参考文献:
ABB+22\] Al Badawi A, Bates J, Bergamaschi F, et al. Openfhe: Open-source fully homomorphic encryption library\[C\]//Proceedings of the 10th Workshop on Encrypted Computing \& Applied Homomorphic Cryptography. 2022: 53-63.
Welcome to OpenFHE's documentation! 编译 OpenFHE
文章目录
param
class BinFHECryptoParams : public Serializable,描述 RGSW / RLWE 的参数
cpp
复制代码
BinFHECryptoParams(const std::shared_ptr<LWECryptoParams>& lweparams,
const std::shared_ptr<RingGSWCryptoParams>& rgswparams);
构造器,根据 LWE 和 RGSW 的参数去设置 BinFHE 的参数
cpp
复制代码
std::shared_ptr<LWECryptoParams> m_LWEParams{nullptr}; // shared pointer to an instance of LWECryptoParams
std::shared_ptr<RingGSWCryptoParams> m_RGSWParams{nullptr}; // shared pointer to an instance of RGSWCryptoParams
私有成员,分别存储:LWE 参数、RGSW 参数
context
class BinFHEContext : public Serializable,存储上下文信息
cpp
复制代码
void GenerateBinFHEContext(uint32_t n, uint32_t N, const NativeInteger& q, const NativeInteger& Q, double std,
uint32_t baseKS, uint32_t baseG, uint32_t baseR, SecretKeyDist keyDist = UNIFORM_TERNARY,
BINFHE_METHOD method = GINX, uint32_t numAutoKeys = 10);
根据设置的参数,生成上下文
cpp
复制代码
std::shared_ptr<LWEEncryptionScheme> m_LWEscheme{nullptr}; // Shared pointer to the underlying additive LWE scheme
std::shared_ptr<BinFHEScheme> m_binfhescheme{nullptr}; // Shared pointer to the underlying RingGSW/RLWE scheme
私钥成员,记录了 LWE 以及 RGSW / RLWE 的参数和接口
cpp
复制代码
LWEPrivateKey KeyGen() const;
LWEPublicKey PubKeyGen(ConstLWEPrivateKey& sk) const;
生成 LWE 的私钥、公钥
cpp
复制代码
LWECiphertext Encrypt(ConstLWEPrivateKey& sk, LWEPlaintext m, BINFHE_OUTPUT output = BOOTSTRAPPED,
LWEPlaintextModulus p = 4, const NativeInteger& mod = 0) const;
void Decrypt(ConstLWEPrivateKey& sk, ConstLWECiphertext& ct, LWEPlaintext* result, LWEPlaintextModulus p = 4) const;
LWE 的加密/解密
cpp
复制代码
LWEPrivateKey KeyGenN() const;
LWESwitchingKey KeySwitchGen(ConstLWEPrivateKey& sk, ConstLWEPrivateKey& skN) const;
生成 RLWE 私钥,以及从 ( Q , N ) (Q,N) (Q,N)-RLWE 到 ( q , n ) (q,n) (q,n)-LWE 的 KSK
cpp
复制代码
LWECiphertext SwitchCTtoqn(ConstLWESwitchingKey& ksk, ConstLWECiphertext& ct) const;
执行从 ( Q , N ) (Q,N) (Q,N)-RLWE 到 ( q , n ) (q,n) (q,n)-LWE 的密钥切换
cpp
复制代码
void BTKeyGen(ConstLWEPrivateKey& sk, KEYGEN_MODE keygenMode = SYM_ENCRYPT);
生成对应的 BK 并存储为数据成员,它的格式:
cpp
复制代码
typedef struct {
// refreshing key
RingGSWACCKey BSkey;
// switching key
LWESwitchingKey KSkey;
// public key
LWEPublicKey Pkey;
} RingGSWBTKey;
cpp
复制代码
LWECiphertext Bootstrap(ConstLWECiphertext& ct) const;
自举,包括 [DM15]、[CGGI16]、[LMK+23] 三种盲旋转算法
cpp
复制代码
LWECiphertext EvalBinGate(BINGATE gate, ConstLWECiphertext& ct1, ConstLWECiphertext& ct2) const;
LWECiphertext EvalBinGate(BINGATE gate, const std::vector<LWECiphertext>& ctvector) const;
LWECiphertext EvalNOT(ConstLWECiphertext& ct) const;
LWECiphertext EvalConstant(bool value) const;
前者计算 2 2 2 扇入,后者计算 3 , 4 3,4 3,4 扇入,支持的布尔门:OR, AND, NOR, NAND, XOR_FAST, XNOR_FAST, MAJORITY, AND3, OR3, AND4, OR4, CMUX, XOR, XNOR,以及 NOT 和 Constant
cpp
复制代码
std::vector<NativeInteger> GenerateLUTviaFunction(NativeInteger (*f)(NativeInteger m, NativeInteger p), NativeInteger p);
根据任意函数 f : Z p → Z p f:\mathbb Z_p \to \mathbb Z_p f:Zp→Zp 生成 LUT:设置 Δ i n = Δ o u t = q / p \Delta_{in}=\Delta_{out}=q/p Δin=Δout=q/p,其中 p ≤ q ≤ 2 N p \le q \le 2N p≤q≤2N 都是二的幂次,令 T V [ i ] = Δ o u t ⋅ f ( ⌊ i / Δ i n ⌋ ) , i = 0 , 1 , ⋯ , q − 1 TV[i]=\Delta_{out} \cdot f(\lfloor i/\Delta_{in}\rfloor), i=0,1,\cdots,q-1 TV[i]=Δout⋅f(⌊i/Δin⌋),i=0,1,⋯,q−1
cpp
复制代码
LWECiphertext EvalFunc(ConstLWECiphertext& ct, const std::vector<NativeInteger>& LUT) const;
LMP22\] 的 **FDFB** ,它会自动检查 LUT 的性质(**反循环、周期、任意**)。
* 如果是反循环的:简单执行一次 PBS 即可
* 如果是 q / 2 q/2 q/2-周期的:先执行 PBS **提取出符号位把它减去**,再执行一次 PBS 完成函数计算
* 如果是任意的:进一步要求 q ≤ N q \\le N q≤N,**强行提升 1 1 1-bit 模数** ,先执行 PBS 提取出符号位把它减去,再执行一次 PBS 完成函数计算,最后模切换回到 q q q 上
*
```cpp
LWECiphertext EvalSign(ConstLWECiphertext& ct, bool schemeSwitch = false);
```
\[LMP22\] 的**高精度符号函数**
*
```cpp
LWECiphertext EvalFloor(ConstLWECiphertext& ct, uint32_t roundbits = 0) const;
std::vector EvalDecomp(ConstLWECiphertext& ct);
```
\[LMP22\] 的**同态舍入** 、**同态数字分解**
## constants
定义了一些参数选项,用于
```cpp
enum BINFHE_PARAMSET {
TOY, // no security
MEDIUM, // 108 bits of security for classical and 100 bits for quantum
STD128_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n
STD128_AP, // Optimized for AP (has higher failure probability for GINX) -
// more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n
STD128, // more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n
STD192, // more than 192 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n
STD256, // more than 256 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n
STD128Q, // more than 128 bits of security for quantum attacks -
// optimize runtime by finding a non-power-of-two n
STD128Q_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for quantum attacks -
// optimize runtime by finding a non-power-of-two n
STD192Q, // more than 192 bits of security for quantum attacks -
// optimize runtime by finding a non-power-of-two n
STD256Q, // more than 256 bits of security for quantum attacks -
// optimize runtime by finding a non-power-of-two n
STD128_3, // more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD128_3_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD128Q_3, // more than 128 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD128Q_3_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD192Q_3, // more than 192 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD256Q_3, // more than 256 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 3 binary inputs
STD128_4, // more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
STD128_4_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for classical computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
STD128Q_4, // more than 128 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
STD128Q_4_LMKCDEY, // Optimized for LMKCDEY (using Gaussian secrets) -
// more than 128 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
STD192Q_4, // more than 192 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
STD256Q_4, // more than 256 bits of security for quantum computer attacks -
// optimize runtime by finding a non-power-of-two n for 4 binary inputs
SIGNED_MOD_TEST // special parameter set for confirming the signed modular
// reduction in the accumulator updates works correctly
};
```
具体的参数是:
```cpp
constexpr double STD_DEV = 3.19;
const std::unordered_map paramsMap({
// numberBits|cyclOrder|latticeParam| mod| modKS| stdDev| baseKS| gadgetBase| baseRK| numAutoKeys| keyDist
{ TOY, { 27, 1024, 64, 512, PRIME, STD_DEV, 25, 1 << 9, 23, 9, UNIFORM_TERNARY} },
{ MEDIUM, { 28, 2048, 422, 1024, 1 << 14, STD_DEV, 1 << 7, 1 << 10, 32, 10, UNIFORM_TERNARY} },
{ STD128_LMKCDEY, { 28, 2048, 446, 1024, 1 << 13, STD_DEV, 1 << 5, 1 << 10, 32, 10, GAUSSIAN } },
{ STD128_AP, { 27, 2048, 503, 1024, 1 << 14, STD_DEV, 1 << 5, 1 << 9, 32, 10, UNIFORM_TERNARY} },
{ STD128, { 27, 2048, 503, 1024, 1 << 14, STD_DEV, 1 << 5, 1 << 9, 32, 10, UNIFORM_TERNARY} },
{ STD192, { 37, 4096, 805, 1024, 1 << 15, STD_DEV, 32, 1 << 13, 32, 10, UNIFORM_TERNARY} },
{ STD256, { 29, 4096, 990, 2048, 1 << 14, STD_DEV, 1 << 7, 1 << 8, 46, 10, UNIFORM_TERNARY} },
{ STD128Q, { 25, 2048, 534, 1024, 1 << 14, STD_DEV, 32, 1 << 7, 32, 10, UNIFORM_TERNARY} },
{ STD128Q_LMKCDEY, { 27, 2048, 448, 1024, 1 << 13, STD_DEV, 32, 1 << 9, 32, 10, GAUSSIAN } },
{ STD192Q, { 35, 4096, 875, 1024, 1 << 15, STD_DEV, 32, 1 << 12, 32, 10, UNIFORM_TERNARY} },
{ STD256Q, { 27, 4096, 1225, 1024, 1 << 16, STD_DEV, 16, 1 << 7, 32, 10, UNIFORM_TERNARY} },
{ STD128_3, { 27, 2048, 541, 1024, 1 << 15, STD_DEV, 32, 1 << 7, 32, 10, UNIFORM_TERNARY} },
{ STD128_3_LMKCDEY, { 28, 2048, 485, 1024, 1 << 15, STD_DEV, 32, 1 << 10, 32, 10, GAUSSIAN } },
{ STD128Q_3, { 50, 4096, 575, 2048, 1 << 15, STD_DEV, 32, 1 << 25, 32, 10, UNIFORM_TERNARY} },
{ STD128Q_3_LMKCDEY, { 27, 2048, 524, 1024, 1 << 15, STD_DEV, 32, 1 << 9, 32, 10, GAUSSIAN } },
{ STD192Q_3, { 34, 4096, 922, 2048, 1 << 16, STD_DEV, 16, 1 << 12, 32, 10, UNIFORM_TERNARY} },
{ STD256Q_3, { 27, 4096, 1400, 4096, 1 << 16, STD_DEV, 21, 1 << 6, 32, 10, UNIFORM_TERNARY} },
{ STD128_4, { 27, 2048, 541, 2048, 1 << 15, STD_DEV, 32, 1 << 7, 32, 10, UNIFORM_TERNARY} },
{ STD128_4_LMKCDEY, { 28, 2048, 522, 2048, 1 << 15, STD_DEV, 32, 1 << 10, 32, 10, GAUSSIAN } },
{ STD128Q_4, { 50, 4096, 647, 2048, 1 << 16, STD_DEV, 16, 1 << 25, 32, 10, UNIFORM_TERNARY} },
{ STD128Q_4_LMKCDEY, { 27, 2048, 524, 2048, 1 << 15, STD_DEV, 32, 1 << 7, 32, 10, GAUSSIAN } },
{ STD192Q_4, { 34, 4096, 980, 2048, 1 << 17, STD_DEV, 16, 1 << 12, 32, 10, UNIFORM_TERNARY} },
{ STD256Q_4, { 27, 4096, 1625, 4096, 1 << 21, STD_DEV, 16, 1 << 6, 32, 10, UNIFORM_TERNARY} },
{ SIGNED_MOD_TEST, { 28, 2048, 512, 1024, PRIME, STD_DEV, 25, 1 << 7, 23, 10, UNIFORM_TERNARY} },
});
```
## BinFHE
`class BinFHEScheme`,实现了 TFHE / FHEW 方案
*
```cpp
explicit BinFHEScheme(BINFHE_METHOD method);
```
构造器,自举方法有**三种**:
```cpp
enum BINFHE_METHOD {
INVALID_METHOD = 0,
AP, // Ducas-Micciancio variant
GINX, // Chillotti-Gama-Georgieva-Izabachene variant
LMKCDEY, // Lee-Micciancio-Kim-Choi-Deryabin-Eom-Yoo variant, ia.cr/2022/198
};
```
*
```cpp
RingGSWBTKey KeyGen(const std::shared_ptr& params, ConstLWEPrivateKey& LWEsk,
KEYGEN_MODE keygenMode) const;
```
根据 LWE 和 RGSW 的参数,以及 LWE 私钥,生成对应的**自举密钥**
* `Bootstrap, EvalBinGate, EvalNOT, EvalFunc, EvalFloor, EvalSign, EvalDecomp`,执行 **BTS / PBS / FDFB**
* `BootstrapGateCore, BootstrapFuncCore, BootstrapFunc`,私有接口,最底层的自举实现
*
```cpp
static uint32_t checkInputFunction(const std::vector& lut, NativeInteger mod);
```
**判断 LUT 的性质**:反循环(0),周期(1),任意(2)
## LWE
### param
`class LWECryptoParams : public Serializable`,描述 LWE 的参数
*
```cpp
explicit LWECryptoParams(uint32_t n, uint32_t N, const NativeInteger& q, const NativeInteger& Q,
const NativeInteger& q_KS, double std, uint32_t baseKS,
SecretKeyDist keyDist = UNIFORM_TERNARY)
```
构造器
*
```cpp
NativeInteger m_q{}; // modulus for the additive LWE scheme
NativeInteger m_Q{}; // modulus for the RingGSW/RingLWE scheme
NativeInteger m_qKS{}; // modulus for key-switching
uint32_t m_n{}; // lattice parameter for the additive LWE scheme
uint32_t m_N{}; // ring dimension for RingGSW/RingLWE scheme
uint32_t m_baseKS{}; // Base used in key switching
SecretKeyDist m_keyDist{SecretKeyDist::UNIFORM_TERNARY}; // Secret key distribution: GAUSSIAN, UNIFORM_TERNARY, etc.
DiscreteGaussianGeneratorImpl m_dgg; // Error distribution generator
DiscreteGaussianGeneratorImpl m_ks_dgg; // Error distribution generator for key switching
```
私有属性:三个密文模数( q ≤ q K S ≤ Q q \\le q_{KS} \\le Q q≤qKS≤Q),两个维度( n n n 任意, N N N 是二的幂次),数字分解基,私钥分布,噪声采样器
### PKE
`class LWEEncryptionScheme`,定义了 LWE 加密方案
*
```cpp
LWEPrivateKey KeyGen(usint size, const NativeInteger& modulus) const;
```
生成 ( q , n ) (q,n) (q,n)-LWE 的私钥(用于加密数据)
*
```cpp
LWEKeyPair KeyGenPair(const std::shared_ptr& params) const;
```
生成 ( Q , N ) (Q,N) (Q,N)-LWE 的公私钥(用于自举)
*
```cpp
LWECiphertext Encrypt(const std::shared_ptr& params, ConstLWEPrivateKey& sk, LWEPlaintext m,
LWEPlaintextModulus p = 4, NativeInteger mod = 0) const;
LWECiphertext EncryptN(const std::shared_ptr& params, ConstLWEPublicKey& pk, LWEPlaintext m,
LWEPlaintextModulus p = 4, NativeInteger mod = 0) const;
```
对称加密、公钥加密
*
```cpp
LWECiphertext NoiselessEmbedding(const std::shared_ptr& params, LWEPlaintext m) const;
```
无噪声的密文
* `EvalAddEq, EvalAddConstEq, EvalSubEq, EvalSubEq2, valMultConstEq`,线性同态
*
```cpp
LWECiphertext ModSwitch(NativeInteger q, ConstLWECiphertext& ctQ) const;
```
模切换,从 Q Q Q 到 q q q(除法 + 舍入)
*
```cpp
LWESwitchingKey KeySwitchGen(const std::shared_ptr& params, ConstLWEPrivateKey& sk,
ConstLWEPrivateKey& skN) const;
LWECiphertext KeySwitch(const std::shared_ptr& params, ConstLWESwitchingKey& K,
ConstLWECiphertext& ctQN) const;
```
密钥切换,从 N N N 到 n n n,使用 **BV-type KS** 过程, 机器字的 Digit-decomposition(不必使用 RNS)
### ciphertext
`class LWECiphertextImpl : public Serializable`,密文格式
*
```cpp
LWECiphertextImpl(const NativeVector& a, const NativeInteger& b);
```
构造器
*
```cpp
NativeVector m_a{};
NativeInteger m_b{};
NativeInteger m_p = 4; // pt modulus
```
私有成员,存储数据
* `GetA, GetB, SetA, SetB`,密文的读写
### priv-key
`class LWEPrivateKeyImpl : public Serializable`,私钥的结构
*
```cpp
NativeVector m_s{};
```
私有成员,存储私钥向量
### pub-key
`class LWEPublicKeyImpl : public Serializable`,公钥的结构
*
```cpp
std::vector m_A;
NativeVector m_v;
```
私有成员,零消息的若干个 LWE 密文
### KSK
`class LWESwitchingKeyImpl : public Serializable`,密钥切换密钥的结构
*
```cpp
std::vector>> m_keyA;
std::vector>> m_keyB;
```
私有成员,私钥的 Powers-of-base 的若干个 LWE 密文
## RGSW
### param
`class RingGSWCryptoParams : public Serializable`,描述 RGSW / RLWE 的参数
*
```cpp
explicit RingGSWCryptoParams(uint32_t N, NativeInteger Q, NativeInteger q, uint32_t baseG, uint32_t baseR,
BINFHE_METHOD method, double std, SecretKeyDist keyDist = UNIFORM_TERNARY,
bool signEval = false, uint32_t numAutoKeys = 10);
```
构造器
*
```cpp
void RingGSWCryptoParams::PreCompute(bool signEval);
```
预计算:Powers-of-base(AP-type 的分解 B R i B_R\^i BRi、RGSW 的分解 B G j B_G\^j BGj),gate-constants(布尔门的 PBS 用到),多项式 N T T ( X k − 1 ) NTT(X\^k-1) NTT(Xk−1)(GINX-type 中的 CMux)
### eval-key
`class RingGSWEvalKeyImpl : public Serializable`,定义了 Eval-Key(使用 RLWE 加密某个单项式 c i X i c_iX\^i ciXi 及其和私钥乘积 c i X i ⋅ s k N c_iX\^i \\cdot sk_N ciXi⋅skN 的 Powers-of-base,组成一个 RGSW 密文)
*
```cpp
std::vector> m_elements;
```
私有成员,存储了**单个** RGSW 密文(分解 + 内积 = 强线性同态)
*
```cpp
explicit RingGSWEvalKeyImpl(const std::vector>& elements);
```
构造器
*
```cpp
void SetFormat(const Format format);
```
实现 `m_elements` 的 NTT/INTT 转换,其中 `enum Format { EVALUATION = 0, COEFFICIENT = 1 };`
### acc-key
`class RingGSWACCKeyImpl : public Serializable`,定义了 ACC-Key(使用 GSW 加密许多的单项式组成自举密钥,\[DM15\] 加密 X s i v B R j X\^{s_ivB_R\^j} XsivBRj,\[CGGI16\] 加密 s i ( u ) s_i\^{(u)} si(u),\[LMK+23\] 加密 X s i X\^{s_i} Xsi)
*
```cpp
std::vector>> m_key;
```
`RingGSWEvalKey`(RGSW 密文)的**三维数组** (FHEW 分别枚举 s i , i = 1 , ⋯ , n s_i,i=1,\\cdots,n si,i=1,⋯,n 和 v = 1 , ⋯ , B R − 1 v=1,\\cdots,B_R-1 v=1,⋯,BR−1 以及 B R j , j = 0 , 1 , ⋯ , ⌊ log q ⌋ B_R\^j,j=0,1,\\cdots,\\lfloor\\log q\\rfloor BRj,j=0,1,⋯,⌊logq⌋)
*
```cpp
explicit RingGSWACCKeyImpl(const std::vector>>& key);
```
构造器
### ACC
`class RingGSWAccumulator`,定义了盲旋转的接口
*
```cpp
virtual RingGSWACCKey KeyGenAcc(const std::shared_ptr& params, const NativePoly& skNTT,
ConstLWEPrivateKey& LWEsk) const;
```
生成自举密钥,虚拟的
*
```cpp
virtual void EvalAcc(const std::shared_ptr& params, ConstRingGSWACCKey& ek,
RLWECiphertext& acc, const NativeVector& a) const;
```
执行盲旋转,虚拟的
*
```cpp
void SignedDigitDecompose(const std::shared_ptr& params, const const NativePoly& input
std::vector& output) const;
```
将环元素做 **approximate gadget decomposition** ,用于 RGSW 同态乘法。对于系数 c ∈ \[ − q / 2 , q / 2 ) c \\in \[-q/2,q/2) c∈\[−q/2,q/2),首先把 \[ c \] B \[c\]_B \[c\]B 删除(这是干嘛?),然后对 ( c − \[ c \] B ) / B (c-\[c\]_B)/B (c−\[c\]B)/B 执行 B B B-进制数字分解。
### DM
`class RingGSWAccumulatorDM final : public RingGSWAccumulator`,实现了 \[DM15\] 的盲旋转算法
*
```cpp
RingGSWACCKey KeyGenAcc(const std::shared_ptr& params, const NativePoly& skNTT,
ConstLWEPrivateKey& LWEsk) const override;
```
生成自举密钥,形如 R G S W ( X s i v B R j ) RGSW(X\^{s_ivB_R\^j}) RGSW(XsivBRj),其中 v ∈ \[ B R \] v \\in \[B_R\] v∈\[BR
cpp
复制代码
void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek, RLWECiphertext& acc,
const NativeVector& a) const override;
执行盲旋转(数字分解 + 子集和 )
CGGI
class RingGSWAccumulatorCGGI final : public RingGSWAccumulator,实现了 [CGGI16] 的盲旋转算法
cpp
复制代码
RingGSWACCKey KeyGenAcc(const std::shared_ptr<RingGSWCryptoParams>& params, const NativePoly& skNTT,
ConstLWEPrivateKey& LWEsk) const override;
生成自举密钥,仅支持 ternary secrets ,选取 U = { 1 , − 1 } U=\{1,-1\} U={1,−1},形如 R G S W ( s i ( u ) ) RGSW(s_i^{(u)}) RGSW(si(u)),满足 s i = s i ( 1 ) − s i ( − 1 ) s_i = s_i^{(1)} - s_i^{(-1)} si=si(1)−si(−1)
cpp
复制代码
void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek, RLWECiphertext& acc,
const NativeVector& a) const override;
执行盲旋转(CMux-based OBDD ),分别关于 s i ( 1 ) , s i ( 1 ) s_i^{(1)}, s_i^{(1)} si(1),si(1) 执行外积,并没有合并
LMK+
class RingGSWAccumulatorLMKCDEY final : public RingGSWAccumulator,实现了 [LMK+23] 的盲旋转算法
cpp
复制代码
RingGSWACCKey KeyGenAcc(const std::shared_ptr<RingGSWCryptoParams>& params, const NativePoly& skNTT,
ConstLWEPrivateKey& LWEsk) const override;
生成自举密钥,一部分形如 R G S W ( X s i ) RGSW(X^{s_i}) RGSW(Xsi),另一部分形如 R G S W ( s k N ( X − g ) ) RGSW(sk_N(X^{-g})) RGSW(skN(X−g)) 以及 R G S W ( s k N ( X g i ) ) RGSW(sk_N(X^{g^i})) RGSW(skN(Xgi)),其中 i = 1 , 2 , ⋯ , w i=1,2,\cdots,w i=1,2,⋯,w,窗口大小 w w w
cpp
复制代码
void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek, RLWECiphertext& acc,
const NativeVector& a) const override;
执行盲旋转(Galois 自同构 )