arnaucube/phantom-zone
1
0
Fork 0
mirror of https://github.com/arnaucube/phantom-zone.git synced 2026-01-09 15:41:30 +01:00
Code Issues Projects Releases Wiki Activity

clean

Browse Source
This commit is contained in:
Janmajaya Mall
2024-05-18 17:39:08 +05:30
parent 66464941cc
commit 0d1bea64a7
7 changed files with 1316 additions and 1580 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1309
src/bool/evaluator.rs
View File

File diff suppressed because it is too large Load Diff

11
src/bool/parameters.rs
View File

@@ -146,26 +146,25 @@ impl<El> BoolParameters<El> {
} }
#[derive(Clone, Copy, PartialEq)] #[derive(Clone, Copy, PartialEq)]
struct DecompostionLogBase(pub(crate) usize); pub(crate) struct DecompostionLogBase(pub(crate) usize);
impl AsRef<usize> for DecompostionLogBase { impl AsRef<usize> for DecompostionLogBase {
fn as_ref(&self) -> &usize { fn as_ref(&self) -> &usize {
&self.0 &self.0
} }
} }
#[derive(Clone, Copy, PartialEq)] #[derive(Clone, Copy, PartialEq)]
struct DecompositionCount(pub(crate) usize); pub(crate) struct DecompositionCount(pub(crate) usize);
impl AsRef<usize> for DecompositionCount { impl AsRef<usize> for DecompositionCount {
fn as_ref(&self) -> &usize { fn as_ref(&self) -> &usize {
&self.0 &self.0
} }
} }
#[derive(Clone, Copy, PartialEq)] #[derive(Clone, Copy, PartialEq)]
struct LweDimension(pub(crate) usize); pub(crate) struct LweDimension(pub(crate) usize);
#[derive(Clone, Copy, PartialEq)] #[derive(Clone, Copy, PartialEq)]
struct PolynomialSize(pub(crate) usize); pub(crate) struct PolynomialSize(pub(crate) usize);
#[derive(Clone, Copy, PartialEq)] #[derive(Clone, Copy, PartialEq)]
struct Modulus<T>(pub(crate) T); pub(crate) struct Modulus<T>(pub(crate) T);
pub(super) const SP_BOOL_PARAMS: BoolParameters<u64> = BoolParameters::<u64> { pub(super) const SP_BOOL_PARAMS: BoolParameters<u64> = BoolParameters::<u64> {
rlwe_q: Modulus(268369921u64), rlwe_q: Modulus(268369921u64),

62
src/decomposer.rs
View File

@@ -13,6 +13,30 @@ fn gadget_vector<T: PrimInt>(logq: usize, logb: usize, d: usize) -> Vec<T> {
.collect_vec() .collect_vec()
} }
pub trait RlweDecomposer {
type Element;
type D: Decomposer<Element = Self::Element>;
/// Decomposer for RLWE Part A
fn a(&self) -> &Self::D;
/// Decomposer for RLWE Part B
fn b(&self) -> &Self::D;
}
impl<D> RlweDecomposer for (D, D)
where
D: Decomposer,
{
type D = D;
type Element = D::Element;
fn a(&self) -> &Self::D {
&self.0
}
fn b(&self) -> &Self::D {
&self.1
}
}
pub trait Decomposer { pub trait Decomposer {
type Element; type Element;
fn new(q: Self::Element, logb: usize, d: usize) -> Self; fn new(q: Self::Element, logb: usize, d: usize) -> Self;
@@ -142,6 +166,44 @@ impl<T: PrimInt + WrappingSub + Debug + NumInfo> Decomposer for DefaultDecompose
} }
} }
// impl<T> Decomposer for dyn AsRef<DefaultDecomposer<T>>
// where
// DefaultDecomposer<T>: Decomposer<Element = T>,
// {
// type Element = T;
// fn new(q: Self::Element, logb: usize, d: usize) -> Self {
// DefaultDecomposer::<T>::new(q, logb, d)
// }
// fn decompose(&self, v: &Self::Element) -> Vec<Self::Element> {
// todo!()
// }
// fn decomposition_count(&self) -> usize {
// todo!()
// }
// }
// impl<U: AsRef<DefaultDecomposer<T>>> Decomposer for U
// where
// DefaultDecomposer<T>: Decomposer,
// {
// type Element = T;
// fn new(q: Self::Element, logb: usize, d: usize) -> Self {
// todo!()
// }
// fn decompose(&self, v: &Self::Element) -> Vec<Self::Element> {
// todo!()
// }
// fn decomposition_count(&self) -> usize {
// todo!()
// }
// }
fn round_value<T: PrimInt>(value: T, ignore_bits: usize) -> T { fn round_value<T: PrimInt>(value: T, ignore_bits: usize) -> T {
if ignore_bits == 0 { if ignore_bits == 0 {
return value; return value;

15
src/lib.rs
View File

@@ -42,6 +42,9 @@ pub trait Matrix: AsRef<[Self::R]> {
fn split_at_row(&self, idx: usize) -> (&[<Self as Matrix>::R], &[<Self as Matrix>::R]) { fn split_at_row(&self, idx: usize) -> (&[<Self as Matrix>::R], &[<Self as Matrix>::R]) {
self.as_ref().split_at(idx) self.as_ref().split_at(idx)
} }
/// Does the matrix fit sub-matrix of dimension row x col
fn fits(&self, row: usize, col: usize) -> bool;
} }
pub trait MatrixMut: Matrix + AsMut<[<Self as Matrix>::R]> pub trait MatrixMut: Matrix + AsMut<[<Self as Matrix>::R]>
@@ -96,6 +99,10 @@ impl<T> Matrix for Vec<Vec<T>> {
fn dimension(&self) -> (usize, usize) { fn dimension(&self) -> (usize, usize) {
(self.len(), self[0].len()) (self.len(), self[0].len())
} }
fn fits(&self, row: usize, col: usize) -> bool {
self.len() >= row && self[0].len() >= col
}
} }
impl<T> Matrix for &[Vec<T>] { impl<T> Matrix for &[Vec<T>] {
@@ -105,6 +112,10 @@ impl<T> Matrix for &[Vec<T>] {
fn dimension(&self) -> (usize, usize) { fn dimension(&self) -> (usize, usize) {
(self.len(), self[0].len()) (self.len(), self[0].len())
} }
fn fits(&self, row: usize, col: usize) -> bool {
self.len() >= row && self[0].len() >= col
}
} }
impl<T> Matrix for &mut [Vec<T>] { impl<T> Matrix for &mut [Vec<T>] {
@@ -114,6 +125,10 @@ impl<T> Matrix for &mut [Vec<T>] {
fn dimension(&self) -> (usize, usize) { fn dimension(&self) -> (usize, usize) {
(self.len(), self[0].len()) (self.len(), self[0].len())
} }
fn fits(&self, row: usize, col: usize) -> bool {
self.len() >= row && self[0].len() >= col
}
} }
impl<T> MatrixMut for Vec<Vec<T>> {} impl<T> MatrixMut for Vec<Vec<T>> {}

4
src/lwe.rs
View File

@@ -111,7 +111,9 @@ pub(crate) fn lwe_key_switch<
operator: &Op, operator: &Op,
decomposer: &D, decomposer: &D,
) { ) {
assert!(lwe_ksk.dimension().0 == ((lwe_in.as_ref().len() - 1) * decomposer.decomposition_count())); assert!(
lwe_ksk.dimension().0 == ((lwe_in.as_ref().len() - 1) * decomposer.decomposition_count())
);
assert!(lwe_out.as_ref().len() == lwe_ksk.dimension().1); assert!(lwe_out.as_ref().len() == lwe_ksk.dimension().1);
let lwe_in_a_decomposed = lwe_in let lwe_in_a_decomposed = lwe_in

433
src/noise.rs
View File

@@ -17,229 +17,244 @@ mod tests {
Matrix, Row, Secret, Matrix, Row, Secret,
}; };
// Test B part with limbd -1 when variance of m is 1 // // Test B part with limbd -1 when variance of m is 1
#[test] // #[test]
fn trial() { // fn trial() {
let logq = 28; // let logq = 28;
let ring_size = 1 << 10; // let ring_size = 1 << 10;
let q = generate_prime(logq, (ring_size as u64) << 1, 1 << logq).unwrap(); // let q = generate_prime(logq, (ring_size as u64) << 1, 1 <<
let logb = 7; // logq).unwrap(); let logb = 7;
let d0 = 3; // let d0 = 3;
let d1 = d0 - 1; // let d1 = d0 - 1;
let sk = RlweSecret::random((ring_size >> 1) as usize, ring_size as usize); // let sk = RlweSecret::random((ring_size >> 1) as usize, ring_size as
// usize);
let mut rng = DefaultSecureRng::new(); // let mut rng = DefaultSecureRng::new();
let decomposer = DefaultDecomposer::new(q, logb, d0); // let decomposer = DefaultDecomposer::new(q, logb, d0);
let gadget_vector = decomposer.gadget_vector(); // let gadget_vector = decomposer.gadget_vector();
for i in 0..100 { // for i in 0..100 {
// m should have norm 1 // // m should have norm 1
let mut m0 = vec![0u64; ring_size as usize]; // let mut m0 = vec![0u64; ring_size as usize];
m0[thread_rng().gen_range(0..ring_size)] = 1; // m0[thread_rng().gen_range(0..ring_size)] = 1;
let modq_op = ModularOpsU64::new(q); // let modq_op = ModularOpsU64::new(q);
let nttq_op = NttBackendU64::new(q, ring_size); // let nttq_op = NttBackendU64::new(q, ring_size);
// Encrypt RGSW(m0) // // Encrypt RGSW(m0)
let mut rgsw_seed = [0u8; 32]; // let mut rgsw_seed = [0u8; 32];
rng.fill_bytes(&mut rgsw_seed); // rng.fill_bytes(&mut rgsw_seed);
let mut seeded_rgsw = // let mut seeded_rgsw =
SeededRgswCiphertext::<Vec<Vec<u64>>, _>::empty(ring_size, d0, rgsw_seed, q); // SeededRgswCiphertext::<Vec<Vec<u64>>, _>::empty(ring_size,
let mut p_rng = DefaultSecureRng::new_seeded(rgsw_seed); // d0, rgsw_seed, q); let mut p_rng =
secret_key_encrypt_rgsw( // DefaultSecureRng::new_seeded(rgsw_seed);
&mut seeded_rgsw.data, // secret_key_encrypt_rgsw(
&m0, // &mut seeded_rgsw.data,
&gadget_vector, // &m0,
sk.values(), // &gadget_vector,
&modq_op, // &gadget_vector,
&nttq_op, // sk.values(),
&mut p_rng, // &modq_op,
&mut rng, // &nttq_op,
); // &mut p_rng,
// &mut rng,
// );
// Encrypt RLWE(m1) // // Encrypt RLWE(m1)
let mut m1 = vec![0u64; ring_size]; // let mut m1 = vec![0u64; ring_size];
RandomUniformDist::random_fill(&mut rng, &q, m1.as_mut_slice()); // RandomUniformDist::random_fill(&mut rng, &q, m1.as_mut_slice());
let mut rlwe_seed = [0u8; 32]; // let mut rlwe_seed = [0u8; 32];
rng.fill_bytes(&mut rlwe_seed); // rng.fill_bytes(&mut rlwe_seed);
let mut seeded_rlwe: SeededRlweCiphertext<Vec<u64>, [u8; 32]> = // let mut seeded_rlwe: SeededRlweCiphertext<Vec<u64>, [u8; 32]> =
SeededRlweCiphertext::<Vec<u64>, _>::empty(ring_size, rlwe_seed, q); // SeededRlweCiphertext::<Vec<u64>, _>::empty(ring_size,
let mut p_rng = DefaultSecureRng::new_seeded(rlwe_seed); // rlwe_seed, q); let mut p_rng =
secret_key_encrypt_rlwe( // DefaultSecureRng::new_seeded(rlwe_seed);
&m1, // secret_key_encrypt_rlwe(
&mut seeded_rlwe.data, // &m1,
sk.values(), // &mut seeded_rlwe.data,
&modq_op, // sk.values(),
&nttq_op, // &modq_op,
&mut p_rng, // &nttq_op,
&mut rng, // &mut p_rng,
); // &mut rng,
// );
let mut rlwe = RlweCiphertext::<Vec<Vec<u64>>, DefaultSecureRng>::from(&seeded_rlwe); // let mut rlwe = RlweCiphertext::<Vec<Vec<u64>>,
let rgsw = RgswCiphertextEvaluationDomain::<_, DefaultSecureRng, NttBackendU64>::from( // DefaultSecureRng>::from(&seeded_rlwe); let rgsw =
&seeded_rgsw, // RgswCiphertextEvaluationDomain::<_, DefaultSecureRng,
); // NttBackendU64>::from( &seeded_rgsw,
// );
// RLWE(m0m1) = RLWE(m1) x RGSW(m0) // // RLWE(m0m1) = RLWE(m1) x RGSW(m0)
let mut scratch = vec![vec![0u64; ring_size]; d0 + 2]; // let mut scratch = vec![vec![0u64; ring_size]; d0 + 2];
less1_rlwe_by_rgsw( // less1_rlwe_by_rgsw(
&mut rlwe,
&rgsw.data,
&mut scratch,
&decomposer,
&nttq_op,
&modq_op,
0,
1,
);
// rlwe_by_rgsw(
// &mut rlwe, // &mut rlwe,
// &rgsw.data, // &rgsw.data,
// &mut scratch, // &mut scratch,
// &decomposer, // &decomposer,
// &nttq_op, // &nttq_op,
// &modq_op, // &modq_op,
// 0,
// 1,
// );
// // rlwe_by_rgsw(
// // &mut rlwe,
// // &rgsw.data,
// // &mut scratch,
// // &decomposer,
// // &nttq_op,
// // &modq_op,
// // );
// // measure noise
// let mul_mod = |v0: &u64, v1: &u64| ((*v0 as u128 * *v1 as u128) %
// q as u128) as u64; let m0m1 = negacyclic_mul(&m0, &m1,
// mul_mod, q); let noise = measure_noise(&rlwe, &m0m1,
// &nttq_op, &modq_op, sk.values()); println!("Noise: {noise}");
// }
// }
// // Test B part with limbd -1 when variance of m is 1
// #[test]
// fn rgsw_saver() {
// let logq = 60;
// let ring_size = 1 << 11;
// let q = generate_prime(logq, (ring_size as u64) << 1, 1 <<
// logq).unwrap(); let logb = 12;
// let d0 = 4;
// let sk = RlweSecret::random((ring_size >> 1) as usize, ring_size as
// usize);
// let mut rng = DefaultSecureRng::new();
// let decomposer = DefaultDecomposer::new(q, logb, d0);
// let gadget_vector = decomposer.gadget_vector();
// for i in 0..100 {
// let modq_op = ModularOpsU64::new(q);
// let nttq_op = NttBackendU64::new(q, ring_size);
// // Encrypt RGSW(m0)
// let mut m0 = vec![0u64; ring_size as usize];
// m0[thread_rng().gen_range(0..ring_size)] = 1;
// let mut rgsw_seed = [0u8; 32];
// rng.fill_bytes(&mut rgsw_seed);
// let mut seeded_rgsw0 =
// SeededRgswCiphertext::<Vec<Vec<u64>>, _>::empty(ring_size,
// d0, rgsw_seed, q); let mut p_rng =
// DefaultSecureRng::new_seeded(rgsw_seed);
// secret_key_encrypt_rgsw(
// &mut seeded_rgsw0.data,
// &m0,
// &gadget_vector,
// &gadget_vector,
// sk.values(),
// &modq_op,
// &nttq_op,
// &mut p_rng,
// &mut rng,
// ); // );
// measure noise // // Encrypt RGSW(m1)
let mul_mod = |v0: &u64, v1: &u64| ((*v0 as u128 * *v1 as u128) % q as u128) as u64; // let mut m1 = vec![0u64; ring_size as usize];
let m0m1 = negacyclic_mul(&m0, &m1, mul_mod, q); // m1[thread_rng().gen_range(0..ring_size)] = 1;
let noise = measure_noise(&rlwe, &m0m1, &nttq_op, &modq_op, sk.values()); // let mut rgsw_seed = [0u8; 32];
println!("Noise: {noise}"); // rng.fill_bytes(&mut rgsw_seed);
} // let mut seeded_rgsw1 =
} // SeededRgswCiphertext::<Vec<Vec<u64>>, _>::empty(ring_size,
// d0, rgsw_seed, q); let mut p_rng =
// Test B part with limbd -1 when variance of m is 1 // DefaultSecureRng::new_seeded(rgsw_seed);
#[test] // secret_key_encrypt_rgsw(
fn rgsw_saver() { // &mut seeded_rgsw1.data,
let logq = 60; // &m1,
let ring_size = 1 << 11; // &gadget_vector,
let q = generate_prime(logq, (ring_size as u64) << 1, 1 << logq).unwrap(); // &gadget_vector,
let logb = 12; // sk.values(),
let d0 = 4; // &modq_op,
// &nttq_op,
let sk = RlweSecret::random((ring_size >> 1) as usize, ring_size as usize); // &mut p_rng,
// &mut rng,
let mut rng = DefaultSecureRng::new(); // );
let decomposer = DefaultDecomposer::new(q, logb, d0); // // TODO(Jay): Why cant you create RgswCIphertext from
let gadget_vector = decomposer.gadget_vector(); // SeededRgswCiphertext? let mut rgsw0 = {
// let mut evl_tmp =
for i in 0..100 { // RgswCiphertextEvaluationDomain::<_, DefaultSecureRng,
let modq_op = ModularOpsU64::new(q); // NttBackendU64>::from( &seeded_rgsw0,
let nttq_op = NttBackendU64::new(q, ring_size); // );
// evl_tmp
// Encrypt RGSW(m0) // .data
let mut m0 = vec![0u64; ring_size as usize]; // .iter_mut()
m0[thread_rng().gen_range(0..ring_size)] = 1; // .for_each(|ri| nttq_op.backward(ri.as_mut()));
let mut rgsw_seed = [0u8; 32]; // evl_tmp.data
rng.fill_bytes(&mut rgsw_seed); // };
let mut seeded_rgsw0 = // let rgsw1 = RgswCiphertextEvaluationDomain::<_, DefaultSecureRng,
SeededRgswCiphertext::<Vec<Vec<u64>>, _>::empty(ring_size, d0, rgsw_seed, q); // NttBackendU64>::from( &seeded_rgsw1,
let mut p_rng = DefaultSecureRng::new_seeded(rgsw_seed); // );
secret_key_encrypt_rgsw( // let mut scratch_matrix_d_plus_rgsw_by_ring = vec![vec![0u64;
&mut seeded_rgsw0.data, // ring_size]; d0 + (d0 * 4)];
&m0,
&gadget_vector, // // RGSW(m0m1) = RGSW(m0)xRGSW(m1)
sk.values(), // rgsw_by_rgsw_inplace(
&modq_op, // &mut rgsw0,
&nttq_op, // &rgsw1.data,
&mut p_rng, // &decomposer,
&mut rng, // &decomposer,
); // &mut scratch_matrix_d_plus_rgsw_by_ring,
// &nttq_op,
// Encrypt RGSW(m1) // &modq_op,
let mut m1 = vec![0u64; ring_size as usize]; // );
m1[thread_rng().gen_range(0..ring_size)] = 1;
let mut rgsw_seed = [0u8; 32]; // // send RGSW(m0m1) to Evaluation domain
rng.fill_bytes(&mut rgsw_seed); // let mut rgsw01 = rgsw0;
let mut seeded_rgsw1 = // rgsw01
SeededRgswCiphertext::<Vec<Vec<u64>>, _>::empty(ring_size, d0, rgsw_seed, q); // .iter_mut()
let mut p_rng = DefaultSecureRng::new_seeded(rgsw_seed); // .for_each(|v| nttq_op.forward(v.as_mut_slice()));
secret_key_encrypt_rgsw(
&mut seeded_rgsw1.data, // // RLWE(m2)
&m1, // let mut m2 = vec![0u64; ring_size as usize];
&gadget_vector, // RandomUniformDist::random_fill(&mut rng, &q, m2.as_mut_slice());
sk.values(), // let mut rlwe_seed = [0u8; 32];
&modq_op, // rng.fill_bytes(&mut rlwe_seed);
&nttq_op, // let mut seeded_rlwe =
&mut p_rng, // SeededRlweCiphertext::<Vec<u64>, _>::empty(ring_size,
&mut rng, // rlwe_seed, q); let mut p_rng =
); // DefaultSecureRng::new_seeded(rlwe_seed);
// secret_key_encrypt_rlwe(
// TODO(Jay): Why cant you create RgswCIphertext from SeededRgswCiphertext? // &m2,
let mut rgsw0 = { // &mut seeded_rlwe.data,
let mut evl_tmp = // sk.values(),
RgswCiphertextEvaluationDomain::<_, DefaultSecureRng, NttBackendU64>::from( // &modq_op,
&seeded_rgsw0, // &nttq_op,
); // &mut p_rng,
evl_tmp // &mut rng,
.data // );
.iter_mut()
.for_each(|ri| nttq_op.backward(ri.as_mut())); // let mut rlwe = RlweCiphertext::<Vec<Vec<u64>>,
evl_tmp.data // DefaultSecureRng>::from(&seeded_rlwe);
};
let rgsw1 = RgswCiphertextEvaluationDomain::<_, DefaultSecureRng, NttBackendU64>::from( // // RLWE(m0m1m2) = RLWE(m2) x RGSW(m0m1)
&seeded_rgsw1, // let mut scratch_matrix_dplus2_ring = vec![vec![0u64; ring_size];
); // d0 + 2]; less1_rlwe_by_rgsw(
let mut scratch_matrix_d_plus_rgsw_by_ring = vec![vec![0u64; ring_size]; d0 + (d0 * 4)]; // &mut rlwe,
// &rgsw01,
// RGSW(m0m1) = RGSW(m0)xRGSW(m1) // &mut scratch_matrix_dplus2_ring,
rgsw_by_rgsw_inplace( // &decomposer,
&mut rgsw0, // &nttq_op,
&rgsw1.data, // &modq_op,
&decomposer, // 1,
&mut scratch_matrix_d_plus_rgsw_by_ring, // 2,
&nttq_op, // );
&modq_op,
); // let mul_mod = |v0: &u64, v1: &u64| ((*v0 as u128 * *v1 as u128) %
// q as u128) as u64; let m0m1 = negacyclic_mul(&m0, &m1,
// send RGSW(m0m1) to Evaluation domain // mul_mod, q); let m0m1m2 = negacyclic_mul(&m2, &m0m1, mul_mod,
let mut rgsw01 = rgsw0; // q); let noise = measure_noise(&rlwe.data, &m0m1m2, &nttq_op,
rgsw01 // &modq_op, sk.values());
.iter_mut()
.for_each(|v| nttq_op.forward(v.as_mut_slice())); // println!("Noise: {noise}");
// }
// RLWE(m2) // }
let mut m2 = vec![0u64; ring_size as usize];
RandomUniformDist::random_fill(&mut rng, &q, m2.as_mut_slice());
let mut rlwe_seed = [0u8; 32];
rng.fill_bytes(&mut rlwe_seed);
let mut seeded_rlwe =
SeededRlweCiphertext::<Vec<u64>, _>::empty(ring_size, rlwe_seed, q);
let mut p_rng = DefaultSecureRng::new_seeded(rlwe_seed);
secret_key_encrypt_rlwe(
&m2,
&mut seeded_rlwe.data,
sk.values(),
&modq_op,
&nttq_op,
&mut p_rng,
&mut rng,
);
let mut rlwe = RlweCiphertext::<Vec<Vec<u64>>, DefaultSecureRng>::from(&seeded_rlwe);
// RLWE(m0m1m2) = RLWE(m2) x RGSW(m0m1)
let mut scratch_matrix_dplus2_ring = vec![vec![0u64; ring_size]; d0 + 2];
less1_rlwe_by_rgsw(
&mut rlwe,
&rgsw01,
&mut scratch_matrix_dplus2_ring,
&decomposer,
&nttq_op,
&modq_op,
1,
2,
);
let mul_mod = |v0: &u64, v1: &u64| ((*v0 as u128 * *v1 as u128) % q as u128) as u64;
let m0m1 = negacyclic_mul(&m0, &m1, mul_mod, q);
let m0m1m2 = negacyclic_mul(&m2, &m0m1, mul_mod, q);
let noise = measure_noise(&rlwe.data, &m0m1m2, &nttq_op, &modq_op, sk.values());
println!("Noise: {noise}");
}
}
} }

988
src/rgsw.rs
View File

File diff suppressed because it is too large Load Diff