OpenFHE 源码解析:BinFHE 部分

参考文献:

  1. [ABB+22] Al Badawi A, Bates J, Bergamaschi F, et al. Openfhe: Open-source fully homomorphic encryption library[C]//Proceedings of the 10th Workshop on Encrypted Computing & Applied Homomorphic Cryptography. 2022: 53-63.
  2. openfheorg/openfhe-development
  3. Welcome to OpenFHE's documentation!
  4. 编译 OpenFHE

文章目录

param

class BinFHECryptoParams : public Serializable,描述 RGSW / RLWE 的参数

cpp 复制代码
BinFHECryptoParams(const std::shared_ptr<LWECryptoParams>& lweparams,
                       const std::shared_ptr<RingGSWCryptoParams>& rgswparams);

构造器,根据 LWERGSW 的参数去设置 BinFHE 的参数
*

cpp 复制代码
std::shared_ptr<LWECryptoParams> m_LWEParams{nullptr};	// shared pointer to an instance of LWECryptoParams
std::shared_ptr<RingGSWCryptoParams> m_RGSWParams{nullptr};	// shared pointer to an instance of RGSWCryptoParams

私有成员,分别存储:LWE 参数、RGSW 参数

context

class BinFHEContext : public Serializable,存储上下文信息

cpp 复制代码
void GenerateBinFHEContext(uint32_t n, uint32_t N, const NativeInteger& q, const NativeInteger& Q, double std,
                               uint32_t baseKS, uint32_t baseG, uint32_t baseR, SecretKeyDist keyDist = UNIFORM_TERNARY,
                               BINFHE_METHOD method = GINX, uint32_t numAutoKeys = 10);

根据设置的参数,生成上下文
*

cpp 复制代码
std::shared_ptr<LWEEncryptionScheme> m_LWEscheme{nullptr};	// Shared pointer to the underlying additive LWE scheme
std::shared_ptr<BinFHEScheme> m_binfhescheme{nullptr};	// Shared pointer to the underlying RingGSW/RLWE scheme

私钥成员,记录了 LWE 以及 RGSW / RLWE 的参数和接口
*

cpp 复制代码
LWEPrivateKey KeyGen() const;
LWEPublicKey PubKeyGen(ConstLWEPrivateKey& sk) const;

生成 LWE 的私钥、公钥
*

cpp 复制代码
LWECiphertext Encrypt(ConstLWEPrivateKey& sk, LWEPlaintext m, BINFHE_OUTPUT output = BOOTSTRAPPED,
                          LWEPlaintextModulus p = 4, const NativeInteger& mod = 0) const;
void Decrypt(ConstLWEPrivateKey& sk, ConstLWECiphertext& ct, LWEPlaintext* result, LWEPlaintextModulus p = 4) const;

LWE 的加密/解密
*

cpp 复制代码
LWEPrivateKey KeyGenN() const;
LWESwitchingKey KeySwitchGen(ConstLWEPrivateKey& sk, ConstLWEPrivateKey& skN) const;

生成 RLWE 私钥,以及从 ( Q , N ) (Q,N) (Q,N)-RLWE 到 ( q , n ) (q,n) (q,n)-LWE 的 KSK
*

cpp 复制代码
LWECiphertext SwitchCTtoqn(ConstLWESwitchingKey& ksk, ConstLWECiphertext& ct) const;

执行从 ( Q , N ) (Q,N) (Q,N)-RLWE 到 ( q , n ) (q,n) (q,n)-LWE 的密钥切换
*

cpp 复制代码
void BTKeyGen(ConstLWEPrivateKey& sk, KEYGEN_MODE keygenMode = SYM_ENCRYPT);

生成对应的 BK 并存储为数据成员,它的格式:

cpp 复制代码
typedef struct {
    // refreshing key
    RingGSWACCKey BSkey;
    // switching key
    LWESwitchingKey KSkey;
    // public key
    LWEPublicKey Pkey;
} RingGSWBTKey;
  • GetPublicKey, GetSwitchKey, GetRefreshKey,获取 BK 中存储的三种密钥

cpp 复制代码
LWECiphertext Bootstrap(ConstLWECiphertext& ct) const;

自举,包括 [DM15]、[CGGI16]、[LMK+23] 三种盲旋转算法
*

cpp 复制代码
LWECiphertext EvalBinGate(BINGATE gate, ConstLWECiphertext& ct1, ConstLWECiphertext& ct2) const;
LWECiphertext EvalBinGate(BINGATE gate, const std::vector<LWECiphertext>& ctvector) const;
LWECiphertext EvalNOT(ConstLWECiphertext& ct) const;
LWECiphertext EvalConstant(bool value) const;

前者计算 2 2 2 扇入,后者计算 3 , 4 3,4 3,4 扇入,支持的布尔门:OR, AND, NOR, NAND, XOR_FAST, XNOR_FAST, MAJORITY, AND3, OR3, AND4, OR4, CMUX, XOR, XNOR,以及 NOTConstant
*

cpp 复制代码
std::vector<NativeInteger> GenerateLUTviaFunction(NativeInteger (*f)(NativeInteger m, NativeInteger p), NativeInteger p);

根据任意函数 f : Z p → Z p f:\mathbb Z_p \to \mathbb Z_p f:Zp→Zp 生成 LUT:设置 Δ i n = Δ o u t = q / p \Delta_{in}=\Delta_{out}=q/p Δin=Δout=q/p,其中 p ≤ q ≤ 2 N p \le q \le 2N p≤q≤2N 都是二的幂次,令 T V [ i ] = Δ o u t ⋅ f ( ⌊ i / Δ i n ⌋ ) , i = 0 , 1 , ⋯   , q − 1 TV[i]=\Delta_{out} \cdot f(\lfloor i/\Delta_{in}\rfloor), i=0,1,\cdots,q-1 TV[i]=Δout⋅f(⌊i/Δin⌋),i=0,1,⋯,q−1
*

cpp 复制代码
LWECiphertext EvalFunc(ConstLWECiphertext& ct, const std::vector<NativeInteger>& LUT) const;

[LMP22] 的 FDFB ,它会自动检查 LUT 的性质(反循环、周期、任意)。

  • 如果是反循环的:简单执行一次 PBS 即可

  • 如果是 q / 2 q/2 q/2-周期的:先执行 PBS 提取出符号位把它减去,再执行一次 PBS 完成函数计算

  • 如果是任意的:进一步要求 q ≤ N q \le N q≤N,强行提升 1 1 1-bit 模数 ,先执行 PBS 提取出符号位把它减去,再执行一次 PBS 完成函数计算,最后模切换回到 q q q 上

cpp 复制代码
LWECiphertext EvalSign(ConstLWECiphertext& ct, bool schemeSwitch = false);

[LMP22] 的高精度符号函数
*

cpp 复制代码
LWECiphertext EvalFloor(ConstLWECiphertext& ct, uint32_t roundbits = 0) const;
std::vector<LWECiphertext> EvalDecomp(ConstLWECiphertext& ct);

[LMP22] 的同态舍入同态数字分解

constants

定义了一些参数选项,用于

cpp 复制代码
enum BINFHE_PARAMSET {
    TOY,                // no security
    MEDIUM,             // 108 bits of security for classical and 100 bits for quantum
    STD128_LMKCDEY,     // Optimized for LMKCDEY (using Gaussian secrets) -
                        // more than 128 bits of security for classical computer attacks -
                        // optimize runtime by finding a non-power-of-two n
    STD128_AP,          // Optimized for AP (has higher failure probability for GINX) -
                        // more than 128 bits of security for classical computer attacks -
                        // optimize runtime by finding a non-power-of-two n
    STD128,             // more than 128 bits of security for classical computer attacks -
                        // optimize runtime by finding a non-power-of-two n
    STD192,             // more than 192 bits of security for classical computer attacks -
                        // optimize runtime by finding a non-power-of-two n
    STD256,             // more than 256 bits of security for classical computer attacks -
                        // optimize runtime by finding a non-power-of-two n
    STD128Q,            // more than 128 bits of security for quantum attacks -
                        // optimize runtime by finding a non-power-of-two n
    STD128Q_LMKCDEY,    // Optimized for LMKCDEY (using Gaussian secrets) -
                        // more than 128 bits of security for quantum attacks -
                        // optimize runtime by finding a non-power-of-two n
    STD192Q,            // more than 192 bits of security for quantum attacks -
                        // optimize runtime by finding a non-power-of-two n
    STD256Q,            // more than 256 bits of security for quantum attacks -
                        // optimize runtime by finding a non-power-of-two n
    STD128_3,           // more than 128 bits of security for classical computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 3 binary inputs
    STD128_3_LMKCDEY,   // Optimized for LMKCDEY (using Gaussian secrets) -
                        // more than 128 bits of security for classical computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 3 binary inputs
    STD128Q_3,          // more than 128 bits of security for quantum computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 3 binary inputs
    STD128Q_3_LMKCDEY,  // Optimized for LMKCDEY (using Gaussian secrets) -
                        // more than 128 bits of security for quantum computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 3 binary inputs
    STD192Q_3,          // more than 192 bits of security for quantum computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 3 binary inputs
    STD256Q_3,          // more than 256 bits of security for quantum computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 3 binary inputs
    STD128_4,           // more than 128 bits of security for classical computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 4 binary inputs
    STD128_4_LMKCDEY,   // Optimized for LMKCDEY (using Gaussian secrets) -
                        // more than 128 bits of security for classical computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 4 binary inputs
    STD128Q_4,          // more than 128 bits of security for quantum computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 4 binary inputs
    STD128Q_4_LMKCDEY,  // Optimized for LMKCDEY (using Gaussian secrets) -
                        // more than 128 bits of security for quantum computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 4 binary inputs
    STD192Q_4,          // more than 192 bits of security for quantum computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 4 binary inputs
    STD256Q_4,          // more than 256 bits of security for quantum computer attacks -
                        // optimize runtime by finding a non-power-of-two n for 4 binary inputs
    SIGNED_MOD_TEST     // special parameter set for confirming the signed modular
                        // reduction in the accumulator updates works correctly
};

具体的参数是:

cpp 复制代码
constexpr double STD_DEV = 3.19;
const std::unordered_map<BINFHE_PARAMSET, BinFHEContextParams> paramsMap({
//               numberBits|cyclOrder|latticeParam|  mod|   modKS|  stdDev| baseKS| gadgetBase| baseRK| numAutoKeys| keyDist
{ TOY,               { 27,     1024,          64,  512,   PRIME, STD_DEV,     25,    1 <<  9,  23,     9,  UNIFORM_TERNARY} },
{ MEDIUM,            { 28,     2048,         422, 1024, 1 << 14, STD_DEV, 1 << 7,    1 << 10,  32,    10,  UNIFORM_TERNARY} },
{ STD128_LMKCDEY,    { 28,     2048,         446, 1024, 1 << 13, STD_DEV, 1 << 5,    1 << 10,  32,    10,  GAUSSIAN       } },
{ STD128_AP,         { 27,     2048,         503, 1024, 1 << 14, STD_DEV, 1 << 5,    1 <<  9,  32,    10,  UNIFORM_TERNARY} },
{ STD128,            { 27,     2048,         503, 1024, 1 << 14, STD_DEV, 1 << 5,    1 <<  9,  32,    10,  UNIFORM_TERNARY} },
{ STD192,            { 37,     4096,         805, 1024, 1 << 15, STD_DEV,     32,    1 << 13,  32,    10,  UNIFORM_TERNARY} },
{ STD256,            { 29,     4096,         990, 2048, 1 << 14, STD_DEV, 1 << 7,    1 <<  8,  46,    10,  UNIFORM_TERNARY} },
{ STD128Q,           { 25,     2048,         534, 1024, 1 << 14, STD_DEV,     32,    1 <<  7,  32,    10,  UNIFORM_TERNARY} },
{ STD128Q_LMKCDEY,   { 27,     2048,         448, 1024, 1 << 13, STD_DEV,     32,    1 <<  9,  32,    10,  GAUSSIAN       } },
{ STD192Q,           { 35,     4096,         875, 1024, 1 << 15, STD_DEV,     32,    1 << 12,  32,    10,  UNIFORM_TERNARY} },
{ STD256Q,           { 27,     4096,        1225, 1024, 1 << 16, STD_DEV,     16,    1 <<  7,  32,    10,  UNIFORM_TERNARY} },
{ STD128_3,          { 27,     2048,         541, 1024, 1 << 15, STD_DEV,     32,    1 <<  7,  32,    10,  UNIFORM_TERNARY} },
{ STD128_3_LMKCDEY,  { 28,     2048,         485, 1024, 1 << 15, STD_DEV,     32,    1 << 10,  32,    10,  GAUSSIAN       } },
{ STD128Q_3,         { 50,     4096,         575, 2048, 1 << 15, STD_DEV,     32,    1 << 25,  32,    10,  UNIFORM_TERNARY} },
{ STD128Q_3_LMKCDEY, { 27,     2048,         524, 1024, 1 << 15, STD_DEV,     32,    1 <<  9,  32,    10,  GAUSSIAN       } },
{ STD192Q_3,         { 34,     4096,         922, 2048, 1 << 16, STD_DEV,     16,    1 << 12,  32,    10,  UNIFORM_TERNARY} },
{ STD256Q_3,         { 27,     4096,        1400, 4096, 1 << 16, STD_DEV,     21,    1 <<  6,  32,    10,  UNIFORM_TERNARY} },
{ STD128_4,          { 27,     2048,         541, 2048, 1 << 15, STD_DEV,     32,    1 <<  7,  32,    10,  UNIFORM_TERNARY} },
{ STD128_4_LMKCDEY,  { 28,     2048,         522, 2048, 1 << 15, STD_DEV,     32,    1 << 10,  32,    10,  GAUSSIAN       } },
{ STD128Q_4,         { 50,     4096,         647, 2048, 1 << 16, STD_DEV,     16,    1 << 25,  32,    10,  UNIFORM_TERNARY} },
{ STD128Q_4_LMKCDEY, { 27,     2048,         524, 2048, 1 << 15, STD_DEV,     32,    1 <<  7,  32,    10,  GAUSSIAN       } },
{ STD192Q_4,         { 34,     4096,         980, 2048, 1 << 17, STD_DEV,     16,    1 << 12,  32,    10,  UNIFORM_TERNARY} },
{ STD256Q_4,         { 27,     4096,        1625, 4096, 1 << 21, STD_DEV,     16,    1 <<  6,  32,    10,  UNIFORM_TERNARY} },
{ SIGNED_MOD_TEST,   { 28,     2048,         512, 1024,   PRIME, STD_DEV,     25,    1 <<  7,  23,    10,  UNIFORM_TERNARY} },
});

BinFHE

class BinFHEScheme,实现了 TFHE / FHEW 方案

cpp 复制代码
explicit BinFHEScheme(BINFHE_METHOD method);

构造器,自举方法有三种

cpp 复制代码
enum BINFHE_METHOD {
    INVALID_METHOD = 0,
    AP,       // Ducas-Micciancio variant
    GINX,     // Chillotti-Gama-Georgieva-Izabachene variant
    LMKCDEY,  // Lee-Micciancio-Kim-Choi-Deryabin-Eom-Yoo variant, ia.cr/2022/198
};
cpp 复制代码
RingGSWBTKey KeyGen(const std::shared_ptr<BinFHECryptoParams>& params, ConstLWEPrivateKey& LWEsk,
                        KEYGEN_MODE keygenMode) const;

根据 LWE 和 RGSW 的参数,以及 LWE 私钥,生成对应的自举密钥

  • Bootstrap, EvalBinGate, EvalNOT, EvalFunc, EvalFloor, EvalSign, EvalDecomp,执行 BTS / PBS / FDFB

  • BootstrapGateCore, BootstrapFuncCore, BootstrapFunc,私有接口,最底层的自举实现

cpp 复制代码
static uint32_t checkInputFunction(const std::vector<NativeInteger>& lut, NativeInteger mod);

判断 LUT 的性质:反循环(0),周期(1),任意(2)

LWE

param

class LWECryptoParams : public Serializable,描述 LWE 的参数

cpp 复制代码
explicit LWECryptoParams(uint32_t n, uint32_t N, const NativeInteger& q, const NativeInteger& Q,
                             const NativeInteger& q_KS, double std, uint32_t baseKS,
                             SecretKeyDist keyDist = UNIFORM_TERNARY)

构造器
*

cpp 复制代码
NativeInteger m_q{};	// modulus for the additive LWE scheme
NativeInteger m_Q{};	// modulus for the RingGSW/RingLWE scheme
NativeInteger m_qKS{};	// modulus for key-switching
uint32_t m_n{};	// lattice parameter for the additive LWE scheme
uint32_t m_N{};	// ring dimension for RingGSW/RingLWE scheme
uint32_t m_baseKS{};	// Base used in key switching
SecretKeyDist m_keyDist{SecretKeyDist::UNIFORM_TERNARY};	// Secret key distribution: GAUSSIAN, UNIFORM_TERNARY, etc.
DiscreteGaussianGeneratorImpl<NativeVector> m_dgg;	// Error distribution generator
DiscreteGaussianGeneratorImpl<NativeVector> m_ks_dgg;	// Error distribution generator for key switching

私有属性:三个密文模数( q ≤ q K S ≤ Q q \le q_{KS} \le Q q≤qKS≤Q),两个维度( n n n 任意, N N N 是二的幂次),数字分解基,私钥分布,噪声采样器

PKE

class LWEEncryptionScheme,定义了 LWE 加密方案

cpp 复制代码
LWEPrivateKey KeyGen(usint size, const NativeInteger& modulus) const;

生成 ( q , n ) (q,n) (q,n)-LWE 的私钥(用于加密数据)
*

cpp 复制代码
LWEKeyPair KeyGenPair(const std::shared_ptr<LWECryptoParams>& params) const;

生成 ( Q , N ) (Q,N) (Q,N)-LWE 的公私钥(用于自举)
*

cpp 复制代码
LWECiphertext Encrypt(const std::shared_ptr<LWECryptoParams>& params, ConstLWEPrivateKey& sk, LWEPlaintext m,
                          LWEPlaintextModulus p = 4, NativeInteger mod = 0) const;
LWECiphertext EncryptN(const std::shared_ptr<LWECryptoParams>& params, ConstLWEPublicKey& pk, LWEPlaintext m,
                           LWEPlaintextModulus p = 4, NativeInteger mod = 0) const;

对称加密、公钥加密
*

cpp 复制代码
LWECiphertext NoiselessEmbedding(const std::shared_ptr<LWECryptoParams>& params, LWEPlaintext m) const;

无噪声的密文

  • EvalAddEq, EvalAddConstEq, EvalSubEq, EvalSubEq2, valMultConstEq,线性同态

cpp 复制代码
LWECiphertext ModSwitch(NativeInteger q, ConstLWECiphertext& ctQ) const;

模切换,从 Q Q Q 到 q q q(除法 + 舍入)
*

cpp 复制代码
LWESwitchingKey KeySwitchGen(const std::shared_ptr<LWECryptoParams>& params, ConstLWEPrivateKey& sk,
                                 ConstLWEPrivateKey& skN) const;
LWECiphertext KeySwitch(const std::shared_ptr<LWECryptoParams>& params, ConstLWESwitchingKey& K,
                            ConstLWECiphertext& ctQN) const;

密钥切换,从 N N N 到 n n n,使用 BV-type KS 过程, 机器字的 Digit-decomposition(不必使用 RNS)

ciphertext

class LWECiphertextImpl : public Serializable,密文格式

cpp 复制代码
LWECiphertextImpl(const NativeVector& a, const NativeInteger& b);

构造器
*

cpp 复制代码
NativeVector m_a{};
NativeInteger m_b{};
NativeInteger m_p = 4;  // pt modulus

私有成员,存储数据

  • GetA, GetB, SetA, SetB,密文的读写

priv-key

class LWEPrivateKeyImpl : public Serializable,私钥的结构

cpp 复制代码
NativeVector m_s{};

私有成员,存储私钥向量

pub-key

class LWEPublicKeyImpl : public Serializable,公钥的结构

cpp 复制代码
std::vector<NativeVector> m_A;
NativeVector m_v;

私有成员,零消息的若干个 LWE 密文

KSK

class LWESwitchingKeyImpl : public Serializable,密钥切换密钥的结构

cpp 复制代码
std::vector<std::vector<std::vector<NativeVector>>> m_keyA;
std::vector<std::vector<std::vector<NativeInteger>>> m_keyB;

私有成员,私钥的 Powers-of-base 的若干个 LWE 密文

RGSW

param

class RingGSWCryptoParams : public Serializable,描述 RGSW / RLWE 的参数

cpp 复制代码
explicit RingGSWCryptoParams(uint32_t N, NativeInteger Q, NativeInteger q, uint32_t baseG, uint32_t baseR,
                                 BINFHE_METHOD method, double std, SecretKeyDist keyDist = UNIFORM_TERNARY,
                                 bool signEval = false, uint32_t numAutoKeys = 10);

构造器
*

cpp 复制代码
void RingGSWCryptoParams::PreCompute(bool signEval);

预计算:Powers-of-base(AP-type 的分解 B R i B_R^i BRi、RGSW 的分解 B G j B_G^j BGj),gate-constants(布尔门的 PBS 用到),多项式 N T T ( X k − 1 ) NTT(X^k-1) NTT(Xk−1)(GINX-type 中的 CMux)

eval-key

class RingGSWEvalKeyImpl : public Serializable,定义了 Eval-Key(使用 RLWE 加密某个单项式 c i X i c_iX^i ciXi 及其和私钥乘积 c i X i ⋅ s k N c_iX^i \cdot sk_N ciXi⋅skN 的 Powers-of-base,组成一个 RGSW 密文)

cpp 复制代码
std::vector<std::vector<NativePoly>> m_elements;

私有成员,存储了单个 RGSW 密文(分解 + 内积 = 强线性同态)
*

cpp 复制代码
explicit RingGSWEvalKeyImpl(const std::vector<std::vector<NativePoly>>& elements);

构造器
*

cpp 复制代码
void SetFormat(const Format format);

实现 m_elements 的 NTT/INTT 转换,其中 enum Format { EVALUATION = 0, COEFFICIENT = 1 };

acc-key

class RingGSWACCKeyImpl : public Serializable,定义了 ACC-Key(使用 GSW 加密许多的单项式组成自举密钥,[DM15] 加密 X s i v B R j X^{s_ivB_R^j} XsivBRj,[CGGI16] 加密 s i ( u ) s_i^{(u)} si(u),[LMK+23] 加密 X s i X^{s_i} Xsi)

cpp 复制代码
std::vector<std::vector<std::vector<RingGSWEvalKey>>> m_key;

RingGSWEvalKey(RGSW 密文)的三维数组 (FHEW 分别枚举 s i , i = 1 , ⋯   , n s_i,i=1,\cdots,n si,i=1,⋯,n 和 v = 1 , ⋯   , B R − 1 v=1,\cdots,B_R-1 v=1,⋯,BR−1 以及 B R j , j = 0 , 1 , ⋯   , ⌊ log ⁡ q ⌋ B_R^j,j=0,1,\cdots,\lfloor\log q\rfloor BRj,j=0,1,⋯,⌊logq⌋)
*

cpp 复制代码
explicit RingGSWACCKeyImpl(const std::vector<std::vector<std::vector<RingGSWEvalKey>>>& key);

构造器

ACC

class RingGSWAccumulator,定义了盲旋转的接口

cpp 复制代码
virtual RingGSWACCKey KeyGenAcc(const std::shared_ptr<RingGSWCryptoParams>& params, const NativePoly& skNTT,
                                    ConstLWEPrivateKey& LWEsk) const;

生成自举密钥,虚拟的
*

cpp 复制代码
virtual void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek,
                         RLWECiphertext& acc, const NativeVector& a) const;

执行盲旋转,虚拟的
*

cpp 复制代码
void SignedDigitDecompose(const std::shared_ptr<RingGSWCryptoParams>& params, const const NativePoly& input
                              std::vector<NativePoly>& output) const;

将环元素做 approximate gadget decomposition ,用于 RGSW 同态乘法。对于系数 c ∈ [ − q / 2 , q / 2 ) c \in [-q/2,q/2) c∈[−q/2,q/2),首先把 [ c ] B [c]_B [c]B 删除(这是干嘛?),然后对 ( c − [ c ] B ) / B (c-[c]_B)/B (c−[c]B)/B 执行 B B B-进制数字分解。

DM

class RingGSWAccumulatorDM final : public RingGSWAccumulator,实现了 [DM15] 的盲旋转算法

cpp 复制代码
RingGSWACCKey KeyGenAcc(const std::shared_ptr<RingGSWCryptoParams>& params, const NativePoly& skNTT,
                            ConstLWEPrivateKey& LWEsk) const override;

生成自举密钥,形如 R G S W ( X s i v B R j ) RGSW(X^{s_ivB_R^j}) RGSW(XsivBRj),其中 v ∈ [ B R ] v \in [B_R] v∈[BR]
*

cpp 复制代码
void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek, RLWECiphertext& acc,
                 const NativeVector& a) const override;

执行盲旋转(数字分解 + 子集和

CGGI

class RingGSWAccumulatorCGGI final : public RingGSWAccumulator,实现了 [CGGI16] 的盲旋转算法

cpp 复制代码
RingGSWACCKey KeyGenAcc(const std::shared_ptr<RingGSWCryptoParams>& params, const NativePoly& skNTT,
                            ConstLWEPrivateKey& LWEsk) const override;

生成自举密钥,仅支持 ternary secrets ,选取 U = { 1 , − 1 } U=\{1,-1\} U={1,−1},形如 R G S W ( s i ( u ) ) RGSW(s_i^{(u)}) RGSW(si(u)),满足 s i = s i ( 1 ) − s i ( − 1 ) s_i = s_i^{(1)} - s_i^{(-1)} si=si(1)−si(−1)
*

cpp 复制代码
void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek, RLWECiphertext& acc,
                 const NativeVector& a) const override;

执行盲旋转(CMux-based OBDD ),分别关于 s i ( 1 ) , s i ( 1 ) s_i^{(1)}, s_i^{(1)} si(1),si(1) 执行外积,并没有合并

LMK+

class RingGSWAccumulatorLMKCDEY final : public RingGSWAccumulator,实现了 [LMK+23] 的盲旋转算法

cpp 复制代码
RingGSWACCKey KeyGenAcc(const std::shared_ptr<RingGSWCryptoParams>& params, const NativePoly& skNTT,
                            ConstLWEPrivateKey& LWEsk) const override;

生成自举密钥,一部分形如 R G S W ( X s i ) RGSW(X^{s_i}) RGSW(Xsi),另一部分形如 R G S W ( s k N ( X − g ) ) RGSW(sk_N(X^{-g})) RGSW(skN(X−g)) 以及 R G S W ( s k N ( X g i ) ) RGSW(sk_N(X^{g^i})) RGSW(skN(Xgi)),其中 i = 1 , 2 , ⋯   , w i=1,2,\cdots,w i=1,2,⋯,w,窗口大小 w w w
*

cpp 复制代码
void EvalAcc(const std::shared_ptr<RingGSWCryptoParams>& params, ConstRingGSWACCKey& ek, RLWECiphertext& acc,
                 const NativeVector& a) const override;

执行盲旋转(Galois 自同构

相关推荐
未完结的牵挂1 小时前
高质量代理池go_Proxy_Pool
网络安全
HackKong2 小时前
小白怎样入门网络安全?
网络·学习·安全·web安全·网络安全·黑客
澜世3 小时前
2024小迪安全基础入门第三课
网络·笔记·安全·网络安全
vortex54 小时前
信息收集系列(六):路径爬取与目录爆破
网络安全·渗透·信息收集
.Ayang5 小时前
tomcat 后台部署 war 包 getshell
java·计算机网络·安全·web安全·网络安全·tomcat·网络攻击模型
星竹6 小时前
upload-labs-master第12关详细教程
网络安全
饮长安千年月6 小时前
浅谈就如何解出Reverse-迷宫题之老鼠走迷宫的一些思考
python·网络安全·逆向·ctf
东方隐侠安全团队-千里6 小时前
网安瞭望台第3期:俄黑客 TAG - 110组织与密码攻击手段分享
网络·chrome·web安全·网络安全
SunsPlanter6 小时前
密码学11
密码学