keys.h

/* Copyright (C) 2012-2020 IBM Corp.
 * This program is Licensed under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *   http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License. See accompanying LICENSE file.
 */
 
#ifndef HELIB_KEYS_H
#define HELIB_KEYS_H
#include <helib/keySwitching.h>
#include <helib/EncodedPtxt.h>
 
namespace helib {
 
#define HELIB_KSS_UNKNOWN (0)
// unknown KS strategy
 
#define HELIB_KSS_FULL (1)
// all KS matrices
 
#define HELIB_KSS_BSGS (2)
// baby step/giant step strategy
 
#define HELIB_KSS_MIN (3)
// minimal strategy (for g_i, and for g_i^{-ord_i} for bad dims)
 
class PubKey
{                         // The public key
  const Context& context; // The context
 
private:
  Ctxt pubEncrKey;
 
  std::vector<double> skBounds;
  // High-probability bounds on L-infty norm of secret keys
 
  std::vector<KeySwitch> keySwitching; // The key-switching matrices
 
  // The keySwitchMap structure contains pointers to key-switching matrices
  // for re-linearizing automorphisms. The entry keySwitchMap[i][n] contains
  // the index j such that keySwitching[j] is the first matrix one needs to
  // use when re-linearizing s_i(X^n).
  std::vector<std::vector<long>> keySwitchMap;
 
  NTL::Vec<long> KS_strategy; // NTL Vec's support I/O, which is more convenient
 
  // bootstrapping data
 
  long recryptKeyID; // index of the bootstrapping key
  Ctxt recryptEkey;  // the key itself, encrypted under key #0
 
public:
  static constexpr std::string_view typeName = "PubKey";
 
  PubKey() = delete;
 
  explicit PubKey(const Context& _context);
 
  PubKey(const PubKey& other);
 
  virtual ~PubKey() = default;
 
  virtual void clear();
 
  bool operator==(const PubKey& other) const;
  bool operator!=(const PubKey& other) const;
 
  // Access methods
  const Context& getContext() const;
  long getPtxtSpace() const;
  bool keyExists(long keyID) const;
 
  double getSKeyBound(long keyID = 0) const;
 
  const std::vector<KeySwitch>& keySWlist() const;
 
  const KeySwitch& getKeySWmatrix(const SKHandle& from, long toID = 0) const;
  const KeySwitch& getKeySWmatrix(long fromSPower,
                                  long fromXPower,
                                  long fromID = 0,
                                  long toID = 0) const;
 
  bool haveKeySWmatrix(const SKHandle& from, long toID = 0) const;
 
  bool haveKeySWmatrix(long fromSPower,
                       long fromXPower,
                       long fromID = 0,
                       long toID = 0) const;
 
  const KeySwitch& getAnyKeySWmatrix(const SKHandle& from) const;
  bool haveAnyKeySWmatrix(const SKHandle& from) const;
 
  const KeySwitch& getNextKSWmatrix(long fromXPower, long fromID = 0) const;
 
 
  bool isReachable(long k, long keyID = 0) const;
 
  void setKeySwitchMap(long keyId = 0); // Computes the keySwitchMap pointers
 
  long getKSStrategy(long dim) const;
 
  void setKSStrategy(long dim, int val);
 
  // VJS-FIXME: these routine have a number of issues and should
  // be deprecated in favor of the new EncodedPtxt-based routines
 
  long Encrypt(Ctxt& ciphertxt,
               const NTL::ZZX& plaintxt,
               long ptxtSpace,
               bool highNoise) const;
  long Encrypt(Ctxt& ciphertxt,
               const zzX& plaintxt,
               long ptxtSpace,
               bool highNoise) const;
 
  void CKKSencrypt(Ctxt& ciphertxt,
                   const NTL::ZZX& plaintxt,
                   double ptxtSize = 1.0,
                   double scaling = 0.0) const;
  void CKKSencrypt(Ctxt& ciphertxt,
                   const zzX& plaintxt,
                   double ptxtSize = 1.0,
                   double scaling = 0.0) const;
 
  // These methods are overridden by secret-key Encrypt
  virtual long Encrypt(Ctxt& ciphertxt,
                       const NTL::ZZX& plaintxt,
                       long ptxtSpace = 0) const;
  virtual long Encrypt(Ctxt& ciphertxt,
                       const zzX& plaintxt,
                       long ptxtSpace = 0) const;
 
  template <typename Scheme>
  void Encrypt(Ctxt& ciphertxt, const Ptxt<Scheme>& plaintxt) const;
 
  //=============== new EncodedPtxt interface ==================
 
  virtual void Encrypt(Ctxt& ctxt, const EncodedPtxt& eptxt) const;
  virtual void Encrypt(Ctxt& ctxt, const EncodedPtxt_BGV& eptxt) const;
  virtual void Encrypt(Ctxt& ctxt, const EncodedPtxt_CKKS& eptxt) const;
 
  //============================================================
 
  bool isCKKS() const;
  // NOTE: Is taking the alMod from the context the right thing to do?
 
  bool isBootstrappable() const;
  void reCrypt(Ctxt& ctxt) const;     // bootstrap a ciphertext to reduce noise
  void thinReCrypt(Ctxt& ctxt) const; // bootstrap a "thin" ciphertext, where
  // slots are assumed to contain constants
 
  friend class SecKey;
  friend std::ostream& operator<<(std::ostream& str, const PubKey& pk);
  friend std::istream& operator>>(std::istream& str, PubKey& pk);
 
  void writeTo(std::ostream& str) const;
 
  static PubKey readFrom(std::istream& str, const Context& context);
 
  void writeToJSON(std::ostream& str) const;
 
  JsonWrapper writeToJSON() const;
 
  static PubKey readFromJSON(std::istream& str, const Context& context);
 
  static PubKey readFromJSON(const JsonWrapper& j, const Context& context);
 
  void readJSON(std::istream& str);
 
  void readJSON(const JsonWrapper& j);
 
  // defines plaintext space for the bootstrapping encrypted secret key
  static long ePlusR(long p);
 
  // A hack to increase the plaintext space, you'd better
  // know what you are doing when using it.
  void hackPtxtSpace(long p2r) { pubEncrKey.ptxtSpace = p2r; }
};
 
class SecKey : public PubKey
{ // The secret key
private:
  friend class KeySwitch;
  std::vector<DoubleCRT> sKeys; // The secret key(s) themselves
  explicit SecKey(const PubKey& pk);
 
public:
  static constexpr std::string_view typeName = "SecKey";
 
  // Disable default constructor
  SecKey() = delete;
 
  // Default destructor
  ~SecKey() override = default;
 
  // Constructors just call the ones for the base class
  explicit SecKey(const Context& _context);
 
  bool operator==(const SecKey& other) const;
  bool operator!=(const SecKey& other) const;
 
  void clear() override;
 
  long ImportSecKey(const DoubleCRT& sKey,
                    double bound,
                    long ptxtSpace = 0,
                    long maxDegKswitch = 3);
 
  long GenSecKey(long ptxtSpace = 0, long maxDegKswitch = 3);
 
  void GenKeySWmatrix(long fromSPower,
                      long fromXPower,
                      long fromKeyIdx = 0,
                      long toKeyIdx = 0,
                      long ptxtSpace = 0);
 
  // Decryption
  void Decrypt(NTL::ZZX& plaintxt, const Ctxt& ciphertxt) const;
 
  // TODO: document this better (especially the prec parameter)
  template <typename Scheme>
  void Decrypt(Ptxt<Scheme>& plaintxt,
               const Ctxt& ciphertxt,
               OptLong prec = OptLong()) const;
 
  void Decrypt(NTL::ZZX& plaintxt, const Ctxt& ciphertxt, NTL::ZZX& f) const;
 
  long skEncrypt(Ctxt& ctxt,
                 const NTL::ZZX& ptxt,
                 long ptxtSpace,
                 long skIdx) const;
  long skEncrypt(Ctxt& ctxt, const zzX& ptxt, long ptxtSpace, long skIdx) const;
 
  // These methods override the public-key Encrypt methods
  long Encrypt(Ctxt& ciphertxt,
               const NTL::ZZX& plaintxt,
               long ptxtSpace = 0) const override;
  long Encrypt(Ctxt& ciphertxt,
               const zzX& plaintxt,
               long ptxtSpace = 0) const override;
 
  //=============== new EncodedPtxt interface ==================
 
  virtual void Encrypt(Ctxt& ctxt, const EncodedPtxt& eptxt) const override;
  virtual void Encrypt(Ctxt& ctxt, const EncodedPtxt_BGV& eptxt) const override;
  virtual void Encrypt(Ctxt& ctxt,
                       const EncodedPtxt_CKKS& eptxt) const override;
 
  //============================================================
 
  long genRecryptData();
 
  const DoubleCRT& getRecryptKey() const { return sKeys[recryptKeyID]; }
 
  friend std::ostream& operator<<(std::ostream& str, const SecKey& sk);
  friend std::istream& operator>>(std::istream& str, SecKey& sk);
 
  void writeTo(std::ostream& str) const;
 
  static SecKey readFrom(std::istream& str, const Context& context);
 
  void writeToJSON(std::ostream& str) const;
 
  JsonWrapper writeToJSON() const;
 
  static SecKey readFromJSON(std::istream& str, const Context& context);
 
  static SecKey readFromJSON(const JsonWrapper& j, const Context& context);
 
  void readJSON(std::istream& str);
 
  void readJSON(const JsonWrapper& j);
 
  // TODO: Add a similar method for binary serialization
  // This just writes the derived part, not including the public key
  std::ostream& writeSecKeyDerivedASCII(std::ostream& str) const;
};
 
double RLWE(DoubleCRT& c0,
            DoubleCRT& c1,
            const DoubleCRT& s,
            long p,
            NTL::ZZ* prgSeed = nullptr);
 
double RLWE1(DoubleCRT& c0, const DoubleCRT& c1, const DoubleCRT& s, long p);
 
} // namespace helib
 
#endif // HELIB_KEYS_H