Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better NTT & invNTT codes #148

Merged
merged 2 commits into from
Mar 24, 2020
Merged

Better NTT & invNTT codes #148

merged 2 commits into from
Mar 24, 2020

Conversation

fionser
Copy link
Contributor

@fionser fionser commented Mar 24, 2020

  1. Re-ordering inv_root_power so that the access pattern in invNTT can be sequential
  2. replace the div_two trick in invNTT. I found merge the n^{-1} step into the last layer of invNTT is faster.

Performance tests used the below parameters.

/
| Encryption parameters :
|   scheme: BFV
|   poly_modulus_degree: 16384
|   coeff_modulus size: 438 (48 + 48 + 48 + 49 + 49 + 49 + 49 + 49 + 49) bits
|   plain_modulus: 786433
\

Before:

Average multiply: 70728 microseconds
Average multiply plain: 11047 microseconds
Average square: 50622 microseconds
Average relinearize: 26351 microseconds
Average rotate rows one step: 26760 microseconds
Average rotate rows random: 118160 microseconds
Average rotate columns: 27619 microseconds

After:

Average multiply: 65593 microseconds
Average multiply plain: 10108 microseconds
Average square: 46441 microseconds
Average relinearize: 25216 microseconds
Average rotate rows one step: 25467 microseconds
Average rotate rows random: 119536 microseconds
Average rotate columns: 25547 microseconds

fionser added 2 commits March 24, 2020 15:42
@fionser
Re-ordering inv_root_powers_ so that the access pattern at inverse NT…
1561711 
…T is sequential.
@fionser
Replace div_two trick in invNTT.
82f595a 
1. I found the div_two trick in invNTT is slow, which introduces O(NlgN) more reductions.
   It seems better to merge the n^{-1} step with the last layer of invNTT.
   Actually, the modulo multiplication with a fixed value is fast via Shoup's accleration.
@fionser fionser mentioned this pull request Mar 24, 2020
Closed
@WeiDaiWD WeiDaiWD merged commit 38775d0 into microsoft:contrib Mar 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fionser @WeiDaiWD