# ckks

package
Version: v2.2.0 Latest Latest

Go to latest
Published: Jul 15, 2021 License: Apache-2.0

### CKKS

The package CKKS is an RNS-accelerated version of the Homomorphic Encryption for Arithmetic of Approximate Numbers (HEAAN, a.k.a. CKKS) scheme originally proposed by Cheon, Kim, Kim and Song. It provides approximate arithmetic over complex numbers.

#### Brief description

This scheme can be used to do arithmetic over $\mathbb{C}^{N/2}=$. The plaintext space and the ciphertext space share the same domain

$\mathbb{Z}_Q[X]/(X^N+++1)=$,

with $N=$ a power of 2.

The batch encoding of this scheme

$\mathbb{C}^{N/2}+\leftrightarrow+Z_Q[X]/(X^N+++1)=$.

maps an array of complex numbers to a polynomial with the property:

$decode(encode(m_1)+\otimes+encode(m_2))+\approx+m_1+\odot+m_2=$,

where $\otimes=$ represents a component-wise product, and $\odot=$ represents a nega-cyclic convolution.

#### Security parameters

$N+=+2^{logN}=$: the ring dimension, which defines the degree of the cyclotomic polynomial, and the number of coefficients of the plaintext/ciphertext polynomials; it should always be a power of two. This parameter has an impact on both security and performance (security increases with N and performance decreases with N). It should be chosen carefully to suit the intended use of the scheme.

$Q=$: the ciphertext modulus. In Lattigo, it is chosen to be the product of a chain of small coprime moduli $q_i=$ that verify $q_i+\equiv+1+\mod+2N=$ in order to enable both the RNS and NTT representation. The used moduli $q_i=$ are chosen to be of size 30 to 60 bits for the best performance. This parameter has an impact on both security and performance (for a fixed $N=$, a larger $Q=$ implies both lower security and lower performance). It is closely related to $N=$ and should be carefully chosen to suit the intended use of the scheme.

$\sigma=$: the variance used for the error polynomials. This parameter is closely tied to the security of the scheme (a larger $\sigma=$ implies higher security).

#### Other parameters

$scale=$: the plaintext scale. Since complex numbers are encoded on polynomials with integer coefficients, the original values must be scaled during the encoding, before being rounded to the nearest integer. The $scale=$ parameter is the power of two by which the values are multiplied during the encoding. It has an impact on the precision of the output and on the amount of operations a fresh encryption can undergo before overflowing.

#### Choosing the right parameters for a given application

There are 3 application-dependent parameters:

• LogN: it determines (a) how many values can be encoded (batched) at once (maximum N/2) in one plaintext, and (b) the maximum total modulus bit size (the product of all the moduli) for a given security parameter.
• Modulichain: it determines how many consecutive scalar and non-scalar multiplications (the depth of the arithmetic circuit) can be evaluated before requiring decryption. Since Lattigo features an RNS implementation, this parameter requires careful fine-tuning depending on the application; i.e., the rescaling procedure can only rescale by one of the RNS modulus at a time, whose size has to be chosen when creating the CKKS context. Additionally, the individual size of each of the moduli also has an effect on the error introduced during the rescaling, since they cannot be powers of 2, so they should be chosen as NTT primes as close as possible to a power of 2 instead.
• Logscale: it determines the scale of the plaintext, affecting both the precision and the maximum allowed depth for a given security parameter.

Configuring parameters for CKKS is very application dependent, requiring a prior analysis of the circuit to be executed under encryption. The following example illustrates how this parametrization can be done, showing that it is possible to come up with different parameter sets for a given circuit, each set having pros and cons.

Let us define the evaluation of an arbitrary smooth function f(x) on an array of ~4000 complex elements contained in a square of side 2 centered at the complex origin (with values ranging between -1-1i and 1+1i). We first need to find a good polynomial approximation for the given range. Lattigo provides an automatic Chebyshev approximation for any given polynomial degree, which can be used for this purpose (it is also possible to define a different polynomial approximation of lower degree with an acceptable error).

Let us assume that we find an approximation of degree 5, i.e., a + bx + cx^3 + dx^5. This function can be evaluated with 3 scalar multiplications, 3 additions and 3 non-scalar multiplications, consuming a total of 4 levels (one for the scalar multiplications and 3 for the non-scalar multiplications).

We then need to chose a scale for the plaintext, that will influence both the bit consumption for the rescaling, and the precision of the computation. If we choose a scale of 2^40, we need to consume at least 160 bits (4 levels) during the evaluation, and we still need some bits left to store the final result with an acceptable precision. Let us assume that the output of the approximation lies always in the square between -20-20i and 20+20i; then, the final modulus must be at least 5 bits larger than the final scale (to preserve the integer precision).

The following parameters will work for the posed example:

• LogN = 13
• Modulichain = [45, 40, 40, 40, 40], for a logQ <= 205
• LogScale = 40

But it is also possible to use less levels to have ciphertexts of smaller size and, therefore, a faster evaluation, at the expense of less precision. This can be achieved by using a scale of 30 bits and squeezing two multiplications in a single level, while pre-computing the last scalar multiplication already in the plaintext. Instead of evaluating a + bx + cx^3 + dx^5, we pre-multiply the plaintext by d^(1/5) and evaluate a + b/(d^(1/5))x + c/(d^(3/5)) + x^5.

The following parameters are enough to evaluate this modified function:

• LogN = 13
• Modulichain = [35, 60, 60], for a logQ <= 155
• LogScale = 30

To summarize, several parameter sets can be used to evaluate a given function, achieving different trade-offs for space and time versus precision.

#### Choosing secure parameters

The CKKS scheme supports the standard recommended parameters chosen to offer a security of 128 bits for a secret key with uniform ternary distribution $s+\in_u+\{-1,+0,+1\}^N=$, according to the Homomorphic Encryption Standards group (https://homomorphicencryption.org/standard/).

Each set of security parameters is defined by the tuple $\{log_2(N),+log_2(Q),+\sigma\}=$ :

• {12, 109, 3.2}
• {13, 218, 3.2}
• {14, 438, 3.2}
• {15, 881, 3.2}

As mentioned, setting parameters for CKKS involves not only choosing this tuple, but also defining the actual moduli chain depending on the application at hand, which is why the provided default parameter sets have to be fine-tuned, preserving the values of the aforementioned tuples, in order to maintain the required security level of 128 bits. That is, Lattigo provides a set of default parameters for CKKS, including example moduli chains, ensuring 128 bit security. The user might want to choose different values in the moduli chain optimized for a specific application. As long as the total modulus is equal or below the above values for a given logN, the scheme will still provide a security of at least 128 bits against the current best known attacks.

Finally, it is worth noting that these security parameters are computed for fully entropic ternary keys (with probability distribution {1/3,1/3,1/3} for values {-1,0,1}). Lattigo uses this fully-entropic key configuration by default. It is possible, though, to generate keys with lower entropy, by modifying their distribution to {(1-p)/2, p, (1-p)/2}, for any p between 0 and 1, which for p>>1/3 can result in low Hamming weight keys (sparse keys). We recall that it has been shown that the security of sparse keys can be considerably lower than that of fully entropic keys, and the CKKS security parameters should be re-evaluated if sparse keys are used.

## Documentation ¶

### Overview ¶

Package ckks implements a RNS-accelerated version of the Homomorphic Encryption for Arithmetic for Approximate Numbers (HEAAN, a.k.a. CKKS) scheme. It provides approximate arithmetic over the complex numbers.package ckks

### Constants ¶

View Source
```const (
Sin  = SinType(0) // Standard Chebyshev approximation of (1/2pi) * sin(2pix)
Cos1 = SinType(1) // Special approximation (Han and Ki) of pow((1/2pi), 1/2^r) * cos(2pi(x-0.25)/2^r)
Cos2 = SinType(2) // Standard Chebyshev approximation of pow((1/2pi), 1/2^r) * cos(2pi(x-0.25)/2^r)
)```

Sin and Cos are the two proposed functions for SinType

View Source
`const GaloisGen uint64 = 5`

GaloisGen is an integer of order N/2 modulo M and that spans Z_M with the integer -1. The j-th ring automorphism takes the root zeta to zeta^(5j).

### Variables ¶

View Source
```var (
// PN12QP109 is a default parameter set for logN=12 and logQP=109
PN12QP109 = ParametersLiteral{
LogN:     12,
LogSlots: 11,
Q: []uint64{0x200000e001,
0x100006001},
P:     []uint64{0x3ffffea001},
Scale: 1 << 32,
Sigma: rlwe.DefaultSigma,
}

// PN13QP218 is a default parameter set for logN=13 and logQP=218
PN13QP218 = ParametersLiteral{
LogN:     13,
LogSlots: 12,
Q: []uint64{0x1fffec001,
0x3fff4001,
0x3ffe8001,
0x40020001,
0x40038001,
0x3ffc0001},
P:     []uint64{0x800004001},
Scale: 1 << 30,
Sigma: rlwe.DefaultSigma,
}
// PN14QP438 is a default parameter set for logN=14 and logQP=438
PN14QP438 = ParametersLiteral{
LogN:     14,
LogSlots: 13,
Q: []uint64{0x200000008001, 0x400018001,
0x3fffd0001, 0x400060001,
0x400068001, 0x3fff90001,
0x400080001, 0x4000a8001,
0x400108001, 0x3ffeb8001},
P:     []uint64{0x7fffffd8001, 0x7fffffc8001},
Scale: 1 << 34,
Sigma: rlwe.DefaultSigma,
}

// PN15QP880 is a default parameter set for logN=15 and logQP=880
PN15QP880 = ParametersLiteral{
LogN:     15,
LogSlots: 14,
Q: []uint64{0x4000000120001, 0x10000140001, 0xffffe80001,
0x10000290001, 0xffffc40001, 0x100003e0001,
0x10000470001, 0x100004b0001, 0xffffb20001,
0x10000500001, 0x10000650001, 0xffff940001,
0xffff8a0001, 0xffff820001, 0xffff780001,
0x10000890001, 0xffff750001, 0x10000960001},
P:     []uint64{0x40000001b0001, 0x3ffffffdf0001, 0x4000000270001},
Scale: 1 << 40,
Sigma: rlwe.DefaultSigma,
}
// PN16QP1761 is a default parameter set for logN=16 and logQP = 1761
PN16QP1761 = ParametersLiteral{
LogN:     16,
LogSlots: 15,
Q: []uint64{0x80000000080001, 0x2000000a0001, 0x2000000e0001, 0x1fffffc20001,
0x200000440001, 0x200000500001, 0x200000620001, 0x1fffff980001,
0x2000006a0001, 0x1fffff7e0001, 0x200000860001, 0x200000a60001,
0x200000aa0001, 0x200000b20001, 0x200000c80001, 0x1fffff360001,
0x200000e20001, 0x1fffff060001, 0x200000fe0001, 0x1ffffede0001,
0x1ffffeca0001, 0x1ffffeb40001, 0x200001520001, 0x1ffffe760001,
0x2000019a0001, 0x1ffffe640001, 0x200001a00001, 0x1ffffe520001,
0x200001e80001, 0x1ffffe0c0001, 0x1ffffdee0001, 0x200002480001,
0x1ffffdb60001, 0x200002560001},
P:     []uint64{0x80000000440001, 0x7fffffffba0001, 0x80000000500001, 0x7fffffffaa0001},
Scale: 1 << 45,
Sigma: rlwe.DefaultSigma,
}

// PN12QP101pq is a default (post quantum) parameter set for logN=12 and logQP=101
PN12QP101pq = ParametersLiteral{
LogN:     12,
LogSlots: 11,
Q:        []uint64{0x800004001, 0x40002001},
P:        []uint64{0x1000002001},
Scale:    1 << 30,
Sigma:    rlwe.DefaultSigma,
}
// PN13QP202pq is a default (post quantum) parameter set for logN=13 and logQP=202
PN13QP202pq = ParametersLiteral{
LogN:     13,
LogSlots: 12,
Q:        []uint64{0x1fffec001, 0x8008001, 0x8020001, 0x802c001, 0x7fa8001, 0x7f74001},
P:        []uint64{0x400018001},
Scale:    1 << 27,
Sigma:    rlwe.DefaultSigma,
}

// PN14QP411pq is a default (post quantum) parameter set for logN=14 and logQP=411
PN14QP411pq = ParametersLiteral{
LogN:     14,
LogSlots: 13,
Q: []uint64{0x10000048001, 0x200038001, 0x1fff90001, 0x200080001, 0x1fff60001,
0x2000b8001, 0x200100001, 0x1fff00001, 0x1ffef0001, 0x200128001},

P:     []uint64{0x1ffffe0001, 0x1ffffc0001},
Scale: 1 << 33,
Sigma: rlwe.DefaultSigma,
}

// PN15QP827pq is a default (post quantum) parameter set for logN=15 and logQP=827
PN15QP827pq = ParametersLiteral{
LogN:     15,
LogSlots: 14,
Q: []uint64{0x400000060001, 0x4000170001, 0x3fffe80001, 0x40002f0001, 0x4000300001,
0x3fffcf0001, 0x40003f0001, 0x3fffc10001, 0x4000450001, 0x3fffb80001,
0x3fffb70001, 0x40004a0001, 0x3fffb20001, 0x4000510001, 0x3fffaf0001,
0x4000540001, 0x4000560001, 0x4000590001},
P:     []uint64{0x2000000a0001, 0x2000000e0001, 0x2000001d0001},
Scale: 1 << 38,
Sigma: rlwe.DefaultSigma,
}
// PN16QP1654pq is a default (post quantum) parameter set for logN=16 and logQP=1654
PN16QP1654pq = ParametersLiteral{LogN: 16,
LogSlots: 15,
Q: []uint64{0x80000000080001, 0x2000000a0001, 0x2000000e0001, 0x1fffffc20001, 0x200000440001,
0x200000500001, 0x200000620001, 0x1fffff980001, 0x2000006a0001, 0x1fffff7e0001,
0x200000860001, 0x200000a60001, 0x200000aa0001, 0x200000b20001, 0x200000c80001,
0x1fffff360001, 0x200000e20001, 0x1fffff060001, 0x200000fe0001, 0x1ffffede0001,
0x1ffffeca0001, 0x1ffffeb40001, 0x200001520001, 0x1ffffe760001, 0x2000019a0001,
0x1ffffe640001, 0x200001a00001, 0x1ffffe520001, 0x200001e80001, 0x1ffffe0c0001,
0x1ffffdee0001, 0x200002480001},
P:     []uint64{0x7fffffffe0001, 0x80000001c0001, 0x80000002c0001, 0x7ffffffd20001},
Scale: 1 << 45,
Sigma: rlwe.DefaultSigma,
}
)```

Name of the different default parameter sets

View Source
```var DefaultBootstrapParams = []*BootstrappingParameters{

{
LogN:     16,
LogSlots: 15,
Scale:    1 << 40,
Sigma:    rlwe.DefaultSigma,
ResidualModuli: []uint64{
0x10000000006e0001,
0x10000140001,
0xffffe80001,
0xffffc40001,
0x100003e0001,
0xffffb20001,
0x10000500001,
0xffff940001,
0xffff8a0001,
0xffff820001,
},
KeySwitchModuli: []uint64{
0x1fffffffffe00001,
0x1fffffffffc80001,
0x1fffffffffb40001,
0x1fffffffff500001,
0x1fffffffff420001,
},
SlotsToCoeffsModuli: SlotsToCoeffsModuli{
Qi: []uint64{
0x7fffe60001,
0x7fffe40001,
0x7fffe00001,
},
ScalingFactor: [][]float64{
{0x7fffe60001},
{0x7fffe40001},
{0x7fffe00001},
},
},
SineEvalModuli: SineEvalModuli{
Qi: []uint64{
0xfffffffff840001,
0x1000000000860001,
0xfffffffff6a0001,
0x1000000000980001,
0xfffffffff5a0001,
0x1000000000b00001,
0x1000000000ce0001,
0xfffffffff2a0001,
},
ScalingFactor: 1 << 60,
},
CoeffsToSlotsModuli: CoeffsToSlotsModuli{
Qi: []uint64{
0x100000000060001,
0xfffffffff00001,
0xffffffffd80001,
0x1000000002a0001,
},
ScalingFactor: [][]float64{
{0x100000000060001},
{0xfffffffff00001},
{0xffffffffd80001},
{0x1000000002a0001},
},
},
H:            192,
SinType:      Cos1,
MessageRatio: 256.0,
SinRange:     25,
SinDeg:       63,
SinRescal:    2,
ArcSineDeg:   0,
MaxN1N2Ratio: 16.0,
BitReversed:  false,
},

{
LogN:     16,
LogSlots: 15,
Scale:    1 << 45,
Sigma:    rlwe.DefaultSigma,
ResidualModuli: []uint64{
0x10000000006e0001,
0x2000000a0001,
0x2000000e0001,
0x1fffffc20001,
0x200000440001,
0x200000500001,
},
KeySwitchModuli: []uint64{
0x1fffffffffe00001,
0x1fffffffffc80001,
0x1fffffffffb40001,
0x1fffffffff500001,
},
SlotsToCoeffsModuli: SlotsToCoeffsModuli{
Qi: []uint64{
0x3ffffe80001,
0x3ffffd20001,
0x3ffffca0001,
},
ScalingFactor: [][]float64{
{0x3ffffe80001},
{0x3ffffd20001},
{0x3ffffca0001},
},
},
SineEvalModuli: SineEvalModuli{
Qi: []uint64{
0xffffffffffc0001,
0xfffffffff240001,
0x1000000000f00001,
0xfffffffff840001,
0x1000000000860001,
0xfffffffff6a0001,
0x1000000000980001,
0xfffffffff5a0001,
0x1000000000b00001,
0x1000000000ce0001,
0xfffffffff2a0001,
},
ScalingFactor: 1 << 60,
},
CoeffsToSlotsModuli: CoeffsToSlotsModuli{
Qi: []uint64{
0x400000000360001,
0x3ffffffffbe0001,
0x400000000660001,
0x4000000008a0001,
},
ScalingFactor: [][]float64{
{0x400000000360001},
{0x3ffffffffbe0001},
{0x400000000660001},
{0x4000000008a0001},
},
},
H:            192,
SinType:      Cos1,
MessageRatio: 4.0,
SinRange:     25,
SinDeg:       63,
SinRescal:    2,
ArcSineDeg:   7,
MaxN1N2Ratio: 16.0,
BitReversed:  false,
},

{
LogN:     16,
LogSlots: 15,
Scale:    1 << 30,
Sigma:    rlwe.DefaultSigma,
ResidualModuli: []uint64{
0x80000000080001,
0xffffffffffc0001,
0x10000000006e0001,
0xfffffffff840001,
0x1000000000860001,
0xfffffffff6a0001,
0x1000000000980001,
0xfffffffff5a0001,
},
KeySwitchModuli: []uint64{
0x1fffffffffe00001,
0x1fffffffffc80001,
0x1fffffffffb40001,
0x1fffffffff500001,
0x1fffffffff420001,
},
SlotsToCoeffsModuli: SlotsToCoeffsModuli{
Qi: []uint64{
0x1000000000b00001,
0x1000000000ce0001,
},
ScalingFactor: [][]float64{
{1073741824.0},
{1073741824.0062866, 1073741824.0062866},
},
},
SineEvalModuli: SineEvalModuli{
Qi: []uint64{
0x80000000440001,
0x7fffffffba0001,
0x80000000500001,
0x7fffffffaa0001,
0x800000005e0001,
0x7fffffff7e0001,
0x7fffffff380001,
0x80000000ca0001,
},
ScalingFactor: 1 << 55,
},
CoeffsToSlotsModuli: CoeffsToSlotsModuli{
Qi: []uint64{
0x200000000e0001,
0x20000000140001,
0x20000000280001,
0x1fffffffd80001,
},
ScalingFactor: [][]float64{
{0x200000000e0001},
{0x20000000140001},
{0x20000000280001},
{0x1fffffffd80001},
},
},
H:            192,
SinType:      Cos1,
MessageRatio: 256.0,
SinRange:     25,
SinDeg:       63,
SinRescal:    2,
ArcSineDeg:   0,
MaxN1N2Ratio: 16.0,
BitReversed:  false,
},

{
LogN:     16,
LogSlots: 15,
Scale:    1 << 40,
Sigma:    rlwe.DefaultSigma,
ResidualModuli: []uint64{
0x4000000120001,
0x10000140001,
0xffffe80001,
0xffffc40001,
0x100003e0001,
0xffffb20001,
0x10000500001,
0xffff940001,
0xffff8a0001,
0xffff820001,
},
KeySwitchModuli: []uint64{
0x1fffffffffe00001,
0x1fffffffffc80001,
0x1fffffffffb40001,
0x1fffffffff500001,
0x1fffffffff420001,
0x1fffffffff380001,
},
SlotsToCoeffsModuli: SlotsToCoeffsModuli{
Qi: []uint64{
0x100000000060001,
0xffa0001,
},
ScalingFactor: [][]float64{
{268435456.0007324, 268435456.0007324},
{0xffa0001},
},
},
SineEvalModuli: SineEvalModuli{
Qi: []uint64{
0xffffffffffc0001,
0x10000000006e0001,
0xfffffffff840001,
0x1000000000860001,
0xfffffffff6a0001,
0x1000000000980001,
0xfffffffff5a0001,
0x1000000000b00001,
0x1000000000ce0001,
0xfffffffff2a0001,
0xfffffffff240001,
0x1000000000f00001,
},
ScalingFactor: 1 << 60,
},
CoeffsToSlotsModuli: CoeffsToSlotsModuli{
Qi: []uint64{
0x200000000e0001,
0x20000000140001,
0x20000000280001,
0x1fffffffd80001,
},
ScalingFactor: [][]float64{
{0x200000000e0001},
{0x20000000140001},
{0x20000000280001},
{0x1fffffffd80001},
},
},
H:            32768,
SinType:      Cos2,
MessageRatio: 256.0,
SinRange:     325,
SinDeg:       255,
SinRescal:    4,
ArcSineDeg:   0,
MaxN1N2Ratio: 16.0,
BitReversed:  false,
},

{
LogN:     15,
LogSlots: 14,
Scale:    1 << 25,
Sigma:    rlwe.DefaultSigma,
ResidualModuli: []uint64{
0x1fff90001,
0x4000000420001,
0x1fc0001,
},
KeySwitchModuli: []uint64{
0x7fffffffe0001,
0x8000000110001,
},
SlotsToCoeffsModuli: SlotsToCoeffsModuli{
Qi: []uint64{
0xffffffffffc0001,
},
ScalingFactor: [][]float64{
{1073741823.9998779, 1073741823.9998779},
},
},
SineEvalModuli: SineEvalModuli{
Qi: []uint64{
0x4000000120001,
0x40000001b0001,
0x3ffffffdf0001,
0x4000000270001,
0x3ffffffd20001,
0x3ffffffcd0001,
0x4000000350001,
0x3ffffffc70001,
},
ScalingFactor: 1 << 50,
},
CoeffsToSlotsModuli: CoeffsToSlotsModuli{
Qi: []uint64{
0x1fffffff50001,
0x1ffffffea0001,
},
ScalingFactor: [][]float64{
{0x1fffffff50001},
{0x1ffffffea0001},
},
},
H:            192,
SinType:      Cos1,
MessageRatio: 256.0,
SinRange:     25,
SinDeg:       63,
SinRescal:    2,
ArcSineDeg:   0,
MaxN1N2Ratio: 16.0,
BitReversed:  false,
},
}```

DefaultBootstrapParams are default bootstrapping params for the bootstrapping.

View Source
`var DefaultParams = []ParametersLiteral{PN12QP109, PN13QP218, PN14QP438, PN15QP880, PN16QP1761}`

DefaultParams is a set of default CKKS parameters ensuring 128 bit security in a classic setting.

View Source
`var DefaultPostQuantumParams = []ParametersLiteral{PN12QP101pq, PN13QP202pq, PN14QP411pq, PN15QP827pq, PN16QP1654pq}`

DefaultPostQuantumParams is a set of default CKKS parameters ensuring 128 bit security in a post-quantum setting.

### Functions ¶

`func AddMatrixRotToList(pVec *PtDiagMatrix, rotations []int, slots int, repack bool) []int`

AddMatrixRotToList adds the rotations neede to evaluate pVec to the list rotations

#### func GenSwitchkeysRescalingParams ¶

`func GenSwitchkeysRescalingParams(Q, P []uint64) (params []uint64)`

GenSwitchkeysRescalingParams generates the parameters for rescaling the switching keys

#### func NewKeyGenerator ¶

`func NewKeyGenerator(params Parameters) rlwe.KeyGenerator`

NewKeyGenerator creates a rlwe.KeyGenerator instance from the CKKS parameters.

#### func NewPublicKey ¶

`func NewPublicKey(params Parameters) (pk *rlwe.PublicKey)`

NewPublicKey returns an allocated CKKS public with zero values.

#### func NewRelinearizationKey ¶ added in v2.2.0

`func NewRelinearizationKey(params Parameters) *rlwe.RelinearizationKey`

NewRelinearizationKey returns an allocated CKKS public relinearization key with zero value.

#### func NewRotationKeySet ¶ added in v2.2.0

`func NewRotationKeySet(params Parameters, galoisElements []uint64) *rlwe.RotationKeySet`

NewRotationKeySet returns an allocated set of CKKS public rotation keys with zero values for each galois element (i.e., for each supported rotation).

#### func NewSecretKey ¶

`func NewSecretKey(params Parameters) (sk *rlwe.SecretKey)`

NewSecretKey returns an allocated CKKS secret key with zero values.

#### func NewSwitchingKey ¶

`func NewSwitchingKey(params Parameters) *rlwe.SwitchingKey`

NewSwitchingKey returns an allocated CKKS public switching key with zero values.

#### func StandardDeviation ¶ added in v2.2.0

`func StandardDeviation(vec []float64, scale float64) (std float64)`

StandardDeviation computes the scaled standard deviation of the input vector.

### Types ¶

#### type Bootstrapper ¶

```type Bootstrapper struct {
BootstrappingParameters
*BootstrappingKey
// contains filtered or unexported fields
}```

Bootstrapper is a struct to stores a memory pool the plaintext matrices the polynomial approximation and the keys for the bootstrapping.

#### func NewBootstrapper ¶

`func NewBootstrapper(params Parameters, btpParams *BootstrappingParameters, btpKey BootstrappingKey) (btp *Bootstrapper, err error)`

NewBootstrapper creates a new Bootstrapper.

`func (eval Bootstrapper) Add(op0, op1 Operand, ctOut *Ciphertext)`

`func (eval Bootstrapper) AddConst(ct0 *Ciphertext, constant interface{}, ctOut *Ciphertext)`

AddConst adds the input constant (which can be a uint64, int64, float64 or complex128) to ct0 and returns the result in ctOut.

`func (eval Bootstrapper) AddConstNew(ct0 *Ciphertext, constant interface{}) (ctOut *Ciphertext)`

AddConstNew adds the input constant (which can be a uint64, int64, float64 or complex128) to ct0 and returns the result in a new element.

`func (eval Bootstrapper) AddNew(op0, op1 Operand) (ctOut *Ciphertext)`

AddNew adds op0 to op1 and returns the result in a newly created element.

`func (eval Bootstrapper) AddNoMod(op0, op1 Operand, ctOut *Ciphertext)`

AddNoMod adds op0 to op1 and returns the result in ctOut, without modular reduction.

`func (eval Bootstrapper) AddNoModNew(op0, op1 Operand) (ctOut *Ciphertext)`

AddNoModNew adds op0 to op1 without modular reduction, and returns the result in a newly created element.

#### func (*Bootstrapper) Bootstrapp ¶

`func (btp *Bootstrapper) Bootstrapp(ct *Ciphertext) *Ciphertext`

Bootstrapp re-encrypt a ciphertext at lvl Q0 to a ciphertext at MaxLevel-k where k is the depth of the bootstrapping circuit. If the input ciphertext level is zero, the input scale must be an exact power of two smaller or equal to round(Q0/2^{10}). If the input ciphertext is at level one or more, the input scale does not need to be an exact power of two as one level can be used to do a scale matching.

#### func (*Bootstrapper) CheckKeys ¶

`func (btp *Bootstrapper) CheckKeys() (err error)`

CheckKeys checks if all the necessary keys are present

#### func (Bootstrapper) Conjugate ¶ added in v2.2.0

`func (eval Bootstrapper) Conjugate(ct0 *Ciphertext, ctOut *Ciphertext)`

Conjugate conjugates ct0 (which is equivalent to a row rotation) and returns the result in ctOut. If the provided element is a Ciphertext, a key-switching operation is necessary and a rotation key for the row rotation needs to be provided.

#### func (Bootstrapper) ConjugateNew ¶ added in v2.2.0

`func (eval Bootstrapper) ConjugateNew(ct0 *Ciphertext) (ctOut *Ciphertext)`

ConjugateNew conjugates ct0 (which is equivalent to a row rotation) and returns the result in a newly created element. If the provided element is a Ciphertext, a key-switching operation is necessary and a rotation key for the row rotation needs to be provided.

#### func (Bootstrapper) DivByi ¶ added in v2.2.0

`func (eval Bootstrapper) DivByi(ct0 *Ciphertext, ctOut *Ciphertext)`

DivByi multiplies ct0 by the imaginary number 1/i = -i, and returns the result in ctOut. It does not change the scale.

#### func (Bootstrapper) DivByiNew ¶ added in v2.2.0

`func (eval Bootstrapper) DivByiNew(ct0 *Ciphertext) (ctOut *Ciphertext)`

DivByiNew multiplies ct0 by the imaginary number 1/i = -i, and returns the result in a newly created element. It does not change the scale.

#### func (Bootstrapper) DropLevel ¶ added in v2.2.0

`func (eval Bootstrapper) DropLevel(ct0 *Ciphertext, levels int)`

DropLevel reduces the level of ct0 by levels and returns the result in ct0. No rescaling is applied during this procedure.

#### func (Bootstrapper) DropLevelNew ¶ added in v2.2.0

`func (eval Bootstrapper) DropLevelNew(ct0 *Ciphertext, levels int) (ctOut *Ciphertext)`

DropLevelNew reduces the level of ct0 by levels and returns the result in a newly created element. No rescaling is applied during this procedure.

#### func (Bootstrapper) EvaluateCheby ¶ added in v2.2.0

`func (eval Bootstrapper) EvaluateCheby(op *Ciphertext, cheby *ChebyshevInterpolation, tartetScale float64) (opOut *Ciphertext, err error)`

#### func (Bootstrapper) EvaluatePoly ¶ added in v2.2.0

`func (eval Bootstrapper) EvaluatePoly(ct0 *Ciphertext, pol *Poly, targetScale float64) (opOut *Ciphertext, err error)`

#### func (Bootstrapper) InnerSum ¶ added in v2.2.0

`func (eval Bootstrapper) InnerSum(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)`

InnerSum applies an naive inner sum on the ciphetext (n rotations with single hoisting). The operation assumes that `ctIn` encrypts SlotCount/`batchSize` sub-vectors of size `batchSize` which it adds together (in parallel) by groups of `n`. It outputs in ctOut a ciphertext for which the "leftmost" sub-vector of each group is equal to the sum of the group. This method is faster than InnerSumLog when the number of rotations is small but uses 'n' keys instead of log(n) + HW(n).

#### func (Bootstrapper) InnerSumLog ¶ added in v2.2.0

`func (eval Bootstrapper) InnerSumLog(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)`

InnerSumLog applies an optimized inner sum on the ciphetext (log2(n) + HW(n) rotations with double hoisting). The operation assumes that `ctIn` encrypts SlotCount/`batchSize` sub-vectors of size `batchSize` which it adds together (in parallel) by groups of `n`. It outputs in ctOut a ciphertext for which the "leftmost" sub-vector of each group is equal to the sum of the group. This method is faster than InnerSum when the number of rotations is large and uses log2(n) + HW(n) insteadn of 'n' keys.

#### func (Bootstrapper) InverseNew ¶ added in v2.2.0

`func (eval Bootstrapper) InverseNew(op *Ciphertext, steps int) (opOut *Ciphertext)`

InverseNew computes 1/op and returns the result on a new element, iterating for n steps and consuming n levels. The algorithm requires the encrypted values to be in the range [-1.5 - 1.5i, 1.5 + 1.5i] or the result will be wrong. Each iteration increases the precision.

#### func (Bootstrapper) LinearTransform ¶ added in v2.2.0

`func (eval Bootstrapper) LinearTransform(ctIn *Ciphertext, linearTransform interface{}) (ctOut []*Ciphertext)`

LinearTransform evaluates a linear transform on the ciphertext. The linearTransform can either be an (ordered) list of PtDiagMatrix or a single PtDiagMatrix. In either case a list of ciphertext is return (the second case returnign a list of containing a single ciphertext. A PtDiagMatrix is a diagonalized plaintext matrix contructed with an Encoder using the method encoder.EncodeDiagMatrixAtLvl(*).

#### func (Bootstrapper) Mul ¶ added in v2.2.0

`func (eval Bootstrapper) Mul(op0, op1 Operand, ctOut *Ciphertext)`

Mul multiplies op0 with op1 without relinearization and returns the result in ctOut. The procedure will panic if either op0 or op1 are have a degree higher than 1. The procedure will panic if ctOut.Degree != op0.Degree + op1.Degree.

#### func (Bootstrapper) MulByPow2 ¶ added in v2.2.0

`func (eval Bootstrapper) MulByPow2(ct0 *Ciphertext, pow2 int, ctOut *Ciphertext)`

MulByPow2 multiplies ct0 by 2^pow2 and returns the result in ctOut.

#### func (Bootstrapper) MulByPow2New ¶ added in v2.2.0

`func (eval Bootstrapper) MulByPow2New(ct0 *Ciphertext, pow2 int) (ctOut *Ciphertext)`

MulByPow2New multiplies ct0 by 2^pow2 and returns the result in a newly created element.

#### func (Bootstrapper) MulNew ¶ added in v2.2.0

`func (eval Bootstrapper) MulNew(op0, op1 Operand) (ctOut *Ciphertext)`

MulNew multiplies op0 with op1 without relinearization and returns the result in a newly created element. The procedure will panic if either op0.Degree or op1.Degree > 1.

#### func (Bootstrapper) MulRelin ¶ added in v2.2.0

`func (eval Bootstrapper) MulRelin(op0, op1 Operand, ctOut *Ciphertext)`

MulRelin multiplies op0 with op1 with relinearization and returns the result in ctOut. The procedure will panic if either op0.Degree or op1.Degree > 1. The procedure will panic if ctOut.Degree != op0.Degree + op1.Degree. The procedure will panic if the evaluator was not created with an relinearization key.

#### func (Bootstrapper) MulRelinNew ¶ added in v2.2.0

`func (eval Bootstrapper) MulRelinNew(op0, op1 Operand) (ctOut *Ciphertext)`

MulRelinNew multiplies ct0 by ct1 with relinearization and returns the result in a newly created element. The procedure will panic if either op0.Degree or op1.Degree > 1. The procedure will panic if the evaluator was not created with an relinearization key.

#### func (Bootstrapper) MultByConst ¶ added in v2.2.0

`func (eval Bootstrapper) MultByConst(ct0 *Ciphertext, constant interface{}, ctOut *Ciphertext)`

MultByConst multiplies ct0 by the input constant and returns the result in ctOut. The scale of the output element will depend on the scale of the input element and the constant (if the constant needs to be scaled (its rational part is not zero)). The constant can be a uint64, int64, float64 or complex128.

`func (eval Bootstrapper) MultByConstAndAdd(ct0 *Ciphertext, constant interface{}, ctOut *Ciphertext)`

MultByConstAndAdd multiplies ct0 by the input constant, and adds it to the receiver element (it does not modify the input element), e.g., ctOut(x) = ctOut(x) + ct0(x) * (a+bi). This functions removes the need of storing the intermediate value c(x) * (a+bi). This function will modify the level and the scale of the receiver element depending on the level and the scale of the input element and the type of the constant. The level of the receiver element will be set to min(input.level, receiver.level). The scale of the receiver element will be set to the scale that the input element would have after the multiplication by the constant.

#### func (Bootstrapper) MultByConstNew ¶ added in v2.2.0

`func (eval Bootstrapper) MultByConstNew(ct0 *Ciphertext, constant interface{}) (ctOut *Ciphertext)`

MultByConstNew multiplies ct0 by the input constant and returns the result in a newly created element. The scale of the output element will depend on the scale of the input element and the constant (if the constant needs to be scaled (its rational part is not zero)). The constant can be a uint64, int64, float64 or complex128.

#### func (Bootstrapper) MultByGaussianInteger ¶ added in v2.2.0

`func (eval Bootstrapper) MultByGaussianInteger(ct0 *Ciphertext, cReal, cImag int64, ctOut *Ciphertext)`

`func (eval Bootstrapper) MultByGaussianIntegerAndAdd(ct0 *Ciphertext, cReal, cImag int64, ctOut *Ciphertext)`

#### func (Bootstrapper) MultByi ¶ added in v2.2.0

`func (eval Bootstrapper) MultByi(ct0 *Ciphertext, ctOut *Ciphertext)`

MultByi multiplies ct0 by the imaginary number i, and returns the result in ctOut. It does not change the scale.

#### func (Bootstrapper) MultByiNew ¶ added in v2.2.0

`func (eval Bootstrapper) MultByiNew(ct0 *Ciphertext) (ctOut *Ciphertext)`

MultByiNew multiplies ct0 by the imaginary number i, and returns the result in a newly created element. It does not change the scale.

#### func (Bootstrapper) MultiplyByDiagMatrix ¶ added in v2.2.0

`func (eval Bootstrapper) MultiplyByDiagMatrix(ctIn *Ciphertext, matrix *PtDiagMatrix, PoolDecompQ, PoolDecompP []*ring.Poly, ctOut *Ciphertext)`

MultiplyByDiagMatrix multiplies the ciphertext "ctIn" by the plaintext matrix "matrix" and returns the result on the ciphertext "ctOut". Memory pools for the decomposed ciphertext PoolDecompQ, PoolDecompP must be provided, those are list of poly of ringQ and ringP respectively, each of size params.Beta(). The naive approach is used (single hoisting and no baby-step giant-step), which is faster than MultiplyByDiagMatrixBSGS for matrix of only a few non-zero diagonals but uses more keys.

#### func (Bootstrapper) MultiplyByDiagMatrixBSGS ¶ added in v2.2.0

`func (eval Bootstrapper) MultiplyByDiagMatrixBSGS(ctIn *Ciphertext, matrix *PtDiagMatrix, PoolDecompQ, PoolDecompP []*ring.Poly, ctOut *Ciphertext)`

MultiplyByDiagMatrixBSGS multiplies the ciphertext "ctIn" by the plaintext matrix "matrix" and returns the result on the ciphertext "ctOut". Memory pools for the decomposed ciphertext PoolDecompQ, PoolDecompP must be provided, those are list of poly of ringQ and ringP respectively, each of size params.Beta(). The BSGS approach is used (double hoisting with baby-step giant-step), which is faster than MultiplyByDiagMatrix for matrix with more than a few non-zero diagonals and uses much less keys.

#### func (Bootstrapper) Neg ¶ added in v2.2.0

`func (eval Bootstrapper) Neg(ct0 *Ciphertext, ctOut *Ciphertext)`

Neg negates the value of ct0 and returns the result in ctOut.

#### func (Bootstrapper) NegNew ¶ added in v2.2.0

`func (eval Bootstrapper) NegNew(ct0 *Ciphertext) (ctOut *Ciphertext)`

NegNew negates ct0 and returns the result in a newly created element.

#### func (Bootstrapper) Power ¶ added in v2.2.0

`func (eval Bootstrapper) Power(op *Ciphertext, degree int, opOut *Ciphertext)`

Power computes op^degree, consuming log(degree) levels, and returns the result on opOut. Providing an evaluation key is necessary when degree > 2.

#### func (Bootstrapper) PowerNew ¶ added in v2.2.0

`func (eval Bootstrapper) PowerNew(op *Ciphertext, degree int) (opOut *Ciphertext)`

PowerNew computes op^degree, consuming log(degree) levels, and returns the result on a new element. Providing an evaluation key is necessary when degree > 2.

#### func (Bootstrapper) PowerOf2 ¶ added in v2.2.0

`func (eval Bootstrapper) PowerOf2(op *Ciphertext, logPow2 int, opOut *Ciphertext)`

PowerOf2 computes op^(2^logPow2), consuming logPow2 levels, and returns the result on opOut. Providing an evaluation key is necessary when logPow2 > 1.

#### func (Bootstrapper) Reduce ¶ added in v2.2.0

`func (eval Bootstrapper) Reduce(ct0 *Ciphertext, ctOut *Ciphertext) error`

Reduce applies a modular reduction to ct0 and returns the result in ctOut. To be used in conjunction with functions that do not apply modular reduction.

#### func (Bootstrapper) ReduceNew ¶ added in v2.2.0

`func (eval Bootstrapper) ReduceNew(ct0 *Ciphertext) (ctOut *Ciphertext)`

ReduceNew applies a modular reduction to ct0 and returns the result in a newly created element. To be used in conjunction with functions that do not apply modular reduction.

#### func (Bootstrapper) Relinearize ¶ added in v2.2.0

`func (eval Bootstrapper) Relinearize(ct0 *Ciphertext, ctOut *Ciphertext)`

Relinearize applies the relinearization procedure on ct0 and returns the result in ctOut. The input Ciphertext must be of degree two.

#### func (Bootstrapper) RelinearizeNew ¶ added in v2.2.0

`func (eval Bootstrapper) RelinearizeNew(ct0 *Ciphertext) (ctOut *Ciphertext)`

RelinearizeNew applies the relinearization procedure on ct0 and returns the result in a newly created Ciphertext. The input Ciphertext must be of degree two.

#### func (Bootstrapper) Replicate ¶ added in v2.2.0

`func (eval Bootstrapper) Replicate(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)`

Replicate applies naive replication on the ciphetext (n rotations with single hoisting). It acts as the inverse of a inner sum (summing elements from left to right). The replication is parameterized by the size of the sub-vectors to replicate "batchSize" and the number of time "n" they need to be replicated. To ensure correctness, a gap of zero values of size batchSize * (n-1) must exist between two consecutive sub-vectors to replicate. This method is faster than ReplicateLog when the number of rotations is small but uses 'n' keys instead of log2(n) + HW(n).

#### func (Bootstrapper) ReplicateLog ¶ added in v2.2.0

`func (eval Bootstrapper) ReplicateLog(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)`

ReplicateLog applies an optimized replication on the ciphetext (log2(n) + HW(n) rotations with double hoisting). It acts as the inverse of a inner sum (summing elements from left to right). The replication is parameterized by the size of the sub-vectors to replicate "batchSize" and the number of time "n" they need to be replicated. To ensure correctness, a gap of zero values of size batchSize * (n-1) must exist between two consecutive sub-vectors to replicate. This method is faster than Replicate when the number of rotations is large and uses log2(n) + HW(n) instead of 'n'.

#### func (Bootstrapper) Rescale ¶ added in v2.2.0

`func (eval Bootstrapper) Rescale(ctIn *Ciphertext, minScale float64, ctOut *Ciphertext) (err error)`

Rescale divides ct0 by the last modulus in the moduli chain, and repeats this procedure (consuming one level each time) until the scale reaches the original scale or before it goes below it, and returns the result in ctOut. Since all the moduli in the moduli chain are generated to be close to the original scale, this procedure is equivalent to dividing the input element by the scale and adding some error. Returns an error if "minScale <= 0", ct.Scale = 0, ct.Level() = 0, ct.IsNTT() != true or if ct.Leve() != ctOut.Level()

#### func (Bootstrapper) RescaleNew ¶ added in v2.2.0

`func (eval Bootstrapper) RescaleNew(ct0 *Ciphertext, threshold float64) (ctOut *Ciphertext, err error)`

RescaleNew divides ct0 by the last modulus in the moduli chain, and repeats this procedure (consuming one level each time) until the scale reaches the original scale or before it goes below it, and returns the result in a newly created element. Since all the moduli in the moduli chain are generated to be close to the original scale, this procedure is equivalent to dividing the input element by the scale and adding some error. Returns an error if "threshold <= 0", ct.Scale = 0, ct.Level() = 0, ct.IsNTT() != true

#### func (Bootstrapper) Rotate ¶ added in v2.2.0

`func (eval Bootstrapper) Rotate(ct0 *Ciphertext, k int, ctOut *Ciphertext)`

Rotate rotates the columns of ct0 by k positions to the left and returns the result in ctOut. If the provided element is a Ciphertext, a key-switching operation is necessary and a rotation key for the specific rotation needs to be provided.

#### func (Bootstrapper) RotateHoisted ¶ added in v2.2.0

`func (eval Bootstrapper) RotateHoisted(ctIn *Ciphertext, rotations []int) (cOut map[int]*Ciphertext)`

RotateHoisted takes an input Ciphertext and a list of rotations and returns a map of Ciphertext, where each element of the map is the input Ciphertext rotation by one element of the list. It is much faster than sequential calls to Rotate.

#### func (Bootstrapper) RotateNew ¶ added in v2.2.0

`func (eval Bootstrapper) RotateNew(ct0 *Ciphertext, k int) (ctOut *Ciphertext)`

RotateNew rotates the columns of ct0 by k positions to the left, and returns the result in a newly created element. If the provided element is a Ciphertext, a key-switching operation is necessary and a rotation key for the specific rotation needs to be provided.

#### func (Bootstrapper) ScaleUp ¶ added in v2.2.0

`func (eval Bootstrapper) ScaleUp(ct0 *Ciphertext, scale float64, ctOut *Ciphertext)`

ScaleUp multiplies ct0 by 2^scale and sets its scale to its previous scale plus 2^n. It returns the result in ctOut.

#### func (Bootstrapper) ScaleUpNew ¶ added in v2.2.0

`func (eval Bootstrapper) ScaleUpNew(ct0 *Ciphertext, scale float64) (ctOut *Ciphertext)`

ScaleUpNew multiplies ct0 by 2^scale and sets its scale to its previous scale plus 2^n. It returns the result in a newly created element.

#### func (Bootstrapper) SetScale ¶ added in v2.2.0

`func (eval Bootstrapper) SetScale(ct *Ciphertext, scale float64)`

SetScale sets the scale of the ciphertext to the input scale (consumes a level)

#### func (Bootstrapper) ShallowCopy ¶ added in v2.2.0

`func (eval Bootstrapper) ShallowCopy() Evaluator`

ShallowCopy creates a shallow copy of this evaluator in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned Evaluators can be used concurrently.

#### func (Bootstrapper) Sub ¶ added in v2.2.0

`func (eval Bootstrapper) Sub(op0, op1 Operand, ctOut *Ciphertext)`

Sub subtracts op1 from op0 and returns the result in ctOut.

#### func (Bootstrapper) SubNew ¶ added in v2.2.0

`func (eval Bootstrapper) SubNew(op0, op1 Operand) (ctOut *Ciphertext)`

SubNew subtracts op1 from op0 and returns the result in a newly created element.

#### func (Bootstrapper) SubNoMod ¶ added in v2.2.0

`func (eval Bootstrapper) SubNoMod(op0, op1 Operand, ctOut *Ciphertext)`

SubNoMod subtracts op1 from op0 and returns the result in ctOut, without modular reduction.

#### func (Bootstrapper) SubNoModNew ¶ added in v2.2.0

`func (eval Bootstrapper) SubNoModNew(op0, op1 Operand) (ctOut *Ciphertext)`

SubNoModNew subtracts op1 from op0 without modular reduction, and returns the result in a newly created element.

#### func (Bootstrapper) SwitchKeys ¶ added in v2.2.0

`func (eval Bootstrapper) SwitchKeys(ct0 *Ciphertext, switchingKey *rlwe.SwitchingKey, ctOut *Ciphertext)`

SwitchKeys re-encrypts ct0 under a different key and returns the result in ctOut. It requires a SwitchingKey, which is computed from the key under which the Ciphertext is currently encrypted, and the key under which the Ciphertext will be re-encrypted.

#### func (Bootstrapper) SwitchKeysNew ¶ added in v2.2.0

`func (eval Bootstrapper) SwitchKeysNew(ct0 *Ciphertext, switchingKey *rlwe.SwitchingKey) (ctOut *Ciphertext)`

SwitchKeysNew re-encrypts ct0 under a different key and returns the result in a newly created element. It requires a SwitchingKey, which is computed from the key under which the Ciphertext is currently encrypted, and the key under which the Ciphertext will be re-encrypted.

#### func (Bootstrapper) WithKey ¶ added in v2.2.0

`func (eval Bootstrapper) WithKey(evaluationKey rlwe.EvaluationKey) Evaluator`

WithKey creates a shallow copy of the receiver Evaluator for which the new EvaluationKey is evaluationKey and where the temporary buffers are shared. The receiver and the returned Evaluators cannot be used concurrently.

#### type BootstrappingKey ¶

`type BootstrappingKey rlwe.EvaluationKey`

BootstrappingKey is a type for a CKKS bootstrapping key, wich regroups the necessary public relinearization and rotation keys (i.e., an EvaluationKey).

#### type BootstrappingParameters ¶ added in v2.1.1

```type BootstrappingParameters struct {
ResidualModuli
KeySwitchModuli
SlotsToCoeffsModuli
SineEvalModuli
CoeffsToSlotsModuli
LogN         int
LogSlots     int
Scale        float64
Sigma        float64
H            int     // Hamming weight of the secret key
SinType      SinType // Chose betwenn [Sin(2*pi*x)] or [cos(2*pi*x/r) with double angle formula]
MessageRatio float64 // Ratio between Q0 and m, i.e. Q[0]/|m|
SinRange     int     // K parameter (interpolation in the range -K to K)
SinDeg       int     // Degree of the interpolation
SinRescal    int     // Number of rescale and double angle formula (only applies for cos)
ArcSineDeg   int     // Degree of the Taylor arcsine composed with f(2*pi*x) (if zero then not used)
MaxN1N2Ratio float64 // n1/n2 ratio for the bsgs algo for matrix x vector eval
BitReversed  bool    // Flag for bit-reverseed input to the DFT (with bit-reversed output), by default false.
}```

BootstrappingParameters is a struct for the default bootstrapping parameters

#### func (*BootstrappingParameters) ArcSineDepth ¶ added in v2.2.0

`func (b *BootstrappingParameters) ArcSineDepth() int`

ArcSineDepth returns the depth of the arcsine polynomial.

#### func (*BootstrappingParameters) Copy ¶ added in v2.1.1

`func (b *BootstrappingParameters) Copy() *BootstrappingParameters`

Copy return a new BootstrappingParameters which is a copy of the target

#### func (*BootstrappingParameters) CtSDepth ¶ added in v2.1.1

`func (b *BootstrappingParameters) CtSDepth(actual bool) (depth int)`

CtSDepth returns the number of levels allocated to CoeffsToSlots. If actual == true then returns the number of moduli consumed, else returns the factorization depth.

#### func (*BootstrappingParameters) CtSLevels ¶ added in v2.2.0

`func (b *BootstrappingParameters) CtSLevels() (ctsLevel []int)`

CtSLevels returns the index of the Qi used int CoeffsToSlots

#### func (*BootstrappingParameters) GenCoeffsToSlotsMatrix ¶ added in v2.2.0

`func (b *BootstrappingParameters) GenCoeffsToSlotsMatrix(scaling complex128, encoder Encoder) []*PtDiagMatrix`

GenCoeffsToSlotsMatrix generates the factorized encoding matrix scaling : constant by witch the all the matrices will be multuplied by encoder : ckks.Encoder

#### func (*BootstrappingParameters) GenSlotsToCoeffsMatrix ¶ added in v2.2.0

`func (b *BootstrappingParameters) GenSlotsToCoeffsMatrix(scaling complex128, encoder Encoder) []*PtDiagMatrix`

GenSlotsToCoeffsMatrix generates the factorized decoding matrix scaling : constant by witch the all the matrices will be multuplied by encoder : ckks.Encoder

#### func (*BootstrappingParameters) MaxLevel ¶ added in v2.2.0

`func (b *BootstrappingParameters) MaxLevel() int`

MaxLevel returns the maximum level of the bootstrapping parameters

#### func (*BootstrappingParameters) Params ¶ added in v2.2.0

`func (b *BootstrappingParameters) Params() (p Parameters, err error)`

Params generates a new set of Parameters from the BootstrappingParameters

#### func (*BootstrappingParameters) RotationsForBootstrapping ¶ added in v2.2.0

`func (b *BootstrappingParameters) RotationsForBootstrapping(logSlots int) (rotations []int)`

RotationsForBootstrapping returns the list of rotations performed during the Bootstrapping operation.

#### func (*BootstrappingParameters) RotationsForCoeffsToSlots ¶ added in v2.2.0

`func (b *BootstrappingParameters) RotationsForCoeffsToSlots(logSlots int) (rotations []int)`

RotationsForCoeffsToSlots returns the list of rotations performed during the CoeffsToSlot operation.

#### func (*BootstrappingParameters) RotationsForSlotsToCoeffs ¶ added in v2.2.0

`func (b *BootstrappingParameters) RotationsForSlotsToCoeffs(logSlots int) (rotations []int)`

RotationsForSlotsToCoeffs returns the list of rotations performed during the SlotsToCoeffs operation.

#### func (*BootstrappingParameters) SineEvalDepth ¶ added in v2.2.0

`func (b *BootstrappingParameters) SineEvalDepth(withRescale bool) int`

SineEvalDepth returns the depth of the SineEval. If true, then also counts the double angle formula.

#### func (*BootstrappingParameters) StCDepth ¶ added in v2.1.1

`func (b *BootstrappingParameters) StCDepth(actual bool) (depth int)`

StCDepth returns the number of levels allocated to SlotToCoeffs. If actual == true then returns the number of moduli consumed, else returns the factorization depth.

#### func (*BootstrappingParameters) StCLevels ¶ added in v2.2.0

`func (b *BootstrappingParameters) StCLevels() (stcLevel []int)`

StCLevels returns the index of the Qi used in SlotsToCoeffs

#### type ChebyshevInterpolation ¶

```type ChebyshevInterpolation struct {
Poly
// contains filtered or unexported fields
}```

ChebyshevInterpolation is a struct storing the coefficients, degree and range of a Chebyshev interpolation polynomial.

#### func Approximate ¶

`func Approximate(function func(complex128) complex128, a, b complex128, degree int) (cheby *ChebyshevInterpolation)`

Approximate computes a Chebyshev approximation of the input function, for the range [-a, b] of degree degree. To be used in conjunction with the function EvaluateCheby.

#### func (*ChebyshevInterpolation) A ¶ added in v2.1.0

`func (c *ChebyshevInterpolation) A() complex128`

A returns the start of the approximation interval.

#### func (*ChebyshevInterpolation) B ¶ added in v2.1.0

`func (c *ChebyshevInterpolation) B() complex128`

B returns the end of the approximation interval.

#### type Ciphertext ¶

```type Ciphertext struct {
*rlwe.Ciphertext
Scale float64
}```

Ciphertext is *ring.Poly array representing a polynomial of degree > 0 with coefficients in R_Q.

#### func CoeffsToSlots ¶ added in v2.2.0

`func CoeffsToSlots(vec *Ciphertext, pDFTInv []*PtDiagMatrix, eval Evaluator) (ct0, ct1 *Ciphertext)`

CoeffsToSlots applies the homomorphic encoding

#### func NewCiphertext ¶

`func NewCiphertext(params Parameters, degree, level int, scale float64) (ciphertext *Ciphertext)`

NewCiphertext creates a new Ciphertext parameterized by degree, level and scale.

#### func NewCiphertextRandom ¶

`func NewCiphertextRandom(prng utils.PRNG, params Parameters, degree, level int, scale float64) (ciphertext *Ciphertext)`

NewCiphertextRandom generates a new uniformly distributed Ciphertext of degree, level and scale.

#### func SlotsToCoeffs ¶ added in v2.2.0

`func SlotsToCoeffs(ct0, ct1 *Ciphertext, pDFT []*PtDiagMatrix, eval Evaluator) (ct *Ciphertext)`

SlotsToCoeffs applies the homomorphic decoding

#### func (*Ciphertext) Copy ¶ added in v2.2.0

`func (ct *Ciphertext) Copy(ctp *Ciphertext)`

Copy copies the given ciphertext ctp into the receiver ciphertext.

#### func (*Ciphertext) CopyNew ¶ added in v2.2.0

`func (ct *Ciphertext) CopyNew() (ctc *Ciphertext)`

CopyNew makes a deep copy of the receiver ciphertext and returns it.

#### func (*Ciphertext) GetDataLen ¶

`func (ciphertext *Ciphertext) GetDataLen(WithMetaData bool) (dataLen int)`

GetDataLen returns the length in bytes of the target Ciphertext.

#### func (*Ciphertext) MarshalBinary ¶

`func (ciphertext *Ciphertext) MarshalBinary() (data []byte, err error)`

MarshalBinary encodes a Ciphertext on a byte slice. The total size in byte is 4 + 8* N * numberModuliQ * (degree + 1).

#### func (*Ciphertext) ScalingFactor ¶ added in v2.2.0

`func (ct *Ciphertext) ScalingFactor() float64`

ScalingFactor returns the scaling factor of the ciphertext

#### func (*Ciphertext) SetScalingFactor ¶ added in v2.2.0

`func (ct *Ciphertext) SetScalingFactor(scale float64)`

SetScalingFactor sets the scaling factor of the ciphertext

#### func (*Ciphertext) UnmarshalBinary ¶

`func (ciphertext *Ciphertext) UnmarshalBinary(data []byte) (err error)`

UnmarshalBinary decodes a previously marshaled Ciphertext on the target Ciphertext.

#### type CoeffsToSlotsModuli ¶ added in v2.2.0

```type CoeffsToSlotsModuli struct {
Qi            []uint64
ScalingFactor [][]float64
}```

CoeffsToSlotsModuli is a list of the moduli used during he CoeffsToSlots step.

#### type Decryptor ¶

```type Decryptor interface {
DecryptNew(ciphertext *Ciphertext) (plaintext *Plaintext)
Decrypt(ciphertext *Ciphertext, plaintext *Plaintext)
}```

Decryptor is an interface wrapping a rlwe.Decryptor.

#### func NewDecryptor ¶

`func NewDecryptor(params Parameters, sk *rlwe.SecretKey) Decryptor`

NewDecryptor instantiates a Decryptor for the CKKS scheme.

#### type Encoder ¶

```type Encoder interface {
Encode(plaintext *Plaintext, values []complex128, logSlots int)
EncodeNew(values []complex128, logSlots int) (plaintext *Plaintext)
EncodeAtLvlNew(level int, values []complex128, logSlots int) (plaintext *Plaintext)

EncodeNTT(plaintext *Plaintext, values []complex128, logSlots int)
EncodeNTTNew(values []complex128, logSlots int) (plaintext *Plaintext)
EncodeNTTAtLvlNew(level int, values []complex128, logSlots int) (plaintext *Plaintext)

EncodeDiagMatrixBSGSAtLvl(level int, vector map[int][]complex128, scale, maxM1N2Ratio float64, logSlots int) (matrix *PtDiagMatrix)
EncodeDiagMatrixAtLvl(level int, vector map[int][]complex128, scale float64, logSlots int) (matrix *PtDiagMatrix)

Decode(plaintext *Plaintext, logSlots int) (res []complex128)
DecodePublic(plaintext *Plaintext, logSlots int, sigma float64) []complex128

Embed(values []complex128, logSlots int)
ScaleUp(pol *ring.Poly, scale float64, moduli []uint64)

WipeInternalMemory()

EncodeCoeffs(values []float64, plaintext *Plaintext)
DecodeCoeffs(plaintext *Plaintext) (res []float64)
DecodeCoeffsPublic(plaintext *Plaintext, bound float64) (res []float64)

GetErrSTDCoeffDomain(valuesWant, valuesHave []complex128, scale float64) (std float64)
GetErrSTDSlotDomain(valuesWant, valuesHave []complex128, scale float64) (std float64)
}```

Encoder is an interface implenting the encoding algorithms.

#### func NewEncoder ¶

`func NewEncoder(params Parameters) Encoder`

NewEncoder creates a new Encoder that is used to encode a slice of complex values of size at most N/2 (the number of slots) on a Plaintext.

#### type EncoderBigComplex ¶

```type EncoderBigComplex interface {
Encode(plaintext *Plaintext, values []*ring.Complex, logSlots int)
EncodeNew(values []*ring.Complex, logSlots int) (plaintext *Plaintext)
EncodeAtLvlNew(level int, values []*ring.Complex, logSlots int) (plaintext *Plaintext)
EncodeNTT(plaintext *Plaintext, values []*ring.Complex, logSlots int)
EncodeNTTAtLvlNew(level int, values []*ring.Complex, logSlots int) (plaintext *Plaintext)
Decode(plaintext *Plaintext, logSlots int) (res []*ring.Complex)
FFT(values []*ring.Complex, N int)
InvFFT(values []*ring.Complex, N int)
}```

EncoderBigComplex is an interface implenting the encoding algorithms with arbitrary precision.

#### func NewEncoderBigComplex ¶

`func NewEncoderBigComplex(params Parameters, logPrecision int) EncoderBigComplex`

NewEncoderBigComplex creates a new encoder using arbitrary precision complex arithmetic.

#### type Encryptor ¶

```type Encryptor interface {
Encrypt(plaintext *Plaintext, ciphertext *Ciphertext)
EncryptNew(plaintext *Plaintext) *Ciphertext
EncryptFromCRP(plaintext *Plaintext, crp *ring.Poly, ciphertext *Ciphertext)
EncryptFromCRPNew(plaintext *Plaintext, crp *ring.Poly) *Ciphertext
}```

Encryptor an encryption interface for the CKKS scheme.

#### func NewEncryptor ¶ added in v2.2.0

`func NewEncryptor(params Parameters, key interface{}) Encryptor`

NewEncryptor instatiates a new Encryptor for the CKKS scheme. The key argument can be either a *rlwe.PublicKey or a *rlwe.SecretKey.

#### func NewFastEncryptor ¶ added in v2.2.0

`func NewFastEncryptor(params Parameters, key *rlwe.PublicKey) Encryptor`

NewFastEncryptor instantiates a new Encryptor for the CKKS scheme. This encryptor's Encrypt method first encrypts zero in Q and then adds the plaintext. This method is faster than the normal encryptor but result in a noisier ciphertext.

#### type Evaluator ¶

```type Evaluator interface {

// Subtraction
Sub(op0, op1 Operand, ctOut *Ciphertext)
SubNoMod(op0, op1 Operand, ctOut *Ciphertext)
SubNew(op0, op1 Operand) (ctOut *Ciphertext)
SubNoModNew(op0, op1 Operand) (ctOut *Ciphertext)

// Negation
Neg(ctIn *Ciphertext, ctOut *Ciphertext)
NegNew(ctIn *Ciphertext) (ctOut *Ciphertext)

AddConstNew(ctIn *Ciphertext, constant interface{}) (ctOut *Ciphertext)
AddConst(ctIn *Ciphertext, constant interface{}, ctOut *Ciphertext)

// Constant Multiplication
MultByConstNew(ctIn *Ciphertext, constant interface{}) (ctOut *Ciphertext)
MultByConst(ctIn *Ciphertext, constant interface{}, ctOut *Ciphertext)
MultByGaussianInteger(ctIn *Ciphertext, cReal, cImag int64, ctOut *Ciphertext)

MultByConstAndAdd(ctIn *Ciphertext, constant interface{}, ctOut *Ciphertext)
MultByGaussianIntegerAndAdd(ctIn *Ciphertext, cReal, cImag int64, ctOut *Ciphertext)

// Multiplication by the imaginary unit
MultByiNew(ctIn *Ciphertext) (ctOut *Ciphertext)
MultByi(ctIn *Ciphertext, ctOut *Ciphertext)
DivByiNew(ctIn *Ciphertext) (ctOut *Ciphertext)
DivByi(ctIn *Ciphertext, ctOut *Ciphertext)

// Conjugation
ConjugateNew(ctIn *Ciphertext) (ctOut *Ciphertext)
Conjugate(ctIn *Ciphertext, ctOut *Ciphertext)

// Multiplication
Mul(op0, op1 Operand, ctOut *Ciphertext)
MulNew(op0, op1 Operand) (ctOut *Ciphertext)
MulRelin(op0, op1 Operand, ctOut *Ciphertext)
MulRelinNew(op0, op1 Operand) (ctOut *Ciphertext)

// Slot Rotations
RotateNew(ctIn *Ciphertext, k int) (ctOut *Ciphertext)
Rotate(ctIn *Ciphertext, k int, ctOut *Ciphertext)
RotateHoisted(ctIn *Ciphertext, rotations []int) (ctOut map[int]*Ciphertext)

// Multiplication by 2^{s}
MulByPow2New(ctIn *Ciphertext, pow2 int) (ctOut *Ciphertext)
MulByPow2(ctIn *Ciphertext, pow2 int, ctOut *Ciphertext)

// Exponentiation
PowerOf2(ctIn *Ciphertext, logPow2 int, ctOut *Ciphertext)
Power(ctIn *Ciphertext, degree int, ctOut *Ciphertext)
PowerNew(ctIn *Ciphertext, degree int) (ctOut *Ciphertext)

// Polynomial evaluation
EvaluatePoly(ctIn *Ciphertext, coeffs *Poly, targetScale float64) (ctOut *Ciphertext, err error)
EvaluateCheby(ctIn *Ciphertext, cheby *ChebyshevInterpolation, targetScale float64) (ctOut *Ciphertext, err error)

// Inversion
InverseNew(ctIn *Ciphertext, steps int) (ctOut *Ciphertext)

// Linear Transformations
LinearTransform(ctIn *Ciphertext, linearTransform interface{}) (ctOut []*Ciphertext)
MultiplyByDiagMatrix(ctIn *Ciphertext, matrix *PtDiagMatrix, c2QiQDecomp, c2QiPDecomp []*ring.Poly, ctOut *Ciphertext)
MultiplyByDiagMatrixBSGS(ctIn *Ciphertext, matrix *PtDiagMatrix, c2QiQDecomp, c2QiPDecomp []*ring.Poly, ctOut *Ciphertext)

// Inner sum
InnerSumLog(ctIn *Ciphertext, batch, n int, ctOut *Ciphertext)
InnerSum(ctIn *Ciphertext, batch, n int, ctOut *Ciphertext)

// Replicatation (inverse of Inner sum)
ReplicateLog(ctIn *Ciphertext, batch, n int, ctOut *Ciphertext)
Replicate(ctIn *Ciphertext, batch, n int, ctOut *Ciphertext)

// Key-Switching
SwitchKeysNew(ctIn *Ciphertext, switchingKey *rlwe.SwitchingKey) (ctOut *Ciphertext)
SwitchKeys(ctIn *Ciphertext, switchingKey *rlwe.SwitchingKey, ctOut *Ciphertext)

// Degree Management
RelinearizeNew(ctIn *Ciphertext) (ctOut *Ciphertext)
Relinearize(ctIn *Ciphertext, ctOut *Ciphertext)

// Scale Management
ScaleUpNew(ctIn *Ciphertext, scale float64) (ctOut *Ciphertext)
ScaleUp(ctIn *Ciphertext, scale float64, ctOut *Ciphertext)
SetScale(ctIn *Ciphertext, scale float64)
Rescale(ctIn *Ciphertext, minScale float64, ctOut *Ciphertext) (err error)

// Level Management
DropLevelNew(ctIn *Ciphertext, levels int) (ctOut *Ciphertext)
DropLevel(ctIn *Ciphertext, levels int)

// Modular Overflow Management
ReduceNew(ctIn *Ciphertext) (ctOut *Ciphertext)
Reduce(ctIn *Ciphertext, ctOut *Ciphertext) error

// ==============
// === Others ===
// ==============
ShallowCopy() Evaluator
WithKey(rlwe.EvaluationKey) Evaluator
}```

Evaluator is an interface implementing the methodes to conduct homomorphic operations between ciphertext and/or plaintexts.

#### func NewEvaluator ¶

`func NewEvaluator(params Parameters, evaluationKey rlwe.EvaluationKey) Evaluator`

NewEvaluator creates a new Evaluator, that can be used to do homomorphic operations on the Ciphertexts and/or Plaintexts. It stores a small pool of polynomials and Ciphertexts that will be used for intermediate values.

#### type KeySwitchModuli ¶ added in v2.2.0

`type KeySwitchModuli []uint64`

KeySwitchModuli is a list of the special moduli used for the key-switching.

#### type Operand ¶

```type Operand interface {
El() *rlwe.Ciphertext
Degree() int
Level() int
ScalingFactor() float64
SetScalingFactor(float64)
}```

Operand is a common interface for Ciphertext and Plaintext types.

#### type Parameters ¶

```type Parameters struct {
rlwe.Parameters
// contains filtered or unexported fields
}```

Parameters represents a parameter set for the CKKS cryptosystem. Its fields are private and immutable. See ParametersLiteral for user-specified parameters.

#### func NewParameters ¶ added in v2.2.0

`func NewParameters(rlweParams rlwe.Parameters, logSlot int, scale float64) (p Parameters, err error)`

NewParameters instantiate a set of CKKS parameters from the generic RLWE parameters and the CKKS-specific ones. It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.

#### func NewParametersFromLiteral ¶ added in v2.2.0

`func NewParametersFromLiteral(pl ParametersLiteral) (Parameters, error)`

NewParametersFromLiteral instantiate a set of CKKS parameters from a ParametersLiteral specification. It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.

#### func (Parameters) CopyNew ¶ added in v2.2.0

`func (p Parameters) CopyNew() Parameters`

CopyNew makes a deep copy of the receiver and returns it.

#### func (Parameters) Equals ¶

`func (p Parameters) Equals(other Parameters) bool`

Equals compares two sets of parameters for equality.

#### func (Parameters) LogQLvl ¶

`func (p Parameters) LogQLvl(level int) int`

LogQLvl returns the size of the modulus Q in bits at a specific level

#### func (Parameters) LogSlots ¶

`func (p Parameters) LogSlots() int`

LogSlots returns the log of the number of slots

#### func (Parameters) MarshalBinary ¶

`func (p Parameters) MarshalBinary() ([]byte, error)`

MarshalBinary returns a []byte representation of the parameter set.

#### func (Parameters) MarshalBinarySize ¶ added in v2.2.0

`func (p Parameters) MarshalBinarySize() int`

MarshalBinarySize returns the length of the []byte encoding of the reciever.

#### func (Parameters) MarshalJSON ¶ added in v2.2.0

`func (p Parameters) MarshalJSON() ([]byte, error)`

MarshalJSON returns a JSON representation of this parameter set. See `Marshal` from the `encoding/json` package.

#### func (Parameters) MaxLevel ¶

`func (p Parameters) MaxLevel() int`

MaxLevel returns the maximum ciphertext level

#### func (Parameters) MaxLogSlots ¶

`func (p Parameters) MaxLogSlots() int`

MaxLogSlots returns the log of the maximum number of slots enabled by the parameters

#### func (Parameters) MaxSlots ¶

`func (p Parameters) MaxSlots() int`

MaxSlots returns the theoretical maximum of plaintext slots allowed by the ring degree

#### func (Parameters) QLvl ¶

`func (p Parameters) QLvl(level int) *big.Int`

QLvl returns the product of the moduli at the given level as a big.Int

#### func (Parameters) RotationsForDiagMatrixMult ¶ added in v2.2.0

`func (p Parameters) RotationsForDiagMatrixMult(matrix *PtDiagMatrix) []int`

RotationsForDiagMatrixMult generates of all the rotations needed for a the multiplication with the provided diagonal plaintext matrix.

#### func (Parameters) RotationsForInnerSum ¶ added in v2.2.0

`func (p Parameters) RotationsForInnerSum(batch, n int) (rotations []int)`

RotationsForInnerSum generates the rotations that will be performed by the `Evaluator.InnerSum` operation when performed with parameters `batch` and `n`.

#### func (Parameters) RotationsForInnerSumLog ¶ added in v2.2.0

`func (p Parameters) RotationsForInnerSumLog(batch, n int) (rotations []int)`

RotationsForInnerSumLog generates the rotations that will be performed by the `Evaluator.InnerSumLog` operation when performed with parameters `batch` and `n`.

#### func (Parameters) RotationsForReplicate ¶ added in v2.2.0

`func (p Parameters) RotationsForReplicate(batch, n int) (rotations []int)`

RotationsForReplicate generates the rotations that will be performed by the `Evaluator.Replicate` operation when performed with parameters `batch` and `n`.

#### func (Parameters) RotationsForReplicateLog ¶ added in v2.2.0

`func (p Parameters) RotationsForReplicateLog(batch, n int) (rotations []int)`

RotationsForReplicateLog generates the rotations that will be performed by the `Evaluator.ReplicateLog` operation when performed with parameters `batch` and `n`.

#### func (Parameters) RotationsForSubSum ¶ added in v2.2.0

`func (p Parameters) RotationsForSubSum(logSlots int) (rotations []int)`

RotationsForSubSum generates the rotations that will be performed by the `Evaluator.SubSum` operation.

#### func (Parameters) Scale ¶

`func (p Parameters) Scale() float64`

Scale returns the default plaintext/ciphertext scale

#### func (Parameters) Slots ¶

`func (p Parameters) Slots() int`

Slots returns number of available plaintext slots

#### func (*Parameters) UnmarshalBinary ¶

`func (p *Parameters) UnmarshalBinary(data []byte) (err error)`

UnmarshalBinary decodes a []byte into a parameter set struct

#### func (*Parameters) UnmarshalJSON ¶ added in v2.2.0

`func (p *Parameters) UnmarshalJSON(data []byte) (err error)`

UnmarshalJSON reads a JSON representation of a parameter set into the receiver Parameter. See `Unmarshal` from the `encoding/json` package.

#### type ParametersLiteral ¶ added in v2.2.0

```type ParametersLiteral struct {
LogN     int // Ring degree (power of 2)
Q        []uint64
P        []uint64
LogQ     []int   `json:",omitempty"`
LogP     []int   `json:",omitempty"`
Sigma    float64 // Gaussian sampling variance
LogSlots int
Scale    float64
}```

ParametersLiteral is a literal representation of BFV parameters. It has public fields and is used to express unchecked user-defined parameters literally into Go programs. The NewParametersFromLiteral function is used to generate the actual checked parameters from the literal representation.

#### type Plaintext ¶

```type Plaintext struct {
*rlwe.Plaintext
Scale float64
}```

Plaintext is is a Element with only one Poly.

#### func NewPlaintext ¶

`func NewPlaintext(params Parameters, level int, scale float64) *Plaintext`

NewPlaintext creates a new Plaintext of level level and scale scale.

#### func (*Plaintext) ScalingFactor ¶ added in v2.2.0

`func (p *Plaintext) ScalingFactor() float64`

ScalingFactor returns the scaling factor of the plaintext

#### func (*Plaintext) SetScalingFactor ¶ added in v2.2.0

`func (p *Plaintext) SetScalingFactor(scale float64)`

SetScalingFactor sets the scaling factor of the target plaintext

#### type Poly ¶

```type Poly struct {
// contains filtered or unexported fields
}```

Poly is a struct storing the coeffients of a polynomial that then can be evaluated on the ciphertext

#### func NewPoly ¶

`func NewPoly(coeffs []complex128) (p *Poly)`

NewPoly creates a new Poly from the input coefficients

#### func (*Poly) Degree ¶

`func (p *Poly) Degree() int`

Degree returns the degree of the polynomial

#### type PrecisionStats ¶

```type PrecisionStats struct {
MaxDelta        complex128
MinDelta        complex128
MaxPrecision    complex128
MinPrecision    complex128
MeanDelta       complex128
MeanPrecision   complex128
MedianDelta     complex128
MedianPrecision complex128
STDFreq         float64
STDTime         float64

RealDist, ImagDist []struct {
Prec  float64
Count int
}
// contains filtered or unexported fields
}```

PrecisionStats is a struct storing statistic about the precision of a CKKS plaintext

#### func GetPrecisionStats ¶

`func GetPrecisionStats(params Parameters, encoder Encoder, decryptor Decryptor, valuesWant []complex128, element interface{}, logSlots int, sigma float64) (prec PrecisionStats)`

GetPrecisionStats generates a PrecisionStats struct from the reference values and the decrypted values

#### func (PrecisionStats) String ¶

`func (prec PrecisionStats) String() string`

#### type PtDiagMatrix ¶ added in v2.2.0

```type PtDiagMatrix struct {
LogSlots int                   // Log of the number of slots of the plaintext (needed to compute the appropriate rotation keys)
N1       int                   // N1 is the number of inner loops of the baby-step giant-step algo used in the evaluation.
Level    int                   // Level is the level at which the matrix is encoded (can be circuit dependant)
Scale    float64               // Scale is the scale at which the matrix is encoded (can be circuit dependant)
Vec      map[int][2]*ring.Poly // Vec is the matrix, in diagonal form, where each entry of vec is an indexed non zero diagonal.
// contains filtered or unexported fields
}```

PtDiagMatrix is a struct storing a plaintext diagonalized matrix ready to be evaluated on a ciphertext using evaluator.MultiplyByDiagMatrice.

#### type ResidualModuli ¶ added in v2.2.0

`type ResidualModuli []uint64`

ResidualModuli is a list of the moduli available after the bootstrapping.

#### type SinType ¶

`type SinType uint64`

SinType is the type of function used during the bootstrapping for the homomorphic modular reduction

#### type SineEvalModuli ¶ added in v2.2.0

```type SineEvalModuli struct {
Qi            []uint64
ScalingFactor float64
}```

SineEvalModuli is a list of the moduli used during the SineEval step.

#### type SlotsToCoeffsModuli ¶ added in v2.2.0

```type SlotsToCoeffsModuli struct {
Qi            []uint64
ScalingFactor [][]float64
}```

SlotsToCoeffsModuli is a list of the moduli used during the SlotsToCoeffs step.

Path Synopsis