Context.h

/* Copyright (C) 2012-2020 IBM Corp.
 * This program is Licensed under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *   http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License. See accompanying LICENSE file.
 */
#ifndef HELIB_CONTEXT_H
#define HELIB_CONTEXT_H
#include <helib/PAlgebra.h>
#include <helib/CModulus.h>
#include <helib/IndexSet.h>
#include <helib/recryption.h>
#include <helib/primeChain.h>
#include <helib/powerful.h>
#include <helib/apiAttributes.h>
#include <helib/range.h>
#include <helib/scheme.h>
#include <helib/JsonWrapper.h>
 
#include <NTL/Lazy.h>
 
namespace helib {
 
constexpr int MIN_SK_HWT = 120;
constexpr int BOOT_DFLT_SK_HWT = MIN_SK_HWT;
 
double lweEstimateSecurity(int n, double log2AlphaInv, int hwt);
 
long FindM(long k,
           long nBits,
           long c,
           long p,
           long d,
           long s,
           long chosen_m,
           bool verbose = false);
 
class EncryptedArray;
struct PolyModRing;
 
// Forward declaration of ContextBuilder
template <typename SCHEME>
class ContextBuilder;
 
class Context
{
private:
  template <typename SCHEME>
  friend class ContextBuilder;
 
  // Forward declarations of useful param structs
  // for Context and ContextBuilder.
  struct ModChainParams;
  struct BootStrapParams;
 
  // For serialization.
  struct SerializableContent;
 
  // Cmodulus objects for the different primes
  // The implementation assumes that the list of
  // primes only grows and no prime is ever modified or removed.
  std::vector<Cmodulus> moduli;
 
  // A helper table to map required modulo-sizes to primeSets
  ModuliSizes modSizes;
 
  // The structure of Zm*.
  PAlgebra zMStar;
 
  // Parameters stored in alMod.
  // These are NOT invariant: it is possible to work
  // with View objects that use a different PAlgebra object.
 
  // The structure of Z[X]/(Phi_m(X),p^r).
  PAlgebraMod alMod;
 
  // A default EncryptedArray.
  std::shared_ptr<const EncryptedArray> ea;
 
  // These parameters are currently set by buildPrimeChain
  long hwt_param = 0; // Hamming weight of all keys associated with context
                      // 0 means "dense"
  long e_param = 0;   // parameters specific to bootstrapping
  long ePrime_param = 0;
 
  std::shared_ptr<const PowerfulDCRT> pwfl_converter;
 
  // The structure of a single slot of the plaintext space.
  // Note, this will be Z[X]/(G(x),p^r) for some irreducible factor G of
  // Phi_m(X).
  std::shared_ptr<PolyModRing> slotRing;
 
  // The `sqrt(variance)` of the LWE error (default=3.2).
  NTL::xdouble stdev;
 
  double scale; // default = 10
 
  // The "ciphertext primes" are the "normal" primes that are used to
  // represent the public encryption key and ciphertexts. These are all
  // "large" single=precision primes, or bit-size roughly NTL_SP_SIZE bits.
  IndexSet ctxtPrimes;
 
  // A disjoint set of primes, used for key switching. See section 3.1.6
  // in the design document (key-switching). These too are "large"
  // single=precision primes, or bit-size close to NTL_SP_SIZE bits.
  IndexSet specialPrimes;
 
  // Yet a third set of primes, aimed at allowing modulus-switching with
  // higher resolution. These are somewhat smaller single-precision
  // primes, of size from NTL_SP_SIZE-20 to NTL_SP_SIZE-1.
  IndexSet smallPrimes;
 
  // The set of primes for the digits.
  //
  // The different columns in any key-switching matrix contain encryptions
  // of multiplies of the secret key, sk, B1*sk, B2*B1*sk, B3*B2*B1*sk,...
  // with each Bi a product of a few "non-special" primes in the chain. The
  // digits data member indicate which primes correspond to each of the Bi's.
  // These are all IndexSet objects, whose union is the subset ctxtPrimes.
  //
  // The number of Bi's is one less than the number of columns in the key
  // switching matrices (since the 1st column encrypts sk, without any Bi's),
  // but we keep in the digits std::vector also an entry for the primes that do
  // not participate in any Bi (so digits.size() is the same as the number
  // of columns in the key switching matrices).
  // See section 3.1.6 in the design document (key-switching).
  // Digits of ctxt/columns of key-switching matrix
  std::vector<IndexSet> digits;
 
  // Bootstrapping-related data in the context includes both thin and thick
  ThinRecryptData rcData;
 
  // Helper for serialisation.
  static SerializableContent readParamsFrom(std::istream& str);
 
  // Helper for serialisation.
  static SerializableContent readParamsFromJSON(const JsonWrapper& str);
 
  // Constructor for the `Context` object.
  // m The index of the cyclotomic polynomial.
  // p The plaintext modulus.
  // r BGV: The Hensel lifting parameter. CKKS: The bit precision.
  // gens The generators of `(Z/mZ)^*` (other than `p`).
  // ords The orders of each of the generators of `(Z/mZ)^*`.
  Context(unsigned long m,
          unsigned long p,
          unsigned long r,
          const std::vector<long>& gens = std::vector<long>(),
          const std::vector<long>& ords = std::vector<long>());
 
  // Used by ContextBuilder
  Context(long m,
          long p,
          long r,
          const std::vector<long>& gens,
          const std::vector<long>& ords,
          const std::optional<ModChainParams>& mparams,
          const std::optional<BootStrapParams>& bparams);
 
  // Used for serialisation
  Context(const SerializableContent& content);
 
  // Methods for adding primes.
  void addSpecialPrimes(long nDgts,
                        bool willBeBootstrappable,
                        long bitsInSpecialPrimes);
 
  void addCtxtPrimes(long nBits, long targetSize);
 
  void addSmallPrimes(long resolution, long cpSize);
 
  // Add the given prime to the `smallPrimes` set.
  // q The prime to add.
  void addSmallPrime(long q);
 
  // Add the given prime to the `ctxtPrimes` set.
  // q The prime to add.
  void addCtxtPrime(long q);
 
  // Add the given prime to the `specialPrimes` set.
  // q The prime to add.
  void addSpecialPrime(long q);
 
public:
  static constexpr std::string_view typeName = "Context";
 
  // NOTE: Parameters stored in zMStar are invariant for any computations
  // involving this Context.
 
  long getM() const { return zMStar.getM(); }
 
  long getP() const { return zMStar.getP(); }
 
  long getPhiM() const { return zMStar.getPhiM(); }
 
  long getOrdP() const { return zMStar.getOrdP(); }
 
  long getNSlots() const { return zMStar.getNSlots(); }
 
  double getScale() const { return scale; }
 
  NTL::xdouble getStdev() const { return stdev; }
 
  long getR() const { return alMod.getR(); }
 
  long getPPowR() const { return alMod.getPPowR(); }
 
  // synonymn for getR().
  // this is used in various corner cases in CKKS where
  // we really need some default precisiion parameter.
  // It is also possible to define this differently
  // in the future.
  long getPrecision() const { return alMod.getR(); }
 
  const PowerfulDCRT& getPowerfulConverter() const { return *pwfl_converter; }
 
  const std::shared_ptr<PolyModRing>& getSlotRing() const { return slotRing; };
 
  const IndexSet& getSmallPrimes() const { return smallPrimes; }
 
  const IndexSet& getCtxtPrimes() const { return ctxtPrimes; }
 
  const IndexSet& getSpecialPrimes() const { return specialPrimes; }
 
  const std::vector<IndexSet>& getDigits() const { return digits; }
 
  const IndexSet& getDigit(long i) const { return digits[i]; }
 
  const ThinRecryptData& getRcData() const { return rcData; }
 
  bool isCKKS() const { return alMod.getTag() == PA_cx_tag; }
 
  long getHwt() const { return hwt_param; }
 
  long getE() const { return e_param; }
 
  long getEPrime() const { return ePrime_param; }
 
  const PAlgebra& getZMStar() const { return zMStar; };
 
  const PAlgebraMod& getAlMod() const { return alMod; };
 
  const EncryptedArray& getView() const { return *ea; } // preferred name
 
  const EncryptedArray& getEA() const { return *ea; }
 
  const std::shared_ptr<const EncryptedArray>& shareEA() const { return ea; }
 
  //======================= high probability bounds ================
 
  // erfc(scale/sqrt(2)) * phi(m) should be less than some negligible
  // parameter epsilon.
  // The default value of 10 should be good enough for most applications.
  // NOTE: -log(erfc(8/sqrt(2)))/log(2)  = 49.5
  //       -log(erfc(10/sqrt(2)))/log(2) = 75.8
  //       -log(erfc(11/sqrt(2)))/log(2) = 91.1
  //       -log(erfc(12/sqrt(2)))/log(2) =107.8
 
  // The way this is used is as follows. If we have a normal random
  // variable X with variance sigma^2, then the probability that
  // that X lies outside the interval [-scale*sigma, scale*sigma] is
  // delta=erfc(scale/sqrt(2)). We will usually apply the union bound
  // to a vector of phi(m) such random variables (one for each primitive
  // m-th root of unity), so that the probability that that the L-infty
  // norm exceeds scale*sigma is at most epsilon=phim*delta. Thus,
  // scale*sigma will be used as a high-probability bound on the
  // L-infty norm of such vectors.
 
  //=======================================
 
  // Assume the polynomial f(x) = sum_{i < k} f_i x^i is chosen so
  // that each f_i is chosen uniformly and independently from the
  // interval [-magBound, magBound], and that k = degBound.
  // This returns a bound B such that the L-infty norm
  // of the canonical embedding exceeds B with probability at most
  // epsilon.
 
  // NOTE: this is a bit heuristic: we assume that if we evaluate
  // f at a primitive root of unity, then we get something that well
  // approximates a normal random variable with the same variance,
  // which is equal to the sum of the variances of the individual
  // f_i's, which is (2*magBound)^2/12 = magBound^2/3.
  // We then multiply the sqrt of the variance by scale to get
  // the high probability bound.
 
  double noiseBoundForUniform(double magBound, long degBound) const
  {
    return scale * std::sqrt(double(degBound) / 3.0) * magBound;
  }
 
  NTL::xdouble noiseBoundForUniform(NTL::xdouble magBound, long degBound) const
  {
    return scale * std::sqrt(double(degBound) / 3.0) * magBound;
  }
 
  // Assume the polynomial f(x) = sum_{i < k} f_i x^i is chosen so
  // that each f_i is chosen uniformly and independently from the
  // from the set of balanced residues modulo the given modulus.
  // This returns a bound B such that the L-infty norm
  // of the canonical embedding exceeds B with probability at most
  // epsilon.
 
  // NOTE: for odd modulus, this means each f_i is uniformly distributed
  // over { -floor(modulus/2), ..., floor(modulus/2) }.
  // For even modulus, this means each f_i is uniformly distributed
  // over { modulus/2, ..., modulus/2 }, except that the two endpoints
  // (which represent the same residue class) occur with half the
  // probability of the others.
 
  // NOTE: this is a bit heuristic: we assume that if we evaluate
  // f at a primitive root of unity, then we get something that well
  // approximates a normal random variable with the same variance,
  // which is equal to the sum of the variances of the individual
  // f_i's, which is (modulus)^2/12 + 1/6 for even modulus,
  // and is at most (modulus^2)/12 for odd modulus.
  // We then multiply the sqrt of the variance by scale to get
  // the high probability bound.
 
  // NOTE: this is slightly more accurate that just calling
  // noiseBoundForUniform with magBound=modulus/2.
 
  double noiseBoundForMod(long modulus, long degBound) const
  {
    double var = fsquare(modulus) / 12.0;
    if (modulus % 2 == 0)
      var += 1.0 / 6.0;
 
    return scale * std::sqrt(degBound * var);
  }
 
  // Assume the polynomial f(x) = sum_{i < k} f_i x^i is chosen
  // so that each f_i is chosen uniformly and independently from
  // N(0, sigma^2), and that k = degBound.
  // This returns a bound B such that the L-infty norm
  // of the canonical embedding exceeds B with probability at most
  // epsilon.
 
  // NOTE: if we evaluate f at a primitive root of unity,
  // then we get a normal random variable variance degBound * sigma^2.
  // We then multiply the sqrt of the variance by scale to get
  // the high probability bound.
 
  double noiseBoundForGaussian(double sigma, long degBound) const
  {
    return scale * std::sqrt(double(degBound)) * sigma;
  }
 
  NTL::xdouble noiseBoundForGaussian(NTL::xdouble sigma, long degBound) const
  {
    return scale * std::sqrt(double(degBound)) * sigma;
  }
 
  // Assume the polynomial f(x) = sum_{i < k} f_i x^i is chosen
  // so that each f_i is zero with probability 1-prob, 1 with probability
  // prob/2, and -1 with probability prob/2.
  // This returns a bound B such that the L-infty norm
  // of the canonical embedding exceeds B with probability at most
  // epsilon.
 
  // NOTE: this is a bit heuristic: we assume that if we evaluate
  // f at a primitive root of unity, then we get something that
  // well approximates a normal random variable with the same variance,
  // which is equal to the sum of the individual variances,
  // which is degBound*prob.
  // We then multiply the sqrt of the variance by scale to get
  // the high probability bound.
 
  double noiseBoundForSmall(double prob, long degBound) const
  {
    return scale * std::sqrt(double(degBound)) * std::sqrt(prob);
  }
 
  // Assume the polynomial f(x) = sum_{i < k} f_i x^i is chosen
  // hwt coefficients are chosen to \pm 1, and the remainder zero.
  // This returns a bound B such that the L-infty norm
  // of the canonical embedding exceeds B with probability at most
  // epsilon.
 
  // NOTE: this is a bit heuristic: we assume that if we evaluate
  // f at a primitive root of unity, then we get something that
  // well approximates a normal random variable with the same variance,
  // which is hwt.
  // We then multiply the sqrt of the variance by scale to get
  // the high probability bound.
 
  // NOTE: degBound is not used here, but I include it
  // for consistency with the other noiseBound routines
 
  double noiseBoundForHWt(long hwt, UNUSED long degBound) const
  {
    return scale * std::sqrt(double(hwt));
  }
 
  // This computes a high probability bound on the L-infty norm
  // of x0+s*x1 in the pwrfl basis, assuming is chosen with coeffs
  // in the pwrfl basis uniformly and independently dist'd over [-1/2,1/2],
  // x0 has arbitrary coeffs over [-1/2,1/2] in the pwrfl basis,
  // and assuming s is chosen with skHwt nonzero coeffs mod X^m-1
  // in the power basis (uniformly and independently over {-1,1}).
  // The bound should be satisfied with probability epsilon.
 
  // NOTE: this is a bit heuristic. See design document for details.
  // NOTE: this is still valid even when m is a power of 2
 
  double stdDevForRecryption() const
  {
    long skHwt = hwt_param;
 
    // number of prime factors of m
    long k = zMStar.getNFactors();
 
    long m = zMStar.getM();
    long phim = zMStar.getPhiM();
 
    double mrat = double(phim) / double(m);
 
    return std::sqrt(mrat * double(skHwt) * double(1L << k) / 3.0) * 0.5;
  }
 
  double boundForRecryption() const
  {
    return 0.5 + scale * stdDevForRecryption();
  }
 
  const ModuliSizes& getModSizeTable() const { return modSizes; }
 
  void setModSizeTable() { modSizes.init(*this); }
 
  ~Context() = default;
 
  Context() = delete;
 
  Context(const Context& other) = delete;
 
  Context(Context&& other) = delete;
 
  Context& operator=(const Context& other) = delete;
 
  Context& operator=(Context&& other) = delete;
 
  void enableBootStrapping(const NTL::Vec<long>& mvec,
                           bool build_cache = false,
                           bool alsoThick = true)
  {
    assertTrue(e_param > 0,
               "enableBootStrapping invoked but willBeBootstrappable "
               "not set in buildModChain");
 
    rcData.init(*this, mvec, alsoThick, build_cache);
  }
 
  bool isBootstrappable() const { return rcData.alMod != nullptr; }
 
  IndexSet fullPrimes() const { return ctxtPrimes | specialPrimes; }
 
  IndexSet allPrimes() const
  {
    return smallPrimes | ctxtPrimes | specialPrimes;
  }
 
  // returns first nprimes ctxtPrimes
  IndexSet getCtxtPrimes(long nprimes) const
  {
    long first = ctxtPrimes.first();
    long last = std::min(ctxtPrimes.last(), first + nprimes - 1);
    return IndexSet(first, last);
  }
 
  // FIXME: replacement for bitsPerLevel placeholder for now
  long BPL() const { return 30; }
 
  bool operator==(const Context& other) const;
 
  bool operator!=(const Context& other) const { return !(*this == other); }
 
  long ithPrime(unsigned long i) const
  {
    return (i < moduli.size()) ? moduli[i].getQ() : 0;
  }
 
  const Cmodulus& ithModulus(unsigned long i) const { return moduli[i]; }
 
  long numPrimes() const { return moduli.size(); }
 
  bool isZeroDivisor(const NTL::ZZ& num) const
  {
    for (long i : range(moduli.size()))
      if (divide(num, moduli[i].getQ()))
        return true;
    return false;
  }
 
  bool inChain(long p) const
  {
    for (long i : range(moduli.size()))
      if (p == moduli[i].getQ())
        return true;
    return false;
  }
 
  void productOfPrimes(NTL::ZZ& p, const IndexSet& s) const;
  NTL::ZZ productOfPrimes(const IndexSet& s) const
  {
    NTL::ZZ p;
    productOfPrimes(p, s);
    return p;
  }
 
  // FIXME: run-time error when ithPrime(i) returns 0
  double logOfPrime(unsigned long i) const { return log(ithPrime(i)); }
 
  double logOfProduct(const IndexSet& s) const
  {
    if (s.last() >= numPrimes())
      throw RuntimeError("Context::logOfProduct: IndexSet has too many rows");
 
    double ans = 0.0;
    for (long i : s)
      ans += logOfPrime(i);
    return ans;
  }
 
  long bitSizeOfQ() const
  {
    IndexSet primes = ctxtPrimes | specialPrimes;
    return std::ceil(logOfProduct(primes) / log(2.0));
  }
 
  double securityLevel() const
  {
    IndexSet primes = ctxtPrimes | specialPrimes;
    if (primes.card() == 0) {
      throw LogicError(
          "Security level cannot be determined as modulus chain is empty.");
    }
 
    double s = to_double(stdev);
    if (zMStar.getPow2() == 0) { // not power of two
      s *= sqrt(zMStar.getM());
    }
    double log2AlphaInv = (logOfProduct(primes) - log(s)) / log(2.0);
    return lweEstimateSecurity(zMStar.getPhiM(), log2AlphaInv, hwt_param);
  }
 
  void printout(std::ostream& out = std::cout) const;
 
  friend std::ostream& operator<<(std::ostream& str, const Context& context);
 
  friend void readContextBase(std::istream& str,
                              unsigned long& m,
                              unsigned long& p,
                              unsigned long& r,
                              std::vector<long>& gens,
                              std::vector<long>& ords);
 
  friend std::istream& operator>>(std::istream& str, Context& context);
 
  void writeTo(std::ostream& str) const;
 
  static Context readFrom(std::istream& str);
 
  static Context* readPtrFrom(std::istream& str);
 
  void writeToJSON(std::ostream& str) const;
 
  JsonWrapper writeToJSON() const;
 
  static Context readFromJSON(std::istream& str);
 
  static Context readFromJSON(const JsonWrapper& j);
 
  static Context* readPtrFromJSON(std::istream& str);
 
  // Internal function to undo buldModChain.
  // Used for parameter generation programs.
  // FIXME Should this not be private?
  void clearModChain()
  {
    moduli.clear();
    ctxtPrimes.clear();
    specialPrimes.clear();
    smallPrimes.clear();
    modSizes.clear();
    digits.clear();
    hwt_param = 0;
    e_param = 0;
    ePrime_param = 0;
  }
 
  void buildModChain(long nBits,
                     long nDgts = 3,
                     bool willBeBootstrappable = false,
                     long skHwt = 0,
                     long resolution = 3,
                     long bitsInSpecialPrimes = 0);
 
  // should be called if after you build the mod chain in some way
  // *other* than calling buildModChain.
  void endBuildModChain();
 
}; // End of class Context
 
template <typename SCHEME>
std::ostream& operator<<(std::ostream& os, const ContextBuilder<SCHEME>& cb);
 
template <typename SCHEME>
class ContextBuilder
{
  static_assert(std::is_same<SCHEME, CKKS>::value ||
                    std::is_same<SCHEME, BGV>::value,
                "Can only create context object parameterized by the crypto "
                "scheme (CKKS or BGV)");
 
private:
  // Helper for building
  const std::pair<std::optional<Context::ModChainParams>,
                  std::optional<Context::BootStrapParams>>
  makeParamsArgs() const;
 
  // Default values by scheme
  struct default_values;
 
  // General parameters
  std::vector<long> gens_;
  std::vector<long> ords_;
  long m_ = default_values::m; // BGV: 3, CKKS: 4
  long p_ = default_values::p; // BGV: 2, CKKS: -1
  long r_ = default_values::r; // BGV: Hensel lifting = 1,
                               // CKKS: Precision = 20
  long c_ = 3;
 
  // Modulus chain params
  long bits_ = 300;
  long skHwt_ = 0;
  long resolution_ = 3;
  long bitsInSpecialPrimes_ = 0;
  bool buildModChainFlag_ = true; // Default build the modchain.
 
  double stdev_ = 3.2;
  double scale_ = 10;
 
  // Boostrap params (BGV only)
  NTL::Vec<long> mvec_;
  bool buildCacheFlag_ = false;
  bool thickFlag_ = false;
  bool bootstrappableFlag_ = false; // Default not boostrappable.
 
public:
  static constexpr std::string_view typeName = "ContextBuilder";
 
  ContextBuilder& m(long m)
  {
    m_ = m;
    return *this;
  }
 
  template <typename S = SCHEME,
            std::enable_if_t<std::is_same<S, BGV>::value>* = nullptr>
  ContextBuilder& p(long p)
  {
    p_ = p;
    return *this;
  }
 
  template <typename S = SCHEME,
            std::enable_if_t<std::is_same<S, BGV>::value>* = nullptr>
  ContextBuilder& r(long r)
  {
    r_ = r;
    return *this;
  }
 
  template <typename S = SCHEME,
            std::enable_if_t<std::is_same<S, CKKS>::value>* = nullptr>
  ContextBuilder& precision(long precision)
  {
    r_ = precision;
    return *this;
  }
 
  ContextBuilder& scale(double scale)
  {
    scale_ = scale;
    return *this;
  }
 
  ContextBuilder& stdev(double stdev)
  {
    stdev_ = stdev;
    return *this;
  }
 
  ContextBuilder& c(long c)
  {
    c_ = c;
    return *this;
  }
 
  ContextBuilder& gens(const std::vector<long>& gens)
  {
    gens_ = gens;
    return *this;
  }
 
  ContextBuilder& ords(const std::vector<long>& ords)
  {
    ords_ = ords;
    return *this;
  }
 
  ContextBuilder& bits(long bits)
  {
    bits_ = bits;
    return *this;
  }
 
  ContextBuilder& skHwt(long skHwt)
  {
    skHwt_ = skHwt;
    return *this;
  }
 
  ContextBuilder& resolution(long bits)
  {
    resolution_ = bits;
    return *this;
  }
 
  ContextBuilder& bitsInSpecialPrimes(long bits)
  {
    bitsInSpecialPrimes_ = bits;
    return *this;
  }
 
  ContextBuilder& buildModChain(bool yesno)
  {
    buildModChainFlag_ = yesno;
    return *this;
  }
 
  template <typename S = SCHEME,
            std::enable_if_t<std::is_same<S, BGV>::value>* = nullptr>
  ContextBuilder& mvec(const NTL::Vec<long>& mvec)
  {
    mvec_ = mvec;
    return *this;
  }
 
  template <typename S = SCHEME,
            std::enable_if_t<std::is_same<S, BGV>::value>* = nullptr>
  ContextBuilder& mvec(const std::vector<long>& mvec)
  {
    mvec_ = convert<NTL::Vec<long>>(mvec);
    return *this;
  }
 
  template <typename S = SCHEME,
            std::enable_if_t<std::is_same<S, BGV>::value>* = nullptr>
  ContextBuilder& thinboot()
  {
    thickFlag_ = false;
    return *this;
  }
 
  template <typename S = SCHEME,
            std::enable_if_t<std::is_same<S, BGV>::value>* = nullptr>
  ContextBuilder& thickboot()
  {
    thickFlag_ = true;
    return *this;
  }
 
  template <typename S = SCHEME,
            std::enable_if_t<std::is_same<S, BGV>::value>* = nullptr>
  ContextBuilder& buildCache(bool yesno)
  {
    buildCacheFlag_ = yesno;
    return *this;
  }
 
  template <typename S = SCHEME,
            std::enable_if_t<std::is_same<S, BGV>::value>* = nullptr>
  ContextBuilder& bootstrappable(bool yesno = true)
  {
    bootstrappableFlag_ = yesno;
    return *this;
  }
 
  Context build() const;
 
  Context* buildPtr() const;
 
  friend std::ostream& operator<<<SCHEME>(std::ostream& os,
                                          const ContextBuilder& cb);
}; // End of class ContextBuilder
 
// Default BGV values
template <>
struct ContextBuilder<BGV>::default_values
{
  static constexpr long m = 3;
  static constexpr long p = 2;
  static constexpr long r = 1;
};
 
// Default CKKS values
template <>
struct ContextBuilder<CKKS>::default_values
{
  static constexpr long m = 4;
  static constexpr long p = -1;
  static constexpr long r = 20;
};
 
// Should point to the "current" context
extern Context* activeContext;
 
} // namespace helib
 
#endif // ifndef HELIB_CONTEXT_H