From 2998f1761cb5b8def50141c191b6f4dffb69bc30 Mon Sep 17 00:00:00 2001 From: arnaucube Date: Wed, 9 Jul 2025 17:17:19 +0200 Subject: [PATCH] generalized-fhe: add GLWE encryption & decryption --- Cargo.toml | 1 + README.md | 1 + arith/src/ringq.rs | 3 + arith/src/tuple_ring.rs | 3 - generalized-fhe/Cargo.toml | 12 ++++ generalized-fhe/README.md | 2 + generalized-fhe/src/glwe.rs | 115 ++++++++++++++++++++++++++++++++++++ generalized-fhe/src/lib.rs | 8 +++ 8 files changed, 142 insertions(+), 3 deletions(-) create mode 100644 generalized-fhe/Cargo.toml create mode 100644 generalized-fhe/README.md create mode 100644 generalized-fhe/src/glwe.rs create mode 100644 generalized-fhe/src/lib.rs diff --git a/Cargo.toml b/Cargo.toml index bfffbfa..d4cebf2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,7 @@ [workspace] members = [ "arith", + "generalized-fhe", "bfv", "ckks" ] diff --git a/README.md b/README.md index aebe802..e6dbe82 100644 --- a/README.md +++ b/README.md @@ -2,5 +2,6 @@ Implementations from scratch done while studying some FHE papers; do not use in production. - `arith`: contains $\mathbb{Z}_q$, $R_q=\mathbb{Z}_q[X]/(X^N+1)$ and $R=\mathbb{Z}[X]/(X^N+1)$ arithmetic implementations, together with the NTT implementation. +- `generalized-fhe`: contains the structs and logic for RLWE, GLWE, GLev, GGSW, RGSW cryptosystems, which can be used by concrete FHE schemes. - `bfv`: https://eprint.iacr.org/2012/144.pdf scheme implementation - `ckks`: https://eprint.iacr.org/2016/421.pdf scheme implementation diff --git a/arith/src/ringq.rs b/arith/src/ringq.rs index d41ccf6..786b22d 100644 --- a/arith/src/ringq.rs +++ b/arith/src/ringq.rs @@ -13,6 +13,9 @@ use anyhow::{anyhow, Result}; use crate::Ring; +// NOTE: currently using fixed-size arrays, but pending to see if with +// real-world parameters the stack can keep up; if not will move everything to +// use Vec. /// PolynomialRing element, where the PolynomialRing is R = Z_q[X]/(X^n +1) /// The implementation assumes that q is prime. #[derive(Clone, Copy)] diff --git a/arith/src/tuple_ring.rs b/arith/src/tuple_ring.rs index 648af9f..109e11f 100644 --- a/arith/src/tuple_ring.rs +++ b/arith/src/tuple_ring.rs @@ -10,9 +10,6 @@ use std::{array, ops}; use crate::Ring; -// #[derive(Clone, Copy, Debug)] -// pub struct TR([R; K]); - /// Tuple of K Ring (Rq) elements. We use Vec to allocate it in the heap, /// since if using a fixed-size array it would overflow the stack. #[derive(Clone, Debug)] diff --git a/generalized-fhe/Cargo.toml b/generalized-fhe/Cargo.toml new file mode 100644 index 0000000..48abff7 --- /dev/null +++ b/generalized-fhe/Cargo.toml @@ -0,0 +1,12 @@ +[package] +name = "generalized-fhe" +version = "0.1.0" +edition = "2024" + +[dependencies] +anyhow = { workspace = true } +rand = { workspace = true } +rand_distr = { workspace = true } +itertools = { workspace = true } + +arith = { path="../arith" } diff --git a/generalized-fhe/README.md b/generalized-fhe/README.md new file mode 100644 index 0000000..08477f2 --- /dev/null +++ b/generalized-fhe/README.md @@ -0,0 +1,2 @@ +# common +Contains the structs and logic for RLWE, GLWE, GLev, GGSW, RGSW cryptosystems, which can be used by concrete FHE schemes. diff --git a/generalized-fhe/src/glwe.rs b/generalized-fhe/src/glwe.rs new file mode 100644 index 0000000..7eaae16 --- /dev/null +++ b/generalized-fhe/src/glwe.rs @@ -0,0 +1,115 @@ +use anyhow::Result; +use itertools::zip_eq; +use rand::Rng; +use rand_distr::{Normal, Uniform}; +use std::{array, ops}; + +use arith::{Ring, Rq, R, TR}; + +const ERR_SIGMA: f64 = 3.2; + +pub struct GLWE(TR, K>, Rq); + +#[derive(Clone, Debug)] +pub struct SecretKey(TR, K>); +#[derive(Clone, Debug)] +pub struct PublicKey(Rq, TR, K>); + +impl GLWE { + pub fn new_key(mut rng: impl Rng) -> Result<(SecretKey, PublicKey)> { + let Xi_key = Uniform::new(0_f64, 2_f64); + let Xi_err = Normal::new(0_f64, ERR_SIGMA)?; + + let s: TR, K> = TR::rand(&mut rng, Xi_key); + let a: TR, K> = TR::rand(&mut rng, Uniform::new(0_f64, Q as f64)); + let e = Rq::::rand(&mut rng, Xi_err); + + let pk: PublicKey = PublicKey((&a * &s) + e, a); + Ok((SecretKey(s), pk)) + } + + // TODO delta not as input + pub fn encrypt_s( + mut rng: impl Rng, + sk: &SecretKey, + m: &Rq, + delta: u64, + ) -> Result { + let m: Rq = m.remodule::(); + + let Xi_key = Uniform::new(0_f64, 2_f64); + let Xi_err = Normal::new(0_f64, ERR_SIGMA)?; + + let a: TR, K> = TR::rand(&mut rng, Xi_key); + let e = Rq::::rand(&mut rng, Xi_err); + + let b: Rq = (&a * &sk.0) + m * delta + e; + Ok(Self(a, b)) + } + pub fn encrypt( + mut rng: impl Rng, + pk: &PublicKey, + m: &Rq, + delta: u64, + ) -> Result { + let m: Rq = m.remodule::(); + + let Xi_key = Uniform::new(0_f64, 2_f64); + let Xi_err = Normal::new(0_f64, ERR_SIGMA)?; + + let u: Rq = Rq::rand(&mut rng, Xi_key); + + let e0 = Rq::::rand(&mut rng, Xi_err); + let e1 = TR::, K>::rand(&mut rng, Xi_err); + + let b: Rq = pk.0 * u + m * delta + e0; + let d: TR, K> = &pk.1 * &u + e1; + + Ok(Self(d, b)) + } + pub fn decrypt(&self, sk: &SecretKey, delta: u64) -> Rq { + let (d, b): (TR, K>, Rq) = (self.0.clone(), self.1); + let r: Rq = b - &d * &sk.0; + let r_scaled: Vec = r + .coeffs() + .iter() + .map(|e| (e.0 as f64 / delta as f64).round()) + .collect(); + let r = Rq::::from_vec_f64(r_scaled); + r.remodule::() + } +} + +#[cfg(test)] +mod tests { + use anyhow::Result; + use rand::distributions::Uniform; + + use super::*; + + #[test] + fn test_encrypt_decrypt() -> Result<()> { + const Q: u64 = 2u64.pow(16) + 1; + const N: usize = 128; + const T: u64 = 32; // plaintext modulus + const K: usize = 16; + type S = GLWE; + + let delta: u64 = Q / T; // floored + let mut rng = rand::thread_rng(); + + for _ in 0..200 { + let (sk, pk) = S::new_key(&mut rng)?; + + let msg_dist = Uniform::new(0_u64, T); + let m = Rq::::rand_u64(&mut rng, msg_dist)?; + + let c = S::encrypt(&mut rng, &pk, &m, delta)?; + let m_recovered = c.decrypt(&sk, delta); + + assert_eq!(m, m_recovered); + } + + Ok(()) + } +} diff --git a/generalized-fhe/src/lib.rs b/generalized-fhe/src/lib.rs new file mode 100644 index 0000000..031b287 --- /dev/null +++ b/generalized-fhe/src/lib.rs @@ -0,0 +1,8 @@ +//! Implementation of BFV https://eprint.iacr.org/2012/144.pdf +#![allow(non_snake_case)] +#![allow(non_upper_case_globals)] +#![allow(non_camel_case_types)] +#![allow(clippy::upper_case_acronyms)] +#![allow(dead_code)] // TMP + +pub mod glwe;