-
Notifications
You must be signed in to change notification settings - Fork 713
/
4_bgv_basics.cpp
215 lines (190 loc) · 8.33 KB
/
4_bgv_basics.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT license.
#include "examples.h"
using namespace std;
using namespace seal;
void example_bgv_basics()
{
print_example_banner("Example: BGV Basics");
/*
As an example, we evaluate the degree 8 polynomial
x^8
over an encrypted x over integers 1, 2, 3, 4. The coefficients of the
polynomial can be considered as plaintext inputs, as we will see below. The
computation is done modulo the plain_modulus 1032193.
Computing over encrypted data in the BGV scheme is similar to that in BFV.
The purpose of this example is mainly to explain the differences between BFV
and BGV in terms of ciphertext coefficient modulus selection and noise control.
Most of the following code are repeated from "BFV basics" and "encoders" examples.
*/
/*
Note that scheme_type is now "bgv".
*/
EncryptionParameters parms(scheme_type::bgv);
size_t poly_modulus_degree = 8192;
parms.set_poly_modulus_degree(poly_modulus_degree);
/*
We can certainly use BFVDefault coeff_modulus. In later parts of this example,
we will demonstrate how to choose coeff_modulus that is more useful in BGV.
*/
parms.set_coeff_modulus(CoeffModulus::BFVDefault(poly_modulus_degree));
parms.set_plain_modulus(PlainModulus::Batching(poly_modulus_degree, 20));
SEALContext context(parms);
/*
Print the parameters that we have chosen.
*/
print_line(__LINE__);
cout << "Set encryption parameters and print" << endl;
print_parameters(context);
KeyGenerator keygen(context);
SecretKey secret_key = keygen.secret_key();
PublicKey public_key;
keygen.create_public_key(public_key);
RelinKeys relin_keys;
keygen.create_relin_keys(relin_keys);
Encryptor encryptor(context, public_key);
Evaluator evaluator(context);
Decryptor decryptor(context, secret_key);
/*
Batching and slot operations are the same in BFV and BGV.
*/
BatchEncoder batch_encoder(context);
size_t slot_count = batch_encoder.slot_count();
size_t row_size = slot_count / 2;
cout << "Plaintext matrix row size: " << row_size << endl;
/*
Here we create the following matrix:
[ 1, 2, 3, 4, 0, 0, ..., 0 ]
[ 0, 0, 0, 0, 0, 0, ..., 0 ]
*/
vector<uint64_t> pod_matrix(slot_count, 0ULL);
pod_matrix[0] = 1ULL;
pod_matrix[1] = 2ULL;
pod_matrix[2] = 3ULL;
pod_matrix[3] = 4ULL;
cout << "Input plaintext matrix:" << endl;
print_matrix(pod_matrix, row_size);
Plaintext x_plain;
cout << "Encode plaintext matrix to x_plain:" << endl;
batch_encoder.encode(pod_matrix, x_plain);
/*
Next we encrypt the encoded plaintext.
*/
Ciphertext x_encrypted;
print_line(__LINE__);
cout << "Encrypt x_plain to x_encrypted." << endl;
encryptor.encrypt(x_plain, x_encrypted);
cout << " + noise budget in freshly encrypted x: " << decryptor.invariant_noise_budget(x_encrypted) << " bits"
<< endl;
cout << endl;
/*
Then we compute x^2.
*/
print_line(__LINE__);
cout << "Compute and relinearize x_squared (x^2)," << endl;
Ciphertext x_squared;
evaluator.square(x_encrypted, x_squared);
cout << " + size of x_squared: " << x_squared.size() << endl;
evaluator.relinearize_inplace(x_squared, relin_keys);
cout << " + size of x_squared (after relinearization): " << x_squared.size() << endl;
cout << " + noise budget in x_squared: " << decryptor.invariant_noise_budget(x_squared) << " bits" << endl;
Plaintext decrypted_result;
decryptor.decrypt(x_squared, decrypted_result);
vector<uint64_t> pod_result;
batch_encoder.decode(decrypted_result, pod_result);
cout << " + result plaintext matrix ...... Correct." << endl;
print_matrix(pod_result, row_size);
/*
Next we compute x^4.
*/
print_line(__LINE__);
cout << "Compute and relinearize x_4th (x^4)," << endl;
Ciphertext x_4th;
evaluator.square(x_squared, x_4th);
cout << " + size of x_4th: " << x_4th.size() << endl;
evaluator.relinearize_inplace(x_4th, relin_keys);
cout << " + size of x_4th (after relinearization): " << x_4th.size() << endl;
cout << " + noise budget in x_4th: " << decryptor.invariant_noise_budget(x_4th) << " bits" << endl;
decryptor.decrypt(x_4th, decrypted_result);
batch_encoder.decode(decrypted_result, pod_result);
cout << " + result plaintext matrix ...... Correct." << endl;
print_matrix(pod_result, row_size);
/*
Last we compute x^8. We run out of noise budget.
*/
print_line(__LINE__);
cout << "Compute and relinearize x_8th (x^8)," << endl;
Ciphertext x_8th;
evaluator.square(x_4th, x_8th);
cout << " + size of x_8th: " << x_8th.size() << endl;
evaluator.relinearize_inplace(x_8th, relin_keys);
cout << " + size of x_8th (after relinearization): " << x_8th.size() << endl;
cout << " + noise budget in x_8th: " << decryptor.invariant_noise_budget(x_8th) << " bits" << endl;
cout << "NOTE: Decryption can be incorrect if noise budget is zero." << endl;
cout << endl;
cout << "~~~~~~ Use modulus switching to calculate x^8 ~~~~~~" << endl;
/*
Noise budget has reached 0, which means that decryption cannot be expected
to give the correct result. BGV requires modulus switching to reduce noise
growth. In the following demonstration, we will insert a modulus switching
after each relinearization.
*/
print_line(__LINE__);
cout << "Encrypt x_plain to x_encrypted." << endl;
encryptor.encrypt(x_plain, x_encrypted);
cout << " + noise budget in freshly encrypted x: " << decryptor.invariant_noise_budget(x_encrypted) << " bits"
<< endl;
cout << endl;
/*
Then we compute x^2.
*/
print_line(__LINE__);
cout << "Compute and relinearize x_squared (x^2)," << endl;
cout << " + noise budget in x_squared (previously): " << decryptor.invariant_noise_budget(x_squared) << " bits"
<< endl;
evaluator.square(x_encrypted, x_squared);
evaluator.relinearize_inplace(x_squared, relin_keys);
evaluator.mod_switch_to_next_inplace(x_squared);
cout << " + noise budget in x_squared (with modulus switching): " << decryptor.invariant_noise_budget(x_squared)
<< " bits" << endl;
decryptor.decrypt(x_squared, decrypted_result);
batch_encoder.decode(decrypted_result, pod_result);
cout << " + result plaintext matrix ...... Correct." << endl;
print_matrix(pod_result, row_size);
/*
Next we compute x^4.
*/
print_line(__LINE__);
cout << "Compute and relinearize x_4th (x^4)," << endl;
cout << " + noise budget in x_4th (previously): " << decryptor.invariant_noise_budget(x_4th) << " bits" << endl;
evaluator.square(x_squared, x_4th);
evaluator.relinearize_inplace(x_4th, relin_keys);
evaluator.mod_switch_to_next_inplace(x_4th);
cout << " + noise budget in x_4th (with modulus switching): " << decryptor.invariant_noise_budget(x_4th)
<< " bits" << endl;
decryptor.decrypt(x_4th, decrypted_result);
batch_encoder.decode(decrypted_result, pod_result);
cout << " + result plaintext matrix ...... Correct." << endl;
print_matrix(pod_result, row_size);
/*
Last we compute x^8. We still have budget left.
*/
print_line(__LINE__);
cout << "Compute and relinearize x_8th (x^8)," << endl;
cout << " + noise budget in x_8th (previously): " << decryptor.invariant_noise_budget(x_8th) << " bits" << endl;
evaluator.square(x_4th, x_8th);
evaluator.relinearize_inplace(x_8th, relin_keys);
evaluator.mod_switch_to_next_inplace(x_8th);
cout << " + noise budget in x_8th (with modulus switching): " << decryptor.invariant_noise_budget(x_8th)
<< " bits" << endl;
decryptor.decrypt(x_8th, decrypted_result);
batch_encoder.decode(decrypted_result, pod_result);
cout << " + result plaintext matrix ...... Correct." << endl;
print_matrix(pod_result, row_size);
/*
Although with modulus switching x_squared has less noise budget than before,
noise budget is consumed at a slower rate. To achieve the optimal consumption
rate of noise budget in an application, one needs to carefully choose the
location to insert modulus switching and manually choose coeff_modulus.
*/
}