Search Results
Maintaining the parameters. More...
#include <Context.h>
Public Member Functions | |
| double noiseBoundForUniform (double magBound, long degBound) const | |
| NTL::xdouble noiseBoundForUniform (NTL::xdouble magBound, long degBound) const | |
| double noiseBoundForMod (long modulus, long degBound) const | |
| double noiseBoundForGaussian (double sigma, long degBound) const | |
| double noiseBoundForSmall (double prob, long degBound) const | |
| double noiseBoundForHWt (long hwt, UNUSED long degBound) const | |
| double stdDevForRecryption (long skHwt=0) const | |
| NOTE: this is a bit heuristic. See design document for details. More... | |
| double boundForRecryption (long skHwt=0) const | |
| void setModSizeTable () | |
| Context (unsigned long m, unsigned long p, unsigned long r, const std::vector< long > &gens=std::vector< long >(), const std::vector< long > &ords=std::vector< long >()) | |
| void makeBootstrappable (const NTL::Vec< long > &mvec, long skWht=0, bool build_cache=false, bool alsoThick=true) | |
| bool isBootstrappable () const | |
| IndexSet fullPrimes () const | |
| IndexSet allPrimes () const | |
| IndexSet getCtxtPrimes (long nprimes) const | |
| long BPL () const | |
| bool operator== (const Context &other) const | |
| bool operator!= (const Context &other) const | |
| long ithPrime (unsigned long i) const | |
| The ith small prime in the modulus chain. More... | |
| const Cmodulus & ithModulus (unsigned long i) const | |
| Cmodulus object corresponding to ith small prime in the chain. More... | |
| long numPrimes () const | |
| Total number of small prime in the chain. More... | |
| bool isZeroDivisor (const NTL::ZZ &num) const | |
| Is num divisible by any of the primes in the chain? More... | |
| bool inChain (long p) const | |
| Is p already in the chain? More... | |
| double logOfPrime (unsigned long i) const | |
| Returns the natural logarithm of the ith prime. More... | |
| double logOfProduct (const IndexSet &s) const | |
| Returns the natural logarithm of productOfPrimes(s) More... | |
| long bitSizeOfQ () const | |
| Size in bits of Q. More... | |
| double securityLevel (int hwt=0) const | |
| An estimate for the security-level. This has a lower bound of 0. More... | |
| void printout (std::ostream &out=std::cout) const | |
| print out algebra and other important info More... | |
| void AddSmallPrime (long q) | |
| Just add the given prime to the chain. More... | |
| void AddCtxtPrime (long q) | |
| void AddSpecialPrime (long q) | |
| void productOfPrimes (NTL::ZZ &p, const IndexSet &s) const | |
| The product of all the primes in the given set. More... | |
| NTL::ZZ productOfPrimes (const IndexSet &s) const | |
Public Attributes | |
| PAlgebra zMStar | |
| The structure of Zm*. More... | |
| PAlgebraMod alMod | |
| The structure of Z[X]/(Phi_m(X),p^r) More... | |
| std::shared_ptr< const EncryptedArray > ea | |
| A default EncryptedArray. More... | |
| std::shared_ptr< const PowerfulDCRT > pwfl_converter | |
| std::shared_ptr< PolyModRing > slotRing | |
| The structure of a single slot of the plaintext space. More... | |
| NTL::xdouble stdev | |
| sqrt(variance) of the LWE error (default=3.2) More... | |
| double scale | |
| IndexSet ctxtPrimes | |
| IndexSet specialPrimes | |
| IndexSet smallPrimes | |
| ModuliSizes modSizes | |
| A helper table to map required modulo-sizes to primeSets. More... | |
| std::vector< IndexSet > digits | |
| The set of primes for the digits. More... | |
| ThinRecryptData rcData | |
| Bootstrapping-related data in the context. More... | |
Friends | |
| void writeContextBinary (std::ostream &str, const Context &context) | |
| void readContextBinary (std::istream &str, Context &context) | |
I/O routines | |
To write out all the data associated with a context, do the following: writeContextBase(str, context);
str << context;
The first function call writes out just [m p r gens ords], which is the data needed to invoke the context constructor. The second call writes out all other information, including the stdev field, the prime sequence (including which primes are "special"), and the digits info. To read in all the data associated with a context, do the following: unsigned long m, p, r;
std::vector<long> gens, ords;
readContextBase(str, m, p, r, gens, ords);
Context context(m, p, r, gens, ords);
str >> context;
The call to readContextBase just reads the values m, p, r and the set of generators in Zm* /(p) and their order. Then, after constructing the context, the >> operator reads in and attaches all other information. | |
| void writeContextBase (std::ostream &str, const Context &context) | |
| write [m p r] data More... | |
| std::ostream & operator<< (std::ostream &str, const Context &context) | |
| Write all other data. More... | |
| void readContextBase (std::istream &str, unsigned long &m, unsigned long &p, unsigned long &r, std::vector< long > &gens, std::vector< long > &ords) | |
| read [m p r] data, needed to construct context More... | |
| std::istream & operator>> (std::istream &str, Context &context) | |
| read all other data associated with context More... | |
Detailed Description
Maintaining the parameters.
Constructor & Destructor Documentation
◆ Context()
| helib::Context::Context | ( | unsigned long | m, |
| unsigned long | p, | ||
| unsigned long | r, | ||
| const std::vector< long > & | gens = std::vector<long>(), |
||
| const std::vector< long > & | ords = std::vector<long>() |
||
| ) |
Member Function Documentation
◆ AddCtxtPrime()
| void helib::Context::AddCtxtPrime | ( | long | q | ) |
◆ AddSmallPrime()
| void helib::Context::AddSmallPrime | ( | long | q | ) |
Just add the given prime to the chain.
◆ AddSpecialPrime()
| void helib::Context::AddSpecialPrime | ( | long | q | ) |
◆ allPrimes()
|
inline |
◆ bitSizeOfQ()
|
inline |
Size in bits of Q.
◆ boundForRecryption()
|
inline |
◆ BPL()
|
inline |
◆ fullPrimes()
|
inline |
◆ getCtxtPrimes()
|
inline |
◆ inChain()
|
inline |
Is p already in the chain?
◆ isBootstrappable()
|
inline |
◆ isZeroDivisor()
|
inline |
Is num divisible by any of the primes in the chain?
◆ ithModulus()
|
inline |
Cmodulus object corresponding to ith small prime in the chain.
◆ ithPrime()
|
inline |
The ith small prime in the modulus chain.
◆ logOfPrime()
|
inline |
Returns the natural logarithm of the ith prime.
◆ logOfProduct()
|
inline |
Returns the natural logarithm of productOfPrimes(s)
◆ makeBootstrappable()
|
inline |
◆ noiseBoundForGaussian()
|
inline |
Assume the polynomial f(x) = sum_{i < k} f_i x^i is chosen so that each f_i is chosen uniformly and independently from N(0, sigma^2), and that k = degBound. This returns a bound B such that the L-infty norm of the canonical embedding exceeds B with probability at most epsilon.
◆ noiseBoundForHWt()
|
inline |
Assume the polynomial f(x) = sum_{i < k} f_i x^i is chosen hwt coefficients are chosen to \pm 1, and the remainder zero. This returns a bound B such that the L-infty norm of the canonical embedding exceeds B with probability at most epsilon.
◆ noiseBoundForMod()
|
inline |
Assume the polynomial f(x) = sum_{i < k} f_i x^i is chosen so that each f_i is chosen uniformly and independently from the from the set of balanced residues modulo the given modulus. This returns a bound B such that the L-infty norm of the canonical embedding exceeds B with probability at most epsilon.
◆ noiseBoundForSmall()
|
inline |
Assume the polynomial f(x) = sum_{i < k} f_i x^i is chosen so that each f_i is zero with probability 1-prob, 1 with probability prob/2, and -1 with probability prob/2. This returns a bound B such that the L-infty norm of the canonical embedding exceeds B with probability at most epsilon.
◆ noiseBoundForUniform() [1/2]
|
inline |
erfc(scale/sqrt(2)) * phi(m) should be less than some negligible parameter epsilon. The default value of 10 should be good enough for most applications. NOTE: -log(erfc(8/sqrt(2)))/log(2) = 49.5 -log(erfc(10/sqrt(2)))/log(2) = 75.8 -log(erfc(11/sqrt(2)))/log(2) = 91.1 -log(erfc(12/sqrt(2)))/log(2) =107.8 The way this is used is as follows. If we have a normal random variable X with variance sigma^2, then the probability that that X lies outside the interval [-scale*sigma, scale*sigma] is delta=erfc(scale/sqrt(2)). We will usually apply the union bound to a vector of phi(m) such random variables (one for each primitive m-th root of unity), so that the probability that that the L-infty norm exceeds scale*sigma is at most epsilon=phim*delta. Thus, scale*sigma will be used as a high-probability bound on the L-infty norm of such vectors. Assume the polynomial f(x) = sum_{i < k} f_i x^i is chosen so that each f_i is chosen uniformly and independently from the interval [-magBound, magBound], and that k = degBound. This returns a bound B such that the L-infty norm of the canonical embedding exceeds B with probability at most epsilon.
◆ noiseBoundForUniform() [2/2]
|
inline |
◆ numPrimes()
|
inline |
Total number of small prime in the chain.
◆ operator!=()
|
inline |
◆ operator==()
| bool helib::Context::operator== | ( | const Context & | other | ) | const |
◆ printout()
| void helib::Context::printout | ( | std::ostream & | out = std::cout | ) | const |
print out algebra and other important info
◆ productOfPrimes() [1/2]
|
inline |
◆ productOfPrimes() [2/2]
| void helib::Context::productOfPrimes | ( | NTL::ZZ & | p, |
| const IndexSet & | s | ||
| ) | const |
The product of all the primes in the given set.
◆ securityLevel()
|
inline |
An estimate for the security-level. This has a lower bound of 0.
This function uses experimental affine approximations to the lwe-estimator from https://bitbucket.org/malb/lwe-estimator/raw/HEAD/estimator.py, from Aug-2020 (see script in misc/estimator/lwe-estimator.sage).
Let s=3.2 if m is a power of two, or s=3.2*sqrt(m) otherwise. For the estimator we use alpha=s/q (so log2AlphaInv = log_2(q/s)), and n=phi(m).
◆ setModSizeTable()
|
inline |
◆ stdDevForRecryption()
|
inline |
NOTE: this is a bit heuristic. See design document for details.
This computes a high probability bound on the L-infty norm of x0+s*x1 in the pwrfl basis, assuming is chosen with coeffs in the pwrfl basis uniformly and independently dist'd over [-1/2,1/2], x0 has arbitrary coeffs over [-1/2,1/2] in the pwrfl basis, and assuming s is chosen with skHwt nonzero coeffs mod X^m-1 in the power basis (uniformly and independently over {-1,1}). The bound should be satisfied with probability epsilon. NOTE: this is still valid even when m is a power of 2
Friends And Related Function Documentation
◆ operator<<
|
friend |
Write all other data.
◆ operator>>
|
friend |
read all other data associated with context
◆ readContextBase
|
friend |
read [m p r] data, needed to construct context
◆ readContextBinary
|
friend |
◆ writeContextBase
|
friend |
write [m p r] data
◆ writeContextBinary
|
friend |
Member Data Documentation
◆ alMod
| PAlgebraMod helib::Context::alMod |
The structure of Z[X]/(Phi_m(X),p^r)
◆ ctxtPrimes
| IndexSet helib::Context::ctxtPrimes |
The "ciphertext primes" are the "normal" primes that are used to represent the public encryption key and ciphertexts. These are all "large" single=precision primes, or bit-size roughly NTL_SP_SIZE bits.
◆ digits
| std::vector<IndexSet> helib::Context::digits |
The set of primes for the digits.
The different columns in any key-switching matrix contain encryptions of multiplies of the secret key, sk, B1*sk, B2*B1*sk, B3*B2*B1*sk,... with each Bi a product of a few "non-special" primes in the chain. The digits data member indicate which primes correspond to each of the Bi's. These are all IndexSet objects, whose union is the subset ctxtPrimes.
The number of Bi's is one less than the number of columns in the key switching matrices (since the 1st column encrypts sk, without any Bi's), but we keep in the digits std::vector also an entry for the primes that do not participate in any Bi (so digits.size() is the same as the number of columns in the key switching matrices). See section 3.1.6 in the design document (key-switching).
◆ ea
| std::shared_ptr<const EncryptedArray> helib::Context::ea |
A default EncryptedArray.
◆ modSizes
| ModuliSizes helib::Context::modSizes |
A helper table to map required modulo-sizes to primeSets.
◆ pwfl_converter
| std::shared_ptr<const PowerfulDCRT> helib::Context::pwfl_converter |
◆ rcData
| ThinRecryptData helib::Context::rcData |
Bootstrapping-related data in the context.
◆ scale
| double helib::Context::scale |
◆ slotRing
| std::shared_ptr<PolyModRing> helib::Context::slotRing |
The structure of a single slot of the plaintext space.
This will be Z[X]/(G(x),p^r) for some irreducible factor G of Phi_m(X).
◆ smallPrimes
| IndexSet helib::Context::smallPrimes |
Yet a third set of primes, aimed at allowing modulus-switching with higher resolution. These are somewhat smaller single-precision primes, of size from NTL_SP_SIZE-20 to NTL_SP_SIZE-1.
◆ specialPrimes
| IndexSet helib::Context::specialPrimes |
A disjoint set of primes, used for key switching. See section 3.1.6 in the design document (key-switching). These too are "large" single=precision primes, or bit-size close to NTL_SP_SIZE bits.
◆ stdev
| NTL::xdouble helib::Context::stdev |
sqrt(variance) of the LWE error (default=3.2)
◆ zMStar
| PAlgebra helib::Context::zMStar |
The structure of Zm*.
