Skip to content

Lattigo v4.0.0

Compare
Choose a tag to compare
@ChristianMct ChristianMct released this 04 Oct 12:58
80efe8b
  • Added BGV/DBGV schemes.
  • ALL: added default parameters for LogN=11 and LogN=10.
  • RING: prime generation no longer skips the first candidate.
  • RING: reworked marshalling of ring.Poly object. The new available methods are:
    • ring.Poly now has a .Buff 1-dimensional slice which is the only heavy allocation of a ring.Poly. The .Coeffs 2-dimensional slice is a re-slicing of .Buff.
    • GetDataLen64 and GetDataLen32: gets the length in bytes of an encoded ring.Poly object.
    • WriteTo64 and WriteTo32: encodes a ring.Poly object on a pre-allocated slice of bytes.
    • WriteCoeffsTo64 and WriteCoeffsTo32: encodes a slice of coefficients on a pre-allocated slice of bytes.
    • DecodeCoeffs64 and DecodeCoeffs32: decodes a slice of bytes on a slice of coefficients.
    • DecodePoly64 and DecodePoly32: decodes a slice of bytes on a pre-allocated ring.Poly object.
  • RING: renamed ring.Poly.Degree() to ring.Poly.N() for consistency.
  • RING: removed ring.Poly.LenModuli() deprecated method.
  • RING: changed ring.NewPoly to take the level as argument instead of the number of moduli, for consistency.
  • RLWE: added several types of ciphertexts:
    • rlwe.CiphertextQP represents a ciphertext that is encrypted in the extended ring R_QP.
    • rlwe.GadgetCiphertext represents an encryption in the extended ring R_QP of a plaintext that is decomposed in the CRT and power-of-two basis (e.g., plublic switching keys).
  • RLWE: changed representation of rlwe.PublicKey types which are now stored in Montgomerry form, consistently with all other key types.
  • RLWE: changed rlwe.SwitchingKey type to use rlwe.GadgetCiphertext internally.
  • RLWE: generalized rlwe.KeySwitcher into rlwe.Evaluator, which provides new functionalities:
    • DecomposeNTT: decomposes a polynomial modulo the special RNS basis and extends its basis from Q to QP.
    • DecomposeSingleNTT: decomposes a polynomial modulo a single power of the special RNS basis and extends its basis from Q to QP.
    • ExpandRLWE: extracts each coefficient of a RLWE sample to the degree-0 coefficient of multiple RLWE samples.
    • MergeRLWE: merges the degree-0 coefficient of multiple RLWE samples into a single RLWE sample.
    • GadgetProduct: evaluates ring.Poly x gadget.Ciphertext -> RLWE, where gadget.Ciphertext is a matrix of RLWE samples encrypting scaled plaintext by the special RNS basis and a modulus P.
    • GadgetProductNoModDown: evaluates ring.Poly x gadget.Ciphertext -> RLWE but without the division by P (the result is given mod QP).
    • GadgetProductSinglePAndBitDecompNoModDown: evaluates ring.Poly x gadget.Ciphertext -> RLWE, where gadget.Ciphertext is a matrix of RLWE samples encrypting scaled plaintext by the special RNS basis along with a base-2 basis and an optional prime P.
    • Relinearize: reduces the degree of a rlwe.Ciphertext to one by homomorphically evaluating the decryption of the higher-degree terms.
    • KeySwitch: homomorphically re-encrypts a rlwe.Ciphertext under a new secret.
    • KeyswitchHoisted: homomorphically re-encrypts a rlwe.Ciphertext under a series of new secrets, returning a new ciphertext for each secret.
    • KeyswitchHoistedNoModDown: homomorphically re-encrypts a rlwe.Ciphertext under a series of new secrets, returning a new ciphertext for each secret, but without the division by P (the result is given mod QP).
    • Automorphism: homomorphically evaluates the map X -> X^k.
    • AutomorphismHoisted: homomorphically evaluates multiple maps of the type X -> X^k, returning a new ciphertext for each map.
    • AutomorphismHoistedNoModDown: homomorphically evaluates multiple maps of the type X -> X^k, returning a new ciphertext for each map, but without the division by P (result is given mod QP).
    • Trace: homomorphically evaluates the map X -> sum((-1)^i * X^{i*n+1}) for n <= i < N.
    • ExternalProduct: evaluates rlwe.Ciphertext x rgsw.Ciphertext -> rlwe.Ciphertext.
  • RLWE: re-enabled bit-decomposition, on top of RNS decomposition, for the inner-product between rlwe.Ciphertext and gadget.Ciphertext.
    • This functionality can be enabled by setting Pow2Base to the desired power of two basis.
    • This functionality can be used in conjunction with the RNS hybrid decomposition (with a modulus P) only when P is composed of a single prime.
    • This functionality is disabled if Pow2Base is set to zero (default value).
  • RLWE: enabled instantiation of rlwe.Parameters without the modulus P.
  • RLWE: revamped the rlwe.Encryptor interface and implementing structs:
    • Added the .EncryptZero method to generate encryptions of zeros.
    • The .Encrypt and .EncryptZero now accept ct interface{} as their ciphertext argument and determine the type of encryption to be performed according to the runtime type of ct.
  • RLWE: added the PRNGEncryptor type, which supports secret-key encryption from a user-specified PRNG.
  • RLWE: rlwe.KeyGenerator now uses an rlwe.Encryptor internally, to generate secret keys, encryption keys and evaluation keys.
  • RLWE: extracted the rlwe/ringqp sub-package which provides the ringqp.Ring and ringqp.Poly types to respectively replace the former types rlwe.RingQP and rlwe.PolyQP.
  • DRLWE: added the Thresholdizer and Combiner types for t-out-of-N-threshold schemes through Shamir secret-sharing.
  • DRLWE: added a README.md providing package overview and usage instructions.
  • DRLWE: removed the obsolete CollectivePublicKeyGenerator, RelinearizationKeyGenerator, RotationKeyGenerator, PublicKeySwitchingProtocol and KeySwitchingProtocol interfaces.
  • DRLWE: renamed AggregateShare methods to AggregateShares.
  • RGSW: added package rgsw, which provides a partial implementation of the RLWE-based RGSW encryption scheme. This incluides:
    • rgsw.Encryptor and the rgsw.Ciphertext types.
    • rgsw.Evaluator to support the external product RLWE x RGSW -> RLWE.
    • rgsw/lut sub-package that provides evaluation of Look-Up-Tables (LUT) on rlwe.Ciphertext types.
  • BFV: renamed Encoder.DecodeRingT to Encoder.SwitchToRingT to better reflect the purpose of the method.
  • CKKS: fixed MulAndAdd correctness for non-identical inputs.
  • CKKS: added advanced.EncodingMatrixLiteral.RepackImag2Real optional field to repack the imaginary part into the right n real slots.
  • CKKS: Trace now only takes as input the logSlots of the encrypted plaintext.
  • CKKS: replaced the public variable .Scale with .scale, it can now be accessed with .Scale() and set to a new value with .SetScale().
  • CKKS: renamed the methods ScalingFactor and SetScalingFactor of the interface Operand to Scale and SetScale respectively.
  • CKKS/bootstrapping: renamed method Bootstrapp to Bootstrap.
  • BFV/CKKS: key-switching functionalities (such as rotations, relinearization and key-switching) are now all based on the rlwe.Evaluator.
  • BFV/CKKS: the parameters now are based on the sub-type rlwe.Parameters.
  • BFV/CKKS: removed deprecated methods EncryptFromCRP and EncryptFromCRPNew, users should now use the PRNGEncryptor interface.
  • BFV/CKKS: fixed a panic happening during the benchmark testing.
  • DBFV/DCKKS: removed the dbfv/dckks.CKGProtocol, dbfv/dckks.RKGProtocol and dbfv/dckks.RTGProtocol types. Users should use the corresponding drlwe types instead.
  • DBFV/DCKKS: MaskedTransformFunc is now a struct and takes as additional input to the linear transform two Boolean flags to parameterize if the decoding/encoding process must be done before/after the linear transform.
  • DBFV/DCKKS: refresh and maskedTransform protocols now allow the user to specify the output parameters, enabling parameter switching.
  • DCKKS: fixed dckks.RefreshProtocol correctness when the output scale is different from the input scale.
  • Examples: added examples/ckks/advanced/lut, which is an example that performs homomorphic decoding -> LUT -> homomorphic encoding on a ckks.Ciphertext.
  • Examples: removed examples/ckks/advanced/rlwe_lwe_bridge_LHHMQ20, which is replaced by examples/ckks/advanced/lut.
  • Examples: removed examples/rlwe/lwe_bridge since the code of this example is now part of rlwe.Evaluator and showcased in examples/ckks/advanced/lut.
  • CI: revamped Makefile to no longer require github.com/dedis/coding and integrated linting/vet checks.