diff --git a/README.md b/README.md index 78606cc..4f17b3f 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,8 @@ and the line `type S = TWLE` to use `CKKS` or `BFV`. ```rust const T: u64 = 128; // msg space (msg modulus) -const K: usize = 16; -type S = TLWE; +type M = Rq; // msg space +type S = TLWE<256>; let mut rng = rand::thread_rng(); let msg_dist = Uniform::new(0_u64, T); @@ -28,13 +28,13 @@ let msg_dist = Uniform::new(0_u64, T); let (sk, pk) = S::new_key(&mut rng)?; // get two random msgs in Z_t -let m1 = Rq::::rand_u64(&mut rng, msg_dist)?; -let m2 = Rq::::rand_u64(&mut rng, msg_dist)?; -let m3 = Rq::::rand_u64(&mut rng, msg_dist)?; +let m1 = M::rand_u64(&mut rng, msg_dist)?; +let m2 = M::rand_u64(&mut rng, msg_dist)?; +let m3 = M::rand_u64(&mut rng, msg_dist)?; // encode the msgs into the plaintext space -let p1: Tn<1> = S::encode::(&m1); // plaintext -let p2: Tn<1> = S::encode::(&m2); // plaintext +let p1 = S::encode::(&m1); // plaintext +let p2 = S::encode::(&m2); // plaintext let c3_const: Tn<1> = Tn(array::from_fn(|i| T64(m3.coeffs()[i].0))); // encode it as constant value let c1 = S::encrypt(&mut rng, &pk, &p1)?; @@ -42,8 +42,8 @@ let c2 = S::encrypt(&mut rng, &pk, &p2)?; // now we can do encrypted operations (notice that we do them using simple // operations by operator overloading): -let c3 = c1 + c2; -let c4 = c2 * c3_const; +let c_12 = c1 + c2; +let c4 = c_12 * c3_const; // decrypt & decode let p4_recovered = c4.decrypt(&sk); diff --git a/arith/src/ring.rs b/arith/src/ring.rs index 3f8d1f0..c31c293 100644 --- a/arith/src/ring.rs +++ b/arith/src/ring.rs @@ -3,8 +3,8 @@ use std::fmt::Debug; use std::iter::Sum; use std::ops::{Add, AddAssign, Mul, Sub, SubAssign}; -/// Represents a ring element. Currently implemented by ring_n.rs#R and -/// ring_nq.rs#Rq. Is not a 'pure algebraic ring', but more a custom trait +/// Represents a ring element. Currently implemented by ring_nq.rs#Rq and +/// ring_torus.rs#Tn. Is not a 'pure algebraic ring', but more a custom trait /// definition which includes methods like `mod_switch`. // assumed to be mod (X^N +1) pub trait Ring: diff --git a/gfhe/src/glev.rs b/gfhe/src/glev.rs index c2ab993..f5a9635 100644 --- a/gfhe/src/glev.rs +++ b/gfhe/src/glev.rs @@ -73,11 +73,11 @@ mod tests { // let delta: u64 = Q / T; // floored let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = GLWE::, K>::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m = Rq::::rand_u64(&mut rng, msg_dist)?; let m: Rq = m.remodule::(); diff --git a/gfhe/src/glwe.rs b/gfhe/src/glwe.rs index cce489b..46bacc0 100644 --- a/gfhe/src/glwe.rs +++ b/gfhe/src/glwe.rs @@ -17,12 +17,12 @@ const ERR_SIGMA: f64 = 3.2; /// GLWE implemented over the `Ring` trait, so that it can be also instantiated /// over the Torus polynomials 𝕋_[X] = 𝕋_q[X]/ (X^N+1). #[derive(Clone, Debug)] -pub struct GLWE(TR, R); +pub struct GLWE(pub TR, pub R); #[derive(Clone, Debug)] -pub struct SecretKey(TR); +pub struct SecretKey(pub TR); #[derive(Clone, Debug)] -pub struct PublicKey(R, TR); +pub struct PublicKey(pub R, pub TR); // K GLevs, each KSK_i=l GLWEs #[derive(Clone, Debug)] @@ -261,11 +261,11 @@ mod tests { type S = GLWE, K>; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = S::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m = Rq::::rand_u64(&mut rng, msg_dist)?; // msg // let m: Rq = m.remodule::(); @@ -306,11 +306,11 @@ mod tests { type S = GLWE, K>; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_f64, T as f64); for _ in 0..200 { let (sk, pk) = S::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_f64, T as f64); let m = Rq::::rand(&mut rng, msg_dist); // msg let p = t_encode::(&m); // plaintext @@ -340,11 +340,11 @@ mod tests { type S = GLWE, K>; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = S::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m1 = Rq::::rand_u64(&mut rng, msg_dist)?; let m2 = Rq::::rand_u64(&mut rng, msg_dist)?; let p1: Rq = S::encode::(&m1); // plaintext @@ -373,11 +373,11 @@ mod tests { type S = GLWE, K>; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = S::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m1 = Rq::::rand_u64(&mut rng, msg_dist)?; let m2 = Rq::::rand_u64(&mut rng, msg_dist)?; let p1: Rq = S::encode::(&m1); // plaintext @@ -405,11 +405,11 @@ mod tests { type S = GLWE, K>; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = S::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m1 = Rq::::rand_u64(&mut rng, msg_dist)?; let m2 = Rq::::rand_u64(&mut rng, msg_dist)?; let p1: Rq = S::encode::(&m1); // plaintext @@ -438,11 +438,11 @@ mod tests { type S = GLWE, K>; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = S::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m = Rq::::rand_u64(&mut rng, msg_dist)?; let p = S::encode::(&m); diff --git a/tfhe/src/lib.rs b/tfhe/src/lib.rs index bb738f5..604bf17 100644 --- a/tfhe/src/lib.rs +++ b/tfhe/src/lib.rs @@ -5,94 +5,5 @@ #![allow(clippy::upper_case_acronyms)] #![allow(dead_code)] // TMP -use anyhow::Result; -use rand::Rng; -use rand_distr::{Normal, Uniform}; -use std::array; - -use arith::{Ring, Rq, Tn, T64}; -use gfhe::{glwe, GLWE}; - pub mod tlev; pub mod tlwe; - -#[derive(Clone, Debug)] -pub struct SecretKey(glwe::SecretKey, K>); -#[derive(Clone, Debug)] -pub struct PublicKey(glwe::PublicKey, K>); - -#[derive(Clone, Debug)] -pub struct TLWE(pub GLWE, K>); - -impl TLWE { - pub fn new_key(rng: impl Rng) -> Result<(SecretKey, PublicKey)> { - let (sk, pk) = GLWE::new_key(rng)?; - Ok((SecretKey(sk), PublicKey(pk))) - } - - pub fn encode(m: &Rq) -> Tn<1> { - let delta = u64::MAX / P; // floored - let coeffs = m.coeffs(); - Tn(array::from_fn(|i| T64(coeffs[i].0 * delta))) - } - pub fn decode(p: &Tn<1>) -> Rq { - let p = p.mul_div_round(P, u64::MAX); - Rq::::from_vec_u64(p.coeffs().iter().map(|c| c.0).collect()) - } - pub fn encrypt_s(rng: impl Rng, sk: &SecretKey, p: &Tn<1>) -> Result { - let glwe = GLWE::encrypt_s(rng, &sk.0, p)?; - Ok(Self(glwe)) - } - - pub fn encrypt(rng: impl Rng, pk: &PublicKey, p: &Tn<1>) -> Result { - let glwe = GLWE::encrypt(rng, &pk.0, p)?; - Ok(Self(glwe)) - } - - pub fn decrypt(&self, sk: &SecretKey) -> Tn<1> { - self.0.decrypt(&sk.0) - } -} - -#[cfg(test)] -mod tests { - use anyhow::Result; - use rand::distributions::Uniform; - - use super::*; - - #[test] - fn test_encrypt_decrypt() -> Result<()> { - const T: u64 = 128; // plaintext modulus - const K: usize = 16; - type S = TLWE; - - // let delta: u64 = Q / T; // floored - let mut rng = rand::thread_rng(); - - for _ in 0..200 { - let (sk, pk) = S::new_key(&mut rng)?; - - let msg_dist = Uniform::new(0_f64, T as f64); - let m = Rq::::rand(&mut rng, msg_dist); // msg - - // let m: Rq = m.remodule::(); - - let p = S::encode::(&m); // plaintext - let c = S::encrypt(&mut rng, &pk, &p)?; // ciphertext - let p_recovered = c.decrypt(&sk); - let m_recovered = S::decode::(&p_recovered); - - assert_eq!(m, m_recovered); - - // same but using encrypt_s (with sk instead of pk)) - let c = S::encrypt_s(&mut rng, &sk, &p)?; - let p_recovered = c.decrypt(&sk); - let m_recovered = S::decode::(&p_recovered); - - assert_eq!(m.remodule::(), m_recovered.remodule::()); - } - - Ok(()) - } -} diff --git a/tfhe/src/tlev.rs b/tfhe/src/tlev.rs index a4a7df6..de7a2ab 100644 --- a/tfhe/src/tlev.rs +++ b/tfhe/src/tlev.rs @@ -72,11 +72,11 @@ mod tests { let l: u32 = 16; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = TLWE::::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m: Rq = Rq::rand_u64(&mut rng, msg_dist)?; let p: Tn<1> = S::encode::(&m); // plaintext diff --git a/tfhe/src/tlwe.rs b/tfhe/src/tlwe.rs index 68fb56a..6ab4809 100644 --- a/tfhe/src/tlwe.rs +++ b/tfhe/src/tlwe.rs @@ -8,32 +8,26 @@ use std::iter::Sum; use std::ops::{Add, AddAssign, Mul, Sub}; use arith::{Ring, Rq, Tn, T64, TR}; +use gfhe::{glwe, GLWE}; const ERR_SIGMA: f64 = 3.2; #[derive(Clone, Debug)] -pub struct TLWE(TR, K>, Tn<1>); - +pub struct SecretKey(glwe::SecretKey, K>); #[derive(Clone, Debug)] -pub struct SecretKey(TR, K>); +pub struct PublicKey(glwe::PublicKey, K>); + #[derive(Clone, Debug)] -pub struct PublicKey(Tn<1>, TR, K>); +pub struct TLWE(pub GLWE, K>); impl TLWE { pub fn zero() -> Self { - Self(TR::zero(), Tn::zero()) + Self(GLWE::, K>::zero()) } - pub fn new_key(mut rng: impl Rng) -> Result<(SecretKey, PublicKey)> { - let Xi_key = Uniform::new(0_f64, 2_f64); - let Xi_err = Normal::new(0_f64, ERR_SIGMA)?; - - let s: TR, K> = TR::rand(&mut rng, Xi_key); - let a: TR, K> = TR::rand(&mut rng, Standard); - let e = Tn::rand(&mut rng, Xi_err); - - let pk: PublicKey = PublicKey((&a * &s) + e, a); - Ok((SecretKey(s), pk)) + pub fn new_key(rng: impl Rng) -> Result<(SecretKey, PublicKey)> { + let (sk, pk) = GLWE::new_key(rng)?; + Ok((SecretKey(sk), PublicKey(pk))) } pub fn encode(m: &Rq) -> Tn<1> { @@ -47,50 +41,28 @@ impl TLWE { } // encrypts with the given SecretKey (instead of PublicKey) - pub fn encrypt_s(mut rng: impl Rng, sk: &SecretKey, m: &Tn<1>) -> Result { - let Xi_key = Uniform::new(0_f64, 2_f64); - let Xi_err = Normal::new(0_f64, ERR_SIGMA)?; - - let a: TR, K> = TR::rand(&mut rng, Xi_key); - let e = Tn::rand(&mut rng, Xi_err); - - let b: Tn<1> = (&a * &sk.0) + *m + e; - Ok(Self(a, b)) + pub fn encrypt_s(rng: impl Rng, sk: &SecretKey, p: &Tn<1>) -> Result { + let glwe = GLWE::encrypt_s(rng, &sk.0, p)?; + Ok(Self(glwe)) } - pub fn encrypt(mut rng: impl Rng, pk: &PublicKey, m: &Tn<1>) -> Result { - let Xi_key = Uniform::new(0_f64, 2_f64); - let Xi_err = Normal::new(0_f64, ERR_SIGMA)?; - - let u: Tn<1> = Tn::rand(&mut rng, Xi_key); - - let e0: Tn<1> = Tn::rand(&mut rng, Xi_err); - let e1 = TR::, K>::rand(&mut rng, Xi_err); - - let b: Tn<1> = pk.0 * u + *m + e0; - let d: TR, K> = &pk.1 * &u + e1; - - Ok(Self(d, b)) + pub fn encrypt(rng: impl Rng, pk: &PublicKey, p: &Tn<1>) -> Result { + let glwe = GLWE::encrypt(rng, &pk.0, p)?; + Ok(Self(glwe)) } pub fn decrypt(&self, sk: &SecretKey) -> Tn<1> { - let (d, b): (TR, K>, Tn<1>) = (self.0.clone(), self.1); - b - &d * &sk.0 + self.0.decrypt(&sk.0) } } impl Add> for TLWE { type Output = Self; fn add(self, other: Self) -> Self { - let a: TR, K> = self.0 + other.0; - let b: Tn<1> = self.1 + other.1; - Self(a, b) + Self(self.0 + other.0) } } impl AddAssign for TLWE { fn add_assign(&mut self, rhs: Self) { - for i in 0..K { - self.0 .0[i] = self.0 .0[i] + rhs.0 .0[i]; - } - self.1 = self.1 + rhs.1; + self.0 += rhs.0 } } impl Sum> for TLWE { @@ -109,9 +81,7 @@ impl Sum> for TLWE { impl Sub> for TLWE { type Output = Self; fn sub(self, other: Self) -> Self { - let a: TR, K> = self.0 - other.0; - let b: Tn<1> = self.1 - other.1; - Self(a, b) + Self(self.0 - other.0) } } @@ -119,27 +89,27 @@ impl Sub> for TLWE { impl Add> for TLWE { type Output = Self; fn add(self, plaintext: Tn<1>) -> Self { - let a: TR, K> = self.0; - let b: Tn<1> = self.1 + plaintext; - Self(a, b) + let a: TR, K> = self.0 .0; + let b: Tn<1> = self.0 .1 + plaintext; + Self(GLWE(a, b)) } } // plaintext substraction impl Sub> for TLWE { type Output = Self; fn sub(self, plaintext: Tn<1>) -> Self { - let a: TR, K> = self.0; - let b: Tn<1> = self.1 - plaintext; - Self(a, b) + let a: TR, K> = self.0 .0; + let b: Tn<1> = self.0 .1 - plaintext; + Self(GLWE(a, b)) } } // plaintext multiplication impl Mul> for TLWE { type Output = Self; fn mul(self, plaintext: Tn<1>) -> Self { - let a: TR, K> = TR(self.0 .0.iter().map(|r_i| *r_i * plaintext).collect()); - let b: Tn<1> = self.1 * plaintext; - Self(a, b) + let a: TR, K> = TR(self.0 .0 .0.iter().map(|r_i| *r_i * plaintext).collect()); + let b: Tn<1> = self.0 .1 * plaintext; + Self(GLWE(a, b)) } } @@ -157,11 +127,11 @@ mod tests { type S = TLWE; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = S::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m = Rq::::rand_u64(&mut rng, msg_dist)?; dbg!(&m); let p: Tn<1> = S::encode::(&m); @@ -191,11 +161,11 @@ mod tests { type S = TLWE; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = S::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m1 = Rq::::rand_u64(&mut rng, msg_dist)?; let m2 = Rq::::rand_u64(&mut rng, msg_dist)?; let p1: Tn<1> = S::encode::(&m1); // plaintext @@ -222,11 +192,11 @@ mod tests { type S = TLWE; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = S::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m1 = Rq::::rand_u64(&mut rng, msg_dist)?; let m2 = Rq::::rand_u64(&mut rng, msg_dist)?; let p1: Tn<1> = S::encode::(&m1); // plaintext @@ -252,11 +222,11 @@ mod tests { type S = TLWE; let mut rng = rand::thread_rng(); + let msg_dist = Uniform::new(0_u64, T); for _ in 0..200 { let (sk, pk) = S::new_key(&mut rng)?; - let msg_dist = Uniform::new(0_u64, T); let m1 = Rq::::rand_u64(&mut rng, msg_dist)?; let m2 = Rq::::rand_u64(&mut rng, msg_dist)?; let p1: Tn<1> = S::encode::(&m1);