Merge branch 'dev_blind_rotate' into jay/fhe-vm-fixes

backend/src/lib.rs

@@ -231,6 +231,23 @@ impl Scratch {
         )
     }
 
+    pub fn tmp_slice_vec_znx_dft<B: Backend>(
+        &mut self,
+        slice_size: usize,
+        module: &Module<B>,
+        cols: usize,
+        size: usize,
+    ) -> (Vec<VecZnxDft<&mut [u8], B>>, &mut Self) {
+        let mut scratch: &mut Scratch = self;
+        let mut slice: Vec<VecZnxDft<&mut [u8], B>> = Vec::with_capacity(slice_size);
+        for _ in 0..slice_size{
+            let (znx, new_scratch) = scratch.tmp_vec_znx_dft(module, cols, size);
+            scratch = new_scratch;
+            slice.push(znx);
+        };
+        (slice, scratch)
+    }
+
     pub fn tmp_vec_znx_big<B: Backend>(
         &mut self,
         module: &Module<B>,
@@ -253,6 +270,23 @@ impl Scratch {
         )
     }
 
+    pub fn tmp_slice_vec_znx<B: Backend>(
+        &mut self,
+        slice_size: usize,
+        module: &Module<B>,
+        cols: usize,
+        size: usize,
+    ) -> (Vec<VecZnx<&mut [u8]>>, &mut Self) {
+        let mut scratch: &mut Scratch = self;
+        let mut slice: Vec<VecZnx<&mut [u8]>> = Vec::with_capacity(slice_size);
+        for _ in 0..slice_size{
+            let (znx, new_scratch) = scratch.tmp_vec_znx(module, cols, size);
+            scratch = new_scratch;
+            slice.push(znx);
+        };
+        (slice, scratch)
+    }
+
     pub fn tmp_mat_znx_dft<B: Backend>(
         &mut self,
         module: &Module<B>,

backend/src/znx_base.rs

@@ -57,8 +57,8 @@ pub trait ZnxView: ZnxInfos + DataView<D: AsRef<[u8]>> {
     fn at_ptr(&self, i: usize, j: usize) -> *const Self::Scalar {
         #[cfg(debug_assertions)]
         {
-            assert!(i < self.cols());
+            assert!(i < self.cols(), "{} >= {}", i, self.cols());
-            assert!(j < self.size());
+            assert!(j < self.size(), "{} >= {}", j, self.size());
         }
         let offset: usize = self.n() * (j * self.cols() + i);
         unsafe { self.as_ptr().add(offset) }
@@ -85,8 +85,8 @@ pub trait ZnxViewMut: ZnxView + DataViewMut<D: AsMut<[u8]>> {
     fn at_mut_ptr(&mut self, i: usize, j: usize) -> *mut Self::Scalar {
         #[cfg(debug_assertions)]
         {
-            assert!(i < self.cols());
+            assert!(i < self.cols(), "{} >= {}", i, self.cols());
-            assert!(j < self.size());
+            assert!(j < self.size(), "{} >= {}", j, self.size());
         }
         let offset: usize = self.n() * (j * self.cols() + i);
         unsafe { self.as_mut_ptr().add(offset) }

core/benches/keyswitch_glwe_fft64.rs

@@ -38,7 +38,7 @@ fn bench_keyswitch_glwe_fft64(c: &mut Criterion) {
         let mut ct_out: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_rlwe_out, rank_out);
 
         let mut scratch = ScratchOwned::new(
-            GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ksk.k(), rank_out)
+            GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ksk.k(), rank_in, rank_out)
                 | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct_in.k())
                 | GLWECiphertext::keyswitch_scratch_space(
                     &module,
@@ -63,7 +63,7 @@ fn bench_keyswitch_glwe_fft64(c: &mut Criterion) {
         let mut sk_out: GLWESecret<Vec<u8>> = GLWESecret::alloc(&module, rank_out);
         sk_out.fill_ternary_prob(0.5, &mut source_xs);
 
-        ksk.generate_from_sk(
+        ksk.encrypt_sk(
             &module,
             -1,
             &sk_in,
@@ -139,7 +139,7 @@ fn bench_keyswitch_glwe_inplace_fft64(c: &mut Criterion) {
         let mut ct: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_ct, rank);
 
         let mut scratch = ScratchOwned::new(
-            GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ksk.k(), rank)
+            GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ksk.k(), rank, rank)
                 | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct.k())
                 | GLWECiphertext::keyswitch_inplace_scratch_space(&module, basek, ct.k(), ksk.k(), digits, rank),
         );
@@ -156,7 +156,7 @@ fn bench_keyswitch_glwe_inplace_fft64(c: &mut Criterion) {
         sk_out.fill_ternary_prob(0.5, &mut source_xs);
         let sk_out_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk_out);
 
-        ksk.generate_from_sk(
+        ksk.encrypt_sk(
             &module,
             &sk_in,
             &sk_out_dft,

core/src/blind_rotation/ccgi.rs

@@ -1,342 +0,0 @@
-use std::time::Instant;
-
-use backend::{
-    MatZnxDftOps, MatZnxDftScratch, Module, ScalarZnx, ScalarZnxAlloc, ScalarZnxDft, ScalarZnxDftAlloc, ScalarZnxDftOps, Scratch, VecZnxBigAlloc, VecZnxBigOps, VecZnxBigScratch, VecZnxDftOps, VecZnxOps, ZnxInfos, ZnxView, ZnxViewMut, ZnxZero, FFT64
-};
-use itertools::izip;
-
-use crate::{
-    FourierGLWECiphertext, FourierGLWESecret, GLWECiphertext, GLWECiphertextToMut, GLWEPlaintext, Infos, LWECiphertext,
-    ScratchCore,
-    blind_rotation::{key::BlindRotationKeyCGGI, lut::LookUpTable},
-    lwe::ciphertext::LWECiphertextToRef,
-};
-
-pub fn cggi_blind_rotate_scratch_space(
-    module: &Module<FFT64>,
-    extension_factor: usize,
-    basek: usize,
-    k_lut: usize,
-    k_brk: usize,
-    rows: usize,
-    rank: usize,
-) -> usize {
-    let lut_size: usize = k_lut.div_ceil(basek);
-    let brk_size: usize = k_brk.div_ceil(basek);
-
-    let acc_dft: usize = FourierGLWECiphertext::bytes_of(module, basek, k_brk, rank) * extension_factor;
-    let acc_big: usize = module.bytes_of_vec_znx_big(rank + 1, brk_size);
-    let acc_dft_add: usize = FourierGLWECiphertext::bytes_of(module, basek, k_brk, rank) * extension_factor;
-    let vmp_res: usize = FourierGLWECiphertext::bytes_of(module, basek, k_brk, rank) * extension_factor;
-    let xai_plus_y: usize = module.bytes_of_scalar_znx(1);
-    let xai_plus_y_dft: usize = module.bytes_of_scalar_znx_dft(1);
-    let vmp: usize = module.vmp_apply_tmp_bytes(lut_size, lut_size, rows, 2, 2, brk_size); // GGSW product: (1 x 2) x (2 x 2)
-
-    let acc: usize;
-    if extension_factor > 1 {
-        acc = GLWECiphertext::bytes_of(module, basek, k_lut, rank) * extension_factor;
-    } else {
-        acc = 0;
-    }
-
-    return acc + acc_big + acc_dft + acc_dft_add + vmp_res + xai_plus_y + xai_plus_y_dft + (vmp | module.vec_znx_big_normalize_tmp_bytes());
-}
-
-pub fn cggi_blind_rotate<DataRes, DataIn>(
-    module: &Module<FFT64>,
-    res: &mut GLWECiphertext<DataRes>,
-    lwe: &LWECiphertext<DataIn>,
-    lut: &LookUpTable,
-    brk: &BlindRotationKeyCGGI<FFT64>,
-    scratch: &mut Scratch,
-) where
-    DataRes: AsRef<[u8]> + AsMut<[u8]>,
-    DataIn: AsRef<[u8]>,
-{
-    if lut.extension_factor() > 1 {
-        cggi_blind_rotate_block_binary_extended(module, res, lwe, lut, brk, scratch);
-    } else if brk.block_size() > 1 {
-        cggi_blind_rotate_block_binary(module, res, lwe, lut, brk, scratch);
-    } else {
-        todo!("implement this case")
-    }
-}
-
-pub(crate) fn cggi_blind_rotate_block_binary_extended<DataRes, DataIn>(
-    module: &Module<FFT64>,
-    res: &mut GLWECiphertext<DataRes>,
-    lwe: &LWECiphertext<DataIn>,
-    lut: &LookUpTable,
-    brk: &BlindRotationKeyCGGI<FFT64>,
-    scratch: &mut Scratch,
-) where
-    DataRes: AsRef<[u8]> + AsMut<[u8]>,
-    DataIn: AsRef<[u8]>,
-{
-    let extension_factor: usize = lut.extension_factor();
-    let basek: usize = res.basek();
-
-    let (mut acc, scratch1) = scratch.tmp_vec_glwe_ct(extension_factor, module, basek, res.k(), res.rank());
-    let (mut acc_dft, scratch2) = scratch1.tmp_vec_fourier_glwe_ct(extension_factor, module, basek, brk.k(), res.rank());
-    let (mut vmp_res, scratch3) = scratch2.tmp_vec_fourier_glwe_ct(extension_factor, module, basek, brk.k(), res.rank());
-    let (mut acc_add_dft, scratch4) = scratch3.tmp_vec_fourier_glwe_ct(extension_factor, module, basek, brk.k(), res.rank());
-
-    (0..extension_factor).for_each(|i| {
-        acc[i].data.zero();
-    });
-
-    let (mut xai_plus_y, scratch5) = scratch4.tmp_scalar_znx(module, 1);
-    let (mut xai_plus_y_dft, scratch6) = scratch5.tmp_scalar_znx_dft(module, 1);
-    let (mut acc_add_big, scratch7) = scratch6.tmp_vec_znx_big(module, 1, brk.size());
-
-    let mut lwe_2n: Vec<i64> = vec![0i64; lwe.n() + 1]; // TODO: from scratch space
-    let lwe_ref: LWECiphertext<&[u8]> = lwe.to_ref();
-
-    let two_n_ext: usize = 2 * lut.domain_size();
-
-    let cols: usize = res.rank() + 1;
-
-    negate_and_mod_switch_2n(two_n_ext, &mut lwe_2n, &lwe_ref);
-
-    let a: &[i64] = &lwe_2n[1..];
-    let b_pos: usize = ((lwe_2n[0] + two_n_ext as i64) % two_n_ext as i64) as usize;
-
-    let b_hi: usize = b_pos / extension_factor;
-    let b_lo: usize = b_pos % extension_factor;
-
-    for (i, j) in (0..b_lo).zip(extension_factor - b_lo..extension_factor) {
-        module.vec_znx_rotate(b_hi as i64 + 1, &mut acc[i].data, 0, &lut.data[j], 0);
-    }
-    for (i, j) in (b_lo..extension_factor).zip(0..extension_factor - b_lo) {
-        module.vec_znx_rotate(b_hi as i64, &mut acc[i].data, 0, &lut.data[j], 0);
-    }
-
-    let block_size: usize = brk.block_size();
-
-    izip!(
-        a.chunks_exact(block_size),
-        brk.data.chunks_exact(block_size)
-    )
-    .enumerate()
-    .for_each(|(i, (ai, ski))| {
-        (0..extension_factor).for_each(|i| {
-            (0..cols).for_each(|j| {
-                module.vec_znx_dft(1, 0, &mut acc_dft[i].data, j, &acc[i].data, j);
-            });
-            acc_add_dft[i].data.zero();
-        });
-
-        // TODO: first & last iterations can be optimized
-        izip!(ai.iter(), ski.iter()).for_each(|(aii, skii)| {
-            let ai_pos: usize = ((aii + two_n_ext as i64) % two_n_ext as i64) as usize;
-            let ai_hi: usize = ai_pos / extension_factor;
-            let ai_lo: usize = ai_pos % extension_factor;
-
-            // vmp_res = DFT(acc) * BRK[i]
-            (0..extension_factor).for_each(|i| {
-                module.vmp_apply(&mut vmp_res[i].data, &acc_dft[i].data, &skii.data, scratch7);
-            });
-
-            // Trivial case: no rotation between polynomials, we can directly multiply with (X^{-ai} - 1)
-            if ai_lo == 0 {
-                // DFT X^{-ai}
-                set_xai_plus_y(
-                    module,
-                    ai_hi as i64,
-                    -1,
-                    &mut xai_plus_y_dft,
-                    &mut xai_plus_y,
-                );
-
-                // Sets acc_add_dft[i] = (acc[i] * sk) * (X^{-ai} - 1)
-                (0..extension_factor).for_each(|j| {
-                    (0..cols).for_each(|i| {
-                        module.svp_apply_inplace(&mut vmp_res[j].data, i, &xai_plus_y_dft, 0);
-                        module.vec_znx_dft_add_inplace(&mut acc_add_dft[j].data, i, &vmp_res[j].data, i);
-                    });
-                });
-            // Non trivial case: rotation between polynomials
-            // In this case we can't directly multiply with (X^{-ai} - 1) because of the
-            // ring homomorphism R^{N} -> prod R^{N/extension_factor}, so we split the
-            // computation in two steps: acc_add_dft = (acc * sk) * (-1) + (acc * sk) * X^{-ai}
-            } else {
-                // Sets acc_add_dft[i] = acc[i] * sk
-                (0..extension_factor).for_each(|i| {
-                    (0..cols).for_each(|k| {
-                        module.vec_znx_dft_sub_ab_inplace(&mut acc_add_dft[i].data, k, &vmp_res[i].data, k);
-                    })
-                });
-
-                // DFT X^{-ai+1}
-                set_xai_plus_y(
-                    module,
-                    ai_hi as i64 + 1,
-                    0,
-                    &mut xai_plus_y_dft,
-                    &mut xai_plus_y,
-                );
-
-                // Sets acc_add_dft[0..ai_lo] += (acc[extension_factor - ai_lo..extension_factor] * sk) * X^{-ai+1}
-                for (i, j) in (0..ai_lo).zip(extension_factor - ai_lo..extension_factor) {
-                    module.vec_znx_rotate(b_hi as i64 + 1, &mut acc[i].data, 0, &lut.data[j], 0);
-                    (0..cols).for_each(|k| {
-                        module.svp_apply_inplace(&mut vmp_res[j].data, k, &xai_plus_y_dft, 0);
-                        module.vec_znx_dft_add_inplace(&mut acc_add_dft[i].data, k, &vmp_res[j].data, k);
-                    });
-                }
-
-                // DFT X^{-ai}
-                set_xai_plus_y(
-                    module,
-                    ai_hi as i64,
-                    0,
-                    &mut xai_plus_y_dft,
-                    &mut xai_plus_y,
-                );
-
-                // Sets acc_add_dft[ai_lo..extension_factor] += (acc[0..extension_factor - ai_lo] * sk) * X^{-ai}
-                for (i, j) in (ai_lo..extension_factor).zip(0..extension_factor - ai_lo) {
-                    module.vec_znx_rotate(b_hi as i64, &mut acc[i].data, 0, &lut.data[j], 0);
-                    (0..cols).for_each(|k| {
-                        module.svp_apply_inplace(&mut vmp_res[j].data, k, &xai_plus_y_dft, 0);
-                        module.vec_znx_dft_add_inplace(&mut acc_add_dft[i].data, k, &vmp_res[j].data, k);
-                    });
-                }
-            }
-        });
-
-        (0..extension_factor).for_each(|j| {
-            (0..cols).for_each(|i| {
-                module.vec_znx_dft_add_inplace(&mut acc_dft[j].data, i, &acc_add_dft[j].data, i);
-                module.vec_znx_idft(&mut acc_add_big, 0, &acc_dft[j].data, i, scratch7);
-                module.vec_znx_big_normalize(basek, &mut acc[j].data, i, &acc_add_big, 0, scratch7);
-            });
-        });
-    });
-
-    (0..cols).for_each(|i| {
-        module.vec_znx_copy(&mut res.data, i, &acc[0].data, i);
-    });
-}
-
-fn set_xai_plus_y(
-    module: &Module<FFT64>,
-    k: i64,
-    y: i64,
-    res: &mut ScalarZnxDft<&mut [u8], FFT64>,
-    buf: &mut ScalarZnx<&mut [u8]>,
-) {
-    buf.zero();
-    buf.at_mut(0, 0)[0] = 1;
-    module.vec_znx_rotate_inplace(k, buf, 0);
-    buf.at_mut(0, 0)[0] += y;
-    module.svp_prepare(res, 0, buf, 0);
-}
-
-pub(crate) fn cggi_blind_rotate_block_binary<DataRes, DataIn>(
-    module: &Module<FFT64>,
-    res: &mut GLWECiphertext<DataRes>,
-    lwe: &LWECiphertext<DataIn>,
-    lut: &LookUpTable,
-    brk: &BlindRotationKeyCGGI<FFT64>,
-    scratch: &mut Scratch,
-) where
-    DataRes: AsRef<[u8]> + AsMut<[u8]>,
-    DataIn: AsRef<[u8]>,
-{
-    let basek: usize = res.basek();
-
-    let mut lwe_2n: Vec<i64> = vec![0i64; lwe.n() + 1]; // TODO: from scratch space
-    let mut out_mut: GLWECiphertext<&mut [u8]> = res.to_mut();
-    let lwe_ref: LWECiphertext<&[u8]> = lwe.to_ref();
-
-    let cols: usize = out_mut.rank() + 1;
-
-    negate_and_mod_switch_2n(2 * lut.domain_size(), &mut lwe_2n, &lwe_ref);
-
-    let a: &[i64] = &lwe_2n[1..];
-    let b: i64 = lwe_2n[0];
-
-    out_mut.data.zero();
-
-    // Initialize out to X^{b} * LUT(X)
-    module.vec_znx_rotate(-b, &mut out_mut.data, 0, &lut.data[0], 0);
-
-    let block_size: usize = brk.block_size();
-
-    // ACC + [sum DFT(X^ai -1) * (DFT(ACC) x BRKi)]
-
-    let (mut acc_dft, scratch1) = scratch.tmp_fourier_glwe_ct(module, brk.basek(), out_mut.k(), out_mut.rank());
-    let (mut acc_add_dft, scratch2) = scratch1.tmp_fourier_glwe_ct(module, brk.basek(), out_mut.k(), out_mut.rank());
-    let (mut vmp_res, scratch3) = scratch2.tmp_fourier_glwe_ct(module, basek, out_mut.k(), out_mut.rank());
-    let (mut xai_plus_y, scratch4) = scratch3.tmp_scalar_znx(module, 1);
-    let (mut xai_plus_y_dft, scratch5) = scratch4.tmp_scalar_znx_dft(module, 1);
-
-    let start: Instant = Instant::now();
-    izip!(
-        a.chunks_exact(block_size),
-        brk.data.chunks_exact(block_size)
-    )
-    .for_each(|(ai, ski)| {
-        out_mut.dft(module, &mut acc_dft);
-        acc_add_dft.data.zero();
-
-        izip!(ai.iter(), ski.iter()).for_each(|(aii, skii)| {
-            // vmp_res = DFT(acc) * BRK[i]
-            module.vmp_apply(&mut vmp_res.data, &acc_dft.data, &skii.data, scratch5);
-
-            // DFT(X^ai -1)
-            set_xai_plus_y(module, *aii, -1, &mut xai_plus_y_dft, &mut xai_plus_y);
-
-            // DFT(X^ai -1) * (DFT(acc) * BRK[i])
-            (0..cols).for_each(|i| {
-                module.svp_apply_inplace(&mut vmp_res.data, i, &xai_plus_y_dft, 0);
-                module.vec_znx_dft_add_inplace(&mut acc_add_dft.data, i, &vmp_res.data, i);
-            });
-        });
-
-        (0..cols).for_each(|i| {
-            module.vec_znx_dft_add_inplace(&mut acc_dft.data, i, &acc_add_dft.data, i);
-        });
-
-        acc_dft.idft(module, &mut out_mut, scratch5);
-    });
-    let duration: std::time::Duration = start.elapsed();
-}
-
-pub(crate) fn negate_and_mod_switch_2n(n: usize, res: &mut [i64], lwe: &LWECiphertext<&[u8]>) {
-    let basek: usize = lwe.basek();
-
-    let log2n: usize = usize::BITS as usize - (n - 1).leading_zeros() as usize + 1;
-
-    res.copy_from_slice(&lwe.data.at(0, 0));
-    res.iter_mut().for_each(|x| *x = -*x);
-
-    if basek > log2n {
-        let diff: usize = basek - log2n;
-        res.iter_mut().for_each(|x| {
-            *x = div_signed_by_pow2(x, diff);
-        })
-    } else {
-        let rem: usize = basek - (log2n % basek);
-        let size: usize = log2n.div_ceil(basek);
-        (1..size).for_each(|i| {
-            if i == size - 1 && rem != basek {
-                let k_rem: usize = basek - rem;
-                izip!(lwe.data.at(0, i).iter(), res.iter_mut()).for_each(|(x, y)| {
-                    *y = (*y << k_rem) + (x >> rem);
-                });
-            } else {
-                izip!(lwe.data.at(0, i).iter(), res.iter_mut()).for_each(|(x, y)| {
-                    *y = (*y << basek) + x;
-                });
-            }
-        })
-    }
-}
-
-#[inline(always)]
-fn div_signed_by_pow2(x: &i64, k: usize) -> i64 {
-    let bias: i64 = (1 << k) - 1;
-    (x + ((x >> 63) & bias)) >> k
-}

core/src/blind_rotation/cggi.rs

@@ -0,0 +1,463 @@
+use backend::{
+    FFT64, MatZnxDftOps, MatZnxDftScratch, Module, ScalarZnx, ScalarZnxAlloc, ScalarZnxDft, ScalarZnxDftAlloc, ScalarZnxDftOps,
+    Scratch, VecZnxAlloc, VecZnxBigAlloc, VecZnxBigOps, VecZnxBigScratch, VecZnxDftAlloc, VecZnxDftOps, VecZnxOps, ZnxView,
+    ZnxViewMut, ZnxZero,
+};
+use itertools::izip;
+
+use crate::{
+    GLWECiphertext, GLWECiphertextToMut, GLWEOps, Infos, LWECiphertext, ScratchCore,
+    blind_rotation::{key::BlindRotationKeyCGGI, lut::LookUpTable},
+    dist::Distribution,
+    lwe::ciphertext::LWECiphertextToRef,
+};
+
+pub fn cggi_blind_rotate_scratch_space(
+    module: &Module<FFT64>,
+    block_size: usize,
+    extension_factor: usize,
+    basek: usize,
+    k_res: usize,
+    k_brk: usize,
+    rows: usize,
+    rank: usize,
+) -> usize {
+    let brk_size: usize = k_brk.div_ceil(basek);
+
+    if block_size > 1 {
+        let cols: usize = rank + 1;
+        let acc_dft: usize = module.bytes_of_vec_znx_dft(cols, rows) * extension_factor;
+        let acc_big: usize = module.bytes_of_vec_znx_big(1, brk_size);
+        let vmp_res: usize = module.bytes_of_vec_znx_dft(cols, brk_size) * extension_factor;
+        let acc_dft_add: usize = vmp_res;
+        let xai_plus_y: usize = module.bytes_of_scalar_znx(1);
+        let xai_plus_y_dft: usize = module.bytes_of_scalar_znx_dft(1);
+        let vmp: usize = module.vmp_apply_tmp_bytes(brk_size, rows, rows, 2, 2, brk_size); // GGSW product: (1 x 2) x (2 x 2)
+
+        let acc: usize;
+        if extension_factor > 1 {
+            acc = module.bytes_of_vec_znx(cols, k_res.div_ceil(basek)) * extension_factor;
+        } else {
+            acc = 0;
+        }
+
+        return acc
+            + acc_dft
+            + acc_dft_add
+            + vmp_res
+            + xai_plus_y
+            + xai_plus_y_dft
+            + (vmp | (acc_big + (module.vec_znx_big_normalize_tmp_bytes() | module.vec_znx_idft_tmp_bytes())));
+    } else {
+        2 * GLWECiphertext::bytes_of(module, basek, k_res, rank)
+            + GLWECiphertext::external_product_scratch_space(module, basek, k_res, k_res, k_brk, 1, rank)
+    }
+}
+
+pub fn cggi_blind_rotate<DataRes, DataIn>(
+    module: &Module<FFT64>,
+    res: &mut GLWECiphertext<DataRes>,
+    lwe: &LWECiphertext<DataIn>,
+    lut: &LookUpTable,
+    brk: &BlindRotationKeyCGGI<FFT64>,
+    scratch: &mut Scratch,
+) where
+    DataRes: AsRef<[u8]> + AsMut<[u8]>,
+    DataIn: AsRef<[u8]>,
+{
+    match brk.dist {
+        Distribution::BinaryBlock(_) | Distribution::BinaryFixed(_) | Distribution::BinaryProb(_) | Distribution::ZERO => {
+            if lut.extension_factor() > 1 {
+                cggi_blind_rotate_block_binary_extended(module, res, lwe, lut, brk, scratch);
+            } else if brk.block_size() > 1 {
+                cggi_blind_rotate_block_binary(module, res, lwe, lut, brk, scratch);
+            } else {
+                cggi_blind_rotate_binary_standard(module, res, lwe, lut, brk, scratch);
+            }
+        }
+        // TODO: ternary distribution ?
+        _ => panic!(
+            "invalid BlindRotationKeyCGGI distribution: must be BinaryBlock, BinaryFixed or BinaryProb (or ZERO for debugging)"
+        ),
+    }
+}
+
+pub(crate) fn cggi_blind_rotate_block_binary_extended<DataRes, DataIn>(
+    module: &Module<FFT64>,
+    res: &mut GLWECiphertext<DataRes>,
+    lwe: &LWECiphertext<DataIn>,
+    lut: &LookUpTable,
+    brk: &BlindRotationKeyCGGI<FFT64>,
+    scratch: &mut Scratch,
+) where
+    DataRes: AsRef<[u8]> + AsMut<[u8]>,
+    DataIn: AsRef<[u8]>,
+{
+    let extension_factor: usize = lut.extension_factor();
+    let basek: usize = res.basek();
+    let rows: usize = brk.rows();
+    let cols: usize = res.rank() + 1;
+
+    let (mut acc, scratch1) = scratch.tmp_slice_vec_znx(extension_factor, module, cols, res.size());
+    let (mut acc_dft, scratch2) = scratch1.tmp_slice_vec_znx_dft(extension_factor, module, cols, rows);
+    let (mut vmp_res, scratch3) = scratch2.tmp_slice_vec_znx_dft(extension_factor, module, cols, brk.size());
+    let (mut acc_add_dft, scratch4) = scratch3.tmp_slice_vec_znx_dft(extension_factor, module, cols, brk.size());
+    let (mut xai_plus_y, scratch5) = scratch4.tmp_scalar_znx(module, 1);
+    let (mut xai_plus_y_dft, scratch6) = scratch5.tmp_scalar_znx_dft(module, 1);
+
+    (0..extension_factor).for_each(|i| {
+        acc[i].zero();
+    });
+
+    let mut lwe_2n: Vec<i64> = vec![0i64; lwe.n() + 1]; // TODO: from scratch space
+    let lwe_ref: LWECiphertext<&[u8]> = lwe.to_ref();
+
+    let two_n_ext: usize = 2 * lut.domain_size();
+
+    negate_and_mod_switch_2n(two_n_ext, &mut lwe_2n, &lwe_ref);
+
+    let a: &[i64] = &lwe_2n[1..];
+    let b_pos: usize = ((lwe_2n[0] + two_n_ext as i64) % two_n_ext as i64) as usize;
+
+    let b_hi: usize = b_pos / extension_factor;
+    let b_lo: usize = b_pos % extension_factor;
+
+    for (i, j) in (0..b_lo).zip(extension_factor - b_lo..extension_factor) {
+        module.vec_znx_rotate(b_hi as i64 + 1, &mut acc[i], 0, &lut.data[j], 0);
+    }
+    for (i, j) in (b_lo..extension_factor).zip(0..extension_factor - b_lo) {
+        module.vec_znx_rotate(b_hi as i64, &mut acc[i], 0, &lut.data[j], 0);
+    }
+
+    let block_size: usize = brk.block_size();
+
+    izip!(
+        a.chunks_exact(block_size),
+        brk.data.chunks_exact(block_size)
+    )
+    .for_each(|(ai, ski)| {
+        (0..extension_factor).for_each(|i| {
+            (0..cols).for_each(|j| {
+                module.vec_znx_dft(1, 0, &mut acc_dft[i], j, &acc[i], j);
+            });
+            acc_add_dft[i].zero();
+        });
+
+        // TODO: first & last iterations can be optimized
+        izip!(ai.iter(), ski.iter()).for_each(|(aii, skii)| {
+            let ai_pos: usize = ((aii + two_n_ext as i64) % two_n_ext as i64) as usize;
+            let ai_hi: usize = ai_pos / extension_factor;
+            let ai_lo: usize = ai_pos % extension_factor;
+
+            // vmp_res = DFT(acc) * BRK[i]
+            (0..extension_factor).for_each(|i| {
+                module.vmp_apply(&mut vmp_res[i], &acc_dft[i], &skii.data, scratch6);
+            });
+
+            // Trivial case: no rotation between polynomials, we can directly multiply with (X^{-ai} - 1)
+            if ai_lo == 0 {
+                // DFT X^{-ai}
+                set_xai_plus_y(module, ai_hi, -1, &mut xai_plus_y_dft, &mut xai_plus_y);
+
+                // Sets acc_add_dft[i] = (acc[i] * sk) * (X^{-ai} - 1)
+                (0..extension_factor).for_each(|j| {
+                    (0..cols).for_each(|i| {
+                        module.svp_apply_inplace(&mut vmp_res[j], i, &xai_plus_y_dft, 0);
+                        module.vec_znx_dft_add_inplace(&mut acc_add_dft[j], i, &vmp_res[j], i);
+                    });
+                });
+            // Non trivial case: rotation between polynomials
+            // In this case we can't directly multiply with (X^{-ai} - 1) because of the
+            // ring homomorphism R^{N} -> prod R^{N/extension_factor}, so we split the
+            // computation in two steps: acc_add_dft = (acc * sk) * (-1) + (acc * sk) * X^{-ai}
+            } else {
+                // Sets acc_add_dft[i] = acc[i] * sk
+                (0..extension_factor).for_each(|i| {
+                    (0..cols).for_each(|k| {
+                        module.vec_znx_dft_sub_ab_inplace(&mut acc_add_dft[i], k, &vmp_res[i], k);
+                    })
+                });
+
+                // DFT X^{-ai}
+                set_xai_plus_y(module, ai_hi + 1, 0, &mut xai_plus_y_dft, &mut xai_plus_y);
+
+                // Sets acc_add_dft[0..ai_lo] += (acc[extension_factor - ai_lo..extension_factor] * sk) * X^{-ai+1}
+                for (i, j) in (0..ai_lo).zip(extension_factor - ai_lo..extension_factor) {
+                    (0..cols).for_each(|k| {
+                        module.svp_apply_inplace(&mut vmp_res[j], k, &xai_plus_y_dft, 0);
+                        module.vec_znx_dft_add_inplace(&mut acc_add_dft[i], k, &vmp_res[j], k);
+                    });
+                }
+
+                // DFT X^{-ai}
+                set_xai_plus_y(module, ai_hi, 0, &mut xai_plus_y_dft, &mut xai_plus_y);
+
+                // Sets acc_add_dft[ai_lo..extension_factor] += (acc[0..extension_factor - ai_lo] * sk) * X^{-ai}
+                for (i, j) in (ai_lo..extension_factor).zip(0..extension_factor - ai_lo) {
+                    (0..cols).for_each(|k| {
+                        module.svp_apply_inplace(&mut vmp_res[j], k, &xai_plus_y_dft, 0);
+                        module.vec_znx_dft_add_inplace(&mut acc_add_dft[i], k, &vmp_res[j], k);
+                    });
+                }
+            }
+        });
+
+        {
+            let (mut acc_add_big, scratch7) = scratch6.tmp_vec_znx_big(module, 1, brk.size());
+
+            (0..extension_factor).for_each(|j| {
+                (0..cols).for_each(|i| {
+                    module.vec_znx_idft(&mut acc_add_big, 0, &acc_add_dft[j], i, scratch7);
+                    module.vec_znx_big_add_small_inplace(&mut acc_add_big, 0, &acc[j], i);
+                    module.vec_znx_big_normalize(basek, &mut acc[j], i, &acc_add_big, 0, scratch7);
+                });
+            });
+        }
+    });
+
+    (0..cols).for_each(|i| {
+        module.vec_znx_copy(&mut res.data, i, &acc[0], i);
+    });
+}
+
+fn set_xai_plus_y(
+    module: &Module<FFT64>,
+    ai: usize,
+    y: i64,
+    res: &mut ScalarZnxDft<&mut [u8], FFT64>,
+    buf: &mut ScalarZnx<&mut [u8]>,
+) {
+    let n: usize = module.n();
+
+    {
+        let raw: &mut [i64] = buf.at_mut(0, 0);
+        if ai < n {
+            raw[ai] = 1;
+        } else {
+            raw[(ai - n) & (n - 1)] = -1;
+        }
+        raw[0] += y;
+    }
+
+    module.svp_prepare(res, 0, buf, 0);
+
+    {
+        let raw: &mut [i64] = buf.at_mut(0, 0);
+
+        if ai < n {
+            raw[ai] = 0;
+        } else {
+            raw[(ai - n) & (n - 1)] = 0;
+        }
+        raw[0] = 0;
+    }
+}
+
+pub(crate) fn cggi_blind_rotate_block_binary<DataRes, DataIn>(
+    module: &Module<FFT64>,
+    res: &mut GLWECiphertext<DataRes>,
+    lwe: &LWECiphertext<DataIn>,
+    lut: &LookUpTable,
+    brk: &BlindRotationKeyCGGI<FFT64>,
+    scratch: &mut Scratch,
+) where
+    DataRes: AsRef<[u8]> + AsMut<[u8]>,
+    DataIn: AsRef<[u8]>,
+{
+    let mut lwe_2n: Vec<i64> = vec![0i64; lwe.n() + 1]; // TODO: from scratch space
+    let mut out_mut: GLWECiphertext<&mut [u8]> = res.to_mut();
+    let lwe_ref: LWECiphertext<&[u8]> = lwe.to_ref();
+    let two_n: usize = module.n() << 1;
+    let basek: usize = brk.basek();
+    let rows = brk.rows();
+
+    let cols: usize = out_mut.rank() + 1;
+
+    negate_and_mod_switch_2n(2 * lut.domain_size(), &mut lwe_2n, &lwe_ref);
+
+    let a: &[i64] = &lwe_2n[1..];
+    let b: i64 = lwe_2n[0];
+
+    out_mut.data.zero();
+
+    // Initialize out to X^{b} * LUT(X)
+    module.vec_znx_rotate(b, &mut out_mut.data, 0, &lut.data[0], 0);
+
+    let block_size: usize = brk.block_size();
+
+    // ACC + [sum DFT(X^ai -1) * (DFT(ACC) x BRKi)]
+
+    let (mut acc_dft, scratch1) = scratch.tmp_vec_znx_dft(module, cols, rows);
+    let (mut vmp_res, scratch2) = scratch1.tmp_vec_znx_dft(module, cols, brk.size());
+    let (mut acc_add_dft, scratch3) = scratch2.tmp_vec_znx_dft(module, cols, brk.size());
+    let (mut xai_plus_y, scratch4) = scratch3.tmp_scalar_znx(module, 1);
+    let (mut xai_plus_y_dft, scratch5) = scratch4.tmp_scalar_znx_dft(module, 1);
+
+    izip!(
+        a.chunks_exact(block_size),
+        brk.data.chunks_exact(block_size)
+    )
+    .for_each(|(ai, ski)| {
+        (0..cols).for_each(|j| {
+            module.vec_znx_dft(1, 0, &mut acc_dft, j, &out_mut.data, j);
+        });
+
+        acc_add_dft.zero();
+
+        izip!(ai.iter(), ski.iter()).for_each(|(aii, skii)| {
+            let ai_pos: usize = ((aii + two_n as i64) % two_n as i64) as usize;
+
+            // vmp_res = DFT(acc) * BRK[i]
+            module.vmp_apply(&mut vmp_res, &acc_dft, &skii.data, scratch5);
+
+            // DFT(X^ai -1)
+            set_xai_plus_y(module, ai_pos, -1, &mut xai_plus_y_dft, &mut xai_plus_y);
+
+            // DFT(X^ai -1) * (DFT(acc) * BRK[i])
+            (0..cols).for_each(|i| {
+                module.svp_apply_inplace(&mut vmp_res, i, &xai_plus_y_dft, 0);
+                module.vec_znx_dft_add_inplace(&mut acc_add_dft, i, &vmp_res, i);
+            });
+        });
+
+        (0..cols).for_each(|i| {
+            module.vec_znx_dft_add_inplace(&mut acc_dft, i, &acc_add_dft, i);
+        });
+
+        {
+            let (mut acc_add_big, scratch6) = scratch5.tmp_vec_znx_big(module, 1, brk.size());
+
+            (0..cols).for_each(|i| {
+                module.vec_znx_idft(&mut acc_add_big, 0, &acc_add_dft, i, scratch6);
+                module.vec_znx_big_add_small_inplace(&mut acc_add_big, 0, &out_mut.data, i);
+                module.vec_znx_big_normalize(basek, &mut out_mut.data, i, &acc_add_big, 0, scratch6);
+            });
+        }
+    });
+}
+
+pub(crate) fn cggi_blind_rotate_binary_standard<DataRes, DataIn>(
+    module: &Module<FFT64>,
+    res: &mut GLWECiphertext<DataRes>,
+    lwe: &LWECiphertext<DataIn>,
+    lut: &LookUpTable,
+    brk: &BlindRotationKeyCGGI<FFT64>,
+    scratch: &mut Scratch,
+) where
+    DataRes: AsRef<[u8]> + AsMut<[u8]>,
+    DataIn: AsRef<[u8]>,
+{
+    #[cfg(debug_assertions)]
+    {
+        assert_eq!(
+            res.n(),
+            module.n(),
+            "res.n(): {} != brk.n(): {}",
+            res.n(),
+            module.n()
+        );
+        assert_eq!(
+            lut.domain_size(),
+            module.n(),
+            "lut.n(): {} != brk.n(): {}",
+            lut.domain_size(),
+            module.n()
+        );
+        assert_eq!(
+            brk.n(),
+            module.n(),
+            "brk.n(): {} != brk.n(): {}",
+            brk.n(),
+            module.n()
+        );
+        assert_eq!(
+            res.rank(),
+            brk.rank(),
+            "res.rank(): {} != brk.rank(): {}",
+            res.rank(),
+            brk.rank()
+        );
+        assert_eq!(
+            lwe.n(),
+            brk.data.len(),
+            "lwe.n(): {} != brk.data.len(): {}",
+            lwe.n(),
+            brk.data.len()
+        );
+    }
+
+    let mut lwe_2n: Vec<i64> = vec![0i64; lwe.n() + 1]; // TODO: from scratch space
+    let mut out_mut: GLWECiphertext<&mut [u8]> = res.to_mut();
+    let lwe_ref: LWECiphertext<&[u8]> = lwe.to_ref();
+    let basek: usize = brk.basek();
+
+    negate_and_mod_switch_2n(2 * lut.domain_size(), &mut lwe_2n, &lwe_ref);
+
+    let a: &[i64] = &lwe_2n[1..];
+    let b: i64 = lwe_2n[0];
+
+    out_mut.data.zero();
+
+    // Initialize out to X^{b} * LUT(X)
+    module.vec_znx_rotate(b, &mut out_mut.data, 0, &lut.data[0], 0);
+
+    // ACC + [sum DFT(X^ai -1) * (DFT(ACC) x BRKi)]
+    let (mut acc_tmp, scratch1) = scratch.tmp_glwe_ct(module, basek, out_mut.k(), out_mut.rank());
+    let (mut acc_tmp_rot, scratch2) = scratch1.tmp_glwe_ct(module, basek, out_mut.k(), out_mut.rank());
+
+    // TODO: see if faster by skipping normalization in external product and keeping acc in big coeffs
+    // TODO: first iteration can be optimized to be a gglwe product
+    izip!(a.iter(), brk.data.iter()).for_each(|(ai, ski)| {
+        // acc_tmp = sk[i] * acc
+        acc_tmp.external_product(module, &out_mut, ski, scratch2);
+
+        // acc_tmp = (sk[i] * acc) * X^{ai}
+        acc_tmp_rot.rotate(module, *ai, &acc_tmp);
+
+        // acc = acc + (sk[i] * acc) * X^{ai}
+        out_mut.add_inplace(module, &acc_tmp_rot);
+
+        // acc = acc + (sk[i] * acc) * X^{ai} - (sk[i] * acc) = acc + (sk[i] * acc) * (X^{ai} - 1)
+        out_mut.sub_inplace_ab(module, &acc_tmp);
+    });
+
+    // We can normalize only at the end because we add normalized values in [-2^{basek-1}, 2^{basek-1}]
+    // on top of each others, thus ~ 2^{63-basek} additions are supported before overflow.
+    out_mut.normalize_inplace(module, scratch2);
+}
+
+pub(crate) fn negate_and_mod_switch_2n(n: usize, res: &mut [i64], lwe: &LWECiphertext<&[u8]>) {
+    let basek: usize = lwe.basek();
+
+    let log2n: usize = usize::BITS as usize - (n - 1).leading_zeros() as usize + 1;
+
+    res.copy_from_slice(&lwe.data.at(0, 0));
+    res.iter_mut().for_each(|x| *x = -*x);
+
+    if basek > log2n {
+        let diff: usize = basek - log2n;
+        res.iter_mut().for_each(|x| {
+            *x = div_round_by_pow2(x, diff);
+        })
+    } else {
+        let rem: usize = basek - (log2n % basek);
+        let size: usize = log2n.div_ceil(basek);
+        (1..size).for_each(|i| {
+            if i == size - 1 && rem != basek {
+                let k_rem: usize = basek - rem;
+                izip!(lwe.data.at(0, i).iter(), res.iter_mut()).for_each(|(x, y)| {
+                    *y = (*y << k_rem) + (x >> rem);
+                });
+            } else {
+                izip!(lwe.data.at(0, i).iter(), res.iter_mut()).for_each(|(x, y)| {
+                    *y = (*y << basek) + x;
+                });
+            }
+        })
+    }
+}
+
+#[inline(always)]
+fn div_round_by_pow2(x: &i64, k: usize) -> i64 {
+    (x + (1 << (k - 1))) >> k
+}

core/src/blind_rotation/key.rs

@@ -74,6 +74,11 @@ impl BlindRotationKeyCGGI<FFT64> {
         }
     }
 
+    #[allow(dead_code)]
+    pub(crate) fn n(&self) -> usize {
+        self.data[0].n()
+    }
+
     #[allow(dead_code)]
     pub(crate) fn rows(&self) -> usize {
         self.data[0].rows()

core/src/blind_rotation/lut.rs

@@ -1,4 +1,4 @@
-use backend::{FFT64, Module, ScalarZnx, VecZnx, VecZnxAlloc, VecZnxOps, ZnxInfos, ZnxView, ZnxViewMut, alloc_aligned};
+use backend::{FFT64, Module, VecZnx, VecZnxAlloc, VecZnxOps, ZnxInfos, ZnxViewMut, alloc_aligned};
 
 pub struct LookUpTable {
     pub(crate) data: Vec<VecZnx<Vec<u8>>>,
@@ -8,6 +8,14 @@ pub struct LookUpTable {
 
 impl LookUpTable {
     pub fn alloc(module: &Module<FFT64>, basek: usize, k: usize, extension_factor: usize) -> Self {
+        #[cfg(debug_assertions)]
+        {
+            assert!(
+                extension_factor & (extension_factor - 1) == 0,
+                "extension_factor must be a power of two but is: {}",
+                extension_factor
+            );
+        }
         let size: usize = k.div_ceil(basek);
         let mut data: Vec<VecZnx<Vec<u8>>> = Vec::with_capacity(extension_factor);
         (0..extension_factor).for_each(|_| {
@@ -24,17 +32,24 @@ impl LookUpTable {
         self.data.len() * self.data[0].n()
     }
 
-    pub fn set(&mut self, module: &Module<FFT64>, f: fn(i64) -> i64, message_modulus: usize) {
+    pub fn set(&mut self, module: &Module<FFT64>, f: &Vec<i64>, k: usize) {
+        assert!(f.len() <= module.n());
+
         let basek: usize = self.basek;
 
         // Get the number minimum limb to store the message modulus
-        let limbs: usize = message_modulus.div_ceil(1 << basek);
+        let limbs: usize = k.div_ceil(1 << basek);
+
+        #[cfg(debug_assertions)]
+        {
+            assert!(limbs <= self.data[0].size());
+        }
 
         // Scaling factor
-        let scale: i64 = (1 << (basek * limbs - 1)).div_round(message_modulus) as i64;
+        let scale: i64 = 1 << (k % basek) as i64;
 
-        // Updates function
+        // #elements in lookup table
-        let f_scaled = |x: i64| (f(x) % message_modulus as i64) * scale;
+        let f_len: usize = f.len();
 
         // If LUT size > module.n()
         let domain_size: usize = self.domain_size();
@@ -43,29 +58,17 @@ impl LookUpTable {
 
         // Equivalent to AUTO([f(0), -f(n-1), -f(n-2), ..., -f(1)], -1)
         let mut lut_full: VecZnx<Vec<u8>> = VecZnx::new::<i64>(domain_size, 1, size);
-        {
+
         let lut_at: &mut [i64] = lut_full.at_mut(0, limbs - 1);
 
-            let start: usize = 0;
+        f.iter().enumerate().for_each(|(i, fi)| {
-            let end: usize = (domain_size).div_round(message_modulus);
+            let start: usize = (i * domain_size).div_round(f_len);
-
+            let end: usize = ((i + 1) * domain_size).div_round(f_len);
-            let y: i64 = f_scaled(0);
+            lut_at[start..end].fill(fi * scale);
-            (start..end).for_each(|i| {
-                lut_at[i] = y;
         });
 
-            (1..message_modulus).for_each(|x| {
-                let start: usize = (x * domain_size).div_round(message_modulus);
-                let end: usize = ((x + 1) * domain_size).div_round(message_modulus);
-                let y: i64 = f_scaled(x as i64);
-                (start..end).for_each(|i| {
-                    lut_at[i] = y;
-                })
-            });
-        }
-
         // Rotates half the step to the left
-        let half_step: usize = domain_size.div_round(message_modulus << 1);
+        let half_step: usize = domain_size.div_round(f_len << 1);
 
         lut_full.rotate(-(half_step as i64));
 
@@ -84,30 +87,6 @@ impl LookUpTable {
         }
     }
 
-    pub fn set_raw<D>(&mut self, module: &Module<FFT64>, lut: &ScalarZnx<D>)
-    where
-        D: AsRef<[u8]>,
-    {
-        let domain_size: usize = self.domain_size();
-
-        let size: usize = self.k.div_ceil(self.basek);
-
-        let mut lut_full: VecZnx<Vec<u8>> = VecZnx::new::<i64>(domain_size, 1, size);
-
-        lut_full.at_mut(0, 0).copy_from_slice(lut.raw());
-
-        if self.extension_factor() > 1 {
-            (0..self.extension_factor()).for_each(|i| {
-                module.switch_degree(&mut self.data[i], 0, &lut_full, 0);
-                if i < self.extension_factor() {
-                    lut_full.rotate(-1);
-                }
-            });
-        } else {
-            module.vec_znx_copy(&mut self.data[0], 0, &lut_full, 0);
-        }
-    }
-
     #[allow(dead_code)]
     pub(crate) fn rotate(&mut self, k: i64) {
         let extension_factor: usize = self.extension_factor();

core/src/blind_rotation/mod.rs

@@ -1,7 +1,10 @@
-// pub mod cggi;
+pub mod cggi;
-pub mod ccgi;
 pub mod key;
 pub mod lut;
 
+pub use cggi::{cggi_blind_rotate, cggi_blind_rotate_scratch_space};
+pub use key::BlindRotationKeyCGGI;
+pub use lut::LookUpTable;
+
 #[cfg(test)]
 pub mod test_fft64;

core/src/blind_rotation/test_fft64/cggi.rs

@@ -1,12 +1,10 @@
-use std::time::Instant;
+use backend::{Encoding, FFT64, Module, ScratchOwned, ZnxView};
-
-use backend::{Encoding, FFT64, Module, ScalarZnx, ScratchOwned, Stats, VecZnxOps, ZnxView, ZnxViewMut};
 use sampling::source::Source;
 
 use crate::{
     FourierGLWESecret, GLWECiphertext, GLWEPlaintext, GLWESecret, Infos, LWECiphertext, LWESecret,
     blind_rotation::{
-        ccgi::{cggi_blind_rotate, cggi_blind_rotate_scratch_space, negate_and_mod_switch_2n},
+        cggi::{cggi_blind_rotate, cggi_blind_rotate_scratch_space, negate_and_mod_switch_2n},
         key::BlindRotationKeyCGGI,
         lut::LookUpTable,
     },
@@ -14,22 +12,32 @@ use crate::{
 };
 
 #[test]
-fn blind_rotation() {
+fn standard() {
-    let module: Module<FFT64> = Module::<FFT64>::new(2048);
+    blind_rotatio_test(224, 1, 1);
-    let basek: usize = 18;
+}
 
-    let n_lwe: usize = 1071;
+#[test]
+fn block_binary() {
+    blind_rotatio_test(224, 7, 1);
+}
+
+#[test]
+fn block_binary_extended() {
+    blind_rotatio_test(224, 7, 2);
+}
+
+fn blind_rotatio_test(n_lwe: usize, block_size: usize, extension_factor: usize) {
+    let module: Module<FFT64> = Module::<FFT64>::new(512);
+    let basek: usize = 19;
 
     let k_lwe: usize = 24;
     let k_brk: usize = 3 * basek;
-    let rows_brk: usize = 2;
+    let rows_brk: usize = 2; // Ensures first limb is noise-free.
-    let k_lut: usize = 2 * basek;
+    let k_lut: usize = 1 * basek;
+    let k_res: usize = 2 * basek;
     let rank: usize = 1;
-    let block_size: usize = 7;
 
-    let extension_factor: usize = 2;
+    let message_modulus: usize = 1 << 4;
-
-    let message_modulus: usize = 1 << 6;
 
     let mut source_xs: Source = Source::new([1u8; 32]);
     let mut source_xe: Source = Source::new([1u8; 32]);
@@ -42,24 +50,21 @@ fn blind_rotation() {
     let mut sk_lwe: LWESecret<Vec<u8>> = LWESecret::alloc(n_lwe);
     sk_lwe.fill_binary_block(block_size, &mut source_xs);
 
-    sk_lwe.data.raw_mut()[0] = 0;
+    let mut scratch: ScratchOwned = ScratchOwned::new(BlindRotationKeyCGGI::generate_from_sk_scratch_space(
+        &module, basek, k_brk, rank,
+    ));
 
-    println!("sk_lwe: {:?}", sk_lwe.data.raw());
+    let mut scratch_br: ScratchOwned = ScratchOwned::new(cggi_blind_rotate_scratch_space(
-
-    let mut scratch: ScratchOwned = ScratchOwned::new(
-        BlindRotationKeyCGGI::generate_from_sk_scratch_space(&module, basek, k_brk, rank)
-            | cggi_blind_rotate_scratch_space(
         &module,
+        block_size,
         extension_factor,
         basek,
-                k_lut,
+        k_res,
         k_brk,
         rows_brk,
         rank,
-            ),
+    ));
-    );
 
-    let start: Instant = Instant::now();
     let mut brk: BlindRotationKeyCGGI<FFT64> = BlindRotationKeyCGGI::allocate(&module, n_lwe, basek, k_brk, rows_brk, rank);
 
     brk.generate_from_sk(
@@ -72,44 +77,38 @@ fn blind_rotation() {
         scratch.borrow(),
     );
 
-    let duration: std::time::Duration = start.elapsed();
-    println!("brk-gen: {} ms", duration.as_millis());
-
     let mut lwe: LWECiphertext<Vec<u8>> = LWECiphertext::alloc(n_lwe, basek, k_lwe);
 
     let mut pt_lwe: LWEPlaintext<Vec<u8>> = LWEPlaintext::alloc(basek, k_lwe);
 
-    let x: i64 = 1;
+    let x: i64 = 2;
     let bits: usize = 8;
 
     pt_lwe.data.encode_coeff_i64(0, basek, bits, 0, x, bits);
 
-    println!("{}", pt_lwe.data);
+    // println!("{}", pt_lwe.data);
 
     lwe.encrypt_sk(&pt_lwe, &sk_lwe, &mut source_xa, &mut source_xe, 3.2);
 
     lwe.decrypt(&mut pt_lwe, &sk_lwe);
 
-    println!("{}", pt_lwe.data);
+    // println!("{}", pt_lwe.data);
 
-    fn lut_fn(x: i64) -> i64 {
+    let mut f: Vec<i64> = vec![0i64; message_modulus];
-        2 * x + 1
+    f.iter_mut()
-    }
+        .enumerate()
+        .for_each(|(i, x)| *x = 2 * (i as i64) + 1);
 
     let mut lut: LookUpTable = LookUpTable::alloc(&module, basek, k_lut, extension_factor);
-    lut.set(&module, lut_fn, message_modulus);
+    lut.set(&module, &f, message_modulus);
 
-    let mut res: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_lut, rank);
+    let mut res: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_res, rank);
 
-    let start: Instant = Instant::now();
+    cggi_blind_rotate(&module, &mut res, &lwe, &lut, &brk, scratch_br.borrow());
-    (0..1).for_each(|_| {
-        cggi_blind_rotate(&module, &mut res, &lwe, &lut, &brk, scratch.borrow());
-    });
 
-    let duration: std::time::Duration = start.elapsed();
+    println!("out_mut.data: {}", res.data);
-    println!("blind-rotate: {} ms", duration.as_millis());
 
-    let mut pt_have: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_lut);
+    let mut pt_have: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_res);
 
     res.decrypt(&module, &mut pt_have, &sk_glwe_dft, scratch.borrow());
 
@@ -127,20 +126,21 @@ fn blind_rotation() {
             .sum::<i64>())
         % (2 * lut.domain_size()) as i64;
 
-    println!("pt_want: {}", pt_want);
+    // println!("pt_want: {}", pt_want);
 
     lut.rotate(pt_want);
 
-    lut.data.iter().for_each(|d| {
+    // lut.data.iter().for_each(|d| {
-        println!("{}", d);
+    //     println!("{}", d);
-    });
+    // });
 
     // First limb should be exactly equal (test are parameterized such that the noise does not reach
     // the first limb)
-    // assert_eq!(pt_have.data.at_mut(0, 0), lut.data[0].at_mut(0, 0));
+    assert_eq!(pt_have.data.at(0, 0), lut.data[0].at(0, 0));
 
     // Then checks the noise
-    module.vec_znx_sub_ab_inplace(&mut lut.data[0], 0, &pt_have.data, 0);
+    // module.vec_znx_sub_ab_inplace(&mut lut.data[0], 0, &pt_have.data, 0);
-    let noise: f64 = lut.data[0].std(0, basek);
+    // let noise: f64 = lut.data[0].std(0, basek);
-    println!("noise: {}", noise);
+    // println!("noise: {}", noise);
+    // assert!(noise < 1e-3);
 }

core/src/blind_rotation/test_fft64/lut.rs

@@ -1,3 +1,5 @@
+use std::vec;
+
 use backend::{FFT64, Module, ZnxView};
 
 use crate::blind_rotation::lut::{DivRound, LookUpTable};
@@ -10,14 +12,15 @@ fn standard() {
     let message_modulus: usize = 16;
     let extension_factor: usize = 1;
 
-    let scale: usize = (1 << (basek - 1)) / message_modulus;
+    let log_scale: usize = basek + 1;
 
-    fn lut_fn(x: i64) -> i64 {
+    let mut f: Vec<i64> = vec![0i64; message_modulus];
-        x - 8
+    f.iter_mut()
-    }
+        .enumerate()
+        .for_each(|(i, x)| *x = (i as i64) - 8);
 
     let mut lut: LookUpTable = LookUpTable::alloc(&module, basek, k_lut, extension_factor);
-    lut.set(&module, lut_fn, message_modulus);
+    lut.set(&module, &f, log_scale);
 
     let half_step: i64 = lut.domain_size().div_round(message_modulus << 1) as i64;
     lut.rotate(half_step);
@@ -27,8 +30,8 @@ fn standard() {
     (0..lut.domain_size()).step_by(step).for_each(|i| {
         (0..step).for_each(|_| {
             assert_eq!(
-                lut_fn((i / step) as i64) % message_modulus as i64,
+                f[i / step] % message_modulus as i64,
-                lut.data[0].raw()[0] / scale as i64
+                lut.data[0].raw()[0] / (1 << (log_scale % basek)) as i64
             );
             lut.rotate(-1);
         });
@@ -43,14 +46,15 @@ fn extended() {
     let message_modulus: usize = 16;
     let extension_factor: usize = 4;
 
-    let scale: usize = (1 << (basek - 1)) / message_modulus;
+    let log_scale: usize = basek + 1;
 
-    fn lut_fn(x: i64) -> i64 {
+    let mut f: Vec<i64> = vec![0i64; message_modulus];
-        x - 8
+    f.iter_mut()
-    }
+        .enumerate()
+        .for_each(|(i, x)| *x = (i as i64) - 8);
 
     let mut lut: LookUpTable = LookUpTable::alloc(&module, basek, k_lut, extension_factor);
-    lut.set(&module, lut_fn, message_modulus);
+    lut.set(&module, &f, log_scale);
 
     let half_step: i64 = lut.domain_size().div_round(message_modulus << 1) as i64;
     lut.rotate(half_step);
@@ -60,8 +64,8 @@ fn extended() {
     (0..lut.domain_size()).step_by(step).for_each(|i| {
         (0..step).for_each(|_| {
             assert_eq!(
-                lut_fn((i / step) as i64) % message_modulus as i64,
+                f[i / step] % message_modulus as i64,
-                lut.data[0].raw()[0] / scale as i64
+                lut.data[0].raw()[0] / (1 << (log_scale % basek)) as i64
             );
             lut.rotate(-1);
         });

core/src/fourier_glwe/test_fft64/keyswitch.rs

@@ -76,7 +76,7 @@ fn test_apply(
         .fill_uniform(basek, 0, pt_want.size(), &mut source_xa);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank_out)
+        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank_in, rank_out)
             | GLWECiphertext::decrypt_scratch_space(&module, basek, k_out)
             | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, k_in)
             | FourierGLWECiphertext::keyswitch_scratch_space(
@@ -99,7 +99,7 @@ fn test_apply(
     sk_out.fill_ternary_prob(0.5, &mut source_xs);
     let sk_out_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk_out);
 
-    ksk.generate_from_sk(
+    ksk.encrypt_sk(
         &module,
         &sk_in,
         &sk_out_dft,
@@ -170,7 +170,7 @@ fn test_apply_inplace(log_n: usize, basek: usize, k_ct: usize, k_ksk: usize, dig
         .fill_uniform(basek, 0, pt_want.size(), &mut source_xa);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ksk.k(), rank)
+        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ksk.k(), rank, rank)
             | GLWECiphertext::decrypt_scratch_space(&module, basek, ct_glwe.k())
             | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct_glwe.k())
             | FourierGLWECiphertext::keyswitch_inplace_scratch_space(&module, basek, ct_rlwe_dft.k(), ksk.k(), digits, rank),
@@ -184,7 +184,7 @@ fn test_apply_inplace(log_n: usize, basek: usize, k_ct: usize, k_ksk: usize, dig
     sk_out.fill_ternary_prob(0.5, &mut source_xs);
     let sk_out_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk_out);
 
-    ksk.generate_from_sk(
+    ksk.encrypt_sk(
         &module,
         &sk_in,
         &sk_out_dft,

core/src/gglwe/automorphism_key.rs

@@ -66,7 +66,7 @@ impl<C: AsRef<[u8]>> GetRow<FFT64> for GLWEAutomorphismKey<C, FFT64> {
         col_j: usize,
         res: &mut FourierGLWECiphertext<R, FFT64>,
     ) {
-        module.mat_znx_dft_get_row(&mut res.data, &self.key.0.data, row_i, col_j);
+        module.mat_znx_dft_get_row(&mut res.data, &self.key.key.data, row_i, col_j);
     }
 }
 
@@ -78,6 +78,6 @@ impl<C: AsMut<[u8]> + AsRef<[u8]>> SetRow<FFT64> for GLWEAutomorphismKey<C, FFT6
         col_j: usize,
         a: &FourierGLWECiphertext<R, FFT64>,
     ) {
-        module.mat_znx_dft_set_row(&mut self.key.0.data, row_i, col_j, &a.data);
+        module.mat_znx_dft_set_row(&mut self.key.key.data, row_i, col_j, &a.data);
     }
 }

core/src/gglwe/encryption.rs

@@ -1,5 +1,6 @@
 use backend::{
-    FFT64, Module, ScalarZnx, ScalarZnxDftOps, ScalarZnxOps, Scratch, VecZnxAlloc, VecZnxDftAlloc, VecZnxOps, ZnxInfos, ZnxZero,
+    FFT64, Module, ScalarZnx, ScalarZnxAlloc, ScalarZnxDftOps, ScalarZnxOps, Scratch, VecZnxAlloc, VecZnxDftAlloc, VecZnxOps,
+    ZnxInfos, ZnxView, ZnxViewMut, ZnxZero,
 };
 use sampling::source::Source;
 
@@ -9,7 +10,7 @@ use crate::{
 };
 
 impl GGLWECiphertext<Vec<u8>, FFT64> {
-    pub fn generate_from_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize, rank: usize) -> usize {
+    pub fn encrypt_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize, rank: usize) -> usize {
         let size = k.div_ceil(basek);
         GLWECiphertext::encrypt_sk_scratch_space(module, basek, k)
             + module.bytes_of_vec_znx(rank + 1, size)
@@ -17,7 +18,7 @@ impl GGLWECiphertext<Vec<u8>, FFT64> {
             + module.bytes_of_vec_znx_dft(rank + 1, size)
     }
 
-    pub fn generate_from_pk_scratch_space(_module: &Module<FFT64>, _basek: usize, _k: usize, _rank: usize) -> usize {
+    pub fn encrypt_pk_scratch_space(_module: &Module<FFT64>, _basek: usize, _k: usize, _rank: usize) -> usize {
         unimplemented!()
     }
 }
@@ -35,20 +36,30 @@ impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GGLWECiphertext<DataSelf, FFT64> {
     ) {
         #[cfg(debug_assertions)]
         {
-            assert_eq!(self.rank_in(), pt.cols());
+            assert_eq!(
-            assert_eq!(self.rank_out(), sk.rank());
+                self.rank_in(),
+                pt.cols(),
+                "self.rank_in(): {} != pt.cols(): {}",
+                self.rank_in(),
+                pt.cols()
+            );
+            assert_eq!(
+                self.rank_out(),
+                sk.rank(),
+                "self.rank_out(): {} != sk.rank(): {}",
+                self.rank_out(),
+                sk.rank()
+            );
             assert_eq!(self.n(), module.n());
             assert_eq!(sk.n(), module.n());
             assert_eq!(pt.n(), module.n());
             assert!(
-                scratch.available()
+                scratch.available() >= GGLWECiphertext::encrypt_sk_scratch_space(module, self.basek(), self.k(), self.rank()),
-                    >= GGLWECiphertext::generate_from_sk_scratch_space(module, self.basek(), self.k(), self.rank()),
+                "scratch.available: {} < GGLWECiphertext::encrypt_sk_scratch_space(module, self.rank()={}, self.size()={}): {}",
-                "scratch.available: {} < GGLWECiphertext::generate_from_sk_scratch_space(module, self.rank()={}, \
-                 self.size()={}): {}",
                 scratch.available(),
                 self.rank(),
                 self.size(),
-                GGLWECiphertext::generate_from_sk_scratch_space(module, self.basek(), self.k(), self.rank())
+                GGLWECiphertext::encrypt_sk_scratch_space(module, self.basek(), self.k(), self.rank())
             );
             assert!(
                 self.rows() * self.digits() * self.basek() <= self.k(),
@@ -110,17 +121,25 @@ impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GGLWECiphertext<DataSelf, FFT64> {
 }
 
 impl GLWESwitchingKey<Vec<u8>, FFT64> {
-    pub fn encrypt_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize, rank: usize) -> usize {
+    pub fn encrypt_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize, rank_in: usize, rank_out: usize) -> usize {
-        GGLWECiphertext::generate_from_sk_scratch_space(module, basek, k, rank)
+        GGLWECiphertext::encrypt_sk_scratch_space(module, basek, k, rank_out)
+            + module.bytes_of_scalar_znx(rank_in)
+            + FourierGLWESecret::bytes_of(module, rank_out)
     }
 
-    pub fn encrypt_pk_scratch_space(module: &Module<FFT64>, _basek: usize, _k: usize, _rank: usize) -> usize {
+    pub fn encrypt_pk_scratch_space(
-        GGLWECiphertext::generate_from_pk_scratch_space(module, _basek, _k, _rank)
+        module: &Module<FFT64>,
+        _basek: usize,
+        _k: usize,
+        _rank_in: usize,
+        _rank_out: usize,
+    ) -> usize {
+        GGLWECiphertext::encrypt_pk_scratch_space(module, _basek, _k, _rank_out)
     }
 }
 
 impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GLWESwitchingKey<DataSelf, FFT64> {
-    pub fn generate_from_sk<DataSkIn: AsRef<[u8]>, DataSkOut: AsRef<[u8]>>(
+    pub fn encrypt_sk<DataSkIn: AsRef<[u8]>, DataSkOut: AsRef<[u8]>>(
         &mut self,
         module: &Module<FFT64>,
         sk_in: &GLWESecret<DataSkIn>,
@@ -130,30 +149,62 @@ impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GLWESwitchingKey<DataSelf, FFT64> {
         sigma: f64,
         scratch: &mut Scratch,
     ) {
-        self.0.encrypt_sk(
+        #[cfg(debug_assertions)]
+        {
+            assert!(sk_in.n() <= module.n());
+            assert!(sk_out.n() <= module.n());
+        }
+
+        let (mut sk_in_tmp, scratch1) = scratch.tmp_scalar_znx(module, sk_in.rank());
+        sk_in_tmp.zero();
+
+        (0..sk_in.rank()).for_each(|i| {
+            sk_in_tmp
+                .at_mut(i, 0)
+                .iter_mut()
+                .step_by(module.n() / sk_in.n())
+                .zip(sk_in.data.at(i, 0).iter())
+                .for_each(|(x, y)| *x = *y);
+        });
+
+        let (mut sk_out_tmp, scratch2) = scratch1.tmp_fourier_glwe_secret(module, sk_out.rank());
+        (0..sk_out.rank()).for_each(|i| {
+            sk_out_tmp
+                .data
+                .at_mut(i, 0)
+                .chunks_exact_mut(module.n() / sk_out.n())
+                .zip(sk_out.data.at(i, 0).iter())
+                .for_each(|(a_chunk, &b_elem)| {
+                    a_chunk.fill(b_elem);
+                });
+        });
+
+        self.key.encrypt_sk(
             module,
-            &sk_in.data,
+            &sk_in_tmp,
-            sk_out,
+            &sk_out_tmp,
             source_xa,
             source_xe,
             sigma,
-            scratch,
+            scratch2,
         );
+        self.sk_in_n = sk_in.n();
+        self.sk_out_n = sk_out.n();
     }
 }
 
 impl GLWEAutomorphismKey<Vec<u8>, FFT64> {
-    pub fn generate_from_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize, rank: usize) -> usize {
+    pub fn encrypt_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize, rank: usize) -> usize {
-        GGLWECiphertext::generate_from_sk_scratch_space(module, basek, k, rank) + GLWESecret::bytes_of(module, rank)
+        GLWESwitchingKey::encrypt_sk_scratch_space(module, basek, k, rank, rank) + GLWESecret::bytes_of(module, rank)
     }
 
-    pub fn generate_from_pk_scratch_space(module: &Module<FFT64>, _basek: usize, _k: usize, _rank: usize) -> usize {
+    pub fn encrypt_pk_scratch_space(module: &Module<FFT64>, _basek: usize, _k: usize, _rank: usize) -> usize {
-        GGLWECiphertext::generate_from_pk_scratch_space(module, _basek, _k, _rank)
+        GLWESwitchingKey::encrypt_pk_scratch_space(module, _basek, _k, _rank, _rank)
     }
 }
 
 impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GLWEAutomorphismKey<DataSelf, FFT64> {
-    pub fn generate_from_sk<DataSk: AsRef<[u8]>>(
+    pub fn encrypt_sk<DataSk: AsRef<[u8]>>(
         &mut self,
         module: &Module<FFT64>,
         p: i64,
@@ -170,21 +221,19 @@ impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GLWEAutomorphismKey<DataSelf, FFT64> {
             assert_eq!(self.rank_out(), self.rank_in());
             assert_eq!(sk.rank(), self.rank());
             assert!(
-                scratch.available()
+                scratch.available() >= GLWEAutomorphismKey::encrypt_sk_scratch_space(module, self.basek(), self.k(), self.rank()),
-                    >= GLWEAutomorphismKey::generate_from_sk_scratch_space(module, self.basek(), self.k(), self.rank()),
+                "scratch.available(): {} < AutomorphismKey::encrypt_sk_scratch_space(module, self.rank()={}, self.size()={}): {}",
-                "scratch.available(): {} < AutomorphismKey::generate_from_sk_scratch_space(module, self.rank()={}, \
-                 self.size()={}): {}",
                 scratch.available(),
                 self.rank(),
                 self.size(),
-                GLWEAutomorphismKey::generate_from_sk_scratch_space(module, self.basek(), self.k(), self.rank())
+                GLWEAutomorphismKey::encrypt_sk_scratch_space(module, self.basek(), self.k(), self.rank())
             )
         }
 
-        let (mut sk_out_dft, scratch_1) = scratch.tmp_fourier_sk(module, sk.rank());
+        let (mut sk_out_dft, scratch_1) = scratch.tmp_fourier_glwe_secret(module, sk.rank());
 
         {
-            let (mut sk_out, _) = scratch_1.tmp_sk(module, sk.rank());
+            let (mut sk_out, _) = scratch_1.tmp_glwe_secret(module, sk.rank());
             (0..self.rank()).for_each(|i| {
                 module.scalar_znx_automorphism(
                     module.galois_element_inv(p),
@@ -197,7 +246,7 @@ impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GLWEAutomorphismKey<DataSelf, FFT64> {
             sk_out_dft.set(module, &sk_out);
         }
 
-        self.key.generate_from_sk(
+        self.key.encrypt_sk(
             module,
             &sk,
             &sk_out_dft,
@@ -212,15 +261,15 @@ impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GLWEAutomorphismKey<DataSelf, FFT64> {
 }
 
 impl GLWETensorKey<Vec<u8>, FFT64> {
-    pub fn generate_from_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize, rank: usize) -> usize {
+    pub fn encrypt_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize, rank: usize) -> usize {
         GLWESecret::bytes_of(module, 1)
             + FourierGLWESecret::bytes_of(module, 1)
-            + GLWESwitchingKey::encrypt_sk_scratch_space(module, basek, k, rank)
+            + GLWESwitchingKey::encrypt_sk_scratch_space(module, basek, k, rank, rank)
     }
 }
 
 impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GLWETensorKey<DataSelf, FFT64> {
-    pub fn generate_from_sk<DataSk: AsRef<[u8]>>(
+    pub fn encrypt_sk<DataSk: AsRef<[u8]>>(
         &mut self,
         module: &Module<FFT64>,
         sk: &FourierGLWESecret<DataSk, FFT64>,
@@ -238,15 +287,15 @@ impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GLWETensorKey<DataSelf, FFT64> {
 
         let rank: usize = self.rank();
 
-        let (mut sk_ij, scratch1) = scratch.tmp_sk(module, 1);
+        let (mut sk_ij, scratch1) = scratch.tmp_glwe_secret(module, 1);
-        let (mut sk_ij_dft, scratch2) = scratch1.tmp_fourier_sk(module, 1);
+        let (mut sk_ij_dft, scratch2) = scratch1.tmp_fourier_glwe_secret(module, 1);
 
         (0..rank).for_each(|i| {
             (i..rank).for_each(|j| {
                 module.svp_apply(&mut sk_ij_dft.data, 0, &sk.data, i, &sk.data, j);
                 module.scalar_znx_idft(&mut sk_ij.data, 0, &sk_ij_dft.data, 0, scratch2);
                 self.at_mut(i, j)
-                    .generate_from_sk(module, &sk_ij, sk, source_xa, source_xe, sigma, scratch2);
+                    .encrypt_sk(module, &sk_ij, sk, source_xa, source_xe, sigma, scratch2);
             });
         })
     }

core/src/gglwe/keyswitch_key.rs

@@ -2,7 +2,11 @@ use backend::{Backend, FFT64, MatZnxDft, MatZnxDftOps, Module};
 
 use crate::{FourierGLWECiphertext, GGLWECiphertext, GetRow, Infos, SetRow};
 
-pub struct GLWESwitchingKey<Data, B: Backend>(pub(crate) GGLWECiphertext<Data, B>);
+pub struct GLWESwitchingKey<Data, B: Backend> {
+    pub(crate) key: GGLWECiphertext<Data, B>,
+    pub(crate) sk_in_n: usize,  // Degree of sk_in
+    pub(crate) sk_out_n: usize, // Degree of sk_out
+}
 
 impl GLWESwitchingKey<Vec<u8>, FFT64> {
     pub fn alloc(
@@ -14,9 +18,11 @@ impl GLWESwitchingKey<Vec<u8>, FFT64> {
         rank_in: usize,
         rank_out: usize,
     ) -> Self {
-        GLWESwitchingKey(GGLWECiphertext::alloc(
+        GLWESwitchingKey {
-            module, basek, k, rows, digits, rank_in, rank_out,
+            key: GGLWECiphertext::alloc(module, basek, k, rows, digits, rank_in, rank_out),
-        ))
+            sk_in_n: 0,
+            sk_out_n: 0,
+        }
     }
 
     pub fn bytes_of(
@@ -36,33 +42,41 @@ impl<T, B: Backend> Infos for GLWESwitchingKey<T, B> {
     type Inner = MatZnxDft<T, B>;
 
     fn inner(&self) -> &Self::Inner {
-        self.0.inner()
+        self.key.inner()
     }
 
     fn basek(&self) -> usize {
-        self.0.basek()
+        self.key.basek()
     }
 
     fn k(&self) -> usize {
-        self.0.k()
+        self.key.k()
     }
 }
 
 impl<T, B: Backend> GLWESwitchingKey<T, B> {
     pub fn rank(&self) -> usize {
-        self.0.data.cols_out() - 1
+        self.key.data.cols_out() - 1
     }
 
     pub fn rank_in(&self) -> usize {
-        self.0.data.cols_in()
+        self.key.data.cols_in()
     }
 
     pub fn rank_out(&self) -> usize {
-        self.0.data.cols_out() - 1
+        self.key.data.cols_out() - 1
     }
 
     pub fn digits(&self) -> usize {
-        self.0.digits()
+        self.key.digits()
+    }
+
+    pub fn sk_degree_in(&self) -> usize {
+        self.sk_in_n
+    }
+
+    pub fn sk_degree_out(&self) -> usize {
+        self.sk_out_n
     }
 }
 
@@ -74,7 +88,7 @@ impl<C: AsRef<[u8]>> GetRow<FFT64> for GLWESwitchingKey<C, FFT64> {
         col_j: usize,
         res: &mut FourierGLWECiphertext<R, FFT64>,
     ) {
-        module.mat_znx_dft_get_row(&mut res.data, &self.0.data, row_i, col_j);
+        module.mat_znx_dft_get_row(&mut res.data, &self.key.data, row_i, col_j);
     }
 }
 
@@ -86,6 +100,6 @@ impl<C: AsMut<[u8]> + AsRef<[u8]>> SetRow<FFT64> for GLWESwitchingKey<C, FFT64>
         col_j: usize,
         a: &FourierGLWECiphertext<R, FFT64>,
     ) {
-        module.mat_znx_dft_set_row(&mut self.0.data, row_i, col_j, &a.data);
+        module.mat_znx_dft_set_row(&mut self.key.data, row_i, col_j, &a.data);
     }
 }

core/src/gglwe/test_fft64/automorphism_key.rs

@@ -70,7 +70,7 @@ fn test_automorphism(
     let mut source_xa: Source = Source::new([0u8; 32]);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWEAutomorphismKey::generate_from_sk_scratch_space(&module, basek, k_apply, rank)
+        GLWEAutomorphismKey::encrypt_sk_scratch_space(&module, basek, k_apply, rank)
             | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_out)
             | GLWEAutomorphismKey::automorphism_scratch_space(&module, basek, k_out, k_in, k_apply, digits, rank),
     );
@@ -79,7 +79,7 @@ fn test_automorphism(
     sk.fill_ternary_prob(0.5, &mut source_xs);
 
     // gglwe_{s1}(s0) = s0 -> s1
-    auto_key_in.generate_from_sk(
+    auto_key_in.encrypt_sk(
         &module,
         p0,
         &sk,
@@ -90,7 +90,7 @@ fn test_automorphism(
     );
 
     // gglwe_{s2}(s1) -> s1 -> s2
-    auto_key_apply.generate_from_sk(
+    auto_key_apply.encrypt_sk(
         &module,
         p1,
         &sk,
@@ -185,7 +185,7 @@ fn test_automorphism_inplace(
     let mut source_xa: Source = Source::new([0u8; 32]);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWEAutomorphismKey::generate_from_sk_scratch_space(&module, basek, k_apply, rank)
+        GLWEAutomorphismKey::encrypt_sk_scratch_space(&module, basek, k_apply, rank)
             | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_in)
             | GLWEAutomorphismKey::automorphism_inplace_scratch_space(&module, basek, k_in, k_apply, digits, rank),
     );
@@ -194,7 +194,7 @@ fn test_automorphism_inplace(
     sk.fill_ternary_prob(0.5, &mut source_xs);
 
     // gglwe_{s1}(s0) = s0 -> s1
-    auto_key.generate_from_sk(
+    auto_key.encrypt_sk(
         &module,
         p0,
         &sk,
@@ -205,7 +205,7 @@ fn test_automorphism_inplace(
     );
 
     // gglwe_{s2}(s1) -> s1 -> s2
-    auto_key_apply.generate_from_sk(
+    auto_key_apply.encrypt_sk(
         &module,
         p1,
         &sk,

core/src/gglwe/test_fft64/gglwe.rs

@@ -144,7 +144,7 @@ fn test_encrypt_sk(log_n: usize, basek: usize, k_ksk: usize, digits: usize, rank
     let mut source_xa: Source = Source::new([0u8; 32]);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank_out)
+        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank_in, rank_out)
             | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_ksk),
     );
 
@@ -155,7 +155,7 @@ fn test_encrypt_sk(log_n: usize, basek: usize, k_ksk: usize, digits: usize, rank
     sk_out.fill_ternary_prob(0.5, &mut source_xs);
     let sk_out_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk_out);
 
-    ksk.generate_from_sk(
+    ksk.encrypt_sk(
         &module,
         &sk_in,
         &sk_out_dft,
@@ -234,8 +234,13 @@ fn test_key_switch(
     let mut source_xa: Source = Source::new([0u8; 32]);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank_in_s0s1 | rank_out_s0s1)
+        GLWESwitchingKey::encrypt_sk_scratch_space(
-            | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_out)
+            &module,
+            basek,
+            k_ksk,
+            rank_in_s0s1,
+            rank_in_s0s1 | rank_out_s0s1,
+        ) | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_out)
             | GLWESwitchingKey::keyswitch_scratch_space(
                 &module,
                 basek,
@@ -260,7 +265,7 @@ fn test_key_switch(
     let sk2_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk2);
 
     // gglwe_{s1}(s0) = s0 -> s1
-    ct_gglwe_s0s1.generate_from_sk(
+    ct_gglwe_s0s1.encrypt_sk(
         &module,
         &sk0,
         &sk1_dft,
@@ -271,7 +276,7 @@ fn test_key_switch(
     );
 
     // gglwe_{s2}(s1) -> s1 -> s2
-    ct_gglwe_s1s2.generate_from_sk(
+    ct_gglwe_s1s2.encrypt_sk(
         &module,
         &sk1,
         &sk2_dft,
@@ -348,7 +353,7 @@ fn test_key_switch_inplace(
     let mut source_xa: Source = Source::new([0u8; 32]);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank_out)
+        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank_in, rank_out)
             | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_ksk)
             | GLWESwitchingKey::keyswitch_inplace_scratch_space(&module, basek, k_ct, k_ksk, digits, rank_out),
     );
@@ -365,7 +370,7 @@ fn test_key_switch_inplace(
     let sk2_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk2);
 
     // gglwe_{s1}(s0) = s0 -> s1
-    ct_gglwe_s0s1.generate_from_sk(
+    ct_gglwe_s0s1.encrypt_sk(
         &module,
         &sk0,
         &sk1_dft,
@@ -376,7 +381,7 @@ fn test_key_switch_inplace(
     );
 
     // gglwe_{s2}(s1) -> s1 -> s2
-    ct_gglwe_s1s2.generate_from_sk(
+    ct_gglwe_s1s2.encrypt_sk(
         &module,
         &sk1,
         &sk2_dft,
@@ -459,7 +464,7 @@ fn test_external_product(
     let mut source_xa: Source = Source::new([0u8; 32]);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_in, rank_out)
+        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_in, rank_in, rank_out)
             | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_out)
             | GLWESwitchingKey::external_product_scratch_space(&module, basek, k_out, k_in, k_ggsw, digits, rank_out)
             | GGSWCiphertext::encrypt_sk_scratch_space(&module, basek, k_ggsw, rank_out),
@@ -477,7 +482,7 @@ fn test_external_product(
     let sk_out_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk_out);
 
     // gglwe_{s1}(s0) = s0 -> s1
-    ct_gglwe_in.generate_from_sk(
+    ct_gglwe_in.encrypt_sk(
         &module,
         &sk_in,
         &sk_out_dft,
@@ -580,7 +585,7 @@ fn test_external_product_inplace(
     let mut source_xa: Source = Source::new([0u8; 32]);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ct, rank_out)
+        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ct, rank_in, rank_out)
             | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_ct)
             | GLWESwitchingKey::external_product_inplace_scratch_space(&module, basek, k_ct, k_ggsw, digits, rank_out)
             | GGSWCiphertext::encrypt_sk_scratch_space(&module, basek, k_ggsw, rank_out),
@@ -598,7 +603,7 @@ fn test_external_product_inplace(
     let sk_out_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk_out);
 
     // gglwe_{s1}(s0) = s0 -> s1
-    ct_gglwe.generate_from_sk(
+    ct_gglwe.encrypt_sk(
         &module,
         &sk_in,
         &sk_out_dft,

core/src/gglwe/test_fft64/tensor_key.rs

@@ -23,7 +23,7 @@ fn test_encrypt_sk(log_n: usize, basek: usize, k: usize, sigma: f64, rank: usize
     let mut source_xe: Source = Source::new([0u8; 32]);
     let mut source_xa: Source = Source::new([0u8; 32]);
 
-    let mut scratch: ScratchOwned = ScratchOwned::new(GLWETensorKey::generate_from_sk_scratch_space(
+    let mut scratch: ScratchOwned = ScratchOwned::new(GLWETensorKey::encrypt_sk_scratch_space(
         &module,
         basek,
         tensor_key.k(),
@@ -34,7 +34,7 @@ fn test_encrypt_sk(log_n: usize, basek: usize, k: usize, sigma: f64, rank: usize
     sk.fill_ternary_prob(0.5, &mut source_xs);
     let sk_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk);
 
-    tensor_key.generate_from_sk(
+    tensor_key.encrypt_sk(
         &module,
         &sk_dft,
         &mut source_xa,

core/src/ggsw/ciphertext.rs

@@ -363,7 +363,7 @@ impl<DataSelf: AsMut<[u8]> + AsRef<[u8]>> GGSWCiphertext<DataSelf, FFT64> {
             // =
             // (-(x0s0 + x1s1 + x2s2) + s0(a0s0 + a1s1 + a2s2), x0, x1, x2)
             (1..cols).for_each(|col_i| {
-                let pmat: &MatZnxDft<DataTsk, FFT64> = &tsk.at(col_i - 1, col_j - 1).0.data; // Selects Enc(s[i]s[j])
+                let pmat: &MatZnxDft<DataTsk, FFT64> = &tsk.at(col_i - 1, col_j - 1).key.data; // Selects Enc(s[i]s[j])
 
                 // Extracts a[i] and multipies with Enc(s[i]s[j])
                 (0..digits).for_each(|di| {

core/src/ggsw/test_fft64/ggsw.rs

@@ -223,8 +223,8 @@ fn test_keyswitch(
     let mut scratch: ScratchOwned = ScratchOwned::new(
         GGSWCiphertext::encrypt_sk_scratch_space(&module, basek, k_in, rank)
             | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_out)
-            | GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank)
+            | GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank, rank)
-            | GLWETensorKey::generate_from_sk_scratch_space(&module, basek, k_tsk, rank)
+            | GLWETensorKey::encrypt_sk_scratch_space(&module, basek, k_tsk, rank)
             | GGSWCiphertext::keyswitch_scratch_space(
                 &module, basek, k_out, k_in, k_ksk, digits, k_tsk, digits, rank,
             ),
@@ -240,7 +240,7 @@ fn test_keyswitch(
     sk_out.fill_ternary_prob(var_xs, &mut source_xs);
     let sk_out_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk_out);
 
-    ksk.generate_from_sk(
+    ksk.encrypt_sk(
         &module,
         &sk_in,
         &sk_out_dft,
@@ -249,7 +249,7 @@ fn test_keyswitch(
         sigma,
         scratch.borrow(),
     );
-    tsk.generate_from_sk(
+    tsk.encrypt_sk(
         &module,
         &sk_out_dft,
         &mut source_xa,
@@ -352,8 +352,8 @@ fn test_keyswitch_inplace(
     let mut scratch: ScratchOwned = ScratchOwned::new(
         GGSWCiphertext::encrypt_sk_scratch_space(&module, basek, k_ct, rank)
             | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_ct)
-            | GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank)
+            | GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank, rank)
-            | GLWETensorKey::generate_from_sk_scratch_space(&module, basek, k_tsk, rank)
+            | GLWETensorKey::encrypt_sk_scratch_space(&module, basek, k_tsk, rank)
             | GGSWCiphertext::keyswitch_inplace_scratch_space(&module, basek, k_ct, k_ksk, digits, k_tsk, digits, rank),
     );
 
@@ -367,7 +367,7 @@ fn test_keyswitch_inplace(
     sk_out.fill_ternary_prob(var_xs, &mut source_xs);
     let sk_out_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk_out);
 
-    ksk.generate_from_sk(
+    ksk.encrypt_sk(
         &module,
         &sk_in,
         &sk_out_dft,
@@ -376,7 +376,7 @@ fn test_keyswitch_inplace(
         sigma,
         scratch.borrow(),
     );
-    tsk.generate_from_sk(
+    tsk.encrypt_sk(
         &module,
         &sk_out_dft,
         &mut source_xa,
@@ -489,8 +489,8 @@ fn test_automorphism(
     let mut scratch: ScratchOwned = ScratchOwned::new(
         GGSWCiphertext::encrypt_sk_scratch_space(&module, basek, k_in, rank)
             | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_out)
-            | GLWEAutomorphismKey::generate_from_sk_scratch_space(&module, basek, k_ksk, rank)
+            | GLWEAutomorphismKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank)
-            | GLWETensorKey::generate_from_sk_scratch_space(&module, basek, k_tsk, rank)
+            | GLWETensorKey::encrypt_sk_scratch_space(&module, basek, k_tsk, rank)
             | GGSWCiphertext::automorphism_scratch_space(
                 &module, basek, k_out, k_in, k_ksk, digits, k_tsk, digits, rank,
             ),
@@ -502,7 +502,7 @@ fn test_automorphism(
     sk.fill_ternary_prob(var_xs, &mut source_xs);
     let sk_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk);
 
-    auto_key.generate_from_sk(
+    auto_key.encrypt_sk(
         &module,
         p,
         &sk,
@@ -511,7 +511,7 @@ fn test_automorphism(
         sigma,
         scratch.borrow(),
     );
-    tensor_key.generate_from_sk(
+    tensor_key.encrypt_sk(
         &module,
         &sk_dft,
         &mut source_xa,
@@ -615,8 +615,8 @@ fn test_automorphism_inplace(
     let mut scratch: ScratchOwned = ScratchOwned::new(
         GGSWCiphertext::encrypt_sk_scratch_space(&module, basek, k_ct, rank)
             | FourierGLWECiphertext::decrypt_scratch_space(&module, basek, k_ct)
-            | GLWEAutomorphismKey::generate_from_sk_scratch_space(&module, basek, k_ksk, rank)
+            | GLWEAutomorphismKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank)
-            | GLWETensorKey::generate_from_sk_scratch_space(&module, basek, k_tsk, rank)
+            | GLWETensorKey::encrypt_sk_scratch_space(&module, basek, k_tsk, rank)
             | GGSWCiphertext::automorphism_inplace_scratch_space(&module, basek, k_ct, k_ksk, digits, k_tsk, digits, rank),
     );
 
@@ -626,7 +626,7 @@ fn test_automorphism_inplace(
     sk.fill_ternary_prob(var_xs, &mut source_xs);
     let sk_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk);
 
-    auto_key.generate_from_sk(
+    auto_key.encrypt_sk(
         &module,
         p,
         &sk,
@@ -635,7 +635,7 @@ fn test_automorphism_inplace(
         sigma,
         scratch.borrow(),
     );
-    tensor_key.generate_from_sk(
+    tensor_key.encrypt_sk(
         &module,
         &sk_dft,
         &mut source_xa,

core/src/glwe/external_product.rs

@@ -14,7 +14,7 @@ impl GLWECiphertext<Vec<u8>> {
         digits: usize,
         rank: usize,
     ) -> usize {
-        let res_dft: usize = FourierGLWECiphertext::bytes_of(module, basek, k_out, rank);
+        let res_dft: usize = FourierGLWECiphertext::bytes_of(module, basek, k_ggsw, rank);
         let in_size: usize = k_in.div_ceil(basek).div_ceil(digits);
         let out_size: usize = k_out.div_ceil(basek);
         let ggsw_size: usize = k_ggsw.div_ceil(basek);

core/src/glwe/keyswitch.rs

@@ -87,8 +87,20 @@ impl<DataSelf: AsRef<[u8]> + AsMut<[u8]>> GLWECiphertext<DataSelf> {
 
         #[cfg(debug_assertions)]
         {
-            assert_eq!(lhs.rank(), rhs.rank_in());
+            assert_eq!(
-            assert_eq!(self.rank(), rhs.rank_out());
+                lhs.rank(),
+                rhs.rank_in(),
+                "lhs.rank(): {} != rhs.rank_in(): {}",
+                lhs.rank(),
+                rhs.rank_in()
+            );
+            assert_eq!(
+                self.rank(),
+                rhs.rank_out(),
+                "self.rank(): {} != rhs.rank_out(): {}",
+                self.rank(),
+                rhs.rank_out()
+            );
             assert_eq!(self.basek(), basek);
             assert_eq!(lhs.basek(), basek);
             assert_eq!(rhs.n(), module.n());
@@ -141,9 +153,9 @@ impl<DataSelf: AsRef<[u8]> + AsMut<[u8]>> GLWECiphertext<DataSelf> {
                 });
 
                 if di == 0 {
-                    module.vmp_apply(&mut res_dft, &ai_dft, &rhs.0.data, scratch2);
+                    module.vmp_apply(&mut res_dft, &ai_dft, &rhs.key.data, scratch2);
                 } else {
-                    module.vmp_apply_add(&mut res_dft, &ai_dft, &rhs.0.data, di, scratch2);
+                    module.vmp_apply_add(&mut res_dft, &ai_dft, &rhs.key.data, di, scratch2);
                 }
             });
         }
@@ -225,9 +237,9 @@ impl<DataSelf: AsRef<[u8]> + AsMut<[u8]>> GLWECiphertext<DataSelf> {
                 });
 
                 if di == 0 {
-                    module.vmp_apply(&mut res_dft, &ai_dft, &rhs.0.data, scratch2);
+                    module.vmp_apply(&mut res_dft, &ai_dft, &rhs.key.data, scratch2);
                 } else {
-                    module.vmp_apply_add(&mut res_dft, &ai_dft, &rhs.0.data, di, scratch2);
+                    module.vmp_apply_add(&mut res_dft, &ai_dft, &rhs.key.data, di, scratch2);
                 }
             });
         }

core/src/glwe/test_fft64/automorphism.rs

@@ -67,7 +67,7 @@ fn test_automorphism(
         .fill_uniform(basek, 0, pt_want.size(), &mut source_xa);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWEAutomorphismKey::generate_from_sk_scratch_space(&module, basek, autokey.k(), rank)
+        GLWEAutomorphismKey::encrypt_sk_scratch_space(&module, basek, autokey.k(), rank)
             | GLWECiphertext::decrypt_scratch_space(&module, basek, ct_out.k())
             | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct_in.k())
             | GLWECiphertext::automorphism_scratch_space(
@@ -85,7 +85,7 @@ fn test_automorphism(
     sk.fill_ternary_prob(0.5, &mut source_xs);
     let sk_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk);
 
-    autokey.generate_from_sk(
+    autokey.encrypt_sk(
         &module,
         p,
         &sk,
@@ -164,7 +164,7 @@ fn test_automorphism_inplace(
         .fill_uniform(basek, 0, pt_want.size(), &mut source_xa);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWEAutomorphismKey::generate_from_sk_scratch_space(&module, basek, autokey.k(), rank)
+        GLWEAutomorphismKey::encrypt_sk_scratch_space(&module, basek, autokey.k(), rank)
             | GLWECiphertext::decrypt_scratch_space(&module, basek, ct.k())
             | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct.k())
             | GLWECiphertext::automorphism_inplace_scratch_space(&module, basek, ct.k(), autokey.k(), digits, rank),
@@ -174,7 +174,7 @@ fn test_automorphism_inplace(
     sk.fill_ternary_prob(0.5, &mut source_xs);
     let sk_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk);
 
-    autokey.generate_from_sk(
+    autokey.encrypt_sk(
         &module,
         p,
         &sk,

core/src/glwe/test_fft64/keyswitch.rs

@@ -72,7 +72,7 @@ fn test_keyswitch(
         .fill_uniform(basek, 0, pt_want.size(), &mut source_xa);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ksk.k(), rank_out)
+        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ksk.k(), rank_in, rank_out)
             | GLWECiphertext::decrypt_scratch_space(&module, basek, ct_out.k())
             | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct_in.k())
             | GLWECiphertext::keyswitch_scratch_space(
@@ -95,7 +95,7 @@ fn test_keyswitch(
     sk_out.fill_ternary_prob(0.5, &mut source_xs);
     let sk_out_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk_out);
 
-    ksk.generate_from_sk(
+    ksk.encrypt_sk(
         &module,
         &sk_in,
         &sk_out_dft,
@@ -163,7 +163,7 @@ fn test_keyswitch_inplace(log_n: usize, basek: usize, k_ct: usize, k_ksk: usize,
         .fill_uniform(basek, 0, pt_want.size(), &mut source_xa);
 
     let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ct_grlwe.k(), rank)
+        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ct_grlwe.k(), rank, rank)
             | GLWECiphertext::decrypt_scratch_space(&module, basek, ct_glwe.k())
             | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct_glwe.k())
             | GLWECiphertext::keyswitch_inplace_scratch_space(&module, basek, ct_glwe.k(), ct_grlwe.k(), digits, rank),
@@ -177,7 +177,7 @@ fn test_keyswitch_inplace(log_n: usize, basek: usize, k_ct: usize, k_ksk: usize,
     sk_out.fill_ternary_prob(0.5, &mut source_xs);
     let sk_out_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::from(&module, &sk_out);
 
-    ct_grlwe.generate_from_sk(
+    ct_grlwe.encrypt_sk(
         &module,
         &sk_in,
         &sk_out_dft,

core/src/glwe/test_fft64/packing.rs

@@ -26,7 +26,7 @@ fn apply() {
     let mut scratch: ScratchOwned = ScratchOwned::new(
         GLWECiphertext::encrypt_sk_scratch_space(&module, basek, k_ct)
             | GLWECiphertext::decrypt_scratch_space(&module, basek, k_ct)
-            | GLWEAutomorphismKey::generate_from_sk_scratch_space(&module, basek, k_ksk, rank)
+            | GLWEAutomorphismKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank)
             | GLWEPacker::scratch_space(&module, basek, k_ct, k_ksk, digits, rank),
     );
 
@@ -46,7 +46,7 @@ fn apply() {
     let mut auto_keys: HashMap<i64, GLWEAutomorphismKey<Vec<u8>, FFT64>> = HashMap::new();
     gal_els.iter().for_each(|gal_el| {
         let mut key: GLWEAutomorphismKey<Vec<u8>, FFT64> = GLWEAutomorphismKey::alloc(&module, basek, k_ksk, rows, digits, rank);
-        key.generate_from_sk(
+        key.encrypt_sk(
             &module,
             *gal_el,
             &sk,

core/src/glwe/test_fft64/trace.rs

@@ -35,7 +35,7 @@ fn test_trace_inplace(log_n: usize, basek: usize, k: usize, sigma: f64, rank: us
     let mut scratch: ScratchOwned = ScratchOwned::new(
         GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct.k())
             | GLWECiphertext::decrypt_scratch_space(&module, basek, ct.k())
-            | GLWEAutomorphismKey::generate_from_sk_scratch_space(&module, basek, k_autokey, rank)
+            | GLWEAutomorphismKey::encrypt_sk_scratch_space(&module, basek, k_autokey, rank)
             | GLWECiphertext::trace_inplace_scratch_space(&module, basek, ct.k(), k_autokey, digits, rank),
     );
 
@@ -68,7 +68,7 @@ fn test_trace_inplace(log_n: usize, basek: usize, k: usize, sigma: f64, rank: us
     gal_els.iter().for_each(|gal_el| {
         let mut key: GLWEAutomorphismKey<Vec<u8>, FFT64> =
             GLWEAutomorphismKey::alloc(&module, basek, k_autokey, rows, digits, rank);
-        key.generate_from_sk(
+        key.encrypt_sk(
             &module,
             *gal_el,
             &sk,

core/src/lib.rs

@@ -11,17 +11,18 @@ pub mod noise;
 use backend::Backend;
 use backend::FFT64;
 use backend::Module;
+pub use blind_rotation::{BlindRotationKeyCGGI, LookUpTable, cggi_blind_rotate, cggi_blind_rotate_scratch_space};
 pub use elem::{GetRow, Infos, SetMetaData, SetRow};
 pub use fourier_glwe::{FourierGLWECiphertext, FourierGLWESecret};
 pub use gglwe::{GGLWECiphertext, GLWEAutomorphismKey, GLWESwitchingKey, GLWETensorKey};
 pub use ggsw::GGSWCiphertext;
 pub use glwe::{GLWECiphertext, GLWEOps, GLWEPacker, GLWEPlaintext, GLWEPublicKey, GLWESecret};
-pub(crate) use glwe::{GLWECiphertextToMut, GLWECiphertextToRef};
 pub use lwe::{LWECiphertext, LWESecret};
 
 pub use backend;
 pub use backend::Scratch;
 pub use backend::ScratchOwned;
+pub(crate) use glwe::{GLWECiphertextToMut, GLWECiphertextToRef};
 
 use crate::dist::Distribution;
 
@@ -64,7 +65,7 @@ pub trait ScratchCore<B: Backend> {
         k: usize,
         rank: usize,
     ) -> (FourierGLWECiphertext<&mut [u8], B>, &mut Self);
-    fn tmp_vec_fourier_glwe_ct(
+    fn tmp_slice_fourier_glwe_ct(
         &mut self,
         size: usize,
         module: &Module<B>,
@@ -72,8 +73,8 @@ pub trait ScratchCore<B: Backend> {
         k: usize,
         rank: usize,
     ) -> (Vec<FourierGLWECiphertext<&mut [u8], B>>, &mut Self);
-    fn tmp_sk(&mut self, module: &Module<B>, rank: usize) -> (GLWESecret<&mut [u8]>, &mut Self);
+    fn tmp_glwe_secret(&mut self, module: &Module<B>, rank: usize) -> (GLWESecret<&mut [u8]>, &mut Self);
-    fn tmp_fourier_sk(&mut self, module: &Module<B>, rank: usize) -> (FourierGLWESecret<&mut [u8], B>, &mut Self);
+    fn tmp_fourier_glwe_secret(&mut self, module: &Module<B>, rank: usize) -> (FourierGLWESecret<&mut [u8], B>, &mut Self);
     fn tmp_glwe_pk(
         &mut self,
         module: &Module<B>,
@@ -212,7 +213,7 @@ impl ScratchCore<FFT64> for Scratch {
         (FourierGLWECiphertext { data, basek, k }, scratch)
     }
 
-    fn tmp_vec_fourier_glwe_ct(
+    fn tmp_slice_fourier_glwe_ct(
         &mut self,
         size: usize,
         module: &Module<FFT64>,
@@ -247,7 +248,7 @@ impl ScratchCore<FFT64> for Scratch {
         )
     }
 
-    fn tmp_sk(&mut self, module: &Module<FFT64>, rank: usize) -> (GLWESecret<&mut [u8]>, &mut Self) {
+    fn tmp_glwe_secret(&mut self, module: &Module<FFT64>, rank: usize) -> (GLWESecret<&mut [u8]>, &mut Self) {
         let (data, scratch) = self.tmp_scalar_znx(module, rank);
         (
             GLWESecret {
@@ -258,7 +259,11 @@ impl ScratchCore<FFT64> for Scratch {
         )
     }
 
-    fn tmp_fourier_sk(&mut self, module: &Module<FFT64>, rank: usize) -> (FourierGLWESecret<&mut [u8], FFT64>, &mut Self) {
+    fn tmp_fourier_glwe_secret(
+        &mut self,
+        module: &Module<FFT64>,
+        rank: usize,
+    ) -> (FourierGLWESecret<&mut [u8], FFT64>, &mut Self) {
         let (data, scratch) = self.tmp_scalar_znx_dft(module, rank);
         (
             FourierGLWESecret {
@@ -280,7 +285,14 @@ impl ScratchCore<FFT64> for Scratch {
         rank_out: usize,
     ) -> (GLWESwitchingKey<&mut [u8], FFT64>, &mut Self) {
         let (data, scratch) = self.tmp_gglwe(module, basek, k, rows, digits, rank_in, rank_out);
-        (GLWESwitchingKey(data), scratch)
+        (
+            GLWESwitchingKey {
+                key: data,
+                sk_in_n: 0,
+                sk_out_n: 0,
+            },
+            scratch,
+        )
     }
 
     fn tmp_autokey(

core/src/lwe/encryption.rs

@@ -28,7 +28,9 @@ where
         self.data.fill_uniform(basek, 0, self.size(), source_xa);
         let mut tmp_znx: VecZnx<Vec<u8>> = VecZnx::<Vec<u8>>::new::<i64>(1, 1, self.size());
 
-        (0..self.size()).for_each(|i| {
+        let min_size = self.size().min(pt.size());
+
+        (0..min_size).for_each(|i| {
             tmp_znx.at_mut(0, i)[0] = pt.data.at(0, i)[0]
                 - self.data.at(0, i)[1..]
                     .iter()
@@ -37,6 +39,14 @@ where
                     .sum::<i64>();
         });
 
+        (min_size..self.size()).for_each(|i| {
+            tmp_znx.at_mut(0, i)[0] -= self.data.at(0, i)[1..]
+                .iter()
+                .zip(sk.data.at(0, 0))
+                .map(|(x, y)| x * y)
+                .sum::<i64>();
+        });
+
         tmp_znx.add_normal(basek, 0, self.k(), source_xe, sigma, sigma * SIX_SIGMA);
 
         let mut tmp_bytes: Vec<u8> = alloc_aligned(size_of::<i64>());

core/src/lwe/keyswtich.rs

@@ -0,0 +1,313 @@
+use backend::{Backend, FFT64, Module, Scratch, VecZnxOps, ZnxView, ZnxViewMut, ZnxZero};
+use sampling::source::Source;
+
+use crate::{FourierGLWESecret, GLWECiphertext, GLWESecret, GLWESwitchingKey, Infos, LWECiphertext, LWESecret, ScratchCore};
+
+/// A special [GLWESwitchingKey] required to for the conversion from [GLWECiphertext] to [LWECiphertext].
+pub struct GLWEToLWESwitchingKey<D, B: Backend>(GLWESwitchingKey<D, B>);
+
+impl GLWEToLWESwitchingKey<Vec<u8>, FFT64> {
+    pub fn alloc(module: &Module<FFT64>, basek: usize, k: usize, rows: usize, rank: usize) -> Self {
+        Self(GLWESwitchingKey::alloc(module, basek, k, rows, 1, rank, 1))
+    }
+
+    pub fn encrypt_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize, rank: usize) -> usize {
+        FourierGLWESecret::bytes_of(module, rank)
+            + (GLWESwitchingKey::encrypt_sk_scratch_space(module, basek, k, rank, rank) | GLWESecret::bytes_of(module, rank))
+    }
+}
+
+impl<D: AsMut<[u8]> + AsRef<[u8]>> GLWEToLWESwitchingKey<D, FFT64> {
+    pub fn encrypt_sk<DLwe, DGlwe>(
+        &mut self,
+        module: &Module<FFT64>,
+        sk_lwe: &LWESecret<DLwe>,
+        sk_glwe: &GLWESecret<DGlwe>,
+        source_xa: &mut Source,
+        source_xe: &mut Source,
+        sigma: f64,
+        scratch: &mut Scratch,
+    ) where
+        DLwe: AsRef<[u8]>,
+        DGlwe: AsRef<[u8]>,
+    {
+        #[cfg(debug_assertions)]
+        {
+            assert!(sk_lwe.n() <= module.n());
+        }
+
+        let (mut sk_lwe_as_glwe_dft, scratch1) = scratch.tmp_fourier_glwe_secret(module, 1);
+
+        {
+            let (mut sk_lwe_as_glwe, _) = scratch1.tmp_glwe_secret(module, 1);
+            sk_lwe_as_glwe.data.zero();
+            sk_lwe_as_glwe.data.at_mut(0, 0)[..sk_lwe.n()].copy_from_slice(sk_lwe.data.at(0, 0));
+            module.vec_znx_automorphism_inplace(-1, &mut sk_lwe_as_glwe.data, 0);
+            sk_lwe_as_glwe_dft.set(module, &sk_lwe_as_glwe);
+        }
+
+        self.0.encrypt_sk(
+            module,
+            sk_glwe,
+            &sk_lwe_as_glwe_dft,
+            source_xa,
+            source_xe,
+            sigma,
+            scratch1,
+        );
+    }
+}
+
+/// A special [GLWESwitchingKey] required to for the conversion from [LWECiphertext] to [GLWECiphertext].
+pub struct LWEToGLWESwitchingKey<D, B: Backend>(GLWESwitchingKey<D, B>);
+
+impl LWEToGLWESwitchingKey<Vec<u8>, FFT64> {
+    pub fn alloc(module: &Module<FFT64>, basek: usize, k: usize, rows: usize, rank: usize) -> Self {
+        Self(GLWESwitchingKey::alloc(module, basek, k, rows, 1, 1, rank))
+    }
+
+    pub fn encrypt_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize, rank: usize) -> usize {
+        GLWESwitchingKey::encrypt_sk_scratch_space(module, basek, k, 1, rank) + GLWESecret::bytes_of(module, 1)
+    }
+}
+
+impl<D: AsMut<[u8]> + AsRef<[u8]>> LWEToGLWESwitchingKey<D, FFT64> {
+    pub fn encrypt_sk<DLwe, DGlwe>(
+        &mut self,
+        module: &Module<FFT64>,
+        sk_lwe: &LWESecret<DLwe>,
+        sk_glwe: &FourierGLWESecret<DGlwe, FFT64>,
+        source_xa: &mut Source,
+        source_xe: &mut Source,
+        sigma: f64,
+        scratch: &mut Scratch,
+    ) where
+        DLwe: AsRef<[u8]>,
+        DGlwe: AsRef<[u8]>,
+    {
+        #[cfg(debug_assertions)]
+        {
+            assert!(sk_lwe.n() <= module.n());
+        }
+
+        let (mut sk_lwe_as_glwe, scratch1) = scratch.tmp_glwe_secret(module, 1);
+        sk_lwe_as_glwe.data.at_mut(0, 0)[..sk_lwe.n()].copy_from_slice(sk_lwe.data.at(0, 0));
+        sk_lwe_as_glwe.data.at_mut(0, 0)[sk_lwe.n()..].fill(0);
+        module.vec_znx_automorphism_inplace(-1, &mut sk_lwe_as_glwe.data, 0);
+
+        self.0.encrypt_sk(
+            module,
+            &sk_lwe_as_glwe,
+            &sk_glwe,
+            source_xa,
+            source_xe,
+            sigma,
+            scratch1,
+        );
+    }
+}
+
+pub struct LWESwitchingKey<D, B: Backend>(GLWESwitchingKey<D, B>);
+
+impl LWESwitchingKey<Vec<u8>, FFT64> {
+    pub fn alloc(module: &Module<FFT64>, basek: usize, k: usize, rows: usize) -> Self {
+        Self(GLWESwitchingKey::alloc(module, basek, k, rows, 1, 1, 1))
+    }
+
+    pub fn encrypt_sk_scratch_space(module: &Module<FFT64>, basek: usize, k: usize) -> usize {
+        GLWESecret::bytes_of(module, 1)
+            + FourierGLWESecret::bytes_of(module, 1)
+            + GLWESwitchingKey::encrypt_sk_scratch_space(module, basek, k, 1, 1)
+    }
+}
+
+impl<D: AsMut<[u8]> + AsRef<[u8]>> LWESwitchingKey<D, FFT64> {
+    pub fn encrypt_sk<DIn, DOut>(
+        &mut self,
+        module: &Module<FFT64>,
+        sk_lwe_in: &LWESecret<DIn>,
+        sk_lwe_out: &LWESecret<DOut>,
+        source_xa: &mut Source,
+        source_xe: &mut Source,
+        sigma: f64,
+        scratch: &mut Scratch,
+    ) where
+        DIn: AsRef<[u8]>,
+        DOut: AsRef<[u8]>,
+    {
+        #[cfg(debug_assertions)]
+        {
+            assert!(sk_lwe_in.n() <= module.n());
+            assert!(sk_lwe_out.n() <= module.n());
+        }
+
+        let (mut sk_in_glwe, scratch1) = scratch.tmp_glwe_secret(module, 1);
+        let (mut sk_out_glwe, scratch2) = scratch1.tmp_fourier_glwe_secret(module, 1);
+
+        sk_in_glwe.data.at_mut(0, 0)[..sk_lwe_out.n()].copy_from_slice(sk_lwe_out.data.at(0, 0));
+        sk_in_glwe.data.at_mut(0, 0)[sk_lwe_out.n()..].fill(0);
+        module.vec_znx_automorphism_inplace(-1, &mut sk_in_glwe.data, 0);
+        sk_out_glwe.set(module, &sk_in_glwe);
+        sk_in_glwe.data.at_mut(0, 0)[..sk_lwe_in.n()].copy_from_slice(sk_lwe_in.data.at(0, 0));
+        sk_in_glwe.data.at_mut(0, 0)[sk_lwe_in.n()..].fill(0);
+        module.vec_znx_automorphism_inplace(-1, &mut sk_in_glwe.data, 0);
+
+        self.0.encrypt_sk(
+            module,
+            &sk_in_glwe,
+            &sk_out_glwe,
+            source_xa,
+            source_xe,
+            sigma,
+            scratch2,
+        );
+    }
+}
+
+impl LWECiphertext<Vec<u8>> {
+    pub fn from_glwe_scratch_space(
+        module: &Module<FFT64>,
+        basek: usize,
+        k_lwe: usize,
+        k_glwe: usize,
+        k_ksk: usize,
+        rank: usize,
+    ) -> usize {
+        GLWECiphertext::bytes_of(module, basek, k_lwe, 1)
+            + GLWECiphertext::keyswitch_scratch_space(module, basek, k_lwe, k_glwe, k_ksk, 1, rank, 1)
+    }
+
+    pub fn keyswitch_scratch_space(
+        module: &Module<FFT64>,
+        basek: usize,
+        k_lwe_out: usize,
+        k_lwe_in: usize,
+        k_ksk: usize,
+    ) -> usize {
+        GLWECiphertext::bytes_of(module, basek, k_lwe_out.max(k_lwe_in), 1)
+            + GLWECiphertext::keyswitch_inplace_scratch_space(module, basek, k_lwe_out, k_ksk, 1, 1)
+    }
+}
+
+impl<DLwe: AsRef<[u8]> + AsMut<[u8]>> LWECiphertext<DLwe> {
+    pub fn sample_extract<DGlwe>(&mut self, a: &GLWECiphertext<DGlwe>)
+    where
+        DGlwe: AsRef<[u8]>,
+    {
+        #[cfg(debug_assertions)]
+        {
+            assert!(self.n() <= a.n());
+        }
+
+        let min_size: usize = self.size().min(a.size());
+        let n: usize = self.n();
+
+        self.data.zero();
+        (0..min_size).for_each(|i| {
+            let data_lwe: &mut [i64] = self.data.at_mut(0, i);
+            data_lwe[0] = a.data.at(0, i)[0];
+            data_lwe[1..].copy_from_slice(&a.data.at(1, i)[..n]);
+        });
+    }
+
+    pub fn from_glwe<DGlwe, DKs>(
+        &mut self,
+        module: &Module<FFT64>,
+        a: &GLWECiphertext<DGlwe>,
+        ks: &GLWEToLWESwitchingKey<DKs, FFT64>,
+        scratch: &mut Scratch,
+    ) where
+        DGlwe: AsRef<[u8]>,
+        DKs: AsRef<[u8]>,
+    {
+        #[cfg(debug_assertions)]
+        {
+            assert_eq!(self.basek(), a.basek());
+        }
+        let (mut tmp_glwe, scratch1) = scratch.tmp_glwe_ct(module, a.basek(), self.k(), 1);
+        tmp_glwe.keyswitch(module, a, &ks.0, scratch1);
+        self.sample_extract(&tmp_glwe);
+    }
+
+    pub fn keyswitch<A, DKs>(
+        &mut self,
+        module: &Module<FFT64>,
+        a: &LWECiphertext<A>,
+        ksk: &LWESwitchingKey<DKs, FFT64>,
+        scratch: &mut Scratch,
+    ) where
+        A: AsRef<[u8]>,
+        DKs: AsRef<[u8]>,
+    {
+        #[cfg(debug_assertions)]
+        {
+            assert!(self.n() <= module.n());
+            assert!(a.n() <= module.n());
+            assert_eq!(self.basek(), a.basek());
+        }
+
+        let max_k: usize = self.k().max(a.k());
+        let basek: usize = self.basek();
+
+        let (mut glwe, scratch1) = scratch.tmp_glwe_ct(&module, basek, max_k, 1);
+        glwe.data.zero();
+
+        let n_lwe: usize = a.n();
+
+        (0..a.size()).for_each(|i| {
+            let data_lwe: &[i64] = a.data.at(0, i);
+            glwe.data.at_mut(0, i)[0] = data_lwe[0];
+            glwe.data.at_mut(1, i)[..n_lwe].copy_from_slice(&data_lwe[1..]);
+        });
+
+        glwe.keyswitch_inplace(module, &ksk.0, scratch1);
+
+        self.sample_extract(&glwe);
+    }
+}
+
+impl GLWECiphertext<Vec<u8>> {
+    pub fn from_lwe_scratch_space(
+        module: &Module<FFT64>,
+        basek: usize,
+        k_lwe: usize,
+        k_glwe: usize,
+        k_ksk: usize,
+        rank: usize,
+    ) -> usize {
+        GLWECiphertext::keyswitch_scratch_space(module, basek, k_glwe, k_lwe, k_ksk, 1, 1, rank)
+            + GLWECiphertext::bytes_of(module, basek, k_lwe, 1)
+    }
+}
+
+impl<D: AsRef<[u8]> + AsMut<[u8]>> GLWECiphertext<D> {
+    pub fn from_lwe<DLwe, DKsk>(
+        &mut self,
+        module: &Module<FFT64>,
+        lwe: &LWECiphertext<DLwe>,
+        ksk: &LWEToGLWESwitchingKey<DKsk, FFT64>,
+        scratch: &mut Scratch,
+    ) where
+        DLwe: AsRef<[u8]>,
+        DKsk: AsRef<[u8]>,
+    {
+        #[cfg(debug_assertions)]
+        {
+            assert!(lwe.n() <= self.n());
+            assert_eq!(self.basek(), self.basek());
+        }
+
+        let (mut glwe, scratch1) = scratch.tmp_glwe_ct(module, lwe.basek(), lwe.k(), 1);
+        glwe.data.zero();
+
+        let n_lwe: usize = lwe.n();
+
+        (0..lwe.size()).for_each(|i| {
+            let data_lwe: &[i64] = lwe.data.at(0, i);
+            glwe.data.at_mut(0, i)[0] = data_lwe[0];
+            glwe.data.at_mut(1, i)[..n_lwe].copy_from_slice(&data_lwe[1..]);
+        });
+
+        self.keyswitch(module, &glwe, &ksk.0, scratch1);
+    }
+}

core/src/lwe/mod.rs

@@ -1,9 +1,13 @@
 pub mod ciphertext;
 pub mod decryption;
 pub mod encryption;
+pub mod keyswtich;
 pub mod plaintext;
 pub mod secret;
 
 pub use ciphertext::LWECiphertext;
 pub use plaintext::LWEPlaintext;
 pub use secret::LWESecret;
+
+#[cfg(test)]
+pub mod test_fft64;

core/src/lwe/test_fft64/conversion.rs

@@ -0,0 +1,220 @@
+use backend::{Encoding, FFT64, Module, ScratchOwned, ZnxView};
+use sampling::source::Source;
+
+use crate::{
+    FourierGLWESecret, GLWECiphertext, GLWEPlaintext, GLWESecret, Infos, LWECiphertext, LWESecret,
+    lwe::{
+        LWEPlaintext,
+        keyswtich::{GLWEToLWESwitchingKey, LWESwitchingKey, LWEToGLWESwitchingKey},
+    },
+};
+
+#[test]
+fn lwe_to_glwe() {
+    let n: usize = 1 << 5;
+    let module: Module<FFT64> = Module::<FFT64>::new(n);
+    let basek: usize = 17;
+    let sigma: f64 = 3.2;
+
+    let rank: usize = 2;
+
+    let n_lwe: usize = 22;
+    let k_lwe_ct: usize = 2 * basek;
+    let k_lwe_pt: usize = 8;
+
+    let k_glwe_ct: usize = 3 * basek;
+
+    let k_ksk: usize = k_lwe_ct + basek;
+
+    let mut source_xs: Source = Source::new([0u8; 32]);
+    let mut source_xa: Source = Source::new([0u8; 32]);
+    let mut source_xe: Source = Source::new([0u8; 32]);
+
+    let mut scratch: ScratchOwned = ScratchOwned::new(
+        LWEToGLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank)
+            | GLWECiphertext::from_lwe_scratch_space(&module, basek, k_lwe_ct, k_glwe_ct, k_ksk, rank)
+            | GLWECiphertext::decrypt_scratch_space(&module, basek, k_glwe_ct),
+    );
+
+    let mut sk_glwe: GLWESecret<Vec<u8>> = GLWESecret::alloc(&module, rank);
+    sk_glwe.fill_ternary_prob(0.5, &mut source_xs);
+
+    let mut sk_glwe_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::alloc(&module, rank);
+    sk_glwe_dft.set(&module, &sk_glwe);
+
+    let mut sk_lwe = LWESecret::alloc(n_lwe);
+    sk_lwe.fill_ternary_prob(0.5, &mut source_xs);
+
+    let data: i64 = 17;
+
+    let mut lwe_pt: LWEPlaintext<Vec<u8>> = LWEPlaintext::alloc(basek, k_lwe_pt);
+    lwe_pt
+        .data
+        .encode_coeff_i64(0, basek, k_lwe_pt, 0, data, k_lwe_pt);
+
+    let mut lwe_ct: LWECiphertext<Vec<u8>> = LWECiphertext::alloc(n_lwe, basek, k_lwe_ct);
+    lwe_ct.encrypt_sk(&lwe_pt, &sk_lwe, &mut source_xa, &mut source_xe, sigma);
+
+    let mut ksk: LWEToGLWESwitchingKey<Vec<u8>, FFT64> = LWEToGLWESwitchingKey::alloc(&module, basek, k_ksk, lwe_ct.size(), rank);
+
+    ksk.encrypt_sk(
+        &module,
+        &sk_lwe,
+        &sk_glwe_dft,
+        &mut source_xa,
+        &mut source_xe,
+        sigma,
+        scratch.borrow(),
+    );
+
+    let mut glwe_ct: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_glwe_ct, rank);
+    glwe_ct.from_lwe(&module, &lwe_ct, &ksk, scratch.borrow());
+
+    let mut glwe_pt: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_glwe_ct);
+    glwe_ct.decrypt(&module, &mut glwe_pt, &sk_glwe_dft, scratch.borrow());
+
+    assert_eq!(glwe_pt.data.at(0, 0)[0], lwe_pt.data.at(0, 0)[0]);
+}
+
+#[test]
+fn glwe_to_lwe() {
+    let n: usize = 1 << 5;
+    let module: Module<FFT64> = Module::<FFT64>::new(n);
+    let basek: usize = 17;
+    let sigma: f64 = 3.2;
+
+    let rank: usize = 2;
+
+    let n_lwe: usize = 22;
+    let k_lwe_ct: usize = 2 * basek;
+    let k_lwe_pt: usize = 8;
+
+    let k_glwe_ct: usize = 3 * basek;
+
+    let k_ksk: usize = k_lwe_ct + basek;
+
+    let mut source_xs: Source = Source::new([0u8; 32]);
+    let mut source_xa: Source = Source::new([0u8; 32]);
+    let mut source_xe: Source = Source::new([0u8; 32]);
+
+    let mut scratch: ScratchOwned = ScratchOwned::new(
+        LWEToGLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank)
+            | GLWECiphertext::from_lwe_scratch_space(&module, basek, k_lwe_ct, k_glwe_ct, k_ksk, rank)
+            | GLWECiphertext::decrypt_scratch_space(&module, basek, k_glwe_ct),
+    );
+
+    let mut sk_glwe: GLWESecret<Vec<u8>> = GLWESecret::alloc(&module, rank);
+    sk_glwe.fill_ternary_prob(0.5, &mut source_xs);
+
+    let mut sk_glwe_dft: FourierGLWESecret<Vec<u8>, FFT64> = FourierGLWESecret::alloc(&module, rank);
+    sk_glwe_dft.set(&module, &sk_glwe);
+
+    let mut sk_lwe = LWESecret::alloc(n_lwe);
+    sk_lwe.fill_ternary_prob(0.5, &mut source_xs);
+
+    let data: i64 = 17;
+    let mut glwe_pt: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_glwe_ct);
+
+    glwe_pt
+        .data
+        .encode_coeff_i64(0, basek, k_lwe_pt, 0, data, k_lwe_pt);
+
+    let mut glwe_ct = GLWECiphertext::alloc(&module, basek, k_glwe_ct, rank);
+    glwe_ct.encrypt_sk(
+        &module,
+        &glwe_pt,
+        &sk_glwe_dft,
+        &mut source_xa,
+        &mut source_xe,
+        sigma,
+        scratch.borrow(),
+    );
+
+    let mut ksk: GLWEToLWESwitchingKey<Vec<u8>, FFT64> =
+        GLWEToLWESwitchingKey::alloc(&module, basek, k_ksk, glwe_ct.size(), rank);
+
+    ksk.encrypt_sk(
+        &module,
+        &sk_lwe,
+        &sk_glwe,
+        &mut source_xa,
+        &mut source_xe,
+        sigma,
+        scratch.borrow(),
+    );
+
+    let mut lwe_ct: LWECiphertext<Vec<u8>> = LWECiphertext::alloc(n_lwe, basek, k_lwe_ct);
+    lwe_ct.from_glwe(&module, &glwe_ct, &ksk, scratch.borrow());
+
+    let mut lwe_pt: LWEPlaintext<Vec<u8>> = LWEPlaintext::alloc(basek, k_lwe_ct);
+    lwe_ct.decrypt(&mut lwe_pt, &sk_lwe);
+
+    assert_eq!(glwe_pt.data.at(0, 0)[0], lwe_pt.data.at(0, 0)[0]);
+}
+
+#[test]
+fn keyswitch() {
+    let n: usize = 1 << 5;
+    let module: Module<FFT64> = Module::<FFT64>::new(n);
+    let basek: usize = 17;
+    let sigma: f64 = 3.2;
+
+    let n_lwe_in: usize = 22;
+    let n_lwe_out: usize = 30;
+    let k_lwe_ct: usize = 2 * basek;
+    let k_lwe_pt: usize = 8;
+
+    let k_ksk: usize = k_lwe_ct + basek;
+
+    let mut source_xs: Source = Source::new([0u8; 32]);
+    let mut source_xa: Source = Source::new([0u8; 32]);
+    let mut source_xe: Source = Source::new([0u8; 32]);
+
+    let mut scratch: ScratchOwned = ScratchOwned::new(
+        LWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk)
+            | LWECiphertext::keyswitch_scratch_space(&module, basek, k_lwe_ct, k_lwe_ct, k_ksk),
+    );
+
+    let mut sk_lwe_in: LWESecret<Vec<u8>> = LWESecret::alloc(n_lwe_in);
+    sk_lwe_in.fill_ternary_prob(0.5, &mut source_xs);
+
+    let mut sk_lwe_out: LWESecret<Vec<u8>> = LWESecret::alloc(n_lwe_out);
+    sk_lwe_out.fill_ternary_prob(0.5, &mut source_xs);
+
+    let data: i64 = 17;
+
+    let mut lwe_pt_in: LWEPlaintext<Vec<u8>> = LWEPlaintext::alloc(basek, k_lwe_pt);
+    lwe_pt_in
+        .data
+        .encode_coeff_i64(0, basek, k_lwe_pt, 0, data, k_lwe_pt);
+
+    let mut lwe_ct_in: LWECiphertext<Vec<u8>> = LWECiphertext::alloc(n_lwe_in, basek, k_lwe_ct);
+    lwe_ct_in.encrypt_sk(
+        &lwe_pt_in,
+        &sk_lwe_in,
+        &mut source_xa,
+        &mut source_xe,
+        sigma,
+    );
+
+    let mut ksk: LWESwitchingKey<Vec<u8>, FFT64> = LWESwitchingKey::alloc(&module, basek, k_ksk, lwe_ct_in.size());
+
+    ksk.encrypt_sk(
+        &module,
+        &sk_lwe_in,
+        &sk_lwe_out,
+        &mut source_xa,
+        &mut source_xe,
+        sigma,
+        scratch.borrow(),
+    );
+
+    let mut lwe_ct_out: LWECiphertext<Vec<u8>> = LWECiphertext::alloc(n_lwe_out, basek, k_lwe_ct);
+
+    lwe_ct_out.keyswitch(&module, &lwe_ct_in, &ksk, scratch.borrow());
+
+    let mut lwe_pt_out: LWEPlaintext<Vec<u8>> = LWEPlaintext::alloc(basek, k_lwe_ct);
+    lwe_ct_out.decrypt(&mut lwe_pt_out, &sk_lwe_out);
+
+    assert_eq!(lwe_pt_in.data.at(0, 0)[0], lwe_pt_out.data.at(0, 0)[0]);
+}

core/src/lwe/test_fft64/mod.rs

@@ -0,0 +1 @@
+pub mod conversion;

core/src/test_fft64/glwe_fourier.rs

@@ -1,478 +0,0 @@
-use crate::{
-    FourierGLWECiphertext, GGSWCiphertext, GLWECiphertext, GLWEOps, GLWEPlaintext, GLWESecret, GLWESwitchingKey, Infos, div_ceil,
-    test_fft64::{log2_std_noise_gglwe_product, noise_ggsw_product},
-};
-use backend::{FFT64, FillUniform, Module, ScalarZnx, ScalarZnxAlloc, ScratchOwned, Stats, VecZnxOps, ZnxViewMut};
-use sampling::source::Source;
-
-#[test]
-fn keyswitch() {
-    let log_n: usize = 8;
-    let basek: usize = 12;
-    let k_in: usize = 45;
-    let digits: usize = k_in.div_ceil(basek);
-    (1..4).for_each(|rank_in| {
-        (1..4).for_each(|rank_out| {
-            (1..digits + 1).for_each(|di| {
-                let k_ksk: usize = k_in + basek * di;
-                println!(
-                    "test keyswitch digits: {} rank_in: {} rank_out: {}",
-                    di, rank_in, rank_out
-                );
-                let k_out: usize = k_ksk; // Better capture noise.
-                test_keyswitch(log_n, basek, k_in, k_out, k_ksk, di, rank_in, rank_out, 3.2);
-            })
-        });
-    });
-}
-
-#[test]
-fn keyswitch_inplace() {
-    let log_n: usize = 8;
-    let basek: usize = 12;
-    let k_ct: usize = 45;
-    let digits: usize = k_ct.div_ceil(basek);
-    (1..4).for_each(|rank| {
-        (1..digits + 1).for_each(|di| {
-            let k_ksk: usize = k_ct + basek * di;
-            println!("test keyswitch_inplace digits: {} rank: {}", di, rank);
-            test_keyswitch_inplace(log_n, basek, k_ct, k_ksk, di, rank, 3.2);
-        });
-    });
-}
-
-#[test]
-fn external_product() {
-    let log_n: usize = 8;
-    let basek: usize = 12;
-    let k_in: usize = 45;
-    let digits: usize = k_in.div_ceil(basek);
-    (1..4).for_each(|rank| {
-        (1..digits + 1).for_each(|di| {
-            let k_ggsw: usize = k_in + basek * di;
-            println!("test external_product digits: {} rank: {}", di, rank);
-            let k_out: usize = k_ggsw; // Better capture noise.
-            test_external_product(log_n, basek, k_out, k_in, k_ggsw, di, rank, 3.2);
-        });
-    });
-}
-
-#[test]
-fn external_product_inplace() {
-    let log_n: usize = 8;
-    let basek: usize = 12;
-    let k_ct: usize = 60;
-    let digits: usize = k_ct.div_ceil(basek);
-    (1..4).for_each(|rank| {
-        (1..digits + 1).for_each(|di| {
-            let k_ggsw: usize = k_ct + basek * di;
-            println!("test external_product digits: {} rank: {}", di, rank);
-            test_external_product_inplace(log_n, basek, k_ct, k_ggsw, di, rank, 3.2);
-        });
-    });
-}
-
-fn test_keyswitch(
-    log_n: usize,
-    basek: usize,
-    k_in: usize,
-    k_out: usize,
-    k_ksk: usize,
-    digits: usize,
-    rank_in: usize,
-    rank_out: usize,
-    sigma: f64,
-) {
-    let module: Module<FFT64> = Module::<FFT64>::new(1 << log_n);
-
-    let rows: usize = k_in.div_ceil(basek * digits);
-
-    let mut ksk: GLWESwitchingKey<Vec<u8>, FFT64> =
-        GLWESwitchingKey::alloc(&module, basek, k_ksk, rows, digits, rank_in, rank_out);
-    let mut ct_glwe_in: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_in, rank_in);
-    let mut ct_glwe_dft_in: FourierGLWECiphertext<Vec<u8>, FFT64> = FourierGLWECiphertext::alloc(&module, basek, k_in, rank_in);
-    let mut ct_glwe_out: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_out, rank_out);
-    let mut ct_glwe_dft_out: FourierGLWECiphertext<Vec<u8>, FFT64> =
-        FourierGLWECiphertext::alloc(&module, basek, k_out, rank_out);
-    let mut pt_want: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_in);
-    let mut pt_have: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_out);
-
-    let mut source_xs: Source = Source::new([0u8; 32]);
-    let mut source_xe: Source = Source::new([0u8; 32]);
-    let mut source_xa: Source = Source::new([0u8; 32]);
-
-    // Random input plaintext
-    pt_want
-        .data
-        .fill_uniform(basek, 0, pt_want.size(), &mut source_xa);
-
-    let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, k_ksk, rank_out)
-            | GLWECiphertext::decrypt_scratch_space(&module, basek, k_out)
-            | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, k_in)
-            | FourierGLWECiphertext::keyswitch_scratch_space(
-                &module,
-                basek,
-                ct_glwe_out.k(),
-                ksk.k(),
-                ct_glwe_in.k(),
-                digits,
-                rank_in,
-                rank_out,
-            ),
-    );
-
-    let mut sk_in: GLWESecret<Vec<u8>, FFT64> = GLWESecret::alloc(&module, rank_in);
-    sk_in.fill_ternary_prob(&module, 0.5, &mut source_xs);
-
-    let mut sk_out: GLWESecret<Vec<u8>, FFT64> = GLWESecret::alloc(&module, rank_out);
-    sk_out.fill_ternary_prob(&module, 0.5, &mut source_xs);
-
-    ksk.generate_from_sk(
-        &module,
-        &sk_in,
-        &sk_out,
-        &mut source_xa,
-        &mut source_xe,
-        sigma,
-        scratch.borrow(),
-    );
-
-    ct_glwe_in.encrypt_sk(
-        &module,
-        &pt_want,
-        &sk_in,
-        &mut source_xa,
-        &mut source_xe,
-        sigma,
-        scratch.borrow(),
-    );
-
-    ct_glwe_in.dft(&module, &mut ct_glwe_dft_in);
-    ct_glwe_dft_out.keyswitch(&module, &ct_glwe_dft_in, &ksk, scratch.borrow());
-    ct_glwe_dft_out.idft(&module, &mut ct_glwe_out, scratch.borrow());
-
-    ct_glwe_out.decrypt(&module, &mut pt_have, &sk_out, scratch.borrow());
-
-    module.vec_znx_sub_ab_inplace(&mut pt_have.data, 0, &pt_want.data, 0);
-
-    let noise_have: f64 = pt_have.data.std(0, basek).log2();
-    let noise_want: f64 = log2_std_noise_gglwe_product(
-        module.n() as f64,
-        basek * digits,
-        0.5,
-        0.5,
-        0f64,
-        sigma * sigma,
-        0f64,
-        rank_in as f64,
-        k_in,
-        k_ksk,
-    );
-
-    assert!(
-        (noise_have - noise_want).abs() <= 0.5,
-        "{} {}",
-        noise_have,
-        noise_want
-    );
-}
-
-fn test_keyswitch_inplace(log_n: usize, basek: usize, k_ct: usize, k_ksk: usize, digits: usize, rank: usize, sigma: f64) {
-    let module: Module<FFT64> = Module::<FFT64>::new(1 << log_n);
-
-    let rows: usize = k_ct.div_ceil(basek * digits);
-
-    let mut ksk: GLWESwitchingKey<Vec<u8>, FFT64> = GLWESwitchingKey::alloc(&module, basek, k_ksk, rows, digits, rank, rank);
-    let mut ct_glwe: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_ct, rank);
-    let mut ct_rlwe_dft: FourierGLWECiphertext<Vec<u8>, FFT64> = FourierGLWECiphertext::alloc(&module, basek, k_ct, rank);
-    let mut pt_want: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_ct);
-    let mut pt_have: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_ct);
-
-    let mut source_xs: Source = Source::new([0u8; 32]);
-    let mut source_xe: Source = Source::new([0u8; 32]);
-    let mut source_xa: Source = Source::new([0u8; 32]);
-
-    // Random input plaintext
-    pt_want
-        .data
-        .fill_uniform(basek, 0, pt_want.size(), &mut source_xa);
-
-    let mut scratch: ScratchOwned = ScratchOwned::new(
-        GLWESwitchingKey::encrypt_sk_scratch_space(&module, basek, ksk.k(), rank)
-            | GLWECiphertext::decrypt_scratch_space(&module, basek, ct_glwe.k())
-            | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct_glwe.k())
-            | FourierGLWECiphertext::keyswitch_inplace_scratch_space(&module, basek, ct_rlwe_dft.k(), ksk.k(), digits, rank),
-    );
-
-    let mut sk_in: GLWESecret<Vec<u8>, FFT64> = GLWESecret::alloc(&module, rank);
-    sk_in.fill_ternary_prob(&module, 0.5, &mut source_xs);
-
-    let mut sk_out: GLWESecret<Vec<u8>, FFT64> = GLWESecret::alloc(&module, rank);
-    sk_out.fill_ternary_prob(&module, 0.5, &mut source_xs);
-
-    ksk.generate_from_sk(
-        &module,
-        &sk_in,
-        &sk_out,
-        &mut source_xa,
-        &mut source_xe,
-        sigma,
-        scratch.borrow(),
-    );
-
-    ct_glwe.encrypt_sk(
-        &module,
-        &pt_want,
-        &sk_in,
-        &mut source_xa,
-        &mut source_xe,
-        sigma,
-        scratch.borrow(),
-    );
-
-    ct_glwe.dft(&module, &mut ct_rlwe_dft);
-    ct_rlwe_dft.keyswitch_inplace(&module, &ksk, scratch.borrow());
-    ct_rlwe_dft.idft(&module, &mut ct_glwe, scratch.borrow());
-
-    ct_glwe.decrypt(&module, &mut pt_have, &sk_out, scratch.borrow());
-
-    module.vec_znx_sub_ab_inplace(&mut pt_have.data, 0, &pt_want.data, 0);
-
-    let noise_have: f64 = pt_have.data.std(0, basek).log2();
-    let noise_want: f64 = log2_std_noise_gglwe_product(
-        module.n() as f64,
-        basek * digits,
-        0.5,
-        0.5,
-        0f64,
-        sigma * sigma,
-        0f64,
-        rank as f64,
-        k_ct,
-        k_ksk,
-    );
-
-    assert!(
-        (noise_have - noise_want).abs() <= 0.5,
-        "{} {}",
-        noise_have,
-        noise_want
-    );
-}
-
-fn test_external_product(
-    log_n: usize,
-    basek: usize,
-    k_out: usize,
-    k_in: usize,
-    k_ggsw: usize,
-    digits: usize,
-    rank: usize,
-    sigma: f64,
-) {
-    let module: Module<FFT64> = Module::<FFT64>::new(1 << log_n);
-
-    let rows: usize = k_in.div_ceil(basek * digits);
-
-    let mut ct_ggsw: GGSWCiphertext<Vec<u8>, FFT64> = GGSWCiphertext::alloc(&module, basek, k_ggsw, rows, digits, rank);
-    let mut ct_in: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_in, rank);
-    let mut ct_out: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_out, rank);
-    let mut ct_in_dft: FourierGLWECiphertext<Vec<u8>, FFT64> = FourierGLWECiphertext::alloc(&module, basek, k_in, rank);
-    let mut ct_out_dft: FourierGLWECiphertext<Vec<u8>, FFT64> = FourierGLWECiphertext::alloc(&module, basek, k_out, rank);
-    let mut pt_rgsw: ScalarZnx<Vec<u8>> = module.new_scalar_znx(1);
-    let mut pt_want: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_in);
-    let mut pt_have: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_out);
-
-    let mut source_xs: Source = Source::new([0u8; 32]);
-    let mut source_xe: Source = Source::new([0u8; 32]);
-    let mut source_xa: Source = Source::new([0u8; 32]);
-
-    // Random input plaintext
-    pt_want
-        .data
-        .fill_uniform(basek, 0, pt_want.size(), &mut source_xa);
-
-    pt_want.data.at_mut(0, 0)[1] = 1;
-
-    let k: i64 = 1;
-
-    pt_rgsw.raw_mut()[0] = 1; // X^{0}
-    module.vec_znx_rotate_inplace(k, &mut pt_rgsw, 0); // X^{k}
-
-    let mut scratch: ScratchOwned = ScratchOwned::new(
-        GGSWCiphertext::encrypt_sk_scratch_space(&module, basek, ct_ggsw.k(), rank)
-            | GLWECiphertext::decrypt_scratch_space(&module, basek, ct_out.k())
-            | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct_in.k())
-            | FourierGLWECiphertext::external_product_scratch_space(
-                &module,
-                basek,
-                ct_out.k(),
-                ct_in.k(),
-                ct_ggsw.k(),
-                digits,
-                rank,
-            ),
-    );
-
-    let mut sk: GLWESecret<Vec<u8>, FFT64> = GLWESecret::alloc(&module, rank);
-    sk.fill_ternary_prob(&module, 0.5, &mut source_xs);
-
-    ct_ggsw.encrypt_sk(
-        &module,
-        &pt_rgsw,
-        &sk,
-        &mut source_xa,
-        &mut source_xe,
-        sigma,
-        scratch.borrow(),
-    );
-
-    ct_in.encrypt_sk(
-        &module,
-        &pt_want,
-        &sk,
-        &mut source_xa,
-        &mut source_xe,
-        sigma,
-        scratch.borrow(),
-    );
-
-    ct_in.dft(&module, &mut ct_in_dft);
-    ct_out_dft.external_product(&module, &ct_in_dft, &ct_ggsw, scratch.borrow());
-    ct_out_dft.idft(&module, &mut ct_out, scratch.borrow());
-
-    ct_out.decrypt(&module, &mut pt_have, &sk, scratch.borrow());
-
-    pt_want.rotate_inplace(&module, k);
-    pt_have.sub_inplace_ab(&module, &pt_want);
-
-    let noise_have: f64 = pt_have.data.std(0, basek).log2();
-
-    let var_gct_err_lhs: f64 = sigma * sigma;
-    let var_gct_err_rhs: f64 = 0f64;
-
-    let var_msg: f64 = 1f64 / module.n() as f64; // X^{k}
-    let var_a0_err: f64 = sigma * sigma;
-    let var_a1_err: f64 = 1f64 / 12f64;
-
-    let noise_want: f64 = noise_ggsw_product(
-        module.n() as f64,
-        basek * digits,
-        0.5,
-        var_msg,
-        var_a0_err,
-        var_a1_err,
-        var_gct_err_lhs,
-        var_gct_err_rhs,
-        rank as f64,
-        k_in,
-        k_ggsw,
-    );
-
-    assert!(
-        (noise_have - noise_want).abs() <= 0.5,
-        "{} {}",
-        noise_have,
-        noise_want
-    );
-}
-
-fn test_external_product_inplace(log_n: usize, basek: usize, k_ct: usize, k_ggsw: usize, digits: usize, rank: usize, sigma: f64) {
-    let module: Module<FFT64> = Module::<FFT64>::new(1 << log_n);
-    let rows: usize = k_ct.div_ceil(basek * digits);
-
-    let mut ct_ggsw: GGSWCiphertext<Vec<u8>, FFT64> = GGSWCiphertext::alloc(&module, basek, k_ggsw, rows, digits, rank);
-    let mut ct: GLWECiphertext<Vec<u8>> = GLWECiphertext::alloc(&module, basek, k_ct, rank);
-    let mut ct_rlwe_dft: FourierGLWECiphertext<Vec<u8>, FFT64> = FourierGLWECiphertext::alloc(&module, basek, k_ct, rank);
-    let mut pt_rgsw: ScalarZnx<Vec<u8>> = module.new_scalar_znx(1);
-    let mut pt_want: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_ct);
-    let mut pt_have: GLWEPlaintext<Vec<u8>> = GLWEPlaintext::alloc(&module, basek, k_ct);
-
-    let mut source_xs: Source = Source::new([0u8; 32]);
-    let mut source_xe: Source = Source::new([0u8; 32]);
-    let mut source_xa: Source = Source::new([0u8; 32]);
-
-    // Random input plaintext
-    pt_want
-        .data
-        .fill_uniform(basek, 0, pt_want.size(), &mut source_xa);
-
-    pt_want.data.at_mut(0, 0)[1] = 1;
-
-    let k: i64 = 1;
-
-    pt_rgsw.raw_mut()[0] = 1; // X^{0}
-    module.vec_znx_rotate_inplace(k, &mut pt_rgsw, 0); // X^{k}
-
-    let mut scratch: ScratchOwned = ScratchOwned::new(
-        GGSWCiphertext::encrypt_sk_scratch_space(&module, basek, ct_ggsw.k(), rank)
-            | GLWECiphertext::decrypt_scratch_space(&module, basek, ct.k())
-            | GLWECiphertext::encrypt_sk_scratch_space(&module, basek, ct.k())
-            | FourierGLWECiphertext::external_product_inplace_scratch_space(&module, basek, ct.k(), ct_ggsw.k(), digits, rank),
-    );
-
-    let mut sk: GLWESecret<Vec<u8>, FFT64> = GLWESecret::alloc(&module, rank);
-    sk.fill_ternary_prob(&module, 0.5, &mut source_xs);
-
-    ct_ggsw.encrypt_sk(
-        &module,
-        &pt_rgsw,
-        &sk,
-        &mut source_xa,
-        &mut source_xe,
-        sigma,
-        scratch.borrow(),
-    );
-
-    ct.encrypt_sk(
-        &module,
-        &pt_want,
-        &sk,
-        &mut source_xa,
-        &mut source_xe,
-        sigma,
-        scratch.borrow(),
-    );
-
-    ct.dft(&module, &mut ct_rlwe_dft);
-    ct_rlwe_dft.external_product_inplace(&module, &ct_ggsw, scratch.borrow());
-    ct_rlwe_dft.idft(&module, &mut ct, scratch.borrow());
-
-    ct.decrypt(&module, &mut pt_have, &sk, scratch.borrow());
-
-    pt_want.rotate_inplace(&module, k);
-    pt_have.sub_inplace_ab(&module, &pt_want);
-
-    let noise_have: f64 = pt_have.data.std(0, basek).log2();
-
-    let var_gct_err_lhs: f64 = sigma * sigma;
-    let var_gct_err_rhs: f64 = 0f64;
-
-    let var_msg: f64 = 1f64 / module.n() as f64; // X^{k}
-    let var_a0_err: f64 = sigma * sigma;
-    let var_a1_err: f64 = 1f64 / 12f64;
-
-    let noise_want: f64 = noise_ggsw_product(
-        module.n() as f64,
-        basek * digits,
-        0.5,
-        var_msg,
-        var_a0_err,
-        var_a1_err,
-        var_gct_err_lhs,
-        var_gct_err_rhs,
-        rank as f64,
-        k_ct,
-        k_ggsw,
-    );
-
-    assert!(
-        (noise_have - noise_want).abs() <= 0.5,
-        "{} {}",
-        noise_have,
-        noise_want
-    );
-
-    println!("{} {}", noise_have, noise_want);
-}