffffffb7c0001, 0x1ffffffffb300001,
	0x1ffffffffb1c0001, 0x1ffffffffadc0001, 0x1ffffffffa400001, 0x1ffffffffa140001,
	0x1ffffffff9d80001, 0x1ffffffff9140001, 0x1ffffffff8ac0001, 0x1ffffffff8a80001,
	0x1ffffffff81c0001, 0x1ffffffff7800001, 0x1ffffffff7680001, 0x1ffffffff7080001}

Qi60 are the first [0:32] 61-bit close to 2^{62} NTT-friendly primes for N up to 2^{17}

Functions

func BRed 

func BRed(x, y, q uint64, u []uint64) (r uint64)

BRed computes x*y mod q.

func BRedAdd 

func BRedAdd(a, q uint64, u []uint64) (r uint64)

BRedAdd computes a mod q.

func BRedAddLazy 

func BRedAddLazy(x, q uint64, u []uint64) uint64

BRedAddLazy computes a mod q in constant time. The result is between 0 and 2*q-1.

func BRedConstant 

func BRedConstant(q uint64) (constant []uint64)

BRedConstant computes the constant for the BRed algorithm. Returns ((2^128)/q)/(2^64) and (2^128)/q mod 2^64.

func BRedLazy 

func BRedLazy(x, y, q uint64, u []uint64) (r uint64)

BRedLazy computes x*y mod q in constant time. The result is between 0 and 2*q-1.

func CRed 

func CRed(a, q uint64) uint64

CRed reduce returns a mod q where a is between 0 and 2*q-1.

func CheckFactors 

func CheckFactors(m uint64, factors []uint64) (err error)

CheckFactors checks that the given list of factors contains all the unique primes of m.

func CheckPrimitiveRoot 

func CheckPrimitiveRoot(g, q uint64, factors []uint64) (err error)

CheckPrimitiveRoot checks that g is a valid primitive root mod q, given the factors of q-1.

func Copy 

func Copy(p0, p1 *Poly)

Copy copies the coefficients of p0 on p1 within the given Ring. It requires p1 to be at least as big p0. Expects the degree of both polynomials to be identical.

func CopyLvl 

func CopyLvl(level int, p0, p1 *Poly)

CopyLvl copies the coefficients of p0 on p1 within the given Ring. Copies for up to level+1 moduli. Expects the degree of both polynomials to be identical.

func Cos 

func Cos(x *big.Float) (cosx *big.Float)

Cos implements the arbitrary precision computation of Cos(x) Iterative process with an error of ~10^{−0.60206*k} after k iterations. ref: Johansson, B. Tomas, An elementary algorithm to evaluate trigonometric functions to high precision, 2018

func Decode32 

func Decode32(ptr int, coeffs []uint64, data []byte) (int, error)

Decode32 converts a byte array to a matrix of coefficients. Assumes that each coefficient is encoded on 4 bytes.

func Decode64 

func Decode64(ptr int, coeffs []uint64, data []byte) (int, error)

Decode64 converts a byte array to a matrix of coefficients. Assumes that each coefficient is encoded on 8 bytes.

func DivRound 

func DivRound(a, b, i *big.Int)

DivRound sets the target i to round(a/b).

func Encode32 

func Encode32(ptr int, coeffs []uint64, data []byte) (int, error)

Encode32 converts a matrix of coefficients to a byte array, using 4 bytes per coefficient.

func Encode64 

func Encode64(ptr int, coeffs []uint64, data []byte) (int, error)

Encode64 converts a matrix of coefficients to a byte array, using 8 bytes per coefficient.

func EvalPolyModP 

func EvalPolyModP(x uint64, poly []uint64, p uint64) (y uint64)

EvalPolyModP evaluates y = sum poly[i] * x^{i} mod p.

func GenGaloisConstants 

func GenGaloisConstants(n, gen uint64) (galElRotCol []uint64)

GenGaloisConstants generates the generators for the Galois endomorphisms.

func GenerateNTTPrimes 

func GenerateNTTPrimes(logQ, NthRoot, n int) (primes []uint64)

GenerateNTTPrimes generates n NthRoot NTT friendly primes given logQ = size of the primes. It will return all the appropriate primes, up to the number of n, with the best available deviation from the base power of 2 for the given n.

func GenerateNTTPrimesP 

func GenerateNTTPrimesP(logP, NthRoot, n int) (primes []uint64)

GenerateNTTPrimesP generates "levels" different NthRoot NTT-friendly primes starting from 2**LogP and downward. Special case were primes close to 2^{LogP} but with a smaller bit-size than LogP are sought.

func GenerateNTTPrimesQ 

func GenerateNTTPrimesQ(logQ, NthRoot, levels int) (primes []uint64)

GenerateNTTPrimesQ generates "levels" different NthRoot NTT-friendly primes starting from 2**LogQ and alternating between upward and downward.

func IMForm 

func IMForm(a, q, qInv uint64) (r uint64)

IMForm switches a from the Montgomery domain back to the standard domain by computing a*(1/2^64) mod q.

func IMFormLazy 

func IMFormLazy(a, q, qInv uint64) (r uint64)

IMFormLazy switches a from the Montgomery domain back to the standard domain by computing a*(1/2^64) mod q in constant time. The result is between 0 and 2*q-1.

func INTTConjugateInvariant 

func INTTConjugateInvariant(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, nttPsiInv []uint64)

INTTConjugateInvariant evaluates p2 = INTT(p1) in the closed sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1).

func INTTConjugateInvariantLazy 

func INTTConjugateInvariantLazy(p1, p2 []uint64, N int, NInv, Q, QInv, MRedConstant uint64, nttPsiInv []uint64)

INTTConjugateInvariantLazy evaluates p2 = INTT(p1) in the closed sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1) with p2 in the range [0, 2*modulus-1].

func INTTStandard 

func INTTStandard(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, nttPsiInv []uint64)

INTTStandard evalues p2 = INTTStandard(p1) in the given SubRing.

func INTTStandardLazy 

func INTTStandardLazy(p1, p2 []uint64, N int, NInv, Q, MRedConstant uint64, nttPsiInv []uint64)

INTTStandardLazy evalues p2 = INTT(p1) in the given SubRing with p2 in [0, 2*modulus-1].

func IsPrime 

func IsPrime(x uint64) bool

IsPrime applies the Baillie-PSW, which is 100% accurate for numbers bellow 2^64.

func MForm 

func MForm(a, q uint64, u []uint64) (r uint64)

MForm switches a to the Montgomery domain by computing a*2^64 mod q.

func MFormLazy 

func MFormLazy(a, q uint64, u []uint64) (r uint64)

MFormLazy switches a to the Montgomery domain by computing a*2^64 mod q in constant time. The result is between 0 and 2*q-1.

func MRed 

func MRed(x, y, q, qInv uint64) (r uint64)

MRed computes x * y * (1/2^64) mod q.

func MRedConstant 

func MRedConstant(q uint64) (qInv uint64)

MRedConstant computes the constant qInv = (q^-1) mod 2^64 required for MRed.

func MRedLazy 

func MRedLazy(x, y, q, qInv uint64) (r uint64)

MRedLazy computes x * y * (1/2^64) mod q in constant time. The result is between 0 and 2*q-1.

func MapSmallDimensionToLargerDimensionNTT 

func MapSmallDimensionToLargerDimensionNTT(polSmall, polLarge *Poly)

MapSmallDimensionToLargerDimensionNTT maps Y = X^{N/n} -> X directly in the NTT domain

func MarshalBinarySize32 

func MarshalBinarySize32(N, Level int) (cnt int)

MarshalBinarySize32 returns the number of bytes a polynomial of N coefficients with Level+1 moduli will take when converted to a slice of bytes. Assumes that each coefficient will be encoded on 4 bytes.

func MarshalBinarySize64 

func MarshalBinarySize64(N, Level int) (cnt int)

MarshalBinarySize64 returns the number of bytes a polynomial of N coefficients with Level+1 moduli will take when converted to a slice of bytes. Assumes that each coefficient will be encoded on 8 bytes.

func MaskVec 

func MaskVec(p1 []uint64, w int, mask uint64, p2 []uint64)

MaskVec evaluates p2 = vec(p1>>w) & mask Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func Min 

func Min(x, y int) int

Min returns the minimum between to int

func ModExp 

func ModExp(x, e, p uint64) (result uint64)

ModExp performs the modular exponentiation x^e mod p, x and p are required to be at most 64 bits to avoid an overflow.

func ModExpPow2 

func ModExpPow2(x, e, p uint64) (result uint64)

ModExpPow2 performs the modular exponentiation x^e mod p, where p is a power of two, x and p are required to be at most 64 bits to avoid an overflow.

func ModUpExact 

func ModUpExact(p1, p2 [][]uint64, ringQ, ringP *Ring, MUC ModUpConstants)

ModUpExact takes p1 mod Q and switches its basis to P, returning the result on p2. Caution, returns the values in [0, 2q-1]

func ModexpMontgomery 

func ModexpMontgomery(x uint64, e int, q, qInv uint64, bredconstant []uint64) (result uint64)

ModexpMontgomery performs the modular exponentiation x^e mod p, where x is in Montgomery form, and returns x^e in Montgomery form.

func NTTConjugateInvariant 

func NTTConjugateInvariant(p1, p2 []uint64, N int, Q, MRedConstant uint64, BRedConstant, nttPsi []uint64)

NTTConjugateInvariant evaluates p2 = NTT(p1) in the sub-ring Z[X + X^-1]/(X^2N +1) of Z[X]/(X^2N+1).

func NTTStandard 

func NTTStandard(p1, p2 []uint64, N int, Q, QInv uint64, BRedConstant, nttPsi []uint64)

NTTStandard computes the NTTStandard on the input coefficients using the input parameters.

func NTTStandardLazy 

func NTTStandardLazy(p1, p2 []uint64, N int, Q, QInv uint64, nttPsi []uint64)

NTTStandardLazy computes the NTT on the input coefficients using the input parameters with output values in the range [0, 2*modulus-1].

func NewFloat 

func NewFloat(x float64, prec uint) (y *big.Float)

NewFloat creates a new big.Float element with "prec" bits of precision

func NewInt 

func NewInt(v int64) *big.Int

NewInt creates a new Int with a given int64 value.

func NewIntFromString 

func NewIntFromString(s string) *big.Int

NewIntFromString creates a new Int from a string. A prefix of "0x" or "0X" selects base 16; the "0" prefix selects base 8, and a "0b" or "0B" prefix selects base 2. Otherwise, the selected base is 10.

func NewUint 

func NewUint(v uint64) *big.Int

NewUint creates a new Int with a given uint64 value.

func NextNTTPrime 

func NextNTTPrime(q uint64, NthRoot int) (qNext uint64, err error)

NextNTTPrime returns the next NthRoot NTT prime after q. The input q must be itself an NTT prime for the given NthRoot.

func PadDefaultRingToConjugateInvariant 

func PadDefaultRingToConjugateInvariant(p1 *Poly, ringQ *Ring, IsNTT bool, p2 *Poly)

PadDefaultRingToConjugateInvariant converts a polynomial in Z[X]/(X^N +1) to a polynomial in Z[X+X^-1]/(X^2N+1).

func PreviousNTTPrime 

func PreviousNTTPrime(q uint64, NthRoot int) (qPrev uint64, err error)

PreviousNTTPrime returns the previous NthRoot NTT prime after q. The input q must be itself an NTT prime for the given NthRoot.

func PrimitiveRoot 

func PrimitiveRoot(q uint64, factors []uint64) (uint64, []uint64, error)

PrimitiveRoot computes the smallest primitive root of the given prime q The unique factors of q-1 can be given to speed up the search for the root.

func RandInt 

func RandInt(max *big.Int) (n *big.Int)

RandInt generates a random Int in [0, max-1].

func RandUniform 

func RandUniform(prng utils.PRNG, v uint64, mask uint64) (randomInt uint64)

RandUniform samples a uniform randomInt variable in the range [0, mask] until randomInt is in the range [0, v-1]. mask needs to be of the form 2^n -1.

func ZeroVec 

func ZeroVec(p1 []uint64)

ZeroVec sets all values of p1 to zero. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

Types

type BasisExtender 

type BasisExtender struct {
	// contains filtered or unexported fields
}

BasisExtender stores the necessary parameters for RNS basis extension. The used algorithm is from https://eprint.iacr.org/2018/117.pdf.

func NewBasisExtender 

func NewBasisExtender(ringQ, ringP *Ring) (be *BasisExtender)

NewBasisExtender creates a new BasisExtender, enabling RNS basis extension from Q to P and P to Q.

func (*BasisExtender) ModDownQPtoP 

func (be *BasisExtender) ModDownQPtoP(levelQ, levelP int, p1Q, p1P, p2P *Poly)

ModDownQPtoP reduces the basis of a polynomial. Given a polynomial with coefficients in basis {Q0,Q1....QlevelQ} and {P0,P1...PlevelP}, it reduces its basis from {Q0,Q1....QlevelQ} and {P0,P1...PlevelP} to {P0,P1...PlevelP} and does a floored integer division of the result by Q.

func (*BasisExtender) ModDownQPtoQ 

func (be *BasisExtender) ModDownQPtoQ(levelQ, levelP int, p1Q, p1P, p2Q *Poly)

ModDownQPtoQ reduces the basis of a polynomial. Given a polynomial with coefficients in basis {Q0,Q1....Qlevel} and {P0,P1...Pj}, it reduces its basis from {Q0,Q1....Qlevel} and {P0,P1...Pj} to {Q0,Q1....Qlevel} and does a rounded integer division of the result by P.

func (*BasisExtender) ModDownQPtoQNTT 

func (be *BasisExtender) ModDownQPtoQNTT(levelQ, levelP int, p1Q, p1P, p2Q *Poly)

ModDownQPtoQNTT reduces the basis of a polynomial. Given a polynomial with coefficients in basis {Q0,Q1....Qi} and {P0,P1...Pj}, it reduces its basis from {Q0,Q1....Qi} and {P0,P1...Pj} to {Q0,Q1....Qi} and does a rounded integer division of the result by P. Inputs must be in the NTT domain.

func (*BasisExtender) ModUpPtoQ 

func (be *BasisExtender) ModUpPtoQ(levelP, levelQ int, polP, polQ *Poly)

ModUpPtoQ extends the RNS basis of a polynomial from P to PQ. Given a polynomial with coefficients in basis {P0,P1....Plevel}, it extends its basis from {P0,P1....Plevel} to {Q0,Q1...Qj}

func (*BasisExtender) ModUpQtoP 

func (be *BasisExtender) ModUpQtoP(levelQ, levelP int, polQ, polP *Poly)

ModUpQtoP extends the RNS basis of a polynomial from Q to QP. Given a polynomial with coefficients in basis {Q0,Q1....Qlevel}, it extends its basis from {Q0,Q1....Qlevel} to {Q0,Q1....Qlevel,P0,P1...Pj}

func (*BasisExtender) ShallowCopy 

func (be *BasisExtender) ShallowCopy() *BasisExtender

ShallowCopy creates a shallow copy of this basis extender in which the read-only data-structures are shared with the receiver.

type Complex 

type Complex [2]*big.Float

Complex is a type for arbitrary precision complex number

func NewComplex 

func NewComplex(a, b *big.Float) (c *Complex)

NewComplex creates a new arbitrary precision complex number

func (*Complex) Add 

func (c *Complex) Add(a, b *Complex)

Add adds two arbitrary precision complex numbers together

func (*Complex) Copy 

func (c *Complex) Copy() *Complex

Copy returns a new copy of the target arbitrary precision complex number

func (*Complex) Float64 

func (c *Complex) Float64() complex128

Float64 returns the arbitrary precision complex number as a complex128

func (*Complex) Imag 

func (c *Complex) Imag() *big.Float

Imag returns the imaginary part as a big.Float

func (*Complex) IsInt 

func (c *Complex) IsInt() bool

IsInt returns true if both the real and imaginary part are integers.

func (*Complex) Real 

func (c *Complex) Real() *big.Float

Real returns the real part as a big.Float

func (*Complex) Set 

func (c *Complex) Set(a *Complex)

Set sets a arbitrary precision complex number

func (*Complex) Sub 

func (c *Complex) Sub(a, b *Complex)

Sub subtracts two arbitrary precision complex numbers together

type ComplexMultiplier 

type ComplexMultiplier struct {
	// contains filtered or unexported fields
}

ComplexMultiplier is a struct for the multiplication or division of two arbitrary precision complex numbers

func NewComplexMultiplier 

func NewComplexMultiplier() (cEval *ComplexMultiplier)

NewComplexMultiplier creates a new ComplexMultiplier

func (*ComplexMultiplier) Div 

func (cEval *ComplexMultiplier) Div(a, b, c *Complex)

Div divides two arbitrary precision complex numbers together

func (*ComplexMultiplier) Mul 

func (cEval *ComplexMultiplier) Mul(a, b, c *Complex)

Mul multiplies two arbitrary precision complex numbers together

type Decomposer 

type Decomposer struct {
	ModUpConstants [][][]ModUpConstants
	// contains filtered or unexported fields
}

Decomposer is a structure that stores the parameters of the arbitrary decomposer. This decomposer takes a p(x)_Q (in basis Q) and returns p(x) mod qi in basis QP, where qi = prod(Q_i) for 0<=i<=L, where L is the number of factors in P.

func NewDecomposer 

func NewDecomposer(ringQ, ringP *Ring) (decomposer *Decomposer)

NewDecomposer creates a new Decomposer.

func (*Decomposer) DecomposeAndSplit 

func (decomposer *Decomposer) DecomposeAndSplit(levelQ, levelP, nbPi, decompRNS int, p0Q, p1Q, p1P *Poly)

DecomposeAndSplit decomposes a polynomial p(x) in basis Q, reduces it modulo qi, and returns the result in basis QP separately.

type GaussianSampler 

type GaussianSampler struct {
	// contains filtered or unexported fields
}

GaussianSampler keeps the state of a truncated Gaussian polynomial sampler.

func NewGaussianSampler 

func NewGaussianSampler(prng utils.PRNG, baseRing *Ring, sigma float64, bound int) (g *GaussianSampler)

NewGaussianSampler creates a new instance of GaussianSampler from a PRNG, a ring definition and the truncated Gaussian distribution parameters. Sigma is the desired standard deviation and bound is the maximum coefficient norm in absolute value.

func (*GaussianSampler) AtLevel 

func (g *GaussianSampler) AtLevel(level int) *GaussianSampler

AtLevel returns an instance of the target GaussianSampler that operates at the target level. This instance is not thread safe and cannot be used concurrently to the base instance.

func (*GaussianSampler) Read 

func (g *GaussianSampler) Read(pol *Poly)

Read samples a truncated Gaussian polynomial on "pol" at the maximum level in the default ring, standard deviation and bound.

func (*GaussianSampler) ReadAndAdd 

func (g *GaussianSampler) ReadAndAdd(pol *Poly)

ReadAndAdd samples a truncated Gaussian polynomial at the given level for the receiver's default standard deviation and bound and adds it on "pol".

func (*GaussianSampler) ReadAndAddFromDist 

func (g *GaussianSampler) ReadAndAddFromDist(pol *Poly, r *Ring, sigma float64, bound int)

ReadAndAddFromDist samples a truncated Gaussian polynomial at the given level in the provided ring, standard deviation and bound and adds it on "pol".

func (*GaussianSampler) ReadFromDist 

func (g *GaussianSampler) ReadFromDist(level int, pol *Poly, ring *Ring, sigma float64, bound int)

ReadFromDist samples a truncated Gaussian polynomial at the given level in the provided ring, standard deviation and bound.

func (*GaussianSampler) ReadNew 

func (g *GaussianSampler) ReadNew() (pol *Poly)

ReadNew samples a new truncated Gaussian polynomial at the maximum level in the default ring, standard deviation and bound.

type ModUpConstants 

type ModUpConstants struct {
	// contains filtered or unexported fields
}

ModUpConstants stores the necessary parameters for RNS basis extension.

func GenModUpConstants 

func GenModUpConstants(Q, P []uint64) ModUpConstants

GenModUpConstants generates the ModUpConstants for basis extension from Q to P and P to Q.

type NTTTable 

type NTTTable struct {
	NthRoot       uint64   // Nthroot used for the NTT
	PrimitiveRoot uint64   // 2N-th primitive root
	RootsForward  []uint64 //powers of the 2N-th primitive root in Montgomery form (in bit-reversed order)
	RootsBackward []uint64 //powers of the inverse of the 2N-th primitive root in Montgomery form (in bit-reversed order)
	NInv          uint64   //[N^-1] mod Modulus in Montgomery form
}

NTTTable store all the constants that are specifically tied to the NTT.

type NumberTheoreticTransformer 

type NumberTheoreticTransformer interface {
	Forward(p1, p2 []uint64)
	ForwardLazy(p1, p2 []uint64)
	Backward(p1, p2 []uint64)
	BackwardLazy(p1, p2 []uint64)
}

NumberTheoreticTransformer is an interface to provide flexibility on what type of NTT is used by the struct Ring.

func NewNumberTheoreticTransformerConjugateInvariant 

func NewNumberTheoreticTransformerConjugateInvariant(r *SubRing, n int) NumberTheoreticTransformer

func NewNumberTheoreticTransformerStandard 

func NewNumberTheoreticTransformerStandard(r *SubRing, n int) NumberTheoreticTransformer

type NumberTheoreticTransformerConjugateInvariant 

type NumberTheoreticTransformerConjugateInvariant struct {
	// contains filtered or unexported fields
}

NumberTheoreticTransformerConjugateInvariant computes the NTT in the ring Z[X+X^-1]/(X^2N+1). Z[X+X^-1]/(X^2N+1) is a closed sub-ring of Z[X]/(X^2N+1). Note that the input polynomial only needs to be size N since the right half does not provide any additional information. See "Approximate Homomorphic Encryption over the Conjugate-invariant Ring", https://eprint.iacr.org/2018/952. The implemented approach is more efficient than the one proposed in the referenced work. It avoids the linear map Z[X + X^-1]/(X^2N + 1) <-> Z[X]/(X^N - 1) by instead directly computing the left half of the NTT of Z[X + X^-1]/(X^2N + 1) since the right half provides no additional information, which allows to (re)use nega-cyclic NTT.

func (NumberTheoreticTransformerConjugateInvariant) Backward 

func (rntt NumberTheoreticTransformerConjugateInvariant) Backward(p1, p2 []uint64)

Backward writes the backward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2.

func (NumberTheoreticTransformerConjugateInvariant) BackwardLazy 

func (rntt NumberTheoreticTransformerConjugateInvariant) BackwardLazy(p1, p2 []uint64)

BackwardLazy writes the backward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2. Returns values in the range [0, 2q-1].

func (NumberTheoreticTransformerConjugateInvariant) Forward 

func (rntt NumberTheoreticTransformerConjugateInvariant) Forward(p1, p2 []uint64)

Forward writes the forward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2.

func (NumberTheoreticTransformerConjugateInvariant) ForwardLazy 

func (rntt NumberTheoreticTransformerConjugateInvariant) ForwardLazy(p1, p2 []uint64)

ForwardLazy writes the forward NTT in Z[X+X^-1]/(X^2N+1) of p1 on p2. Returns values in the range [0, 2q-1].

type NumberTheoreticTransformerStandard 

type NumberTheoreticTransformerStandard struct {
	// contains filtered or unexported fields
}

NumberTheoreticTransformerStandard computes the standard nega-cyclic NTT in the ring Z[X]/(X^N+1).

func (NumberTheoreticTransformerStandard) Backward 

func (rntt NumberTheoreticTransformerStandard) Backward(p1, p2 []uint64)

Backward writes the backward NTT in Z[X]/(X^N+1) of p1 on p2.

func (NumberTheoreticTransformerStandard) BackwardLazy 

func (rntt NumberTheoreticTransformerStandard) BackwardLazy(p1, p2 []uint64)

BackwardLazy writes the backward NTT in Z[X]/(X^N+1) p1 on p2. Returns values in the range [0, 2q-1].

func (NumberTheoreticTransformerStandard) Forward 

func (rntt NumberTheoreticTransformerStandard) Forward(p1, p2 []uint64)

Forward writes the forward NTT in Z[X]/(X^N+1) of p1 on p2.

func (NumberTheoreticTransformerStandard) ForwardLazy 

func (rntt NumberTheoreticTransformerStandard) ForwardLazy(p1, p2 []uint64)

ForwardLazy writes the forward NTT in Z[X]/(X^N+1) of p1 on p2. Returns values in the range [0, 2q-1].

type Parameters 

type Parameters struct {
	// contains filtered or unexported fields
}

Parameters is a struct storing test parameters for the package Ring.

type Poly 

type Poly struct {
	Coeffs [][]uint64 // Dimension-2 slice of coefficients (re-slice of Buff)
	Buff   []uint64   // Dimension-1 slice of coefficient
}

Poly is the structure that contains the coefficients of a polynomial.

func NewPoly 

func NewPoly(N, Level int) (pol *Poly)

NewPoly creates a new polynomial with N coefficients set to zero and Level+1 moduli.

func (*Poly) Copy 

func (pol *Poly) Copy(p1 *Poly)

Copy copies the coefficients of p1 on the target polynomial. Onyl copies minLevel(pol, p1) levels.

func (*Poly) CopyNew 

func (pol *Poly) CopyNew() (p1 *Poly)

CopyNew creates an exact copy of the target polynomial.

func (*Poly) CopyValues 

func (pol *Poly) CopyValues(p1 *Poly)

CopyValues copies the coefficients of p1 on the target polynomial. Onyl copies minLevel(pol, p1) levels. Expects the degree of both polynomials to be identical.

func (*Poly) Decode32 

func (pol *Poly) Decode32(data []byte) (ptr int, err error)

Decode32 decodes a slice of bytes in the target polynomial returns the number of bytes decoded. The method will first try to write on the buffer. If this step fails, either because the buffer isn't allocated or because it is of the wrong size, the method will allocate the correct buffer. Assumes that each coefficient is encoded on 8 bytes.

func (*Poly) Decode64 

func (pol *Poly) Decode64(data []byte) (ptr int, err error)

Decode64 decodes a slice of bytes in the target polynomial and returns the number of bytes decoded. The method will first try to write on the buffer. If this step fails, either because the buffer isn't allocated or because it is of the wrong size, the method will allocate the correct buffer. Assumes that each coefficient is encoded on 8 bytes.

func (*Poly) Encode32 

func (pol *Poly) Encode32(data []byte) (int, error)

Encode32 writes the given poly to the data array. Encodes each coefficient on 4 bytes. It returns the number of written bytes, and the corresponding error, if it occurred.

func (*Poly) Encode64 

func (pol *Poly) Encode64(data []byte) (int, error)

Encode64 writes the given poly to the data array, using 8 bytes per coefficient. It returns the number of written bytes, and the corresponding error, if it occurred.

func (*Poly) Equals 

func (pol *Poly) Equals(other *Poly) bool

Equals returns true if the receiver Poly is equal to the provided other Poly. This function checks for strict equality between the polynomial coefficients (i.e., it does not consider congruence as equality within the ring like `Ring.Equals` does).

func (*Poly) Level 

func (pol *Poly) Level() int

Level returns the current number of moduli minus 1.

func (*Poly) MarshalBinary 

func (pol *Poly) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the target polynomial on a slice of bytes. Encodes each coefficient on 8 bytes.

func (*Poly) MarshalBinarySize32 

func (pol *Poly) MarshalBinarySize32() (cnt int)

MarshalBinarySize32 returns the number of bytes the polynomial will take when written to data. Assumes that each coefficient is encoded on 4 bytes.

func (*Poly) MarshalBinarySize64 

func (pol *Poly) MarshalBinarySize64() (cnt int)

MarshalBinarySize64 returns the number of bytes the polynomial will take when written to data. Assumes that each coefficient takes 8 bytes.

func (*Poly) N 

func (pol *Poly) N() int

N returns the number of coefficients of the polynomial, which equals the degree of the Ring cyclotomic polynomial.

func (*Poly) Resize 

func (pol *Poly) Resize(level int)

Resize resizes the level of the target polynomial to the provided level. If the provided level is larger than the current level, then allocates zero coefficients, otherwise dereferences the coefficients above the provided level.

func (*Poly) UnmarshalBinary 

func (pol *Poly) UnmarshalBinary(data []byte) (err error)

UnmarshalBinary decodes a slice of byte on the target polynomial. Assumes each coefficient is encoded on 8 bytes.

func (*Poly) Zero 

func (pol *Poly) Zero()

Zero sets all coefficients of the target polynomial to 0.

type RNSScalar 

type RNSScalar []uint64

RNSScalar represents a scalar value in the Ring (i.e., a degree-0 polynomial) in RNS form.

type Ring 

type Ring struct {
	SubRings []*SubRing

	// Product of the Moduli for each level
	ModulusAtLevel []*big.Int

	// Rescaling parameters (RNS division)
	RescaleConstants [][]uint64
	// contains filtered or unexported fields
}

Ring is a structure that keeps all the variables required to operate on a polynomial represented in this ring.

func NewRing 

func NewRing(N int, Moduli []uint64) (r *Ring, err error)

NewRing creates a new RNS Ring with degree N and coefficient moduli Moduli with Standard NTT. N must be a power of two larger than 8. Moduli should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo 2*N. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.

func NewRingConjugateInvariant 

func NewRingConjugateInvariant(N int, Moduli []uint64) (r *Ring, err error)

NewRingConjugateInvariant creates a new RNS Ring with degree N and coefficient moduli Moduli with Conjugate Invariant NTT. N must be a power of two larger than 8. Moduli should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo 4*N. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.

func NewRingFromType 

func NewRingFromType(N int, Moduli []uint64, ringType Type) (r *Ring, err error)

NewRingFromType creates a new RNS Ring with degree N and coefficient moduli Moduli for which the type of NTT is determined by the ringType argument. If ringType==Standard, the ring is instantiated with standard NTT with the Nth root of unity 2*N. If ringType==ConjugateInvariant, the ring is instantiated with a ConjugateInvariant NTT with Nth root of unity 4*N. N must be a power of two larger than 8. Moduli should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo the root of unity. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.

func NewRingWithCustomNTT 

func NewRingWithCustomNTT(N int, ModuliChain []uint64, ntt func(*SubRing, int) NumberTheoreticTransformer, NthRoot int) (r *Ring, err error)

NewRingWithCustomNTT creates a new RNS Ring with degree N and coefficient moduli Moduli with user-defined NTT transform and primitive Nth root of unity. ModuliChain should be a non-empty []uint64 with distinct prime elements. All moduli must also be equal to 1 modulo the root of unity. N must be a power of two larger than 8. An error is returned with a nil *Ring in the case of non NTT-enabling parameters.

func (*Ring) Add 

func (r *Ring) Add(p1, p2, p3 *Poly)

Add evaluates p3 = p1 + p2 coefficient-wise in the ring.

func (*Ring) AddDoubleRNSScalar 

func (r *Ring) AddDoubleRNSScalar(p1 *Poly, scalar0, scalar1 RNSScalar, p2 *Poly)

AddDoubleRNSScalar evaluates p2 = p1[:N/2] + scalar0 || p1[N/2] + scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level. It assumes the scalar decomposition to be in Montgomery form.

func (*Ring) AddLazy 

func (r *Ring) AddLazy(p1, p2, p3 *Poly)

AddLazy evaluates p3 = p1 + p2 coefficient-wise in the ring, with p3 in [0, 2*modulus-1].

func (*Ring) AddScalar 

func (r *Ring) AddScalar(p1 *Poly, scalar uint64, p2 *Poly)

AddScalar evaluates p2 = p1 + scalar coefficient-wise in the ring.

func (*Ring) AddScalarBigint 

func (r *Ring) AddScalarBigint(p1 *Poly, scalar *big.Int, p2 *Poly)

AddScalarBigint evaluates p2 = p1 + scalar coefficient-wise in the ring.

func (*Ring) AtLevel 

func (r *Ring) AtLevel(level int) *Ring

AtLevel returns an instance of the target ring that operates at the target level. This instance is thread safe and can be use concurrently with the base ring.

func (*Ring) BRedConstants 

func (r *Ring) BRedConstants() (BRC [][]uint64)

BRedConstants returns the concatenation of the Barrett constants of the target ring.

func (*Ring) ConjugateInvariantRing 

func (r *Ring) ConjugateInvariantRing() (*Ring, error)

ConjugateInvariantRing returns the conjugate invariant ring of the receiver ring. If `r.Type()==ConjugateInvariant`, then the method returns the receiver. if `r.Type()==Standard`, then the method returns a ring with ring degree N/2. The returned Ring is a shallow copy of the receiver.

func (*Ring) Decode 

func (r *Ring) Decode(data []byte) (ptr int, err error)

Decode decodes the input slice of bytes on the target Ring and returns the number of bytes read.

func (*Ring) DivFloorByLastModulus 

func (r *Ring) DivFloorByLastModulus(p0, p1 *Poly)

DivFloorByLastModulus divides (floored) the polynomial by its last modulus. Output poly level must be equal or one less than input level.

func (*Ring) DivFloorByLastModulusMany 

func (r *Ring) DivFloorByLastModulusMany(nbRescales int, p0, buff, p1 *Poly)

DivFloorByLastModulusMany divides (floored) sequentially nbRescales times the polynomial by its last modulus. Output poly level must be equal or nbRescales less than input level.

func (*Ring) DivFloorByLastModulusManyNTT 

func (r *Ring) DivFloorByLastModulusManyNTT(nbRescales int, p0, buff, p1 *Poly)

DivFloorByLastModulusManyNTT divides (floored) sequentially nbRescales times the polynomial by its last modulus. Input must be in the NTT domain. Output poly level must be equal or nbRescales less than input level.

func (*Ring) DivFloorByLastModulusNTT 

func (r *Ring) DivFloorByLastModulusNTT(p0, buff, p1 *Poly)

DivFloorByLastModulusNTT divides (floored) the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or one less than input level.

func (*Ring) DivRoundByLastModulus 

func (r *Ring) DivRoundByLastModulus(p0, p1 *Poly)

DivRoundByLastModulus divides (rounded) the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or one less than input level.

func (*Ring) DivRoundByLastModulusMany 

func (r *Ring) DivRoundByLastModulusMany(nbRescales int, p0, buff, p1 *Poly)

DivRoundByLastModulusMany divides (rounded) sequentially nbRescales times the polynomial by its last modulus. Output poly level must be equal or nbRescales less than input level.

func (*Ring) DivRoundByLastModulusManyNTT 

func (r *Ring) DivRoundByLastModulusManyNTT(nbRescales int, p0, buff, p1 *Poly)

DivRoundByLastModulusManyNTT divides (rounded) sequentially nbRescales times the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or nbRescales less than input level.

func (*Ring) DivRoundByLastModulusNTT 

func (r *Ring) DivRoundByLastModulusNTT(p0, buff, p1 *Poly)

DivRoundByLastModulusNTT divides (rounded) the polynomial by its last modulus. The input must be in the NTT domain. Output poly level must be equal or one less than input level.

func (*Ring) Encode 

func (r *Ring) Encode(data []byte) (ptr int, err error)

Encode encodes the target Ring on a slice of bytes and returns the number of bytes written.

func (*Ring) Equal 

func (r *Ring) Equal(p1, p2 *Poly) bool

Equal checks if p1 = p2 in the given Ring.

func (*Ring) EvalPolyScalar 

func (r *Ring) EvalPolyScalar(p1 []*Poly, scalar uint64, p2 *Poly)

EvalPolyScalar evaluate p2 = p1(scalar) coefficient-wise in the ring.

func (*Ring) FoldStandardToConjugateInvariant 

func (r *Ring) FoldStandardToConjugateInvariant(polyStandard *Poly, permuteNTTIndexInv []uint64, polyConjugateInvariant *Poly)

FoldStandardToConjugateInvariant folds [X]/(X^N+1) to [X+X^-1]/(X^N+1) in compressed form (N/2 coefficients). Requires degree(polyConjugateInvariant) = 2*degree(polyStd). Requires that polyStd and polyConjugateInvariant share the same moduli.

func (*Ring) IMForm 

func (r *Ring) IMForm(p1, p2 *Poly)

IMForm evaluates p2 = p1 * 2^64 coefficient-wise in the ring.

func (*Ring) INTT 

func (r *Ring) INTT(p1, p2 *Poly)

INTT evaluates p2 = INTT(p1).

func (*Ring) INTTLazy 

func (r *Ring) INTTLazy(p1, p2 *Poly)

INTTLazy evaluates p2 = INTT(p1) with p2 in [0, 2*modulus-1].

func (*Ring) Inverse 

func (r *Ring) Inverse(a RNSScalar)

Inverse computes the modular inverse of a scalar a expressed in a CRT decomposition. The inversion is done in-place and assumes that a is in Montgomery form.

func (*Ring) Level 

func (r *Ring) Level() int

Level returns the level of the current ring.

func (*Ring) Log2OfInnerSum 

func (r *Ring) Log2OfInnerSum(poly *Poly) (logSum int)

Log2OfInnerSum returns the bit-size of the sum of all the coefficients (in absolute value) of a Poly.

func (*Ring) MForm 

func (r *Ring) MForm(p1, p2 *Poly)

MForm evaluates p2 = p1 * (2^64)^-1 coefficient-wise in the ring.

func (*Ring) MFormLazy 

func (r *Ring) MFormLazy(p1, p2 *Poly)

MFormLazy evaluates p2 = p1 * (2^64)^-1 coefficient-wise in the ring with p2 in [0, 2*modulus-1].

func (*Ring) MRedConstants 

func (r *Ring) MRedConstants() (MRC []uint64)

MRedConstants returns the concatenation of the Montgomery constants of the target ring.

func (*Ring) MarshalBinary 

func (r *Ring) MarshalBinary() (data []byte, err error)

MarshalBinary encodes the target ring on a slice of bytes.

func (*Ring) MarshalBinarySize 

func (r *Ring) MarshalBinarySize() (dataLen int)

MarshalBinarySize returns the size in bytes of the target Ring.

func (*Ring) MaxLevel 

func (r *Ring) MaxLevel() int

MaxLevel returns the maximum level allowed by the ring (#NbModuli -1).

func (*Ring) ModuliChain 

func (r *Ring) ModuliChain() (moduli []uint64)

ModuliChain returns the list of primes in the modulus chain.

func (*Ring) ModuliChainLength 

func (r *Ring) ModuliChainLength() int

ModuliChainLength returns the number of primes in the RNS basis of the ring.

func (*Ring) Modulus 

func (r *Ring) Modulus() *big.Int

Modulus returns the modulus of the target ring at the currently set level in *big.Int.

func (*Ring) MulByVectorMontgomery 

func (r *Ring) MulByVectorMontgomery(p1 *Poly, vector []uint64, p2 *Poly)

MulByVectorMontgomery evaluates p2 = p1 * vector coefficient-wise in the ring.

func (*Ring) MulByVectorMontgomeryThenAddLazy 

func (r *Ring) MulByVectorMontgomeryThenAddLazy(p1 *Poly, vector []uint64, p2 *Poly)

MulByVectorMontgomeryThenAddLazy evaluates p2 = p2 + p1 * vector coefficient-wise in the ring.

func (*Ring) MulCoeffsBarrett 

func (r *Ring) MulCoeffsBarrett(p1, p2, p3 *Poly)

MulCoeffsBarrett evaluates p3 = p1 * p2 coefficient-wise in the ring, with Barrett reduction.

func (*Ring) MulCoeffsBarrettLazy 

func (r *Ring) MulCoeffsBarrettLazy(p1, p2, p3 *Poly)

MulCoeffsBarrettLazy evaluates p3 = p1 * p2 coefficient-wise in the ring, with Barrett reduction, with p3 in [0, 2*modulus-1].

func (*Ring) MulCoeffsBarrettThenAdd 

func (r *Ring) MulCoeffsBarrettThenAdd(p1, p2, p3 *Poly)

MulCoeffsBarrettThenAdd evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Barrett reduction.

func (*Ring) MulCoeffsBarrettThenAddLazy 

func (r *Ring) MulCoeffsBarrettThenAddLazy(p1, p2, p3 *Poly)

MulCoeffsBarrettThenAddLazy evaluates p3 = p1 * p2 coefficient-wise in the ring, with Barrett reduction, with p3 in [0, 2*modulus-1].

func (*Ring) MulCoeffsMontgomery 

func (r *Ring) MulCoeffsMontgomery(p1, p2, p3 *Poly)

MulCoeffsMontgomery evaluates p3 = p1 * p2 coefficient-wise in the ring, with Montgomery reduction.

func (*Ring) MulCoeffsMontgomeryLazy 

func (r *Ring) MulCoeffsMontgomeryLazy(p1, p2, p3 *Poly)

MulCoeffsMontgomeryLazy evaluates p3 = p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].

func (*Ring) MulCoeffsMontgomeryLazyThenAddLazy 

func (r *Ring) MulCoeffsMontgomeryLazyThenAddLazy(p1, p2, p3 *Poly)

MulCoeffsMontgomeryLazyThenAddLazy evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 3*modulus-2].

func (*Ring) MulCoeffsMontgomeryLazyThenNeg 

func (r *Ring) MulCoeffsMontgomeryLazyThenNeg(p1, p2, p3 *Poly)

MulCoeffsMontgomeryLazyThenNeg evaluates p3 = -p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].

func (*Ring) MulCoeffsMontgomeryLazyThenSubLazy 

func (r *Ring) MulCoeffsMontgomeryLazyThenSubLazy(p1, p2, p3 *Poly)

MulCoeffsMontgomeryLazyThenSubLazy evaluates p3 = p3 - p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 3*modulus-2].

func (*Ring) MulCoeffsMontgomeryThenAdd 

func (r *Ring) MulCoeffsMontgomeryThenAdd(p1, p2, p3 *Poly)

MulCoeffsMontgomeryThenAdd evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].

func (*Ring) MulCoeffsMontgomeryThenAddLazy 

func (r *Ring) MulCoeffsMontgomeryThenAddLazy(p1, p2, p3 *Poly)

MulCoeffsMontgomeryThenAddLazy evaluates p3 = p3 + p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].

func (*Ring) MulCoeffsMontgomeryThenSub 

func (r *Ring) MulCoeffsMontgomeryThenSub(p1, p2, p3 *Poly)

MulCoeffsMontgomeryThenSub evaluates p3 = p3 - p1 * p2 coefficient-wise in the ring, with Montgomery reduction.

func (*Ring) MulCoeffsMontgomeryThenSubLazy 

func (r *Ring) MulCoeffsMontgomeryThenSubLazy(p1, p2, p3 *Poly)

MulCoeffsMontgomeryThenSubLazy evaluates p3 = p3 - p1 * p2 coefficient-wise in the ring, with Montgomery reduction, with p3 in [0, 2*modulus-1].

func (*Ring) MulDoubleRNSScalar 

func (r *Ring) MulDoubleRNSScalar(p1 *Poly, scalar0, scalar1 RNSScalar, p2 *Poly)

MulDoubleRNSScalar evaluates p2 = p1[:N/2] * scalar0 || p1[N/2] * scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level.

func (*Ring) MulDoubleRNSScalarThenAdd 

func (r *Ring) MulDoubleRNSScalarThenAdd(p1 *Poly, scalar0, scalar1 RNSScalar, p2 *Poly)

MulDoubleRNSScalarThenAdd evaluates p2 = p2 + p1[:N/2] * scalar0 || p1[N/2] * scalar1 coefficient-wise in the ring, with the scalar values expressed in the CRT decomposition at a given level.

func (*Ring) MulRNSScalar 

func (r *Ring) MulRNSScalar(s1, s2, sout RNSScalar)

MulRNSScalar multiplies s1 and s2 and stores the result in sout. Multiplication is operated with Montgomery.

func (*Ring) MulRNSScalarMontgomery 

func (r *Ring) MulRNSScalarMontgomery(p1 *Poly, scalar RNSScalar, p2 *Poly)

MulRNSScalarMontgomery evaluates p2 = p1 * scalar coefficient-wise in the ring, with a scalar value expressed in the CRT decomposition at a given level. It assumes the scalar decomposition to be in Montgomery form.

func (*Ring) MulScalar 

func (r *Ring) MulScalar(p1 *Poly, scalar uint64, p2 *Poly)

MulScalar evaluates p2 = p1 * scalar coefficient-wise in the ring.

func (*Ring) MulScalarBigint 

func (r *Ring) MulScalarBigint(p1 *Poly, scalar *big.Int, p2 *Poly)

MulScalarBigint evaluates p2 = p1 * scalar coefficient-wise in the ring.

func (*Ring) MulScalarThenAdd 

func (r *Ring) MulScalarThenAdd(p1 *Poly, scalar uint64, p2 *Poly)

MulScalarThenAdd evaluates p2 = p2 + p1 * scalar coefficient-wise in the ring.

func (*Ring) MulScalarThenSub 

func (r *Ring) MulScalarThenSub(p1 *Poly, scalar uint64, p2 *Poly)

MulScalarThenSub evaluates p2 = p2 - p1 * scalar coefficient-wise in the ring.

func (*Ring) MultByMonomial 

func (r *Ring) MultByMonomial(p1 *Poly, k int, p2 *Poly)

MultByMonomial evaluates p2 = p1 * X^k coefficient-wise in the ring.

func (*Ring) N 

func (r *Ring) N() int

N returns the ring degree.

func (*Ring) NTT 

func (r *Ring) NTT(p1, p2 *Poly)

NTT evaluates p2 = NTT(P1).

func (*Ring) NTTLazy 

func (r *Ring) NTTLazy(p1, p2 *Poly)

NTTLazy evaluates p2 = NTT(p1) with p2 in [0, 2*modulus-1].

func (*Ring) Neg 

func (r *Ring) Neg(p1, p2 *Poly)

Neg evaluates p2 = -p1 coefficient-wise in the ring.

func (*Ring) NegRNSScalar 

func (r *Ring) NegRNSScalar(s1, s2 RNSScalar)

NegRNSScalar evaluates s2 = -s1.

func (*Ring) NewPoly 

func (r *Ring) NewPoly() *Poly

NewPoly creates a new polynomial with all coefficients set to 0.

func (*Ring) NewRNSScalar 

func (r *Ring) NewRNSScalar() RNSScalar

NewRNSScalar creates a new Scalar value.

func (*Ring) NewRNSScalarFromBigint 

func (r *Ring) NewRNSScalarFromBigint(v *big.Int) (rns RNSScalar)

NewRNSScalarFromBigint creates a new Scalar initialized with value v.

func (*Ring) NewRNSScalarFromUInt64 

func (r *Ring) NewRNSScalarFromUInt64(v uint64) (rns RNSScalar)

NewRNSScalarFromUInt64 creates a new Scalar initialized with value v.

func (*Ring) NthRoot 

func (r *Ring) NthRoot() uint64

NthRoot returns the multiplicative order of the primitive root.

func (*Ring) Permute 

func (r *Ring) Permute(polIn *Poly, gen uint64, polOut *Poly)

Permute applies the Galois transform on a polynomial outside of the NTT domain. It maps the coefficients x^i to x^(gen*i). It must be noted that the result cannot be in-place.

func (*Ring) PermuteNTT 

func (r *Ring) PermuteNTT(polIn *Poly, gen uint64, polOut *Poly)

PermuteNTT applies the Galois transform on a polynomial in the NTT domain. It maps the coefficients x^i to x^(gen*i) It must be noted that the result cannot be in-place.

func (*Ring) PermuteNTTIndex 

func (r *Ring) PermuteNTTIndex(galEl uint64) (index []uint64)

PermuteNTTIndex computes the index table for PermuteNTT.

func (*Ring) PermuteNTTWithIndex 

func (r *Ring) PermuteNTTWithIndex(polIn *Poly, index []uint64, polOut *Poly)

PermuteNTTWithIndex applies the Galois transform on a polynomial in the NTT domain. It maps the coefficients x^i to x^(gen*i) using the PermuteNTTIndex table. It must be noted that the result cannot be in-place.

func (*Ring) PermuteNTTWithIndexThenAddLazy 

func (r *Ring) PermuteNTTWithIndexThenAddLazy(polIn *Poly, index []uint64, polOut *Poly)

PermuteNTTWithIndexThenAddLazy applies the Galois transform on a polynomial in the NTT domain, up to a given level, and adds the result to the output polynomial without modular reduction. It maps the coefficients x^i to x^(gen*i) using the PermuteNTTIndex table. It must be noted that the result cannot be in-place.

func (*Ring) PolyToBigint 

func (r *Ring) PolyToBigint(p1 *Poly, gap int, coeffsBigint []*big.Int)

PolyToBigint reconstructs p1 and returns the result in an array of Int. gap defines coefficients X^{i*gap} that will be reconstructed. For example, if gap = 1, then all coefficients are reconstructed, while if gap = 2 then only coefficients X^{2*i} are reconstructed.

func (*Ring) PolyToBigintCentered 

func (r *Ring) PolyToBigintCentered(p1 *Poly, gap int, coeffsBigint []*big.Int)

PolyToBigintCentered reconstructs p1 and returns the result in an array of Int. Coefficients are centered around Q/2 gap defines coefficients X^{i*gap} that will be reconstructed. For example, if gap = 1, then all coefficients are reconstructed, while if gap = 2 then only coefficients X^{2*i} are reconstructed.

func (*Ring) PolyToString 

func (r *Ring) PolyToString(p1 *Poly) []string

PolyToString reconstructs p1 and returns the result in an array of string.

func (*Ring) Reduce 

func (r *Ring) Reduce(p1, p2 *Poly)

Reduce evaluates p2 = p1 coefficient-wise mod modulus in the ring.

func (*Ring) ReduceLazy 

func (r *Ring) ReduceLazy(p1, p2 *Poly)

ReduceLazy evaluates p2 = p1 coefficient-wise mod modulus in the ring, with p2 in [0, 2*modulus-1].

func (*Ring) SetCoefficientsBigint 

func (r *Ring) SetCoefficientsBigint(coeffs []*big.Int, p1 *Poly)

SetCoefficientsBigint sets the coefficients of p1 from an array of Int variables.

func (*Ring) Shift 

func (r *Ring) Shift(p1 *Poly, k int, p2 *Poly)

Shift evaluates p2 = p2<<<k coefficient-wise in the ring.

func (*Ring) StandardRing 

func (r *Ring) StandardRing() (*Ring, error)

StandardRing returns the standard ring of the receiver ring. If `r.Type()==Standard`, then the method returns the receiver. if `r.Type()==ConjugateInvariant`, then the method returns a ring with ring degree 2N. The returned Ring is a shallow copy of the receiver.

func (*Ring) Sub 

func (r *Ring) Sub(p1, p2, p3 *Poly)

Sub evaluates p3 = p1 - p2 coefficient-wise in the ring.

func (*Ring) SubLazy 

func (r *Ring) SubLazy(p1, p2, p3 *Poly)

SubLazy evaluates p3 = p1 - p2 coefficient-wise in the ring, with p3 in [0, 2*modulus-1].

func (*Ring) SubRNSScalar 

func (r *Ring) SubRNSScalar(s1, s2, sout RNSScalar)

SubRNSScalar subtracts s2 to s1 and stores the result in sout.

func (*Ring) SubScalar 

func (r *Ring) SubScalar(p1 *Poly, scalar uint64, p2 *Poly)

SubScalar evaluates p2 = p1 - scalar coefficient-wise in the ring.

func (*Ring) SubScalarBigint 

func (r *Ring) SubScalarBigint(p1 *Poly, scalar *big.Int, p2 *Poly)

SubScalarBigint evaluates p2 = p1 - scalar coefficient-wise in the ring.

func (*Ring) Type 

func (r *Ring) Type() Type

Type returns the Type of the first subring which might be either `Standard` or `ConjugateInvariant`.

func (*Ring) UnfoldConjugateInvariantToStandard 

func (r *Ring) UnfoldConjugateInvariantToStandard(polyConjugateInvariant, polyStd *Poly)

UnfoldConjugateInvariantToStandard maps the compressed representation (N/2 coefficients) of Z_Q[X+X^-1]/(X^2N + 1) to full representation in Z_Q[X]/(X^2N+1). Requires degree(polyConjugateInvariant) = 2*degree(polyStd). Requires that polyStd and polyConjugateInvariant share the same moduli.

func (*Ring) UnmarshalBinary 

func (r *Ring) UnmarshalBinary(data []byte) (err error)

UnmarshalBinary decodes a slice of bytes on the target ring.

type Sampler 

type Sampler interface {
	Read(pOut *Poly)
}

Sampler is an interface for random polynomial samplers. It has a single Read method which takes as argument the polynomial to be populated according to the Sampler's distribution.

type SubRing 

type SubRing struct {

	// Polynomial nb.Coefficients
	N int

	// Modulus
	Modulus uint64

	// Unique factors of Modulus-1
	Factors []uint64

	// 2^bit_length(Modulus) - 1
	Mask uint64

	// Fast reduction constants
	BRedConstant []uint64 // Barrett Reduction
	MRedConstant uint64   // Montgomery Reduction

	*NTTTable // NTT related constants
	// contains filtered or unexported fields
}

SubRing is a struct storing precomputation for fast modular reduction and NTT for a given modulus.

func NewSubRing 

func NewSubRing(N int, Modulus uint64) (s *SubRing, err error)

NewSubRing creates a new SubRing with the standard NTT. NTT constants still need to be generated using .GenNTTConstants(NthRoot uint64).

func NewSubRingWithCustomNTT 

func NewSubRingWithCustomNTT(N int, Modulus uint64, ntt func(*SubRing, int) NumberTheoreticTransformer, NthRoot int) (s *SubRing, err error)

NewSubRingWithCustomNTT creates a new SubRing with degree N and modulus Modulus with user-defined NTT transform and primitive Nth root of unity. Modulus should be equal to 1 modulo the root of unity. N must be a power of two larger than 8. An error is returned with a nil *SubRing in the case of non NTT-enabling parameters.

func (*SubRing) Add 

func (s *SubRing) Add(p1, p2, p3 []uint64)

Add evaluates p3 = p1 + p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddLazy 

func (s *SubRing) AddLazy(p1, p2, p3 []uint64)

AddLazy evaluates p3 = p1 + p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddLazyThenMulScalarMontgomery 

func (s *SubRing) AddLazyThenMulScalarMontgomery(p1, p2 []uint64, scalarMont uint64, p3 []uint64)

AddLazyThenMulScalarMontgomery evaluates p3 = (p1+p2)*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddScalar 

func (s *SubRing) AddScalar(p1 []uint64, scalar uint64, p2 []uint64)

AddScalar evaluates p2 = p1 + scalar (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddScalarLazy 

func (s *SubRing) AddScalarLazy(p1 []uint64, scalar uint64, p2 []uint64)

AddScalarLazy evaluates p2 = p1 + scalar. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddScalarLazyThenMulScalarMontgomery 

func (s *SubRing) AddScalarLazyThenMulScalarMontgomery(p1 []uint64, scalar0, scalarMont1 uint64, p2 []uint64)

AddScalarLazyThenMulScalarMontgomery evaluates p3 = (scalarMont0+p2)*scalarMont1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) AddScalarLazyThenNegTwoModulusLazy 

func (s *SubRing) AddScalarLazyThenNegTwoModulusLazy(p1 []uint64, scalar uint64, p2 []uint64)

AddScalarLazyThenNegTwoModulusLazy evaluates p2 = 2*modulus - p1 + scalar. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) Decode 

func (s *SubRing) Decode(data []byte) (ptr int, err error)

Decode decodes the input slice of bytes on the target SubRing and returns the number of bytes read.

func (*SubRing) Encode 

func (s *SubRing) Encode(data []byte) (ptr int, err error)

Encode encodes the target SubRing on a slice of bytes and returns the number of bytes written.

func (*SubRing) IMForm 

func (s *SubRing) IMForm(p1, p2 []uint64)

IMForm evaluates p2 = p1 * (2^64)^-1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) INTT 

func (s *SubRing) INTT(p1, p2 []uint64)

INTT evaluates p2 = INTT(p1).

func (*SubRing) INTTLazy 

func (s *SubRing) INTTLazy(p1, p2 []uint64)

INTTLazy evaluates p2 = INTT(p1) with p2 in [0, 2*modulus-1].

func (*SubRing) MForm 

func (s *SubRing) MForm(p1, p2 []uint64)

MForm evaluates p2 = p1 * 2^64 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MFormLazy 

func (s *SubRing) MFormLazy(p1, p2 []uint64)

MFormLazy evaluates p2 = p1 * 2^64 (mod modulus) with p2 in the range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MarshalBinarySize 

func (s *SubRing) MarshalBinarySize() (dataLen int)

MarshalBinarySize returns the length in bytes of the target SubRing.

func (*SubRing) MulCoeffsBarrett 

func (s *SubRing) MulCoeffsBarrett(p1, p2, p3 []uint64)

MulCoeffsBarrett evaluates p3 = p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsBarrettLazy 

func (s *SubRing) MulCoeffsBarrettLazy(p1, p2, p3 []uint64)

MulCoeffsBarrettLazy evaluates p3 = p1*p2 (mod modulus) with p3 in [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsBarrettThenAdd 

func (s *SubRing) MulCoeffsBarrettThenAdd(p1, p2, p3 []uint64)

MulCoeffsBarrettThenAdd evaluates p3 = p3 + (p1*p2) (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsBarrettThenAddLazy 

func (s *SubRing) MulCoeffsBarrettThenAddLazy(p1, p2, p3 []uint64)

MulCoeffsBarrettThenAddLazy evaluates p3 = p3 + p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsLazy 

func (s *SubRing) MulCoeffsLazy(p1, p2, p3 []uint64)

MulCoeffsLazy evaluates p3 = p1*p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsLazyThenAddLazy 

func (s *SubRing) MulCoeffsLazyThenAddLazy(p1, p2, p3 []uint64)

MulCoeffsLazyThenAddLazy evaluates p3 = p3 + p1*p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomery 

func (s *SubRing) MulCoeffsMontgomery(p1, p2, p3 []uint64)

MulCoeffsMontgomery evaluates p3 = p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryLazy 

func (s *SubRing) MulCoeffsMontgomeryLazy(p1, p2, p3 []uint64)

MulCoeffsMontgomeryLazy evaluates p3 = p1*p2 (mod modulus) with p3 in range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryLazyThenAddLazy 

func (s *SubRing) MulCoeffsMontgomeryLazyThenAddLazy(p1, p2, p3 []uint64)

MulCoeffsMontgomeryLazyThenAddLazy evaluates p3 = p3 + p1*p2 (mod modulus) with p3 in range [0, 3modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryLazyThenNeg 

func (s *SubRing) MulCoeffsMontgomeryLazyThenNeg(p1, p2, p3 []uint64)

MulCoeffsMontgomeryLazyThenNeg evaluates p3 = - p1*p2 (mod modulus) with p3 in range [0, 2*modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryLazyThenSubLazy 

func (s *SubRing) MulCoeffsMontgomeryLazyThenSubLazy(p1, p2, p3 []uint64)

MulCoeffsMontgomeryLazyThenSubLazy evaluates p3 = p3 - p1*p2 (mod modulus) with p3 in range [0, 3*modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryThenAdd 

func (s *SubRing) MulCoeffsMontgomeryThenAdd(p1, p2, p3 []uint64)

MulCoeffsMontgomeryThenAdd evaluates p3 = p3 + (p1*p2) (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryThenAddLazy 

func (s *SubRing) MulCoeffsMontgomeryThenAddLazy(p1, p2, p3 []uint64)

MulCoeffsMontgomeryThenAddLazy evaluates p3 = p3 + (p1*p2 (mod modulus)). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryThenSub 

func (s *SubRing) MulCoeffsMontgomeryThenSub(p1, p2, p3 []uint64)

MulCoeffsMontgomeryThenSub evaluates p3 = p3 - p1*p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulCoeffsMontgomeryThenSubLazy 

func (s *SubRing) MulCoeffsMontgomeryThenSubLazy(p1, p2, p3 []uint64)

MulCoeffsMontgomeryThenSubLazy evaluates p3 = p3 - p1*p2 (mod modulus) with p3 in range [0, 2*modulus-2]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulScalarMontgomery 

func (s *SubRing) MulScalarMontgomery(p1 []uint64, scalarMont uint64, p2 []uint64)

MulScalarMontgomery evaluates p2 = p1*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulScalarMontgomeryLazy 

func (s *SubRing) MulScalarMontgomeryLazy(p1 []uint64, scalarMont uint64, p2 []uint64)

MulScalarMontgomeryLazy evaluates p2 = p1*scalarMont (mod modulus) with p2 in range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulScalarMontgomeryThenAdd 

func (s *SubRing) MulScalarMontgomeryThenAdd(p1 []uint64, scalarMont uint64, p2 []uint64)

MulScalarMontgomeryThenAdd evaluates p2 = p2 + p1*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) MulScalarMontgomeryThenAddScalar 

func (s *SubRing) MulScalarMontgomeryThenAddScalar(p1 []uint64, scalar0, scalarMont1 uint64, p2 []uint64)

MulScalarMontgomeryThenAddScalar evaluates p2 = scalar + p1*scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) NTT 

func (s *SubRing) NTT(p1, p2 []uint64)

NTT evaluates p2 = NTT(p1).

func (*SubRing) NTTLazy 

func (s *SubRing) NTTLazy(p1, p2 []uint64)

NTTLazy evaluates p2 = NTT(p1) with p2 in [0, 2*modulus-1].

func (*SubRing) Neg 

func (s *SubRing) Neg(p1, p2 []uint64)

Neg evaluates p2 = -p1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) Reduce 

func (s *SubRing) Reduce(p1, p2 []uint64)

Reduce evaluates p2 = p1 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) ReduceLazy 

func (s *SubRing) ReduceLazy(p1, p2 []uint64)

ReduceLazy evaluates p2 = p1 (mod modulus) with p2 in range [0, 2*modulus-1]. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) Sub 

func (s *SubRing) Sub(p1, p2, p3 []uint64)

Sub evaluates p3 = p1 - p2 (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) SubLazy 

func (s *SubRing) SubLazy(p1, p2, p3 []uint64)

SubLazy evaluates p3 = p1 - p2. Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) SubScalar 

func (s *SubRing) SubScalar(p1 []uint64, scalar uint64, p2 []uint64)

SubScalar evaluates p2 = p1 - scalar (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) SubThenMulScalarMontgomeryTwoModulus 

func (s *SubRing) SubThenMulScalarMontgomeryTwoModulus(p1, p2 []uint64, scalarMont uint64, p3 []uint64)

SubThenMulScalarMontgomeryTwoModulus evaluates p3 = (p1 + twomodulus - p2) * scalarMont (mod modulus). Iteration is done with respect to len(p1). All input must have a size which is a multiple of 8.

func (*SubRing) Type 

func (s *SubRing) Type() Type

Type returns the Type of subring which might be either `Standard` or `ConjugateInvariant`.

type TernarySampler 

type TernarySampler struct {
	// contains filtered or unexported fields
}

TernarySampler keeps the state of a polynomial sampler in the ternary distribution.

func NewTernarySampler 

func NewTernarySampler(prng utils.PRNG, baseRing *Ring, p float64, montgomery bool) *TernarySampler

NewTernarySampler creates a new instance of TernarySampler from a PRNG, the ring definition and the distribution parameters: p is the probability of a coefficient being 0, (1-p)/2 is the probability of 1 and -1. If "montgomery" is set to true, polynomials read from this sampler are in Montgomery form.

func NewTernarySamplerWithHammingWeight 

func NewTernarySamplerWithHammingWeight(prng utils.PRNG, baseRing *Ring, hw int, montgomery bool) *TernarySampler

NewTernarySamplerWithHammingWeight creates a new instance of a fixed-hamming-weight TernarySampler from a PRNG, the ring definition and the desired hamming weight for the output polynomials. If "montgomery" is set to true, polynomials read from this sampler are in Montgomery form.

func (*TernarySampler) AtLevel 

func (ts *TernarySampler) AtLevel(level int) *TernarySampler

AtLevel returns an instance of the target TernarySampler that operates at the target level. This instance is not thread safe and cannot be used concurrently to the base instance.

func (*TernarySampler) Read 

func (ts *TernarySampler) Read(pol *Poly)

Read samples a polynomial into pol.

func (*TernarySampler) ReadNew 

func (ts *TernarySampler) ReadNew() (pol *Poly)

ReadNew allocates and samples a polynomial at the max level.

type Type 

type Type int

Type is the type of ring used by the cryptographic scheme

func (Type) MarshalJSON 

func (rt Type) MarshalJSON() ([]byte, error)

MarshalJSON marshals the receiver Type into a JSON []byte

func (Type) String 

func (rt Type) String() string

String returns the string representation of the ring Type

func (*Type) UnmarshalJSON 

func (rt *Type) UnmarshalJSON(b []byte) error

UnmarshalJSON reads a JSON byte slice into the receiver Type

type UniformSampler 

type UniformSampler struct {
	// contains filtered or unexported fields
}

UniformSampler wraps a util.PRNG and represents the state of a sampler of uniform polynomials.

func NewUniformSampler 

func NewUniformSampler(prng utils.PRNG, baseRing *Ring) *UniformSampler

NewUniformSampler creates a new instance of UniformSampler from a PRNG and ring definition.

func (*UniformSampler) AtLevel 

func (u *UniformSampler) AtLevel(level int) *UniformSampler

AtLevel returns an instance of the target UniformSampler that operates at the target level. This instance is not thread safe and cannot be used concurrently to the base instance.

func (*UniformSampler) Read 

func (u *UniformSampler) Read(pol *Poly)

Read generates a new polynomial with coefficients following a uniform distribution over [0, Qi-1].

func (*UniformSampler) ReadNew 

func (u *UniformSampler) ReadNew() (Pol *Poly)

ReadNew generates a new polynomial with coefficients following a uniform distribution over [0, Qi-1]. Polynomial is created at the max level.

func (*UniformSampler) WithPRNG 

func (u *UniformSampler) WithPRNG(prng utils.PRNG) *UniformSampler

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.