ckks

package
Version: v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 15, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

README

CKKS

The package CKKS is an RNS-accelerated version of the Homomorphic Encryption for Arithmetic of Approximate Numbers (HEAAN, a.k.a. CKKS) scheme originally proposed by Cheon, Kim, Kim and Song. It provides approximate arithmetic over complex numbers.

Brief description

This scheme can be used to do arithmetic over equation. The plaintext space and the ciphertext space share the same domain

,

with a power of 2.

The batch encoding of this scheme

.

maps an array of complex numbers to a polynomial with the property:

,

where represents a component-wise product, and represents a nega-cyclic convolution.

Security parameters

equation: the ring dimension, which defines the degree of the cyclotomic polynomial, and the number of coefficients of the plaintext/ciphertext polynomials; it should always be a power of two. This parameter has an impact on both security and performance (security increases with N and performance decreases with N). It should be chosen carefully to suit the intended use of the scheme.

equation: the ciphertext modulus. In Lattigo, it is chosen to be the product of a chain of small coprime moduli equation that verify equation in order to enable both the RNS and NTT representation. The used moduli equation are chosen to be of size 30 to 60 bits for the best performance. This parameter has an impact on both security and performance (for a fixed equation, a larger equation implies both lower security and lower performance). It is closely related to equation and should be carefully chosen to suit the intended use of the scheme.

equation: the variance used for the error polynomials. This parameter is closely tied to the security of the scheme (a larger equation implies higher security).

Other parameters

equation: the plaintext scale. Since complex numbers are encoded on polynomials with integer coefficients, the original values must be scaled during the encoding, before being rounded to the nearest integer. The equation parameter is the power of two by which the values are multiplied during the encoding. It has an impact on the precision of the output and on the amount of operations a fresh encryption can undergo before overflowing.

Choosing the right parameters for a given application

There are 3 application-dependent parameters:

  • LogN: it determines (a) how many values can be encoded (batched) at once (maximum N/2) in one plaintext, and (b) the maximum total modulus bit size (the product of all the moduli) for a given security parameter.
  • Modulichain: it determines how many consecutive scalar and non-scalar multiplications (the depth of the arithmetic circuit) can be evaluated before requiring decryption. Since Lattigo features an RNS implementation, this parameter requires careful fine-tuning depending on the application; i.e., the rescaling procedure can only rescale by one of the RNS modulus at a time, whose size has to be chosen when creating the CKKS context. Additionally, the individual size of each of the moduli also has an effect on the error introduced during the rescaling, since they cannot be powers of 2, so they should be chosen as NTT primes as close as possible to a power of 2 instead.
  • Logscale: it determines the scale of the plaintext, affecting both the precision and the maximum allowed depth for a given security parameter.

Configuring parameters for CKKS is very application dependent, requiring a prior analysis of the circuit to be executed under encryption. The following example illustrates how this parametrization can be done, showing that it is possible to come up with different parameter sets for a given circuit, each set having pros and cons.

Let us define the evaluation of an arbitrary smooth function f(x) on an array of ~4000 complex elements contained in a square of side 2 centered at the complex origin (with values ranging between -1-1i and 1+1i). We first need to find a good polynomial approximation for the given range. Lattigo provides an automatic Chebyshev approximation for any given polynomial degree, which can be used for this purpose (it is also possible to define a different polynomial approximation of lower degree with an acceptable error).

Let us assume that we find an approximation of degree 5, i.e., a + bx + cx^3 + dx^5. This function can be evaluated with 3 scalar multiplications, 3 additions and 3 non-scalar multiplications, consuming a total of 4 levels (one for the scalar multiplications and 3 for the non-scalar multiplications).

We then need to chose a scale for the plaintext, that will influence both the bit consumption for the rescaling, and the precision of the computation. If we choose a scale of 2^40, we need to consume at least 160 bits (4 levels) during the evaluation, and we still need some bits left to store the final result with an acceptable precision. Let us assume that the output of the approximation lies always in the square between -20-20i and 20+20i; then, the final modulus must be at least 5 bits larger than the final scale (to preserve the integer precision).

The following parameters will work for the posed example:

  • LogN = 13
  • Modulichain = [45, 40, 40, 40, 40], for a logQ <= 205
  • LogScale = 40

But it is also possible to use less levels to have ciphertexts of smaller size and, therefore, a faster evaluation, at the expense of less precision. This can be achieved by using a scale of 30 bits and squeezing two multiplications in a single level, while pre-computing the last scalar multiplication already in the plaintext. Instead of evaluating a + bx + cx^3 + dx^5, we pre-multiply the plaintext by d^(1/5) and evaluate a + b/(d^(1/5))x + c/(d^(3/5)) + x^5.

The following parameters are enough to evaluate this modified function:

  • LogN = 13
  • Modulichain = [35, 60, 60], for a logQ <= 155
  • LogScale = 30

To summarize, several parameter sets can be used to evaluate a given function, achieving different trade-offs for space and time versus precision.

Choosing secure parameters

The CKKS scheme supports the standard recommended parameters chosen to offer a security of 128 bits for a secret key with uniform ternary distribution equation, according to the Homomorphic Encryption Standards group (https://homomorphicencryption.org/standard/).

Each set of security parameters is defined by the tuple equation :

  • {12, 109, 3.2}
  • {13, 218, 3.2}
  • {14, 438, 3.2}
  • {15, 881, 3.2}

As mentioned, setting parameters for CKKS involves not only choosing this tuple, but also defining the actual moduli chain depending on the application at hand, which is why the provided default parameter sets have to be fine-tuned, preserving the values of the aforementioned tuples, in order to maintain the required security level of 128 bits. That is, Lattigo provides a set of default parameters for CKKS, including example moduli chains, ensuring 128 bit security. The user might want to choose different values in the moduli chain optimized for a specific application. As long as the total modulus is equal or below the above values for a given logN, the scheme will still provide a security of at least 128 bits against the current best known attacks.

Finally, it is worth noting that these security parameters are computed for fully entropic ternary keys (with probability distribution {1/3,1/3,1/3} for values {-1,0,1}). Lattigo uses this fully-entropic key configuration by default. It is possible, though, to generate keys with lower entropy, by modifying their distribution to {(1-p)/2, p, (1-p)/2}, for any p between 0 and 1, which for p>>1/3 can result in low Hamming weight keys (sparse keys). We recall that it has been shown that the security of sparse keys can be considerably lower than that of fully entropic keys, and the CKKS security parameters should be re-evaluated if sparse keys are used.

Documentation

Overview

Package ckks implements a RNS-accelerated version of the Homomorphic Encryption for Arithmetic for Approximate Numbers (HEAAN, a.k.a. CKKS) scheme. It provides approximate arithmetic over the complex numbers.package ckks

Index

Constants

View Source
const (
	Sin  = SinType(0) // Standard Chebyshev approximation of (1/2pi) * sin(2pix)
	Cos1 = SinType(1) // Special approximation (Han and Ki) of pow((1/2pi), 1/2^r) * cos(2pi(x-0.25)/2^r)
	Cos2 = SinType(2) // Standard Chebyshev approximation of pow((1/2pi), 1/2^r) * cos(2pi(x-0.25)/2^r)
)

Sin and Cos are the two proposed functions for SinType

View Source
const GaloisGen uint64 = 5

GaloisGen is an integer of order N/2 modulo M and that spans Z_M with the integer -1. The j-th ring automorphism takes the root zeta to zeta^(5j).

Variables

View Source
var (
	// PN12QP109 is a default parameter set for logN=12 and logQP=109
	PN12QP109 = ParametersLiteral{
		LogN:     12,
		LogSlots: 11,
		Q: []uint64{0x200000e001,
			0x100006001},
		P:     []uint64{0x3ffffea001},
		Scale: 1 << 32,
		Sigma: rlwe.DefaultSigma,
	}

	// PN13QP218 is a default parameter set for logN=13 and logQP=218
	PN13QP218 = ParametersLiteral{
		LogN:     13,
		LogSlots: 12,
		Q: []uint64{0x1fffec001,
			0x3fff4001,
			0x3ffe8001,
			0x40020001,
			0x40038001,
			0x3ffc0001},
		P:     []uint64{0x800004001},
		Scale: 1 << 30,
		Sigma: rlwe.DefaultSigma,
	}
	// PN14QP438 is a default parameter set for logN=14 and logQP=438
	PN14QP438 = ParametersLiteral{
		LogN:     14,
		LogSlots: 13,
		Q: []uint64{0x200000008001, 0x400018001,
			0x3fffd0001, 0x400060001,
			0x400068001, 0x3fff90001,
			0x400080001, 0x4000a8001,
			0x400108001, 0x3ffeb8001},
		P:     []uint64{0x7fffffd8001, 0x7fffffc8001},
		Scale: 1 << 34,
		Sigma: rlwe.DefaultSigma,
	}

	// PN15QP880 is a default parameter set for logN=15 and logQP=880
	PN15QP880 = ParametersLiteral{
		LogN:     15,
		LogSlots: 14,
		Q: []uint64{0x4000000120001, 0x10000140001, 0xffffe80001,
			0x10000290001, 0xffffc40001, 0x100003e0001,
			0x10000470001, 0x100004b0001, 0xffffb20001,
			0x10000500001, 0x10000650001, 0xffff940001,
			0xffff8a0001, 0xffff820001, 0xffff780001,
			0x10000890001, 0xffff750001, 0x10000960001},
		P:     []uint64{0x40000001b0001, 0x3ffffffdf0001, 0x4000000270001},
		Scale: 1 << 40,
		Sigma: rlwe.DefaultSigma,
	}
	// PN16QP1761 is a default parameter set for logN=16 and logQP = 1761
	PN16QP1761 = ParametersLiteral{
		LogN:     16,
		LogSlots: 15,
		Q: []uint64{0x80000000080001, 0x2000000a0001, 0x2000000e0001, 0x1fffffc20001,
			0x200000440001, 0x200000500001, 0x200000620001, 0x1fffff980001,
			0x2000006a0001, 0x1fffff7e0001, 0x200000860001, 0x200000a60001,
			0x200000aa0001, 0x200000b20001, 0x200000c80001, 0x1fffff360001,
			0x200000e20001, 0x1fffff060001, 0x200000fe0001, 0x1ffffede0001,
			0x1ffffeca0001, 0x1ffffeb40001, 0x200001520001, 0x1ffffe760001,
			0x2000019a0001, 0x1ffffe640001, 0x200001a00001, 0x1ffffe520001,
			0x200001e80001, 0x1ffffe0c0001, 0x1ffffdee0001, 0x200002480001,
			0x1ffffdb60001, 0x200002560001},
		P:     []uint64{0x80000000440001, 0x7fffffffba0001, 0x80000000500001, 0x7fffffffaa0001},
		Scale: 1 << 45,
		Sigma: rlwe.DefaultSigma,
	}

	// PN12QP101pq is a default (post quantum) parameter set for logN=12 and logQP=101
	PN12QP101pq = ParametersLiteral{
		LogN:     12,
		LogSlots: 11,
		Q:        []uint64{0x800004001, 0x40002001},
		P:        []uint64{0x1000002001},
		Scale:    1 << 30,
		Sigma:    rlwe.DefaultSigma,
	}
	// PN13QP202pq is a default (post quantum) parameter set for logN=13 and logQP=202
	PN13QP202pq = ParametersLiteral{
		LogN:     13,
		LogSlots: 12,
		Q:        []uint64{0x1fffec001, 0x8008001, 0x8020001, 0x802c001, 0x7fa8001, 0x7f74001},
		P:        []uint64{0x400018001},
		Scale:    1 << 27,
		Sigma:    rlwe.DefaultSigma,
	}

	// PN14QP411pq is a default (post quantum) parameter set for logN=14 and logQP=411
	PN14QP411pq = ParametersLiteral{
		LogN:     14,
		LogSlots: 13,
		Q: []uint64{0x10000048001, 0x200038001, 0x1fff90001, 0x200080001, 0x1fff60001,
			0x2000b8001, 0x200100001, 0x1fff00001, 0x1ffef0001, 0x200128001},

		P:     []uint64{0x1ffffe0001, 0x1ffffc0001},
		Scale: 1 << 33,
		Sigma: rlwe.DefaultSigma,
	}

	// PN15QP827pq is a default (post quantum) parameter set for logN=15 and logQP=827
	PN15QP827pq = ParametersLiteral{
		LogN:     15,
		LogSlots: 14,
		Q: []uint64{0x400000060001, 0x4000170001, 0x3fffe80001, 0x40002f0001, 0x4000300001,
			0x3fffcf0001, 0x40003f0001, 0x3fffc10001, 0x4000450001, 0x3fffb80001,
			0x3fffb70001, 0x40004a0001, 0x3fffb20001, 0x4000510001, 0x3fffaf0001,
			0x4000540001, 0x4000560001, 0x4000590001},
		P:     []uint64{0x2000000a0001, 0x2000000e0001, 0x2000001d0001},
		Scale: 1 << 38,
		Sigma: rlwe.DefaultSigma,
	}
	// PN16QP1654pq is a default (post quantum) parameter set for logN=16 and logQP=1654
	PN16QP1654pq = ParametersLiteral{LogN: 16,
		LogSlots: 15,
		Q: []uint64{0x80000000080001, 0x2000000a0001, 0x2000000e0001, 0x1fffffc20001, 0x200000440001,
			0x200000500001, 0x200000620001, 0x1fffff980001, 0x2000006a0001, 0x1fffff7e0001,
			0x200000860001, 0x200000a60001, 0x200000aa0001, 0x200000b20001, 0x200000c80001,
			0x1fffff360001, 0x200000e20001, 0x1fffff060001, 0x200000fe0001, 0x1ffffede0001,
			0x1ffffeca0001, 0x1ffffeb40001, 0x200001520001, 0x1ffffe760001, 0x2000019a0001,
			0x1ffffe640001, 0x200001a00001, 0x1ffffe520001, 0x200001e80001, 0x1ffffe0c0001,
			0x1ffffdee0001, 0x200002480001},
		P:     []uint64{0x7fffffffe0001, 0x80000001c0001, 0x80000002c0001, 0x7ffffffd20001},
		Scale: 1 << 45,
		Sigma: rlwe.DefaultSigma,
	}
)

Name of the different default parameter sets

View Source
var DefaultBootstrapParams = []*BootstrappingParameters{

	{
		LogN:     16,
		LogSlots: 15,
		Scale:    1 << 40,
		Sigma:    rlwe.DefaultSigma,
		ResidualModuli: []uint64{
			0x10000000006e0001,
			0x10000140001,
			0xffffe80001,
			0xffffc40001,
			0x100003e0001,
			0xffffb20001,
			0x10000500001,
			0xffff940001,
			0xffff8a0001,
			0xffff820001,
		},
		KeySwitchModuli: []uint64{
			0x1fffffffffe00001,
			0x1fffffffffc80001,
			0x1fffffffffb40001,
			0x1fffffffff500001,
			0x1fffffffff420001,
		},
		SlotsToCoeffsModuli: SlotsToCoeffsModuli{
			Qi: []uint64{
				0x7fffe60001,
				0x7fffe40001,
				0x7fffe00001,
			},
			ScalingFactor: [][]float64{
				{0x7fffe60001},
				{0x7fffe40001},
				{0x7fffe00001},
			},
		},
		SineEvalModuli: SineEvalModuli{
			Qi: []uint64{
				0xfffffffff840001,
				0x1000000000860001,
				0xfffffffff6a0001,
				0x1000000000980001,
				0xfffffffff5a0001,
				0x1000000000b00001,
				0x1000000000ce0001,
				0xfffffffff2a0001,
			},
			ScalingFactor: 1 << 60,
		},
		CoeffsToSlotsModuli: CoeffsToSlotsModuli{
			Qi: []uint64{
				0x100000000060001,
				0xfffffffff00001,
				0xffffffffd80001,
				0x1000000002a0001,
			},
			ScalingFactor: [][]float64{
				{0x100000000060001},
				{0xfffffffff00001},
				{0xffffffffd80001},
				{0x1000000002a0001},
			},
		},
		H:            192,
		SinType:      Cos1,
		MessageRatio: 256.0,
		SinRange:     25,
		SinDeg:       63,
		SinRescal:    2,
		ArcSineDeg:   0,
		MaxN1N2Ratio: 16.0,
		BitReversed:  false,
	},

	{
		LogN:     16,
		LogSlots: 15,
		Scale:    1 << 45,
		Sigma:    rlwe.DefaultSigma,
		ResidualModuli: []uint64{
			0x10000000006e0001,
			0x2000000a0001,
			0x2000000e0001,
			0x1fffffc20001,
			0x200000440001,
			0x200000500001,
		},
		KeySwitchModuli: []uint64{
			0x1fffffffffe00001,
			0x1fffffffffc80001,
			0x1fffffffffb40001,
			0x1fffffffff500001,
		},
		SlotsToCoeffsModuli: SlotsToCoeffsModuli{
			Qi: []uint64{
				0x3ffffe80001,
				0x3ffffd20001,
				0x3ffffca0001,
			},
			ScalingFactor: [][]float64{
				{0x3ffffe80001},
				{0x3ffffd20001},
				{0x3ffffca0001},
			},
		},
		SineEvalModuli: SineEvalModuli{
			Qi: []uint64{
				0xffffffffffc0001,
				0xfffffffff240001,
				0x1000000000f00001,
				0xfffffffff840001,
				0x1000000000860001,
				0xfffffffff6a0001,
				0x1000000000980001,
				0xfffffffff5a0001,
				0x1000000000b00001,
				0x1000000000ce0001,
				0xfffffffff2a0001,
			},
			ScalingFactor: 1 << 60,
		},
		CoeffsToSlotsModuli: CoeffsToSlotsModuli{
			Qi: []uint64{
				0x400000000360001,
				0x3ffffffffbe0001,
				0x400000000660001,
				0x4000000008a0001,
			},
			ScalingFactor: [][]float64{
				{0x400000000360001},
				{0x3ffffffffbe0001},
				{0x400000000660001},
				{0x4000000008a0001},
			},
		},
		H:            192,
		SinType:      Cos1,
		MessageRatio: 4.0,
		SinRange:     25,
		SinDeg:       63,
		SinRescal:    2,
		ArcSineDeg:   7,
		MaxN1N2Ratio: 16.0,
		BitReversed:  false,
	},

	{
		LogN:     16,
		LogSlots: 15,
		Scale:    1 << 30,
		Sigma:    rlwe.DefaultSigma,
		ResidualModuli: []uint64{
			0x80000000080001,
			0xffffffffffc0001,
			0x10000000006e0001,
			0xfffffffff840001,
			0x1000000000860001,
			0xfffffffff6a0001,
			0x1000000000980001,
			0xfffffffff5a0001,
		},
		KeySwitchModuli: []uint64{
			0x1fffffffffe00001,
			0x1fffffffffc80001,
			0x1fffffffffb40001,
			0x1fffffffff500001,
			0x1fffffffff420001,
		},
		SlotsToCoeffsModuli: SlotsToCoeffsModuli{
			Qi: []uint64{
				0x1000000000b00001,
				0x1000000000ce0001,
			},
			ScalingFactor: [][]float64{
				{1073741824.0},
				{1073741824.0062866, 1073741824.0062866},
			},
		},
		SineEvalModuli: SineEvalModuli{
			Qi: []uint64{
				0x80000000440001,
				0x7fffffffba0001,
				0x80000000500001,
				0x7fffffffaa0001,
				0x800000005e0001,
				0x7fffffff7e0001,
				0x7fffffff380001,
				0x80000000ca0001,
			},
			ScalingFactor: 1 << 55,
		},
		CoeffsToSlotsModuli: CoeffsToSlotsModuli{
			Qi: []uint64{
				0x200000000e0001,
				0x20000000140001,
				0x20000000280001,
				0x1fffffffd80001,
			},
			ScalingFactor: [][]float64{
				{0x200000000e0001},
				{0x20000000140001},
				{0x20000000280001},
				{0x1fffffffd80001},
			},
		},
		H:            192,
		SinType:      Cos1,
		MessageRatio: 256.0,
		SinRange:     25,
		SinDeg:       63,
		SinRescal:    2,
		ArcSineDeg:   0,
		MaxN1N2Ratio: 16.0,
		BitReversed:  false,
	},

	{
		LogN:     16,
		LogSlots: 15,
		Scale:    1 << 40,
		Sigma:    rlwe.DefaultSigma,
		ResidualModuli: []uint64{
			0x4000000120001,
			0x10000140001,
			0xffffe80001,
			0xffffc40001,
			0x100003e0001,
			0xffffb20001,
			0x10000500001,
			0xffff940001,
			0xffff8a0001,
			0xffff820001,
		},
		KeySwitchModuli: []uint64{
			0x1fffffffffe00001,
			0x1fffffffffc80001,
			0x1fffffffffb40001,
			0x1fffffffff500001,
			0x1fffffffff420001,
			0x1fffffffff380001,
		},
		SlotsToCoeffsModuli: SlotsToCoeffsModuli{
			Qi: []uint64{
				0x100000000060001,
				0xffa0001,
			},
			ScalingFactor: [][]float64{
				{268435456.0007324, 268435456.0007324},
				{0xffa0001},
			},
		},
		SineEvalModuli: SineEvalModuli{
			Qi: []uint64{
				0xffffffffffc0001,
				0x10000000006e0001,
				0xfffffffff840001,
				0x1000000000860001,
				0xfffffffff6a0001,
				0x1000000000980001,
				0xfffffffff5a0001,
				0x1000000000b00001,
				0x1000000000ce0001,
				0xfffffffff2a0001,
				0xfffffffff240001,
				0x1000000000f00001,
			},
			ScalingFactor: 1 << 60,
		},
		CoeffsToSlotsModuli: CoeffsToSlotsModuli{
			Qi: []uint64{
				0x200000000e0001,
				0x20000000140001,
				0x20000000280001,
				0x1fffffffd80001,
			},
			ScalingFactor: [][]float64{
				{0x200000000e0001},
				{0x20000000140001},
				{0x20000000280001},
				{0x1fffffffd80001},
			},
		},
		H:            32768,
		SinType:      Cos2,
		MessageRatio: 256.0,
		SinRange:     325,
		SinDeg:       255,
		SinRescal:    4,
		ArcSineDeg:   0,
		MaxN1N2Ratio: 16.0,
		BitReversed:  false,
	},

	{
		LogN:     15,
		LogSlots: 14,
		Scale:    1 << 25,
		Sigma:    rlwe.DefaultSigma,
		ResidualModuli: []uint64{
			0x1fff90001,
			0x4000000420001,
			0x1fc0001,
		},
		KeySwitchModuli: []uint64{
			0x7fffffffe0001,
			0x8000000110001,
		},
		SlotsToCoeffsModuli: SlotsToCoeffsModuli{
			Qi: []uint64{
				0xffffffffffc0001,
			},
			ScalingFactor: [][]float64{
				{1073741823.9998779, 1073741823.9998779},
			},
		},
		SineEvalModuli: SineEvalModuli{
			Qi: []uint64{
				0x4000000120001,
				0x40000001b0001,
				0x3ffffffdf0001,
				0x4000000270001,
				0x3ffffffd20001,
				0x3ffffffcd0001,
				0x4000000350001,
				0x3ffffffc70001,
			},
			ScalingFactor: 1 << 50,
		},
		CoeffsToSlotsModuli: CoeffsToSlotsModuli{
			Qi: []uint64{
				0x1fffffff50001,
				0x1ffffffea0001,
			},
			ScalingFactor: [][]float64{
				{0x1fffffff50001},
				{0x1ffffffea0001},
			},
		},
		H:            192,
		SinType:      Cos1,
		MessageRatio: 256.0,
		SinRange:     25,
		SinDeg:       63,
		SinRescal:    2,
		ArcSineDeg:   0,
		MaxN1N2Ratio: 16.0,
		BitReversed:  false,
	},
}

DefaultBootstrapParams are default bootstrapping params for the bootstrapping.

DefaultParams is a set of default CKKS parameters ensuring 128 bit security in a classic setting.

DefaultPostQuantumParams is a set of default CKKS parameters ensuring 128 bit security in a post-quantum setting.

Functions

func AddMatrixRotToList added in v2.2.0

func AddMatrixRotToList(pVec *PtDiagMatrix, rotations []int, slots int, repack bool) []int

AddMatrixRotToList adds the rotations neede to evaluate pVec to the list rotations

func GenSwitchkeysRescalingParams

func GenSwitchkeysRescalingParams(Q, P []uint64) (params []uint64)

GenSwitchkeysRescalingParams generates the parameters for rescaling the switching keys

func NewKeyGenerator

func NewKeyGenerator(params Parameters) rlwe.KeyGenerator

NewKeyGenerator creates a rlwe.KeyGenerator instance from the CKKS parameters.

func NewPublicKey

func NewPublicKey(params Parameters) (pk *rlwe.PublicKey)

NewPublicKey returns an allocated CKKS public with zero values.

func NewRelinearizationKey added in v2.2.0

func NewRelinearizationKey(params Parameters) *rlwe.RelinearizationKey

NewRelinearizationKey returns an allocated CKKS public relinearization key with zero value.

func NewRotationKeySet added in v2.2.0

func NewRotationKeySet(params Parameters, galoisElements []uint64) *rlwe.RotationKeySet

NewRotationKeySet returns an allocated set of CKKS public rotation keys with zero values for each galois element (i.e., for each supported rotation).

func NewSecretKey

func NewSecretKey(params Parameters) (sk *rlwe.SecretKey)

NewSecretKey returns an allocated CKKS secret key with zero values.

func NewSwitchingKey

func NewSwitchingKey(params Parameters) *rlwe.SwitchingKey

NewSwitchingKey returns an allocated CKKS public switching key with zero values.

func StandardDeviation added in v2.2.0

func StandardDeviation(vec []float64, scale float64) (std float64)

StandardDeviation computes the scaled standard deviation of the input vector.

Types

type Bootstrapper

type Bootstrapper struct {
	BootstrappingParameters
	*BootstrappingKey
	// contains filtered or unexported fields
}

Bootstrapper is a struct to stores a memory pool the plaintext matrices the polynomial approximation and the keys for the bootstrapping.

func NewBootstrapper

func NewBootstrapper(params Parameters, btpParams *BootstrappingParameters, btpKey BootstrappingKey) (btp *Bootstrapper, err error)

NewBootstrapper creates a new Bootstrapper.

func (Bootstrapper) Add added in v2.2.0

func (eval Bootstrapper) Add(op0, op1 Operand, ctOut *Ciphertext)

Add adds op0 to op1 and returns the result in ctOut.

func (Bootstrapper) AddConst added in v2.2.0

func (eval Bootstrapper) AddConst(ct0 *Ciphertext, constant interface{}, ctOut *Ciphertext)

AddConst adds the input constant (which can be a uint64, int64, float64 or complex128) to ct0 and returns the result in ctOut.

func (Bootstrapper) AddConstNew added in v2.2.0

func (eval Bootstrapper) AddConstNew(ct0 *Ciphertext, constant interface{}) (ctOut *Ciphertext)

AddConstNew adds the input constant (which can be a uint64, int64, float64 or complex128) to ct0 and returns the result in a new element.

func (Bootstrapper) AddNew added in v2.2.0

func (eval Bootstrapper) AddNew(op0, op1 Operand) (ctOut *Ciphertext)

AddNew adds op0 to op1 and returns the result in a newly created element.

func (Bootstrapper) AddNoMod added in v2.2.0

func (eval Bootstrapper) AddNoMod(op0, op1 Operand, ctOut *Ciphertext)

AddNoMod adds op0 to op1 and returns the result in ctOut, without modular reduction.

func (Bootstrapper) AddNoModNew added in v2.2.0

func (eval Bootstrapper) AddNoModNew(op0, op1 Operand) (ctOut *Ciphertext)

AddNoModNew adds op0 to op1 without modular reduction, and returns the result in a newly created element.

func (*Bootstrapper) Bootstrapp

func (btp *Bootstrapper) Bootstrapp(ct *Ciphertext) *Ciphertext

Bootstrapp re-encrypt a ciphertext at lvl Q0 to a ciphertext at MaxLevel-k where k is the depth of the bootstrapping circuit. If the input ciphertext level is zero, the input scale must be an exact power of two smaller or equal to round(Q0/2^{10}). If the input ciphertext is at level one or more, the input scale does not need to be an exact power of two as one level can be used to do a scale matching.

func (*Bootstrapper) CheckKeys

func (btp *Bootstrapper) CheckKeys() (err error)

CheckKeys checks if all the necessary keys are present

func (Bootstrapper) Conjugate added in v2.2.0

func (eval Bootstrapper) Conjugate(ct0 *Ciphertext, ctOut *Ciphertext)

Conjugate conjugates ct0 (which is equivalent to a row rotation) and returns the result in ctOut. If the provided element is a Ciphertext, a key-switching operation is necessary and a rotation key for the row rotation needs to be provided.

func (Bootstrapper) ConjugateNew added in v2.2.0

func (eval Bootstrapper) ConjugateNew(ct0 *Ciphertext) (ctOut *Ciphertext)

ConjugateNew conjugates ct0 (which is equivalent to a row rotation) and returns the result in a newly created element. If the provided element is a Ciphertext, a key-switching operation is necessary and a rotation key for the row rotation needs to be provided.

func (Bootstrapper) DivByi added in v2.2.0

func (eval Bootstrapper) DivByi(ct0 *Ciphertext, ctOut *Ciphertext)

DivByi multiplies ct0 by the imaginary number 1/i = -i, and returns the result in ctOut. It does not change the scale.

func (Bootstrapper) DivByiNew added in v2.2.0

func (eval Bootstrapper) DivByiNew(ct0 *Ciphertext) (ctOut *Ciphertext)

DivByiNew multiplies ct0 by the imaginary number 1/i = -i, and returns the result in a newly created element. It does not change the scale.

func (Bootstrapper) DropLevel added in v2.2.0

func (eval Bootstrapper) DropLevel(ct0 *Ciphertext, levels int)

DropLevel reduces the level of ct0 by levels and returns the result in ct0. No rescaling is applied during this procedure.

func (Bootstrapper) DropLevelNew added in v2.2.0

func (eval Bootstrapper) DropLevelNew(ct0 *Ciphertext, levels int) (ctOut *Ciphertext)

DropLevelNew reduces the level of ct0 by levels and returns the result in a newly created element. No rescaling is applied during this procedure.

func (Bootstrapper) EvaluateCheby added in v2.2.0

func (eval Bootstrapper) EvaluateCheby(op *Ciphertext, cheby *ChebyshevInterpolation, tartetScale float64) (opOut *Ciphertext, err error)

func (Bootstrapper) EvaluatePoly added in v2.2.0

func (eval Bootstrapper) EvaluatePoly(ct0 *Ciphertext, pol *Poly, targetScale float64) (opOut *Ciphertext, err error)

func (Bootstrapper) InnerSum added in v2.2.0

func (eval Bootstrapper) InnerSum(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)

InnerSum applies an naive inner sum on the ciphetext (n rotations with single hoisting). The operation assumes that `ctIn` encrypts SlotCount/`batchSize` sub-vectors of size `batchSize` which it adds together (in parallel) by groups of `n`. It outputs in ctOut a ciphertext for which the "leftmost" sub-vector of each group is equal to the sum of the group. This method is faster than InnerSumLog when the number of rotations is small but uses 'n' keys instead of log(n) + HW(n).

func (Bootstrapper) InnerSumLog added in v2.2.0

func (eval Bootstrapper) InnerSumLog(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)

InnerSumLog applies an optimized inner sum on the ciphetext (log2(n) + HW(n) rotations with double hoisting). The operation assumes that `ctIn` encrypts SlotCount/`batchSize` sub-vectors of size `batchSize` which it adds together (in parallel) by groups of `n`. It outputs in ctOut a ciphertext for which the "leftmost" sub-vector of each group is equal to the sum of the group. This method is faster than InnerSum when the number of rotations is large and uses log2(n) + HW(n) insteadn of 'n' keys.

func (Bootstrapper) InverseNew added in v2.2.0

func (eval Bootstrapper) InverseNew(op *Ciphertext, steps int) (opOut *Ciphertext)

InverseNew computes 1/op and returns the result on a new element, iterating for n steps and consuming n levels. The algorithm requires the encrypted values to be in the range [-1.5 - 1.5i, 1.5 + 1.5i] or the result will be wrong. Each iteration increases the precision.

func (Bootstrapper) LinearTransform added in v2.2.0

func (eval Bootstrapper) LinearTransform(ctIn *Ciphertext, linearTransform interface{}) (ctOut []*Ciphertext)

LinearTransform evaluates a linear transform on the ciphertext. The linearTransform can either be an (ordered) list of PtDiagMatrix or a single PtDiagMatrix. In either case a list of ciphertext is return (the second case returnign a list of containing a single ciphertext. A PtDiagMatrix is a diagonalized plaintext matrix contructed with an Encoder using the method encoder.EncodeDiagMatrixAtLvl(*).

func (Bootstrapper) Mul added in v2.2.0

func (eval Bootstrapper) Mul(op0, op1 Operand, ctOut *Ciphertext)

Mul multiplies op0 with op1 without relinearization and returns the result in ctOut. The procedure will panic if either op0 or op1 are have a degree higher than 1. The procedure will panic if ctOut.Degree != op0.Degree + op1.Degree.

func (Bootstrapper) MulByPow2 added in v2.2.0

func (eval Bootstrapper) MulByPow2(ct0 *Ciphertext, pow2 int, ctOut *Ciphertext)

MulByPow2 multiplies ct0 by 2^pow2 and returns the result in ctOut.

func (Bootstrapper) MulByPow2New added in v2.2.0

func (eval Bootstrapper) MulByPow2New(ct0 *Ciphertext, pow2 int) (ctOut *Ciphertext)

MulByPow2New multiplies ct0 by 2^pow2 and returns the result in a newly created element.

func (Bootstrapper) MulNew added in v2.2.0

func (eval Bootstrapper) MulNew(op0, op1 Operand) (ctOut *Ciphertext)

MulNew multiplies op0 with op1 without relinearization and returns the result in a newly created element. The procedure will panic if either op0.Degree or op1.Degree > 1.

func (Bootstrapper) MulRelin added in v2.2.0

func (eval Bootstrapper) MulRelin(op0, op1 Operand, ctOut *Ciphertext)

MulRelin multiplies op0 with op1 with relinearization and returns the result in ctOut. The procedure will panic if either op0.Degree or op1.Degree > 1. The procedure will panic if ctOut.Degree != op0.Degree + op1.Degree. The procedure will panic if the evaluator was not created with an relinearization key.

func (Bootstrapper) MulRelinNew added in v2.2.0

func (eval Bootstrapper) MulRelinNew(op0, op1 Operand) (ctOut *Ciphertext)

MulRelinNew multiplies ct0 by ct1 with relinearization and returns the result in a newly created element. The procedure will panic if either op0.Degree or op1.Degree > 1. The procedure will panic if the evaluator was not created with an relinearization key.

func (Bootstrapper) MultByConst added in v2.2.0

func (eval Bootstrapper) MultByConst(ct0 *Ciphertext, constant interface{}, ctOut *Ciphertext)

MultByConst multiplies ct0 by the input constant and returns the result in ctOut. The scale of the output element will depend on the scale of the input element and the constant (if the constant needs to be scaled (its rational part is not zero)). The constant can be a uint64, int64, float64 or complex128.

func (Bootstrapper) MultByConstAndAdd added in v2.2.0

func (eval Bootstrapper) MultByConstAndAdd(ct0 *Ciphertext, constant interface{}, ctOut *Ciphertext)

MultByConstAndAdd multiplies ct0 by the input constant, and adds it to the receiver element (it does not modify the input element), e.g., ctOut(x) = ctOut(x) + ct0(x) * (a+bi). This functions removes the need of storing the intermediate value c(x) * (a+bi). This function will modify the level and the scale of the receiver element depending on the level and the scale of the input element and the type of the constant. The level of the receiver element will be set to min(input.level, receiver.level). The scale of the receiver element will be set to the scale that the input element would have after the multiplication by the constant.

func (Bootstrapper) MultByConstNew added in v2.2.0

func (eval Bootstrapper) MultByConstNew(ct0 *Ciphertext, constant interface{}) (ctOut *Ciphertext)

MultByConstNew multiplies ct0 by the input constant and returns the result in a newly created element. The scale of the output element will depend on the scale of the input element and the constant (if the constant needs to be scaled (its rational part is not zero)). The constant can be a uint64, int64, float64 or complex128.

func (Bootstrapper) MultByGaussianInteger added in v2.2.0

func (eval Bootstrapper) MultByGaussianInteger(ct0 *Ciphertext, cReal, cImag int64, ctOut *Ciphertext)

func (Bootstrapper) MultByGaussianIntegerAndAdd added in v2.2.0

func (eval Bootstrapper) MultByGaussianIntegerAndAdd(ct0 *Ciphertext, cReal, cImag int64, ctOut *Ciphertext)

func (Bootstrapper) MultByi added in v2.2.0

func (eval Bootstrapper) MultByi(ct0 *Ciphertext, ctOut *Ciphertext)

MultByi multiplies ct0 by the imaginary number i, and returns the result in ctOut. It does not change the scale.

func (Bootstrapper) MultByiNew added in v2.2.0

func (eval Bootstrapper) MultByiNew(ct0 *Ciphertext) (ctOut *Ciphertext)

MultByiNew multiplies ct0 by the imaginary number i, and returns the result in a newly created element. It does not change the scale.

func (Bootstrapper) MultiplyByDiagMatrix added in v2.2.0

func (eval Bootstrapper) MultiplyByDiagMatrix(ctIn *Ciphertext, matrix *PtDiagMatrix, PoolDecompQ, PoolDecompP []*ring.Poly, ctOut *Ciphertext)

MultiplyByDiagMatrix multiplies the ciphertext "ctIn" by the plaintext matrix "matrix" and returns the result on the ciphertext "ctOut". Memory pools for the decomposed ciphertext PoolDecompQ, PoolDecompP must be provided, those are list of poly of ringQ and ringP respectively, each of size params.Beta(). The naive approach is used (single hoisting and no baby-step giant-step), which is faster than MultiplyByDiagMatrixBSGS for matrix of only a few non-zero diagonals but uses more keys.

func (Bootstrapper) MultiplyByDiagMatrixBSGS added in v2.2.0

func (eval Bootstrapper) MultiplyByDiagMatrixBSGS(ctIn *Ciphertext, matrix *PtDiagMatrix, PoolDecompQ, PoolDecompP []*ring.Poly, ctOut *Ciphertext)

MultiplyByDiagMatrixBSGS multiplies the ciphertext "ctIn" by the plaintext matrix "matrix" and returns the result on the ciphertext "ctOut". Memory pools for the decomposed ciphertext PoolDecompQ, PoolDecompP must be provided, those are list of poly of ringQ and ringP respectively, each of size params.Beta(). The BSGS approach is used (double hoisting with baby-step giant-step), which is faster than MultiplyByDiagMatrix for matrix with more than a few non-zero diagonals and uses much less keys.

func (Bootstrapper) Neg added in v2.2.0

func (eval Bootstrapper) Neg(ct0 *Ciphertext, ctOut *Ciphertext)

Neg negates the value of ct0 and returns the result in ctOut.

func (Bootstrapper) NegNew added in v2.2.0

func (eval Bootstrapper) NegNew(ct0 *Ciphertext) (ctOut *Ciphertext)

NegNew negates ct0 and returns the result in a newly created element.

func (Bootstrapper) Power added in v2.2.0

func (eval Bootstrapper) Power(op *Ciphertext, degree int, opOut *Ciphertext)

Power computes op^degree, consuming log(degree) levels, and returns the result on opOut. Providing an evaluation key is necessary when degree > 2.

func (Bootstrapper) PowerNew added in v2.2.0

func (eval Bootstrapper) PowerNew(op *Ciphertext, degree int) (opOut *Ciphertext)

PowerNew computes op^degree, consuming log(degree) levels, and returns the result on a new element. Providing an evaluation key is necessary when degree > 2.

func (Bootstrapper) PowerOf2 added in v2.2.0

func (eval Bootstrapper) PowerOf2(op *Ciphertext, logPow2 int, opOut *Ciphertext)

PowerOf2 computes op^(2^logPow2), consuming logPow2 levels, and returns the result on opOut. Providing an evaluation key is necessary when logPow2 > 1.

func (Bootstrapper) Reduce added in v2.2.0

func (eval Bootstrapper) Reduce(ct0 *Ciphertext, ctOut *Ciphertext) error

Reduce applies a modular reduction to ct0 and returns the result in ctOut. To be used in conjunction with functions that do not apply modular reduction.

func (Bootstrapper) ReduceNew added in v2.2.0

func (eval Bootstrapper) ReduceNew(ct0 *Ciphertext) (ctOut *Ciphertext)

ReduceNew applies a modular reduction to ct0 and returns the result in a newly created element. To be used in conjunction with functions that do not apply modular reduction.

func (Bootstrapper) Relinearize added in v2.2.0

func (eval Bootstrapper) Relinearize(ct0 *Ciphertext, ctOut *Ciphertext)

Relinearize applies the relinearization procedure on ct0 and returns the result in ctOut. The input Ciphertext must be of degree two.

func (Bootstrapper) RelinearizeNew added in v2.2.0

func (eval Bootstrapper) RelinearizeNew(ct0 *Ciphertext) (ctOut *Ciphertext)

RelinearizeNew applies the relinearization procedure on ct0 and returns the result in a newly created Ciphertext. The input Ciphertext must be of degree two.

func (Bootstrapper) Replicate added in v2.2.0

func (eval Bootstrapper) Replicate(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)

Replicate applies naive replication on the ciphetext (n rotations with single hoisting). It acts as the inverse of a inner sum (summing elements from left to right). The replication is parameterized by the size of the sub-vectors to replicate "batchSize" and the number of time "n" they need to be replicated. To ensure correctness, a gap of zero values of size batchSize * (n-1) must exist between two consecutive sub-vectors to replicate. This method is faster than ReplicateLog when the number of rotations is small but uses 'n' keys instead of log2(n) + HW(n).

func (Bootstrapper) ReplicateLog added in v2.2.0

func (eval Bootstrapper) ReplicateLog(ctIn *Ciphertext, batchSize, n int, ctOut *Ciphertext)

ReplicateLog applies an optimized replication on the ciphetext (log2(n) + HW(n) rotations with double hoisting). It acts as the inverse of a inner sum (summing elements from left to right). The replication is parameterized by the size of the sub-vectors to replicate "batchSize" and the number of time "n" they need to be replicated. To ensure correctness, a gap of zero values of size batchSize * (n-1) must exist between two consecutive sub-vectors to replicate. This method is faster than Replicate when the number of rotations is large and uses log2(n) + HW(n) instead of 'n'.

func (Bootstrapper) Rescale added in v2.2.0

func (eval Bootstrapper) Rescale(ctIn *Ciphertext, minScale float64, ctOut *Ciphertext) (err error)

Rescale divides ct0 by the last modulus in the moduli chain, and repeats this procedure (consuming one level each time) until the scale reaches the original scale or before it goes below it, and returns the result in ctOut. Since all the moduli in the moduli chain are generated to be close to the original scale, this procedure is equivalent to dividing the input element by the scale and adding some error. Returns an error if "minScale <= 0", ct.Scale = 0, ct.Level() = 0, ct.IsNTT() != true or if ct.Leve() != ctOut.Level()

func (Bootstrapper) RescaleNew added in v2.2.0

func (eval Bootstrapper) RescaleNew(ct0 *Ciphertext, threshold float64) (ctOut *Ciphertext, err error)

RescaleNew divides ct0 by the last modulus in the moduli chain, and repeats this procedure (consuming one level each time) until the scale reaches the original scale or before it goes below it, and returns the result in a newly created element. Since all the moduli in the moduli chain are generated to be close to the original scale, this procedure is equivalent to dividing the input element by the scale and adding some error. Returns an error if "threshold <= 0", ct.Scale = 0, ct.Level() = 0, ct.IsNTT() != true

func (Bootstrapper) Rotate added in v2.2.0

func (eval Bootstrapper) Rotate(ct0 *Ciphertext, k int, ctOut *Ciphertext)

Rotate rotates the columns of ct0 by k positions to the left and returns the result in ctOut. If the provided element is a Ciphertext, a key-switching operation is necessary and a rotation key for the specific rotation needs to be provided.

func (Bootstrapper) RotateHoisted added in v2.2.0

func (eval Bootstrapper) RotateHoisted(ctIn *Ciphertext, rotations []int) (cOut map[int]*Ciphertext)

RotateHoisted takes an input Ciphertext and a list of rotations and returns a map of Ciphertext, where each element of the map is the input Ciphertext rotation by one element of the list. It is much faster than sequential calls to Rotate.

func (Bootstrapper) RotateNew added in v2.2.0

func (eval Bootstrapper) RotateNew(ct0 *Ciphertext, k int) (ctOut *Ciphertext)

RotateNew rotates the columns of ct0 by k positions to the left, and returns the result in a newly created element. If the provided element is a Ciphertext, a key-switching operation is necessary and a rotation key for the specific rotation needs to be provided.

func (Bootstrapper) ScaleUp added in v2.2.0

func (eval Bootstrapper) ScaleUp(ct0 *Ciphertext, scale float64, ctOut *Ciphertext)

ScaleUp multiplies ct0 by 2^scale and sets its scale to its previous scale plus 2^n. It returns the result in ctOut.

func (Bootstrapper) ScaleUpNew added in v2.2.0

func (eval Bootstrapper) ScaleUpNew(ct0 *Ciphertext, scale float64) (ctOut *Ciphertext)

ScaleUpNew multiplies ct0 by 2^scale and sets its scale to its previous scale plus 2^n. It returns the result in a newly created element.

func (Bootstrapper) SetScale added in v2.2.0

func (eval Bootstrapper) SetScale(ct *Ciphertext, scale float64)

SetScale sets the scale of the ciphertext to the input scale (consumes a level)

func (Bootstrapper) ShallowCopy added in v2.2.0

func (eval Bootstrapper) ShallowCopy() Evaluator

ShallowCopy creates a shallow copy of this evaluator in which all the read-only data-structures are shared with the receiver and the temporary buffers are reallocated. The receiver and the returned Evaluators can be used concurrently.

func (Bootstrapper) Sub added in v2.2.0

func (eval Bootstrapper) Sub(op0, op1 Operand, ctOut *Ciphertext)

Sub subtracts op1 from op0 and returns the result in ctOut.

func (Bootstrapper) SubNew added in v2.2.0

func (eval Bootstrapper) SubNew(op0, op1 Operand) (ctOut *Ciphertext)

SubNew subtracts op1 from op0 and returns the result in a newly created element.

func (Bootstrapper) SubNoMod added in v2.2.0

func (eval Bootstrapper) SubNoMod(op0, op1 Operand, ctOut *Ciphertext)

SubNoMod subtracts op1 from op0 and returns the result in ctOut, without modular reduction.

func (Bootstrapper) SubNoModNew added in v2.2.0

func (eval Bootstrapper) SubNoModNew(op0, op1 Operand) (ctOut *Ciphertext)

SubNoModNew subtracts op1 from op0 without modular reduction, and returns the result in a newly created element.

func (Bootstrapper) SwitchKeys added in v2.2.0

func (eval Bootstrapper) SwitchKeys(ct0 *Ciphertext, switchingKey *rlwe.SwitchingKey, ctOut *Ciphertext)

SwitchKeys re-encrypts ct0 under a different key and returns the result in ctOut. It requires a SwitchingKey, which is computed from the key under which the Ciphertext is currently encrypted, and the key under which the Ciphertext will be re-encrypted.

func (Bootstrapper) SwitchKeysNew added in v2.2.0

func (eval Bootstrapper) SwitchKeysNew(ct0 *Ciphertext, switchingKey *rlwe.SwitchingKey) (ctOut *Ciphertext)

SwitchKeysNew re-encrypts ct0 under a different key and returns the result in a newly created element. It requires a SwitchingKey, which is computed from the key under which the Ciphertext is currently encrypted, and the key under which the Ciphertext will be re-encrypted.

func (Bootstrapper) WithKey added in v2.2.0

func (eval Bootstrapper) WithKey(evaluationKey rlwe.EvaluationKey) Evaluator

WithKey creates a shallow copy of the receiver Evaluator for which the new EvaluationKey is evaluationKey and where the temporary buffers are shared. The receiver and the returned Evaluators cannot be used concurrently.

type BootstrappingKey

type BootstrappingKey rlwe.EvaluationKey

BootstrappingKey is a type for a CKKS bootstrapping key, wich regroups the necessary public relinearization and rotation keys (i.e., an EvaluationKey).

type BootstrappingParameters added in v2.1.1

type BootstrappingParameters struct {
	ResidualModuli
	KeySwitchModuli
	SlotsToCoeffsModuli
	SineEvalModuli
	CoeffsToSlotsModuli
	LogN         int
	LogSlots     int
	Scale        float64
	Sigma        float64
	H            int     // Hamming weight of the secret key
	SinType      SinType // Chose betwenn [Sin(2*pi*x)] or [cos(2*pi*x/r) with double angle formula]
	MessageRatio float64 // Ratio between Q0 and m, i.e. Q[0]/|m|
	SinRange     int     // K parameter (interpolation in the range -K to K)
	SinDeg       int     // Degree of the interpolation
	SinRescal    int     // Number of rescale and double angle formula (only applies for cos)
	ArcSineDeg   int     // Degree of the Taylor arcsine composed with f(2*pi*x) (if zero then not used)
	MaxN1N2Ratio float64 // n1/n2 ratio for the bsgs algo for matrix x vector eval
	BitReversed  bool    // Flag for bit-reverseed input to the DFT (with bit-reversed output), by default false.
}

BootstrappingParameters is a struct for the default bootstrapping parameters

func (*BootstrappingParameters) ArcSineDepth added in v2.2.0

func (b *BootstrappingParameters) ArcSineDepth() int

ArcSineDepth returns the depth of the arcsine polynomial.

func (*BootstrappingParameters) Copy added in v2.1.1

Copy return a new BootstrappingParameters which is a copy of the target

func (*BootstrappingParameters) CtSDepth added in v2.1.1

func (b *BootstrappingParameters) CtSDepth(actual bool) (depth int)

CtSDepth returns the number of levels allocated to CoeffsToSlots. If actual == true then returns the number of moduli consumed, else returns the factorization depth.

func (*BootstrappingParameters) CtSLevels added in v2.2.0

func (b *BootstrappingParameters) CtSLevels() (ctsLevel []int)

CtSLevels returns the index of the Qi used int CoeffsToSlots

func (*BootstrappingParameters) GenCoeffsToSlotsMatrix added in v2.2.0

func (b *BootstrappingParameters) GenCoeffsToSlotsMatrix(scaling complex128, encoder Encoder) []*PtDiagMatrix

GenCoeffsToSlotsMatrix generates the factorized encoding matrix scaling : constant by witch the all the matrices will be multuplied by encoder : ckks.Encoder

func (*BootstrappingParameters) GenSlotsToCoeffsMatrix added in v2.2.0

func (b *BootstrappingParameters) GenSlotsToCoeffsMatrix(scaling complex128, encoder Encoder) []*PtDiagMatrix

GenSlotsToCoeffsMatrix generates the factorized decoding matrix scaling : constant by witch the all the matrices will be multuplied by encoder : ckks.Encoder

func (*BootstrappingParameters) MaxLevel added in v2.2.0

func (b *BootstrappingParameters) MaxLevel() int

MaxLevel returns the maximum level of the bootstrapping parameters

func (*BootstrappingParameters) Params added in v2.2.0

func (b *BootstrappingParameters) Params() (p Parameters, err error)

Params generates a new set of Parameters from the BootstrappingParameters

func (*BootstrappingParameters) RotationsForBootstrapping added in v2.2.0

func (b *BootstrappingParameters) RotationsForBootstrapping(logSlots int) (rotations []int)

RotationsForBootstrapping returns the list of rotations performed during the Bootstrapping operation.

func (*BootstrappingParameters) RotationsForCoeffsToSlots added in v2.2.0

func (b *BootstrappingParameters) RotationsForCoeffsToSlots(logSlots int) (rotations []int)

RotationsForCoeffsToSlots returns the list of rotations performed during the CoeffsToSlot operation.

func (*BootstrappingParameters) RotationsForSlotsToCoeffs added in v2.2.0

func (b *BootstrappingParameters) RotationsForSlotsToCoeffs(logSlots int) (rotations []int)

RotationsForSlotsToCoeffs returns the list of rotations performed during the SlotsToCoeffs operation.

func (*BootstrappingParameters) SineEvalDepth added in v2.2.0

func (b *BootstrappingParameters) SineEvalDepth(withRescale bool) int

SineEvalDepth returns the depth of the SineEval. If true, then also counts the double angle formula.

func (*BootstrappingParameters) StCDepth added in v2.1.1

func (b *BootstrappingParameters) StCDepth(actual bool) (depth int)

StCDepth returns the number of levels allocated to SlotToCoeffs. If actual == true then returns the number of moduli consumed, else returns the factorization depth.

func (*BootstrappingParameters) StCLevels added in v2.2.0

func (b *BootstrappingParameters) StCLevels() (stcLevel []int)

StCLevels returns the index of the Qi used in SlotsToCoeffs

type ChebyshevInterpolation

type ChebyshevInterpolation struct {
	Poly
	// contains filtered or unexported fields
}

ChebyshevInterpolation is a struct storing the coefficients, degree and range of a Chebyshev interpolation polynomial.

func Approximate

func Approximate(function func(complex128) complex128, a, b complex128, degree int) (cheby *ChebyshevInterpolation)

Approximate computes a Chebyshev approximation of the input function, for the range [-a, b] of degree degree. To be used in conjunction with the function EvaluateCheby.

func (*ChebyshevInterpolation) A added in v2.1.0

A returns the start of the approximation interval.

func (*ChebyshevInterpolation) B added in v2.1.0

B returns the end of the approximation interval.

type Ciphertext

type Ciphertext struct {
	*rlwe.Ciphertext
	Scale float64
}

Ciphertext is *ring.Poly array representing a polynomial of degree > 0 with coefficients in R_Q.

func CoeffsToSlots added in v2.2.0

func CoeffsToSlots(vec *Ciphertext, pDFTInv []*PtDiagMatrix, eval Evaluator) (ct0, ct1 *Ciphertext)

CoeffsToSlots applies the homomorphic encoding

func NewCiphertext

func NewCiphertext(params Parameters, degree, level int, scale float64) (ciphertext *Ciphertext)

NewCiphertext creates a new Ciphertext parameterized by degree, level and scale.

func NewCiphertextRandom

func NewCiphertextRandom(prng utils.PRNG, params Parameters, degree, level int, scale float64) (ciphertext *Ciphertext)

NewCiphertextRandom generates a new uniformly distributed Ciphertext of degree, level and scale.

func SlotsToCoeffs added in v2.2.0

func SlotsToCoeffs(ct0, ct1 *Ciphertext, pDFT []*PtDiagMatrix, eval Evaluator) (ct *Ciphertext)

SlotsToCoeffs applies the homomorphic decoding

func (*Ciphertext) Copy added in v2.2.0

func (ct *Ciphertext) Copy(ctp *Ciphertext)

Copy copies the given ciphertext ctp into the receiver ciphertext.

func (*Ciphertext) CopyNew added in v2.2.0

func (ct *Ciphertext) CopyNew() (ctc *Ciphertext)

CopyNew makes a deep copy of the receiver ciphertext and returns it.

func (*Ciphertext) GetDataLen

func (ciphertext *Ciphertext) GetDataLen(WithMetaData bool) (dataLen int)

GetDataLen returns the length in bytes of the target Ciphertext.

func (*Ciphertext) MarshalBinary

func (ciphertext *Ciphertext) MarshalBinary() (data []byte, err error)

MarshalBinary encodes a Ciphertext on a byte slice. The total size in byte is 4 + 8* N * numberModuliQ * (degree + 1).

func (*Ciphertext) ScalingFactor added in v2.2.0

func (ct *Ciphertext) ScalingFactor() float64

ScalingFactor returns the scaling factor of the ciphertext

func (*Ciphertext) SetScalingFactor added in v2.2.0

func (ct *Ciphertext) SetScalingFactor(scale float64)

SetScalingFactor sets the scaling factor of the ciphertext

func (*Ciphertext) UnmarshalBinary

func (ciphertext *Ciphertext) UnmarshalBinary(data []byte) (err error)

UnmarshalBinary decodes a previously marshaled Ciphertext on the target Ciphertext.

type CoeffsToSlotsModuli added in v2.2.0

type CoeffsToSlotsModuli struct {
	Qi            []uint64
	ScalingFactor [][]float64
}

CoeffsToSlotsModuli is a list of the moduli used during he CoeffsToSlots step.

type Decryptor

type Decryptor interface {
	DecryptNew(ciphertext *Ciphertext) (plaintext *Plaintext)
	Decrypt(ciphertext *Ciphertext, plaintext *Plaintext)
}

Decryptor is an interface wrapping a rlwe.Decryptor.

func NewDecryptor

func NewDecryptor(params Parameters, sk *rlwe.SecretKey) Decryptor

NewDecryptor instantiates a Decryptor for the CKKS scheme.

type Encoder

type Encoder interface {
	Encode(plaintext *Plaintext, values []complex128, logSlots int)
	EncodeNew(values []complex128, logSlots int) (plaintext *Plaintext)
	EncodeAtLvlNew(level int, values []complex128, logSlots int) (plaintext *Plaintext)

	EncodeNTT(plaintext *Plaintext, values []complex128, logSlots int)
	EncodeNTTNew(values []complex128, logSlots int) (plaintext *Plaintext)
	EncodeNTTAtLvlNew(level int, values []complex128, logSlots int) (plaintext *Plaintext)

	EncodeDiagMatrixBSGSAtLvl(level int, vector map[int][]complex128, scale, maxM1N2Ratio float64, logSlots int) (matrix *PtDiagMatrix)
	EncodeDiagMatrixAtLvl(level int, vector map[int][]complex128, scale float64, logSlots int) (matrix *PtDiagMatrix)

	Decode(plaintext *Plaintext, logSlots int) (res []complex128)
	DecodePublic(plaintext *Plaintext, logSlots int, sigma float64) []complex128

	Embed(values []complex128, logSlots int)
	ScaleUp(pol *ring.Poly, scale float64, moduli []uint64)

	WipeInternalMemory()

	EncodeCoeffs(values []float64, plaintext *Plaintext)
	DecodeCoeffs(plaintext *Plaintext) (res []float64)
	DecodeCoeffsPublic(plaintext *Plaintext, bound float64) (res []float64)

	GetErrSTDCoeffDomain(valuesWant, valuesHave []complex128, scale float64) (std float64)
	GetErrSTDSlotDomain(valuesWant, valuesHave []complex128, scale float64) (std float64)
}

Encoder is an interface implenting the encoding algorithms.

func NewEncoder

func NewEncoder(params Parameters) Encoder

NewEncoder creates a new Encoder that is used to encode a slice of complex values of size at most N/2 (the number of slots) on a Plaintext.

type EncoderBigComplex

type EncoderBigComplex interface {
	Encode(plaintext *Plaintext, values []*ring.Complex, logSlots int)
	EncodeNew(values []*ring.Complex, logSlots int) (plaintext *Plaintext)
	EncodeAtLvlNew(level int, values []*ring.Complex, logSlots int) (plaintext *Plaintext)
	EncodeNTT(plaintext *Plaintext, values []*ring.Complex, logSlots int)
	EncodeNTTAtLvlNew(level int, values []*ring.Complex, logSlots int) (plaintext *Plaintext)
	Decode(plaintext *Plaintext, logSlots int) (res []*ring.Complex)
	FFT(values []*ring.Complex, N int)
	InvFFT(values []*ring.Complex, N int)
}

EncoderBigComplex is an interface implenting the encoding algorithms with arbitrary precision.

func NewEncoderBigComplex

func NewEncoderBigComplex(params Parameters, logPrecision int) EncoderBigComplex

NewEncoderBigComplex creates a new encoder using arbitrary precision complex arithmetic.

type Encryptor

type Encryptor interface {
	Encrypt(plaintext *Plaintext, ciphertext *Ciphertext)
	EncryptNew(plaintext *Plaintext) *Ciphertext
	EncryptFromCRP(plaintext *Plaintext, crp *ring.Poly, ciphertext *Ciphertext)
	EncryptFromCRPNew(plaintext *Plaintext, crp *ring.Poly) *Ciphertext
}

Encryptor an encryption interface for the CKKS scheme.

func NewEncryptor added in v2.2.0

func NewEncryptor(params Parameters, key interface{}) Encryptor

NewEncryptor instatiates a new Encryptor for the CKKS scheme. The key argument can be either a *rlwe.PublicKey or a *rlwe.SecretKey.

func NewFastEncryptor added in v2.2.0

func NewFastEncryptor(params Parameters, key *rlwe.PublicKey) Encryptor

NewFastEncryptor instantiates a new Encryptor for the CKKS scheme. This encryptor's Encrypt method first encrypts zero in Q and then adds the plaintext. This method is faster than the normal encryptor but result in a noisier ciphertext.

type Evaluator

type Evaluator interface {

	// Addition
	Add(op0, op1 Operand, ctOut *Ciphertext)
	AddNoMod(op0, op1 Operand, ctOut *Ciphertext)
	AddNew(op0, op1 Operand) (ctOut *Ciphertext)
	AddNoModNew(op0, op1 Operand) (ctOut *Ciphertext)

	// Subtraction
	Sub(op0, op1 Operand, ctOut *Ciphertext)
	SubNoMod(op0, op1 Operand, ctOut *Ciphertext)
	SubNew(op0, op1 Operand) (ctOut *Ciphertext)
	SubNoModNew(op0, op1 Operand) (ctOut *Ciphertext)

	// Negation
	Neg(ctIn *Ciphertext, ctOut *Ciphertext)
	NegNew(ctIn *Ciphertext) (ctOut *Ciphertext)

	// Constant Addition
	AddConstNew(ctIn *Ciphertext, constant interface{}) (ctOut *Ciphertext)
	AddConst(ctIn *Ciphertext, constant interface{}, ctOut *Ciphertext)

	// Constant Multiplication
	MultByConstNew(ctIn *Ciphertext, constant interface{}) (ctOut *Ciphertext)
	MultByConst(ctIn *Ciphertext, constant interface{}, ctOut *Ciphertext)
	MultByGaussianInteger(ctIn *Ciphertext, cReal, cImag int64, ctOut *Ciphertext)

	// Constant Multiplication with Addition
	MultByConstAndAdd(ctIn *Ciphertext, constant interface{}, ctOut *Ciphertext)
	MultByGaussianIntegerAndAdd(ctIn *Ciphertext, cReal, cImag int64, ctOut *Ciphertext)

	// Multiplication by the imaginary unit
	MultByiNew(ctIn *Ciphertext) (ctOut *Ciphertext)
	MultByi(ctIn *Ciphertext, ctOut *Ciphertext)
	DivByiNew(ctIn *Ciphertext) (ctOut *Ciphertext)
	DivByi(ctIn *Ciphertext, ctOut *Ciphertext)

	// Conjugation
	ConjugateNew(ctIn *Ciphertext) (ctOut *Ciphertext)
	Conjugate(ctIn *Ciphertext, ctOut *Ciphertext)

	// Multiplication
	Mul(op0, op1 Operand, ctOut *Ciphertext)
	MulNew(op0, op1 Operand) (ctOut *Ciphertext)
	MulRelin(op0, op1 Operand, ctOut *Ciphertext)
	MulRelinNew(op0, op1 Operand) (ctOut *Ciphertext)

	// Slot Rotations
	RotateNew(ctIn *Ciphertext, k int) (ctOut *Ciphertext)
	Rotate(ctIn *Ciphertext, k int, ctOut *Ciphertext)
	RotateHoisted(ctIn *Ciphertext, rotations []int) (ctOut map[int]*Ciphertext)

	// Multiplication by 2^{s}
	MulByPow2New(ctIn *Ciphertext, pow2 int) (ctOut *Ciphertext)
	MulByPow2(ctIn *Ciphertext, pow2 int, ctOut *Ciphertext)

	// Exponentiation
	PowerOf2(ctIn *Ciphertext, logPow2 int, ctOut *Ciphertext)
	Power(ctIn *Ciphertext, degree int, ctOut *Ciphertext)
	PowerNew(ctIn *Ciphertext, degree int) (ctOut *Ciphertext)

	// Polynomial evaluation
	EvaluatePoly(ctIn *Ciphertext, coeffs *Poly, targetScale float64) (ctOut *Ciphertext, err error)
	EvaluateCheby(ctIn *Ciphertext, cheby *ChebyshevInterpolation, targetScale float64) (ctOut *Ciphertext, err error)

	// Inversion
	InverseNew(ctIn *Ciphertext, steps int) (ctOut *Ciphertext)

	// Linear Transformations
	LinearTransform(ctIn *Ciphertext, linearTransform interface{}) (ctOut []*Ciphertext)
	MultiplyByDiagMatrix(ctIn *Ciphertext, matrix *PtDiagMatrix, c2QiQDecomp, c2QiPDecomp []*ring.Poly, ctOut *Ciphertext)
	MultiplyByDiagMatrixBSGS(ctIn *Ciphertext, matrix *PtDiagMatrix, c2QiQDecomp, c2QiPDecomp []*ring.Poly, ctOut *Ciphertext)

	// Inner sum
	InnerSumLog(ctIn *Ciphertext, batch, n int, ctOut *Ciphertext)
	InnerSum(ctIn *Ciphertext, batch, n int, ctOut *Ciphertext)

	// Replicatation (inverse of Inner sum)
	ReplicateLog(ctIn *Ciphertext, batch, n int, ctOut *Ciphertext)
	Replicate(ctIn *Ciphertext, batch, n int, ctOut *Ciphertext)

	// Key-Switching
	SwitchKeysNew(ctIn *Ciphertext, switchingKey *rlwe.SwitchingKey) (ctOut *Ciphertext)
	SwitchKeys(ctIn *Ciphertext, switchingKey *rlwe.SwitchingKey, ctOut *Ciphertext)

	// Degree Management
	RelinearizeNew(ctIn *Ciphertext) (ctOut *Ciphertext)
	Relinearize(ctIn *Ciphertext, ctOut *Ciphertext)

	// Scale Management
	ScaleUpNew(ctIn *Ciphertext, scale float64) (ctOut *Ciphertext)
	ScaleUp(ctIn *Ciphertext, scale float64, ctOut *Ciphertext)
	SetScale(ctIn *Ciphertext, scale float64)
	Rescale(ctIn *Ciphertext, minScale float64, ctOut *Ciphertext) (err error)

	// Level Management
	DropLevelNew(ctIn *Ciphertext, levels int) (ctOut *Ciphertext)
	DropLevel(ctIn *Ciphertext, levels int)

	// Modular Overflow Management
	ReduceNew(ctIn *Ciphertext) (ctOut *Ciphertext)
	Reduce(ctIn *Ciphertext, ctOut *Ciphertext) error

	// ==============
	// === Others ===
	// ==============
	ShallowCopy() Evaluator
	WithKey(rlwe.EvaluationKey) Evaluator
}

Evaluator is an interface implementing the methodes to conduct homomorphic operations between ciphertext and/or plaintexts.

func NewEvaluator

func NewEvaluator(params Parameters, evaluationKey rlwe.EvaluationKey) Evaluator

NewEvaluator creates a new Evaluator, that can be used to do homomorphic operations on the Ciphertexts and/or Plaintexts. It stores a small pool of polynomials and Ciphertexts that will be used for intermediate values.

type KeySwitchModuli added in v2.2.0

type KeySwitchModuli []uint64

KeySwitchModuli is a list of the special moduli used for the key-switching.

type Operand

type Operand interface {
	El() *rlwe.Ciphertext
	Degree() int
	Level() int
	ScalingFactor() float64
	SetScalingFactor(float64)
}

Operand is a common interface for Ciphertext and Plaintext types.

type Parameters

type Parameters struct {
	rlwe.Parameters
	// contains filtered or unexported fields
}

Parameters represents a parameter set for the CKKS cryptosystem. Its fields are private and immutable. See ParametersLiteral for user-specified parameters.

func NewParameters added in v2.2.0

func NewParameters(rlweParams rlwe.Parameters, logSlot int, scale float64) (p Parameters, err error)

NewParameters instantiate a set of CKKS parameters from the generic RLWE parameters and the CKKS-specific ones. It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.

func NewParametersFromLiteral added in v2.2.0

func NewParametersFromLiteral(pl ParametersLiteral) (Parameters, error)

NewParametersFromLiteral instantiate a set of CKKS parameters from a ParametersLiteral specification. It returns the empty parameters Parameters{} and a non-nil error if the specified parameters are invalid.

func (Parameters) CopyNew added in v2.2.0

func (p Parameters) CopyNew() Parameters

CopyNew makes a deep copy of the receiver and returns it.

func (Parameters) Equals

func (p Parameters) Equals(other Parameters) bool

Equals compares two sets of parameters for equality.

func (Parameters) LogQLvl

func (p Parameters) LogQLvl(level int) int

LogQLvl returns the size of the modulus Q in bits at a specific level

func (Parameters) LogSlots

func (p Parameters) LogSlots() int

LogSlots returns the log of the number of slots

func (Parameters) MarshalBinary

func (p Parameters) MarshalBinary() ([]byte, error)

MarshalBinary returns a []byte representation of the parameter set.

func (Parameters) MarshalBinarySize added in v2.2.0

func (p Parameters) MarshalBinarySize() int

MarshalBinarySize returns the length of the []byte encoding of the reciever.

func (Parameters) MarshalJSON added in v2.2.0

func (p Parameters) MarshalJSON() ([]byte, error)

MarshalJSON returns a JSON representation of this parameter set. See `Marshal` from the `encoding/json` package.

func (Parameters) MaxLevel

func (p Parameters) MaxLevel() int

MaxLevel returns the maximum ciphertext level

func (Parameters) MaxLogSlots

func (p Parameters) MaxLogSlots() int

MaxLogSlots returns the log of the maximum number of slots enabled by the parameters

func (Parameters) MaxSlots

func (p Parameters) MaxSlots() int

MaxSlots returns the theoretical maximum of plaintext slots allowed by the ring degree

func (Parameters) QLvl

func (p Parameters) QLvl(level int) *big.Int

QLvl returns the product of the moduli at the given level as a big.Int

func (Parameters) RotationsForDiagMatrixMult added in v2.2.0

func (p Parameters) RotationsForDiagMatrixMult(matrix *PtDiagMatrix) []int

RotationsForDiagMatrixMult generates of all the rotations needed for a the multiplication with the provided diagonal plaintext matrix.

func (Parameters) RotationsForInnerSum added in v2.2.0

func (p Parameters) RotationsForInnerSum(batch, n int) (rotations []int)

RotationsForInnerSum generates the rotations that will be performed by the `Evaluator.InnerSum` operation when performed with parameters `batch` and `n`.

func (Parameters) RotationsForInnerSumLog added in v2.2.0

func (p Parameters) RotationsForInnerSumLog(batch, n int) (rotations []int)

RotationsForInnerSumLog generates the rotations that will be performed by the `Evaluator.InnerSumLog` operation when performed with parameters `batch` and `n`.

func (Parameters) RotationsForReplicate added in v2.2.0

func (p Parameters) RotationsForReplicate(batch, n int) (rotations []int)

RotationsForReplicate generates the rotations that will be performed by the `Evaluator.Replicate` operation when performed with parameters `batch` and `n`.

func (Parameters) RotationsForReplicateLog added in v2.2.0

func (p Parameters) RotationsForReplicateLog(batch, n int) (rotations []int)

RotationsForReplicateLog generates the rotations that will be performed by the `Evaluator.ReplicateLog` operation when performed with parameters `batch` and `n`.

func (Parameters) RotationsForSubSum added in v2.2.0

func (p Parameters) RotationsForSubSum(logSlots int) (rotations []int)

RotationsForSubSum generates the rotations that will be performed by the `Evaluator.SubSum` operation.

func (Parameters) Scale

func (p Parameters) Scale() float64

Scale returns the default plaintext/ciphertext scale

func (Parameters) Slots

func (p Parameters) Slots() int

Slots returns number of available plaintext slots

func (*Parameters) UnmarshalBinary

func (p *Parameters) UnmarshalBinary(data []byte) (err error)

UnmarshalBinary decodes a []byte into a parameter set struct

func (*Parameters) UnmarshalJSON added in v2.2.0

func (p *Parameters) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON reads a JSON representation of a parameter set into the receiver Parameter. See `Unmarshal` from the `encoding/json` package.

type ParametersLiteral added in v2.2.0

type ParametersLiteral struct {
	LogN     int // Ring degree (power of 2)
	Q        []uint64
	P        []uint64
	LogQ     []int   `json:",omitempty"`
	LogP     []int   `json:",omitempty"`
	Sigma    float64 // Gaussian sampling variance
	LogSlots int
	Scale    float64
}

ParametersLiteral is a literal representation of BFV parameters. It has public fields and is used to express unchecked user-defined parameters literally into Go programs. The NewParametersFromLiteral function is used to generate the actual checked parameters from the literal representation.

type Plaintext

type Plaintext struct {
	*rlwe.Plaintext
	Scale float64
}

Plaintext is is a Element with only one Poly.

func NewPlaintext

func NewPlaintext(params Parameters, level int, scale float64) *Plaintext

NewPlaintext creates a new Plaintext of level level and scale scale.

func (*Plaintext) ScalingFactor added in v2.2.0

func (p *Plaintext) ScalingFactor() float64

ScalingFactor returns the scaling factor of the plaintext

func (*Plaintext) SetScalingFactor added in v2.2.0

func (p *Plaintext) SetScalingFactor(scale float64)

SetScalingFactor sets the scaling factor of the target plaintext

type Poly

type Poly struct {
	// contains filtered or unexported fields
}

Poly is a struct storing the coeffients of a polynomial that then can be evaluated on the ciphertext

func NewPoly

func NewPoly(coeffs []complex128) (p *Poly)

NewPoly creates a new Poly from the input coefficients

func (*Poly) Degree

func (p *Poly) Degree() int

Degree returns the degree of the polynomial

type PrecisionStats

type PrecisionStats struct {
	MaxDelta        complex128
	MinDelta        complex128
	MaxPrecision    complex128
	MinPrecision    complex128
	MeanDelta       complex128
	MeanPrecision   complex128
	MedianDelta     complex128
	MedianPrecision complex128
	STDFreq         float64
	STDTime         float64

	RealDist, ImagDist []struct {
		Prec  float64
		Count int
	}
	// contains filtered or unexported fields
}

PrecisionStats is a struct storing statistic about the precision of a CKKS plaintext

func GetPrecisionStats

func GetPrecisionStats(params Parameters, encoder Encoder, decryptor Decryptor, valuesWant []complex128, element interface{}, logSlots int, sigma float64) (prec PrecisionStats)

GetPrecisionStats generates a PrecisionStats struct from the reference values and the decrypted values

func (PrecisionStats) String

func (prec PrecisionStats) String() string

type PtDiagMatrix added in v2.2.0

type PtDiagMatrix struct {
	LogSlots int                   // Log of the number of slots of the plaintext (needed to compute the appropriate rotation keys)
	N1       int                   // N1 is the number of inner loops of the baby-step giant-step algo used in the evaluation.
	Level    int                   // Level is the level at which the matrix is encoded (can be circuit dependant)
	Scale    float64               // Scale is the scale at which the matrix is encoded (can be circuit dependant)
	Vec      map[int][2]*ring.Poly // Vec is the matrix, in diagonal form, where each entry of vec is an indexed non zero diagonal.
	// contains filtered or unexported fields
}

PtDiagMatrix is a struct storing a plaintext diagonalized matrix ready to be evaluated on a ciphertext using evaluator.MultiplyByDiagMatrice.

type ResidualModuli added in v2.2.0

type ResidualModuli []uint64

ResidualModuli is a list of the moduli available after the bootstrapping.

type SinType

type SinType uint64

SinType is the type of function used during the bootstrapping for the homomorphic modular reduction

type SineEvalModuli added in v2.2.0

type SineEvalModuli struct {
	Qi            []uint64
	ScalingFactor float64
}

SineEvalModuli is a list of the moduli used during the SineEval step.

type SlotsToCoeffsModuli added in v2.2.0

type SlotsToCoeffsModuli struct {
	Qi            []uint64
	ScalingFactor [][]float64
}

SlotsToCoeffsModuli is a list of the moduli used during the SlotsToCoeffs step.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL