arnaucube/phantom-zone
1
0
Fork 0
mirror of https://github.com/arnaucube/phantom-zone.git synced 2026-01-09 23:51:30 +01:00
Code Issues Projects Releases Wiki Activity

fix parameters

Browse Source
This commit is contained in:
Janmajaya Mall
2024-06-16 10:48:55 +05:30
parent 08cc9a3106
commit 80856cc850
4 changed files with 267 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/bool/evaluator.rs
View File

@@ -12,6 +12,7 @@ use std::{
use itertools::{izip, partition, Itertools}; use itertools::{izip, partition, Itertools};
use num_traits::{FromPrimitive, Num, One, Pow, PrimInt, ToPrimitive, WrappingSub, Zero}; use num_traits::{FromPrimitive, Num, One, Pow, PrimInt, ToPrimitive, WrappingSub, Zero};
use rand::Rng;
use rand_distr::uniform::SampleUniform; use rand_distr::uniform::SampleUniform;
use crate::{ use crate::{
@@ -20,7 +21,7 @@ use crate::{
}, },
decomposer::{Decomposer, DefaultDecomposer, NumInfo, RlweDecomposer}, decomposer::{Decomposer, DefaultDecomposer, NumInfo, RlweDecomposer},
lwe::{decrypt_lwe, encrypt_lwe, lwe_key_switch, lwe_ksk_keygen, measure_noise_lwe, LweSecret}, lwe::{decrypt_lwe, encrypt_lwe, lwe_key_switch, lwe_ksk_keygen, measure_noise_lwe, LweSecret},
multi_party::public_key_share, multi_party::{non_interactive_ksk_gen, public_key_share},
ntt::{self, Ntt, NttBackendU64, NttInit}, ntt::{self, Ntt, NttBackendU64, NttInit},
pbs::{pbs, sample_extract, PbsInfo, PbsKey, WithShoupRepr}, pbs::{pbs, sample_extract, PbsInfo, PbsKey, WithShoupRepr},
random::{ random::{
@@ -44,7 +45,7 @@ use super::{
keys::ClientKey, keys::ClientKey,
parameters::{BoolParameters, CiphertextModulus}, parameters::{BoolParameters, CiphertextModulus},
CommonReferenceSeededCollectivePublicKeyShare, CommonReferenceSeededMultiPartyServerKeyShare, CommonReferenceSeededCollectivePublicKeyShare, CommonReferenceSeededMultiPartyServerKeyShare,
SeededMultiPartyServerKey, SeededServerKey, ServerKeyEvaluationDomain, NonInteractiveClientKey, SeededMultiPartyServerKey, SeededServerKey, ServerKeyEvaluationDomain,
ShoupServerKeyEvaluationDomain, ShoupServerKeyEvaluationDomain,
}; };
@@ -713,6 +714,23 @@ where
}) })
} }
pub(super) fn non_interactive_multi_party_key_share(
self_ui_to_ksk_seed: [u8; 32],
others_ui_to_ksk_seed: &[[u8; 32]],
client_key: &NonInteractiveClientKey,
) {
// // ui_to_s_ksk
// non_interactive_ksk_gen(
// client_key.sk_rlwe().values(),
// client_key.sk_u_rlwe().values(),
// gadget_vec,
// p_rng,
// rng,
// nttop,
// modop,
// )
}
pub(super) fn multi_party_public_key_share( pub(super) fn multi_party_public_key_share(
&self, &self,
cr_seed: [u8; 32], cr_seed: [u8; 32],

46
src/bool/keys.rs
View File

@@ -19,6 +19,14 @@ pub struct ClientKey {
sk_lwe: LweSecret, sk_lwe: LweSecret,
} }
/// Client key with RLWE and LWE secrets
#[derive(Clone)]
pub struct NonInteractiveClientKey {
sk_rlwe: RlweSecret,
sk_u_rlwe: RlweSecret,
sk_lwe: LweSecret,
}
mod impl_ck { mod impl_ck {
use super::*; use super::*;
@@ -43,6 +51,44 @@ mod impl_ck {
} }
} }
// Client key
impl NonInteractiveClientKey {
pub(in super::super) fn random() -> Self {
let sk_rlwe = RlweSecret::random(0, 0);
let sk_u_rlwe = RlweSecret::random(0, 0);
let sk_lwe = LweSecret::random(0, 0);
Self {
sk_rlwe,
sk_u_rlwe,
sk_lwe,
}
}
pub(in super::super) fn new(
sk_rlwe: RlweSecret,
sk_u_rlwe: RlweSecret,
sk_lwe: LweSecret,
) -> Self {
Self {
sk_rlwe,
sk_u_rlwe,
sk_lwe,
}
}
pub(in super::super) fn sk_rlwe(&self) -> &RlweSecret {
&self.sk_rlwe
}
pub(in super::super) fn sk_u_rlwe(&self) -> &RlweSecret {
&self.sk_u_rlwe
}
pub(in super::super) fn sk_lwe(&self) -> &LweSecret {
&self.sk_lwe
}
}
impl Encryptor<bool, Vec<u64>> for ClientKey { impl Encryptor<bool, Vec<u64>> for ClientKey {
fn encrypt(&self, m: &bool) -> Vec<u64> { fn encrypt(&self, m: &bool) -> Vec<u64> {
BoolEvaluator::with_local(|e| e.sk_encrypt(*m, self)) BoolEvaluator::with_local(|e| e.sk_encrypt(*m, self))

208
src/bool/parameters.rs
View File

@@ -2,6 +2,91 @@ use num_traits::{ConstZero, FromPrimitive, PrimInt};
use crate::{backend::Modulus, decomposer::Decomposer}; use crate::{backend::Modulus, decomposer::Decomposer};
trait DoubleDecomposerParams {
type Base;
type Count;
fn new(base: Self::Base, count_a: Self::Count, count_b: Self::Count) -> Self;
fn decomposition_base(&self) -> Self::Base;
fn decomposition_count_a(&self) -> Self::Count;
fn decomposition_count_b(&self) -> Self::Count;
}
trait SingleDecomposerParams {
type Base;
type Count;
fn new(base: Self::Base, count: Self::Count) -> Self;
fn decomposition_base(&self) -> Self::Base;
fn decomposition_count(&self) -> Self::Count;
}
impl DoubleDecomposerParams
for (
DecompostionLogBase,
(DecompositionCount, DecompositionCount),
)
{
type Base = DecompostionLogBase;
type Count = DecompositionCount;
fn new(
base: DecompostionLogBase,
count_a: DecompositionCount,
count_b: DecompositionCount,
) -> Self {
(base, (count_a, count_b))
}
fn decomposition_base(&self) -> Self::Base {
self.0
}
fn decomposition_count_a(&self) -> Self::Count {
self.1 .0
}
fn decomposition_count_b(&self) -> Self::Count {
self.1 .1
}
}
impl SingleDecomposerParams for (DecompostionLogBase, DecompositionCount) {
type Base = DecompostionLogBase;
type Count = DecompositionCount;
fn new(base: DecompostionLogBase, count: DecompositionCount) -> Self {
(base, count)
}
fn decomposition_base(&self) -> Self::Base {
self.0
}
fn decomposition_count(&self) -> Self::Count {
self.1
}
}
// impl DecomposerParams for (DecompostionLogBase, (DecompositionCount)) {
// type Base = DecompostionLogBase;
// type Count = DecompositionCount;
// fn decomposition_base(&self) -> Self::Base {
// self.0
// }
// fn decomposition_count(&self) -> Self::Count {
// self.1
// }
// }
#[derive(Clone, PartialEq, Debug)]
pub(crate) enum ParameterVariant {
SingleParty,
MultiParty,
NonInteractiveMultiParty,
}
#[derive(Clone, PartialEq)] #[derive(Clone, PartialEq)]
pub struct BoolParameters<El> { pub struct BoolParameters<El> {
rlwe_q: CiphertextModulus<El>, rlwe_q: CiphertextModulus<El>,
@@ -9,18 +94,21 @@ pub struct BoolParameters<El> {
br_q: usize, br_q: usize,
rlwe_n: PolynomialSize, rlwe_n: PolynomialSize,
lwe_n: LweDimension, lwe_n: LweDimension,
lwe_decomposer_base: DecompostionLogBase, lwe_decomposer_params: (DecompostionLogBase, DecompositionCount),
lwe_decomposer_count: DecompositionCount,
rlrg_decomposer_base: DecompostionLogBase,
/// RLWE x RGSW decomposition count for (part A, part B) /// RLWE x RGSW decomposition count for (part A, part B)
rlrg_decomposer_count: (DecompositionCount, DecompositionCount), rlrg_decomposer_params: (
rgrg_decomposer_base: DecompostionLogBase, DecompostionLogBase,
(DecompositionCount, DecompositionCount),
),
/// RGSW x RGSW decomposition count for (part A, part B) /// RGSW x RGSW decomposition count for (part A, part B)
rgrg_decomposer_count: (DecompositionCount, DecompositionCount), rgrg_decomposer_params: Option<(
auto_decomposer_base: DecompostionLogBase, DecompostionLogBase,
auto_decomposer_count: DecompositionCount, (DecompositionCount, DecompositionCount),
)>,
auto_decomposer_params: (DecompostionLogBase, DecompositionCount),
g: usize, g: usize,
w: usize, w: usize,
variant: ParameterVariant,
} }
impl<El> BoolParameters<El> { impl<El> BoolParameters<El> {
@@ -53,53 +141,57 @@ impl<El> BoolParameters<El> {
} }
pub(crate) fn rlwe_rgsw_decomposition_base(&self) -> DecompostionLogBase { pub(crate) fn rlwe_rgsw_decomposition_base(&self) -> DecompostionLogBase {
self.rlrg_decomposer_base self.rlrg_decomposer_params.0
} }
pub(crate) fn rlwe_rgsw_decomposition_count(&self) -> (DecompositionCount, DecompositionCount) { pub(crate) fn rlwe_rgsw_decomposition_count(&self) -> (DecompositionCount, DecompositionCount) {
self.rlrg_decomposer_count self.rlrg_decomposer_params.1
}
pub(crate) fn rgsw_rgsw_decomposition_base(&self) -> DecompostionLogBase {
self.rgrg_decomposer_base
} }
pub(crate) fn rgsw_rgsw_decomposition_count(&self) -> (DecompositionCount, DecompositionCount) { pub(crate) fn rgsw_rgsw_decomposition_count(&self) -> (DecompositionCount, DecompositionCount) {
self.rgrg_decomposer_count let params = self.rgrg_decomposer_params.expect(&format!(
"Parameter variant {:?} does not support RGSW x RGSW",
self.variant
));
params.1
} }
pub(crate) fn auto_decomposition_base(&self) -> DecompostionLogBase { pub(crate) fn auto_decomposition_base(&self) -> DecompostionLogBase {
self.auto_decomposer_base self.auto_decomposer_params.decomposition_base()
} }
pub(crate) fn auto_decomposition_count(&self) -> DecompositionCount { pub(crate) fn auto_decomposition_count(&self) -> DecompositionCount {
self.auto_decomposer_count self.auto_decomposer_params.decomposition_count()
} }
pub(crate) fn lwe_decomposition_base(&self) -> DecompostionLogBase { pub(crate) fn lwe_decomposition_base(&self) -> DecompostionLogBase {
self.lwe_decomposer_base self.lwe_decomposer_params.decomposition_base()
} }
pub(crate) fn lwe_decomposition_count(&self) -> DecompositionCount { pub(crate) fn lwe_decomposition_count(&self) -> DecompositionCount {
self.lwe_decomposer_count self.lwe_decomposer_params.decomposition_count()
} }
pub(crate) fn rgsw_rgsw_decomposer<D: Decomposer<Element = El>>(&self) -> (D, D) pub(crate) fn rgsw_rgsw_decomposer<D: Decomposer<Element = El>>(&self) -> (D, D)
where where
El: Copy, El: Copy,
{ {
let params = self.rgrg_decomposer_params.expect(&format!(
"Parameter variant {:?} does not support RGSW x RGSW",
self.variant
));
( (
// A // A
D::new( D::new(
self.rlwe_q.0, self.rlwe_q.0,
self.rgrg_decomposer_base.0, params.decomposition_base().0,
self.rgrg_decomposer_count.0 .0, params.decomposition_count_a().0,
), ),
// B // B
D::new( D::new(
self.rlwe_q.0, self.rlwe_q.0,
self.rgrg_decomposer_base.0, params.decomposition_base().0,
self.rgrg_decomposer_count.1 .0, params.decomposition_count_b().0,
), ),
) )
} }
@@ -110,8 +202,8 @@ impl<El> BoolParameters<El> {
{ {
D::new( D::new(
self.rlwe_q.0, self.rlwe_q.0,
self.auto_decomposer_base.0, self.auto_decomposer_params.decomposition_base().0,
self.auto_decomposer_count.0, self.auto_decomposer_params.decomposition_count().0,
) )
} }
@@ -121,8 +213,8 @@ impl<El> BoolParameters<El> {
{ {
D::new( D::new(
self.lwe_q.0, self.lwe_q.0,
self.lwe_decomposer_base.0, self.lwe_decomposer_params.decomposition_base().0,
self.lwe_decomposer_count.0, self.lwe_decomposer_params.decomposition_count().0,
) )
} }
@@ -134,14 +226,14 @@ impl<El> BoolParameters<El> {
// A // A
D::new( D::new(
self.rlwe_q.0, self.rlwe_q.0,
self.rlrg_decomposer_base.0, self.rlrg_decomposer_params.decomposition_base().0,
self.rlrg_decomposer_count.0 .0, self.rlrg_decomposer_params.decomposition_count_a().0,
), ),
// B // B
D::new( D::new(
self.rlwe_q.0, self.rlwe_q.0,
self.rlrg_decomposer_base.0, self.rlrg_decomposer_params.decomposition_base().0,
self.rlrg_decomposer_count.1 .0, self.rlrg_decomposer_params.decomposition_count_b().0,
), ),
) )
} }
@@ -298,16 +390,16 @@ pub(crate) const SP_BOOL_PARAMS: BoolParameters<u64> = BoolParameters::<u64> {
br_q: 1 << 10, br_q: 1 << 10,
rlwe_n: PolynomialSize(1 << 10), rlwe_n: PolynomialSize(1 << 10),
lwe_n: LweDimension(500), lwe_n: LweDimension(500),
lwe_decomposer_base: DecompostionLogBase(4), lwe_decomposer_params: (DecompostionLogBase(4), DecompositionCount(4)),
lwe_decomposer_count: DecompositionCount(4), rlrg_decomposer_params: (
rlrg_decomposer_base: DecompostionLogBase(7), DecompostionLogBase(7),
rlrg_decomposer_count: (DecompositionCount(4), DecompositionCount(4)), (DecompositionCount(4), DecompositionCount(4)),
rgrg_decomposer_base: DecompostionLogBase(7), ),
rgrg_decomposer_count: (DecompositionCount(4), DecompositionCount(4)), rgrg_decomposer_params: None,
auto_decomposer_base: DecompostionLogBase(7), auto_decomposer_params: (DecompostionLogBase(7), DecompositionCount(4)),
auto_decomposer_count: DecompositionCount(4),
g: 5, g: 5,
w: 5, w: 5,
variant: ParameterVariant::SingleParty,
}; };
pub(crate) const MP_BOOL_PARAMS: BoolParameters<u64> = BoolParameters::<u64> { pub(crate) const MP_BOOL_PARAMS: BoolParameters<u64> = BoolParameters::<u64> {
@@ -316,16 +408,19 @@ pub(crate) const MP_BOOL_PARAMS: BoolParameters<u64> = BoolParameters::<u64> {
br_q: 1 << 11, br_q: 1 << 11,
rlwe_n: PolynomialSize(1 << 11), rlwe_n: PolynomialSize(1 << 11),
lwe_n: LweDimension(500), lwe_n: LweDimension(500),
lwe_decomposer_base: DecompostionLogBase(4), lwe_decomposer_params: (DecompostionLogBase(4), DecompositionCount(5)),
lwe_decomposer_count: DecompositionCount(5), rlrg_decomposer_params: (
rlrg_decomposer_base: DecompostionLogBase(12), DecompostionLogBase(12),
rlrg_decomposer_count: (DecompositionCount(5), DecompositionCount(5)), (DecompositionCount(5), DecompositionCount(5)),
rgrg_decomposer_base: DecompostionLogBase(12), ),
rgrg_decomposer_count: (DecompositionCount(5), DecompositionCount(5)), rgrg_decomposer_params: Some((
auto_decomposer_base: DecompostionLogBase(12), DecompostionLogBase(12),
auto_decomposer_count: DecompositionCount(5), (DecompositionCount(5), DecompositionCount(5)),
)),
auto_decomposer_params: (DecompostionLogBase(12), DecompositionCount(5)),
g: 5, g: 5,
w: 10, w: 10,
variant: ParameterVariant::MultiParty,
}; };
pub(crate) const SMALL_MP_BOOL_PARAMS: BoolParameters<u64> = BoolParameters::<u64> { pub(crate) const SMALL_MP_BOOL_PARAMS: BoolParameters<u64> = BoolParameters::<u64> {
@@ -334,16 +429,19 @@ pub(crate) const SMALL_MP_BOOL_PARAMS: BoolParameters<u64> = BoolParameters::<u6
br_q: 1 << 11, br_q: 1 << 11,
rlwe_n: PolynomialSize(1 << 11), rlwe_n: PolynomialSize(1 << 11),
lwe_n: LweDimension(600), lwe_n: LweDimension(600),
lwe_decomposer_base: DecompostionLogBase(4), lwe_decomposer_params: (DecompostionLogBase(4), DecompositionCount(5)),
lwe_decomposer_count: DecompositionCount(5), rlrg_decomposer_params: (
rlrg_decomposer_base: DecompostionLogBase(11), DecompostionLogBase(11),
rlrg_decomposer_count: (DecompositionCount(2), DecompositionCount(1)), (DecompositionCount(2), DecompositionCount(1)),
rgrg_decomposer_base: DecompostionLogBase(11), ),
rgrg_decomposer_count: (DecompositionCount(5), DecompositionCount(4)), rgrg_decomposer_params: Some((
auto_decomposer_base: DecompostionLogBase(11), DecompostionLogBase(11),
auto_decomposer_count: DecompositionCount(2), (DecompositionCount(5), DecompositionCount(4)),
)),
auto_decomposer_params: (DecompostionLogBase(11), DecompositionCount(2)),
g: 5, g: 5,
w: 10, w: 10,
variant: ParameterVariant::MultiParty,
}; };
#[cfg(test)] #[cfg(test)]

66
src/multi_party.rs
View File

@@ -57,7 +57,7 @@ fn non_interactive_rgsw_ct<
ModOp: VectorOps<Element = M::MatElement> + GetModulus<Element = M::MatElement>, ModOp: VectorOps<Element = M::MatElement> + GetModulus<Element = M::MatElement>,
>( >(
s: &[S], s: &[S],
ephemeral_u: &[S], u: &[S],
m: &[M::MatElement], m: &[M::MatElement],
gadget_vec: &[M::MatElement], gadget_vec: &[M::MatElement],
p_rng: &mut PRng, p_rng: &mut PRng,
@@ -69,14 +69,14 @@ where
<M as Matrix>::R: RowMut + TryConvertFrom1<[S], ModOp::M> + RowEntity, <M as Matrix>::R: RowMut + TryConvertFrom1<[S], ModOp::M> + RowEntity,
M::MatElement: Copy, M::MatElement: Copy,
{ {
assert_eq!(s.len(), ephemeral_u.len()); assert_eq!(s.len(), u.len());
assert_eq!(s.len(), m.len()); assert_eq!(s.len(), m.len());
let q = modop.modulus(); let q = modop.modulus();
let d = gadget_vec.len(); let d = gadget_vec.len();
let ring_size = s.len(); let ring_size = s.len();
let mut s_poly_eval = M::R::try_convert_from(s, q); let mut s_poly_eval = M::R::try_convert_from(s, q);
let mut u_poly_eval = M::R::try_convert_from(ephemeral_u, q); let mut u_poly_eval = M::R::try_convert_from(u, q);
nttop.forward(s_poly_eval.as_mut()); nttop.forward(s_poly_eval.as_mut());
nttop.forward(u_poly_eval.as_mut()); nttop.forward(u_poly_eval.as_mut());
@@ -125,7 +125,7 @@ where
(enc_beta_m, zero_encryptions) (enc_beta_m, zero_encryptions)
} }
fn non_interactive_ksk_gen< pub(crate) fn non_interactive_ksk_gen<
M: MatrixMut + MatrixEntity, M: MatrixMut + MatrixEntity,
S, S,
PRng: RandomFillUniformInModulus<[M::MatElement], ModOp::M>, PRng: RandomFillUniformInModulus<[M::MatElement], ModOp::M>,
@@ -134,7 +134,7 @@ fn non_interactive_ksk_gen<
ModOp: VectorOps<Element = M::MatElement> + GetModulus<Element = M::MatElement>, ModOp: VectorOps<Element = M::MatElement> + GetModulus<Element = M::MatElement>,
>( >(
s: &[S], s: &[S],
ephemeral_u: &[S], u: &[S],
gadget_vec: &[M::MatElement], gadget_vec: &[M::MatElement],
p_rng: &mut PRng, p_rng: &mut PRng,
rng: &mut Rng, rng: &mut Rng,
@@ -144,7 +144,7 @@ fn non_interactive_ksk_gen<
<M as Matrix>::R: RowMut + TryConvertFrom1<[S], ModOp::M> + RowEntity, <M as Matrix>::R: RowMut + TryConvertFrom1<[S], ModOp::M> + RowEntity,
M::MatElement: Copy, M::MatElement: Copy,
{ {
assert_eq!(s.len(), ephemeral_u.len()); assert_eq!(s.len(), u.len());
let q = modop.modulus(); let q = modop.modulus();
let d = gadget_vec.len(); let d = gadget_vec.len();
@@ -152,24 +152,16 @@ fn non_interactive_ksk_gen<
let mut s_poly_eval = M::R::try_convert_from(s, q); let mut s_poly_eval = M::R::try_convert_from(s, q);
nttop.forward(s_poly_eval.as_mut()); nttop.forward(s_poly_eval.as_mut());
let u_poly = M::R::try_convert_from(ephemeral_u, q); let u_poly = M::R::try_convert_from(u, q);
// a_i * s + \beta u + e // a_i * s + \beta u + e
// a_i * s + e
let mut ksk = M::zeros(d, ring_size); let mut ksk = M::zeros(d, ring_size);
let mut zero_encs = M::zeros(d, ring_size);
let mut scratch_space = M::R::zeros(ring_size); let mut scratch_space = M::R::zeros(ring_size);
izip!( izip!(ksk.iter_rows_mut(), gadget_vec.iter()).for_each(|(e_ksk, beta)| {
ksk.iter_rows_mut(),
zero_encs.iter_rows_mut(),
gadget_vec.iter()
)
.for_each(|(e_ksk, e_zero, beta)| {
// sample a_i // sample a_i
RandomFillUniformInModulus::random_fill(p_rng, q, e_ksk.as_mut()); RandomFillUniformInModulus::random_fill(p_rng, q, e_ksk.as_mut());
e_zero.as_mut().copy_from_slice(e_ksk.as_ref());
// a_i * s + e + beta u // a_i * s + e + beta u
nttop.forward(e_ksk.as_mut()); nttop.forward(e_ksk.as_mut());
@@ -183,13 +175,51 @@ fn non_interactive_ksk_gen<
modop.elwise_scalar_mul(scratch_space.as_mut(), u_poly.as_ref(), beta); modop.elwise_scalar_mul(scratch_space.as_mut(), u_poly.as_ref(), beta);
// a_i * s + e + \beta * u // a_i * s + e + \beta * u
modop.elwise_add_mut(e_ksk.as_mut(), scratch_space.as_ref()); modop.elwise_add_mut(e_ksk.as_mut(), scratch_space.as_ref());
});
}
pub(crate) fn non_interactive_ksk_zero_encryptions_for_other_party_i<
M: MatrixMut + MatrixEntity,
S,
PRng: RandomFillUniformInModulus<[M::MatElement], ModOp::M>,
Rng: RandomFillGaussianInModulus<[M::MatElement], ModOp::M>,
NttOp: Ntt<Element = M::MatElement>,
ModOp: VectorOps<Element = M::MatElement> + GetModulus<Element = M::MatElement>,
>(
s: &[S],
gadget_vec: &[M::MatElement],
p_rng: &mut PRng,
rng: &mut Rng,
nttop: &NttOp,
modop: &ModOp,
) -> M
where
<M as Matrix>::R: RowMut + TryConvertFrom1<[S], ModOp::M> + RowEntity,
M::MatElement: Copy,
{
let q = modop.modulus();
let d = gadget_vec.len();
let ring_size = s.len();
let mut s_poly_eval = M::R::try_convert_from(s, q);
nttop.forward(s_poly_eval.as_mut());
// a_i * s + e
let mut zero_encs = M::zeros(d, ring_size);
let mut scratch_space = M::R::zeros(ring_size);
izip!(zero_encs.iter_rows_mut()).for_each(|(e_zero)| {
// sample a_i
RandomFillUniformInModulus::random_fill(p_rng, q, e_zero.as_mut());
// a_i * s + e // a_i * s + e
nttop.forward(e_zero.as_mut()); nttop.forward(e_zero.as_mut());
modop.elwise_mul_mut(e_zero.as_mut(), s_poly_eval.as_ref()); modop.elwise_mul_mut(e_zero.as_mut(), s_poly_eval.as_ref());
nttop.backward(e_zero.as_mut()); nttop.backward(e_zero.as_mut());
// sample error e // sample error e
RandomFillGaussianInModulus::random_fill(rng, q, scratch_space.as_mut()); RandomFillGaussianInModulus::random_fill(rng, q, scratch_space.as_mut());
modop.elwise_add_mut(e_zero.as_mut(), scratch_space.as_ref());
}); });
zero_encs
} }