参考文献:
- [ABB+22] Al Badawi A, Bates J, Bergamaschi F, et al. Openfhe: Open-source fully homomorphic encryption library[C]//Proceedings of the 10th Workshop on Encrypted Computing & Applied Homomorphic Cryptography. 2022: 53-63.
- openfheorg/openfhe-development
- Welcome to OpenFHE's documentation!
- 编译 OpenFHE
文章目录
param
class BinFHECryptoParams : public Serializable,描述 RGSW / RLWE 的参数
cpp
BinFHECryptoParams(const std::shared_ptr<LWECryptoParams>& lweparams,
const std::shared_ptr<RingGSWCryptoParams>& rgswparams);构造器,根据 LWE 和 RGSW 的参数去设置 BinFHE 的参数
*
cpp
std::shared_ptr<LWECryptoParams> m_LWEParams{nullptr}; // shared pointer to an instance of LWECryptoParams
std::shared_ptr<RingGSWCryptoParams> m_RGSWParams{nullptr}; // shared pointer to an instance of RGSWCryptoParams私有成员,分别存储:LWE 参数、RGSW 参数
context
class BinFHEContext : public Serializable,存储上下文信息
cpp
void GenerateBinFHEContext(uint32_t n, uint32_t N, const NativeInteger& q, const NativeInteger& Q, double std,
uint32_t baseKS, uint32_t baseG, uint32_t baseR, SecretKeyDist keyDist = UNIFORM_TERNARY,
BINFHE_METHOD method = GINX, uint32_t numAutoKeys = 10);根据设置的参数,生成上下文
*
cpp
std::shared_ptr<LWEEncryptionScheme> m_LWEscheme{nullptr}; // Shared pointer to the underlying additive LWE scheme
std::shared_ptr<BinFHEScheme> m_binfhescheme{nullptr}; // Shared pointer to the underlying RingGSW/RLWE scheme私钥成员,记录了 LWE 以及 RGSW / RLWE 的参数和接口
*
cpp
LWEPrivateKey KeyGen() const;
LWEPublicKey PubKeyGen(ConstLWEPrivateKey& sk) const;生成 LWE 的私钥、公钥
*
cpp
LWECiphertext Encrypt(ConstLWEPrivateKey& sk, LWEPlaintext m, BINFHE_OUTPUT output = BOOTSTRAPPED,
LWEPlaintextModulus p = 4, const NativeInteger& mod = 0) const;
void Decrypt(ConstLWEPrivateKey& sk, ConstLWECiphertext& ct, LWEPlaintext* result, LWEPlaintextModulus p = 4) const;LWE 的加密/解密
*
cpp
LWEPrivateKey KeyGenN() const;
LWESwitchingKey KeySwitchGen(ConstLWEPrivateKey& sk, ConstLWEPrivateKey& skN) const;生成 RLWE 私钥,以及从 ( Q , N ) (Q,N) (Q,N)-RLWE 到 ( q , n ) (q,n) (q,n)-LWE 的 KSK
*
cpp
LWECiphertext SwitchCTtoqn(ConstLWESwitchingKey& ksk, ConstLWECiphertext& ct) const;执行从 ( Q , N ) (Q,N) (Q,N)-RLWE 到 ( q , n ) (q,n) (q,n)-LWE 的密钥切换
*
cpp
void BTKeyGen(ConstLWEPrivateKey& sk, KEYGEN_MODE keygenMode = SYM_ENCRYPT);生成对应的 BK 并存储为数据成员,它的格式:
cpp
typedef struct {
// refreshing key
RingGSWACCKey BSkey;
// switching key
LWESwitchingKey KSkey;
// public key
LWEPublicKey Pkey;
} RingGSWBTKey;-
GetPublicKey, GetSwitchKey, GetRefreshKey,获取 BK 中存储的三种密钥
cpp
LWECiphertext Bootstrap(ConstLWECiphertext& ct) const;自举,包括 [DM15]、[CGGI16]、[LMK+23] 三种盲旋转算法
*
cpp
LWECiphertext EvalBinGate(BINGATE gate, ConstLWECiphertext& ct1, ConstLWECiphertext& ct2) const;
LWECiphertext EvalBinGate(BINGATE gate, const std::vector<LWECiphertext>& ctvector) const;
LWECiphertext EvalNOT(ConstLWECiphertext& ct) const;
LWECiphertext EvalConstant(bool value) const;前者计算 2 2 2 扇入,后者计算 3 , 4 3,4 3,4 扇入,支持的布尔门:OR, AND, NOR, NAND, XOR_FAST, XNOR_FAST, MAJORITY, AND3, OR3, AND4, OR4, CMUX, XOR, XNOR,以及 NOT 和 Constant
*
cpp
std::vector<NativeInteger> GenerateLUTviaFunction(NativeInteger (*f)(NativeInteger m, NativeInteger p), NativeInteger p);根据任意函数 f : Z p → Z p f:\mathbb Z_p \to \mathbb Z_p f:Zp→Zp 生成 LUT:设置 Δ i n = Δ o u t = q / p \Delta_{in}=\Delta_{out}=q/p Δin=Δout=q/p,其中 p ≤ q ≤ 2 N p \le q \le 2N p≤q≤2N 都是二的幂次,令 T V [ i ] = Δ o u t ⋅ f ( ⌊ i / Δ i n ⌋ ) , i = 0 , 1 , ⋯ , q − 1 TV[i]=\Delta_{out} \cdot f(\lfloor i/\Delta_{in}\rfloor), i=0,1,\cdots,q-1 TV[i]=Δout⋅f(⌊i/Δin⌋),i=0,1,⋯,q−1
*
cpp
LWECiphertext EvalFunc(ConstLWECiphertext& ct, const std::vector<NativeInteger>& LUT) const;[LMP22] 的 FDFB ,它会自动检查 LUT 的性质(反循环、周期、任意)。
-
如果是反循环的:简单执行一次 PBS 即可
-
如果是 q / 2 q/2 q/2-周期的:先执行 PBS 提取出符号位把它减去,再执行一次 PBS 完成函数计算
-
如果是任意的:进一步要求 q ≤ N q \le N q≤N,强行提升 1 1 1-bit 模数 ,先执行 PBS 提取出符号位把它减去,再执行一次 PBS 完成函数计算,最后模切换回到 q q q 上
cpp
LWECiphertext EvalSign(ConstLWECiphertext& ct, bool schemeSwitch = false);[LMP22] 的高精度符号函数
*
cpp
LWECiphertext EvalFloor(ConstLWECiphertext& ct, uint32_t roundbits = 0) const;
std::vector<LWECiphertext> EvalDecomp(ConstLWECiphertext& ct);[LMP22] 的同态舍入 、同态数字分解
constants
定义了一些参数选项,用于
cpp
enum BINFHE_PARAMSET {
TOY, // no security
MEDIUM, // 108 bits of security for classical and 100 bits for quantum
STD128_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n
STD128_AP, // Optimized for AP (has higher failure probability for GINX) -
// more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n
STD128, // more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n
STD192, // more than 192 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n
STD256, // more than 256 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n
STD128Q, // more than 128 bits of security for quantum attacks -
// optimize runtime by finding a non-power-of-two n
STD128Q_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for quantum attacks -
// optimize runtime by finding a non-power-of-two n
STD192Q, // more than 192 bits of security for quantum attacks -
// optimize runtime by finding a non-power-of-two n
STD256Q, // more than 256 bits of security for quantum attacks -
// optimize runtime by finding a non-power-of-two n
STD128_3, // more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD128_3_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD128Q_3, // more than 128 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD128Q_3_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD192Q_3, // more than 192 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD256Q_3, // more than 256 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD128_4, // more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
STD128_4_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
STD128Q_4, // more than 128 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
STD128Q_4_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
STD192Q_4, // more than 192 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
STD256Q_4, // more than 256 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
SIGNED_MOD_TEST // special parameter set for confirming the signed modular
// reduction in the accumulator updates works correctly
};具体的参数是:
cpp
constexpr double STD_DEV = 3.19;
const std::unordered_map<BINFHE_PARAMSET, BinFHEContextParams> paramsMap({
// numberBits|cyclOrder|latticeParam| mod| modKS| stdDev| baseKS| gadgetBase| baseRK| numAutoKeys| keyDist
{ TOY, { 27, 1024, 64, 512, PRIME, STD_DEV, 25, 1 << 9, 23, 9, UNIFORM_TERNARY} },
{ MEDIUM, { 28, 2048, 422, 1024, 1 << 14, STD_DEV, 1 << 7, 1 << 10, 32, 10, UNIFORM_TERNARY} },
{ STD128_LMKCDEY, { 28, 2048, 446, 1024, 1 << 13, STD_DEV, 1 << 5, 1 << 10, 32, 10, GAUSSIAN } },
{ STD128_AP, { 27, 2048, 503, 1024, 1 << 14, STD_DEV, 1 << 5, 1 << 9, 32, 10, UNIFORM_TERNARY} },
{ STD128, { 27, 2048, 503, 1024, 1 << 14, STD_DEV, 1 << 5, 1 << 9, 32, 10, UNIFORM_TERNARY} },
{ STD192, { 37, 4096, 805, 1024, 1 << 15, STD_DEV, 32, 1 << 13, 32, 10, UNIFORM_TERNARY} },
{ STD256, { 29, 4096, 990, 2048, 1 << 14, STD_DEV, 1 << 7, 1 << 8, 46, 10, UNIFORM_TERNARY} },
{ STD128Q, { 25, 2048, 534, 1024, 1 << 14, STD_DEV, 32, 1 << 7, 32, 10, UNIFORM_TERNARY} },
{ STD128Q_LMKCDEY, { 27, 2048, 448, 1024, 1 << 13, STD_DEV, 32, 1 << 9, 32, 10, GAUSSIAN } },
{ STD192Q, { 35, 4096, 875, 1024, 1 << 15, STD_DEV, 32, 1 << 12, 32, 10, UNIFORM_TERNARY} },
{ STD256Q, { 27, 4096, 1225, 1024, 1 << 16, STD_DEV, 16, 1 << 7, 32, 10, UNIFORM_TERNARY} },
{ STD128_3, { 27, 2048, 541, 1024, 1 << 15, STD_DEV, 32, 1 << 7, 32, 10, UNIFORM_TERNARY} },
{ STD128_3_LMKCDEY, { 28, 2048, 485, 1024, 1 << 15, STD_DEV, 32, 1 << 10, 32, 10, GAUSSIAN } },
{ STD128Q_3, { 50, 4096, 575, 2048, 1 << 15, STD_DEV, 32, 1 << 25, 32, 10, UNIFORM_TERNARY} },
{ STD128Q_3_LMKCDEY, { 27, 2048, 524, 1024, 1 << 15, STD_DEV, 32, 1 << 9, 32, 10, GAUSSIAN } },
{ STD192Q_3, { 34, 4096, 922, 2048, 1 << 16, STD_DEV, 16, 1 << 12, 32, 10, UNIFORM_TERNARY} },
{ STD256Q_3, { 27, 4096, 1400, 4096, 1 << 16, STD_DEV, 21, 1 << 6, 32, 10, UNIFORM_TERNARY} },
{ STD128_4, { 27, 2048, 541, 2048, 1 << 15, STD_DEV, 32, 1 << 7, 32, 10, UNIFORM_TERNARY} },
{ STD128_4_LMKCDEY, { 28, 2048, 522, 2048, 1 << 15, STD_DEV, 32, 1 << 10, 32, 10, GAUSSIAN } },
{ STD128Q_4, { 50, 4096, 647, 2048, 1 << 16, STD_DEV, 16, 1 << 25, 32, 10, UNIFORM_TERNARY} },
{ STD128Q_4_LMKCDEY, { 27, 2048, 524, 2048, 1 << 15, STD_DEV, 32, 1 << 7, 32, 10, GAUSSIAN } },
{ STD192Q_4, { 34, 4096, 980, 2048, 1 << 17, STD_DEV, 16, 1 << 12, 32, 10, UNIFORM_TERNARY} },
{ STD256Q_4, { 27, 4096, 1625, 4096, 1 << 21, STD_DEV, 16, 1 << 6, 32, 10, UNIFORM_TERNARY} },
{ SIGNED_MOD_TEST, { 28, 2048, 512, 1024, PRIME, STD_DEV, 25, 1 << 7, 23, 10, UNIFORM_TERNARY} },
});BinFHE
class BinFHEScheme,实现了 TFHE / FHEW 方案
cpp
explicit BinFHEScheme(BINFHE_METHOD method);构造器,自举方法有三种:
cpp
enum BINFHE_METHOD {
INVALID_METHOD = 0,
AP, // Ducas-Micciancio variant
GINX, // Chillotti-Gama-Georgieva-Izabachene variant
LMKCDEY, // Lee-Micciancio-Kim-Choi-Deryabin-Eom-Yoo variant, ia.cr/2022/198
};
cpp
RingGSWBTKey KeyGen(const std::shared_ptr<BinFHECryptoParams>& params, ConstLWEPrivateKey& LWEsk,
KEYGEN_MODE keygenMode) const;根据 LWE 和 RGSW 的参数,以及 LWE 私钥,生成对应的自举密钥
-
Bootstrap, EvalBinGate, EvalNOT, EvalFunc, EvalFloor, EvalSign, EvalDecomp,执行 BTS / PBS / FDFB -
BootstrapGateCore, BootstrapFuncCore, BootstrapFunc,私有接口,最底层的自举实现
cpp
static uint32_t checkInputFunction(const std::vector<NativeInteger>& lut, NativeInteger mod);判断 LUT 的性质:反循环(0),周期(1),任意(2)
LWE
param
class LWECryptoParams : public Serializable,描述 LWE 的参数
cpp
explicit LWECryptoParams(uint32_t n, uint32_t N, const NativeInteger& q, const NativeInteger& Q,
const NativeInteger& q_KS, double std, uint32_t baseKS,
SecretKeyDist keyDist = UNIFORM_TERNARY)构造器
*
cpp
NativeInteger m_q{}; // modulus for the additive LWE scheme
NativeInteger m_Q{}; // modulus for the RingGSW/RingLWE scheme
NativeInteger m_qKS{}; // modulus for key-switching
uint32_t m_n{}; // lattice parameter for the additive LWE scheme
uint32_t m_N{}; // ring dimension for RingGSW/RingLWE scheme
uint32_t m_baseKS{}; // Base used in key switching
SecretKeyDist m_keyDist{SecretKeyDist::UNIFORM_TERNARY}; // Secret key distribution: GAUSSIAN, UNIFORM_TERNARY, etc.
DiscreteGaussianGeneratorImpl<NativeVector> m_dgg; // Error distribution generator
DiscreteGaussianGeneratorImpl<NativeVector> m_ks_dgg; // Error distribution generator for key switching私有属性:三个密文模数( q ≤ q K S ≤ Q q \le q_{KS} \le Q q≤qKS≤Q),两个维度( n n n 任意, N N N 是二的幂次),数字分解基,私钥分布,噪声采样器
PKE
class LWEEncryptionScheme,定义了 LWE 加密方案
cpp
LWEPrivateKey KeyGen(usint size, const NativeInteger& modulus) const;生成 ( q , n ) (q,n) (q,n)-LWE 的私钥(用于加密数据)
*
cpp
LWEKeyPair KeyGenPair(const std::shared_ptr<LWECryptoParams>& params) const;生成 ( Q , N ) (Q,N) (Q,N)-LWE 的公私钥(用于自举)
*
cpp
LWECiphertext Encrypt(const std::shared_ptr<LWECryptoParams>& params, ConstLWEPrivateKey& sk, LWEPlaintext m,
LWEPlaintextModulus p = 4, NativeInteger mod = 0) const;
LWECiphertext EncryptN(const std::shared_ptr<LWECryptoParams>& params, ConstLWEPublicKey& pk, LWEPlaintext m,
LWEPlaintextModulus p = 4, NativeInteger mod = 0) const;对称加密、公钥加密
*
cpp
LWECiphertext NoiselessEmbedding(const std::shared_ptr<LWECryptoParams>& params, LWEPlaintext m) const;无噪声的密文
-
EvalAddEq, EvalAddConstEq, EvalSubEq, EvalSubEq2, valMultConstEq,线性同态
cpp
LWECiphertext ModSwitch(NativeInteger q, ConstLWECiphertext& ctQ) const;模切换,从 Q Q Q 到 q q q(除法 + 舍入)
*
cpp
LWESwitchingKey KeySwitchGen(const std::shared_ptr<LWECryptoParams>& params, ConstLWEPrivateKey& sk,
ConstLWEPrivateKey& skN) const;
LWECiphertext KeySwitch(const std::shared_ptr<LWECryptoParams>& params, ConstLWESwitchingKey& K,
ConstLWECiphertext& ctQN) const;密钥切换,从 N N N 到 n n n,使用 BV-type KS 过程, 机器字的 Digit-decomposition(不必使用 RNS)
ciphertext
class LWECiphertextImpl : public Serializable,密文格式
cpp
LWECiphertextImpl(const NativeVector& a, const NativeInteger& b);构造器
*
cpp
NativeVector m_a{};
NativeInteger m_b{};
NativeInteger m_p = 4; // pt modulus私有成员,存储数据
GetA, GetB, SetA, SetB,密文的读写
priv-key
class LWEPrivateKeyImpl : public Serializable,私钥的结构
cpp
NativeVector m_s{};私有成员,存储私钥向量
pub-key
class LWEPublicKeyImpl : public Serializable,公钥的结构
cpp
std::vector<NativeVector> m_A;
NativeVector m_v;私有成员,零消息的若干个 LWE 密文
KSK
class LWESwitchingKeyImpl : public Serializable,密钥切换密钥的结构
cpp
std::vector<std::vector<std::vector<NativeVector>>> m_keyA;
std::vector<std::vector<std::vector<NativeInteger>>> m_keyB;私有成员,私钥的 Powers-of-base 的若干个 LWE 密文
RGSW
param
class RingGSWCryptoParams : public Serializable,描述 RGSW / RLWE 的参数
cpp
explicit RingGSWCryptoParams(uint32_t N, NativeInteger Q, NativeInteger q, uint32_t baseG, uint32_t baseR,
BINFHE_METHOD method, double std, SecretKeyDist keyDist = UNIFORM_TERNARY,
bool signEval = false, uint32_t numAutoKeys = 10);构造器
*
cpp
void RingGSWCryptoParams::PreCompute(bool signEval);预计算:Powers-of-base(AP-type 的分解 B R i B_R^i BRi、RGSW 的分解 B G j B_G^j BGj),gate-constants(布尔门的 PBS 用到),多项式 N T T ( X k − 1 ) NTT(X^k-1) NTT(Xk−1)(GINX-type 中的 CMux)
eval-key
class RingGSWEvalKeyImpl : public Serializable,定义了 Eval-Key(使用 RLWE 加密某个单项式 c i X i c_iX^i ciXi 及其和私钥乘积 c i X i ⋅ s k N c_iX^i \cdot sk_N ciXi⋅skN 的 Powers-of-base,组成一个 RGSW 密文)
cpp
std::vector<std::vector<NativePoly>> m_elements;私有成员,存储了单个 RGSW 密文(分解 + 内积 = 强线性同态)
*
cpp
explicit RingGSWEvalKeyImpl(const std::vector<std::vector<NativePoly>>& elements);构造器
*
cpp
void SetFormat(const Format format);实现 m_elements 的 NTT/INTT 转换,其中 enum Format { EVALUATION = 0, COEFFICIENT = 1 };
acc-key
class RingGSWACCKeyImpl : public Serializable,定义了 ACC-Key(使用 GSW 加密许多的单项式组成自举密钥,[DM15] 加密 X s i v B R j X^{s_ivB_R^j} XsivBRj,[CGGI16] 加密 s i ( u ) s_i^{(u)} si(u),[LMK+23] 加密 X s i X^{s_i} Xsi)
cpp
std::vector<std::vector<std::vector<RingGSWEvalKey>>> m_key;RingGSWEvalKey(RGSW 密文)的三维数组 (FHEW 分别枚举 s i , i = 1 , ⋯ , n s_i,i=1,\cdots,n si,i=1,⋯,n 和 v = 1 , ⋯ , B R − 1 v=1,\cdots,B_R-1 v=1,⋯,BR−1 以及 B R j , j = 0 , 1 , ⋯ , ⌊ log q ⌋ B_R^j,j=0,1,\cdots,\lfloor\log q\rfloor BRj,j=0,1,⋯,⌊logq⌋)
*
cpp
explicit RingGSWACCKeyImpl(const std::vector<std::vector<std::vector<RingGSWEvalKey>>>& key);构造器
ACC
class RingGSWAccumulator,定义了盲旋转的接口
cpp
virtual RingGSWACCKey KeyGenAcc(const std::shared_ptr<RingGSWCryptoParams>& params, const NativePoly& skNTT,
ConstLWEPrivateKey& LWEsk) const;生成自举密钥,虚拟的
*
cpp
virtual void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek,
RLWECiphertext& acc, const NativeVector& a) const;执行盲旋转,虚拟的
*
cpp
void SignedDigitDecompose(const std::shared_ptr<RingGSWCryptoParams>& params, const const NativePoly& input
std::vector<NativePoly>& output) const;将环元素做 approximate gadget decomposition ,用于 RGSW 同态乘法。对于系数 c ∈ [ − q / 2 , q / 2 ) c \in [-q/2,q/2) c∈[−q/2,q/2),首先把 [ c ] B [c]_B [c]B 删除(这是干嘛?),然后对 ( c − [ c ] B ) / B (c-[c]_B)/B (c−[c]B)/B 执行 B B B-进制数字分解。
DM
class RingGSWAccumulatorDM final : public RingGSWAccumulator,实现了 [DM15] 的盲旋转算法
cpp
RingGSWACCKey KeyGenAcc(const std::shared_ptr<RingGSWCryptoParams>& params, const NativePoly& skNTT,
ConstLWEPrivateKey& LWEsk) const override;生成自举密钥,形如 R G S W ( X s i v B R j ) RGSW(X^{s_ivB_R^j}) RGSW(XsivBRj),其中 v ∈ [ B R ] v \in [B_R] v∈[BR]
*
cpp
void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek, RLWECiphertext& acc,
const NativeVector& a) const override;执行盲旋转(数字分解 + 子集和)
CGGI
class RingGSWAccumulatorCGGI final : public RingGSWAccumulator,实现了 [CGGI16] 的盲旋转算法
cpp
RingGSWACCKey KeyGenAcc(const std::shared_ptr<RingGSWCryptoParams>& params, const NativePoly& skNTT,
ConstLWEPrivateKey& LWEsk) const override;生成自举密钥,仅支持 ternary secrets ,选取 U = { 1 , − 1 } U=\{1,-1\} U={1,−1},形如 R G S W ( s i ( u ) ) RGSW(s_i^{(u)}) RGSW(si(u)),满足 s i = s i ( 1 ) − s i ( − 1 ) s_i = s_i^{(1)} - s_i^{(-1)} si=si(1)−si(−1)
*
cpp
void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek, RLWECiphertext& acc,
const NativeVector& a) const override;执行盲旋转(CMux-based OBDD ),分别关于 s i ( 1 ) , s i ( 1 ) s_i^{(1)}, s_i^{(1)} si(1),si(1) 执行外积,并没有合并
LMK+
class RingGSWAccumulatorLMKCDEY final : public RingGSWAccumulator,实现了 [LMK+23] 的盲旋转算法
cpp
RingGSWACCKey KeyGenAcc(const std::shared_ptr<RingGSWCryptoParams>& params, const NativePoly& skNTT,
ConstLWEPrivateKey& LWEsk) const override;生成自举密钥,一部分形如 R G S W ( X s i ) RGSW(X^{s_i}) RGSW(Xsi),另一部分形如 R G S W ( s k N ( X − g ) ) RGSW(sk_N(X^{-g})) RGSW(skN(X−g)) 以及 R G S W ( s k N ( X g i ) ) RGSW(sk_N(X^{g^i})) RGSW(skN(Xgi)),其中 i = 1 , 2 , ⋯ , w i=1,2,\cdots,w i=1,2,⋯,w,窗口大小 w w w
*
cpp
void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek, RLWECiphertext& acc,
const NativeVector& a) const override;执行盲旋转(Galois 自同构)