ConstPointer duplicate_poly_if_needed(const std::uint64_t *poly, int coeff_count, int coeff_uint64_count, int new_coeff_count, int new_coeff_uint64_count, bool force, MemoryPool &pool)
{
#ifdef _DEBUG
if (poly == nullptr && coeff_count > 0 && coeff_uint64_count > 0)
{
throw invalid_argument("poly");
}
if (coeff_count < 0)
{
throw invalid_argument("coeff_count");
}
if (coeff_uint64_count < 0)
{
throw invalid_argument("coeff_uint64_count");
}
if (new_coeff_count < 0)
{
throw invalid_argument("new_coeff_count");
}
if (new_coeff_uint64_count < 0)
{
throw invalid_argument("new_coeff_uint64_count");
}
#endif
if (!force && coeff_count >= new_coeff_count && coeff_uint64_count == new_coeff_uint64_count)
{
return ConstPointer::Aliasing(poly);
}
Pointer allocation = pool.get_for_uint64_count(new_coeff_count * new_coeff_uint64_count);
set_poly_poly(poly, coeff_count, coeff_uint64_count, new_coeff_count, new_coeff_uint64_count, allocation.get());
ConstPointer const_allocation;
const_allocation.acquire(allocation);
return const_allocation;
}
void poly_eval_poly(const uint64_t *poly_to_eval,
int poly_to_eval_coeff_count,
int poly_to_eval_coeff_uint64_count,
const uint64_t *value, int value_coeff_count,
int value_coeff_uint64_count, int result_coeff_count,
int result_coeff_uint64_count, uint64_t *result, MemoryPool &pool)
{
#ifdef SEAL_DEBUG
if (poly_to_eval == nullptr)
{
throw invalid_argument("poly_to_eval");
}
if (value == nullptr)
{
throw invalid_argument("value");
}
if (result == nullptr)
{
throw invalid_argument("result");
}
if (poly_to_eval_coeff_count <= 0)
{
throw invalid_argument("poly_to_eval_coeff_count");
}
if (poly_to_eval_coeff_uint64_count <= 0)
{
throw invalid_argument("poly_to_eval_coeff_uint64_count");
}
if (value_coeff_count <= 0)
{
throw invalid_argument("value_coeff_count");
}
if (value_coeff_uint64_count <= 0)
{
throw invalid_argument("value_coeff_uint64_count");
}
if (result_coeff_count <= 0)
{
throw invalid_argument("result_coeff_count");
}
if (result_coeff_uint64_count <= 0)
{
throw invalid_argument("result_coeff_uint64_count");
}
#endif
// Evaluate poly at value using Horner's method
Pointer temp1(allocate_poly(result_coeff_count, result_coeff_uint64_count, pool));
Pointer temp2(allocate_zero_poly(result_coeff_count, result_coeff_uint64_count, pool));
uint64_t *productptr = temp1.get();
uint64_t *intermediateptr = temp2.get();
for (int coeff_index = poly_to_eval_coeff_count - 1; coeff_index >= 0; coeff_index--)
{
multiply_poly_poly(intermediateptr, result_coeff_count, result_coeff_uint64_count, value, value_coeff_count, value_coeff_uint64_count, result_coeff_count, result_coeff_uint64_count, productptr, pool);
const uint64_t *curr_coeff = get_poly_coeff(poly_to_eval, coeff_index, poly_to_eval_coeff_uint64_count);
add_uint_uint(productptr, result_coeff_uint64_count, curr_coeff, poly_to_eval_coeff_uint64_count, false, result_coeff_uint64_count, productptr);
swap(productptr, intermediateptr);
}
set_poly_poly(intermediateptr, result_coeff_count, result_coeff_uint64_count, result);
}
void Evaluator::sub_plain(const BigPoly &encrypted1, const BigPoly &plain2, BigPoly &destination)
{
// Extract encryption parameters.
int coeff_count = poly_modulus_.coeff_count();
int coeff_bit_count = poly_modulus_.coeff_bit_count();
int coeff_uint64_count = divide_round_up(coeff_bit_count, bits_per_uint64);
// Verify parameters.
if (encrypted1.coeff_count() != coeff_count || encrypted1.coeff_bit_count() != coeff_bit_count)
{
throw invalid_argument("encrypted1 is not valid for encryption parameters");
}
#ifdef _DEBUG
if (encrypted1.significant_coeff_count() == coeff_count || !are_poly_coefficients_less_than(encrypted1, coeff_modulus_))
{
throw invalid_argument("encrypted1 is not valid for encryption parameters");
}
if (plain2.significant_coeff_count() >= coeff_count || !are_poly_coefficients_less_than(plain2, plain_modulus_))
{
throw invalid_argument("plain2 is too large to be represented by encryption parameters");
}
#endif
if (destination.coeff_count() != coeff_count || destination.coeff_bit_count() != coeff_bit_count)
{
destination.resize(coeff_count, coeff_bit_count);
}
int plain2_coeff_uint64_count = divide_round_up(plain2.coeff_bit_count(), bits_per_uint64);
if (mode_ == TEST_MODE)
{
// Handle test-mode case.
set_poly_poly(plain2.pointer(), plain2.coeff_count(), plain2_coeff_uint64_count, coeff_count, coeff_uint64_count, destination.pointer());
modulo_poly_coeffs(destination.pointer(), coeff_count, mod_, pool_);
sub_poly_poly_coeffmod(encrypted1.pointer(), destination.pointer(), coeff_count, plain_modulus_.pointer(), coeff_uint64_count, destination.pointer());
return;
}
// Multiply plain by scalar coeff_div_plaintext and reposition if in upper-half.
preencrypt(plain2.pointer(), plain2.coeff_count(), plain2_coeff_uint64_count, destination.pointer());
// Subtract encrypted polynomial and encrypted-version of plain2.
sub_poly_poly_coeffmod(encrypted1.pointer(), destination.pointer(), coeff_count, coeff_modulus_.pointer(), coeff_uint64_count, destination.pointer());
}
void Evaluator::relinearize(const BigPoly &encrypted, BigPoly &destination)
{
// Extract encryption parameters.
int coeff_count = poly_modulus_.coeff_count();
int coeff_bit_count = poly_modulus_.coeff_bit_count();
int coeff_uint64_count = divide_round_up(coeff_bit_count, bits_per_uint64);
// Verify parameters.
if (encrypted.coeff_count() != coeff_count || encrypted.coeff_bit_count() != coeff_bit_count)
{
throw invalid_argument("encrypted is not valid for encryption parameters");
}
#ifdef _DEBUG
if (encrypted.significant_coeff_count() == coeff_count || !are_poly_coefficients_less_than(encrypted, coeff_modulus_))
{
throw invalid_argument("encrypted is not valid for encryption parameters");
}
#endif
if (destination.coeff_count() != coeff_count || destination.coeff_bit_count() != coeff_bit_count)
{
destination.resize(coeff_count, coeff_bit_count);
}
// Handle test-mode case.
if (mode_ == TEST_MODE)
{
set_poly_poly(encrypted.pointer(), coeff_count, coeff_uint64_count, destination.pointer());
return;
}
// Get pointer to inputs (duplicated if needed).
ConstPointer encryptedptr = duplicate_poly_if_needed(encrypted, encrypted.pointer() == destination.pointer(), pool_);
// Relinearize polynomial.
relinearize(encryptedptr.get(), destination.pointer());
}
void exponentiate_poly(const std::uint64_t *poly,
int poly_coeff_count, int poly_coeff_uint64_count,
const uint64_t *exponent, int exponent_uint64_count,
int result_coeff_count, int result_coeff_uint64_count,
std::uint64_t *result, MemoryPool &pool)
{
#ifdef SEAL_DEBUG
if (poly == nullptr)
{
throw invalid_argument("poly");
}
if (poly_coeff_count <= 0)
{
throw invalid_argument("poly_coeff_count");
}
if (poly_coeff_count <= 0)
{
throw invalid_argument("poly_coeff_uint64_count");
}
if (exponent == nullptr)
{
throw invalid_argument("exponent");
}
if (exponent_uint64_count <= 0)
{
throw invalid_argument("exponent_uint64_count");
}
if (result == nullptr)
{
throw invalid_argument("result");
}
if (result_coeff_count <= 0)
{
throw invalid_argument("result_coeff_count");
}
if (result_coeff_uint64_count <= 0)
{
throw invalid_argument("result_coeff_uint64_count");
}
#endif
// Fast cases
if (is_zero_uint(exponent, exponent_uint64_count))
{
set_zero_poly(result_coeff_count, result_coeff_uint64_count, result);
*result = 1;
return;
}
if (is_equal_uint(exponent, exponent_uint64_count, 1))
{
set_poly_poly(poly, poly_coeff_count, poly_coeff_uint64_count,
result_coeff_count, result_coeff_uint64_count, result);
return;
}
// Need to make a copy of exponent
Pointer exponent_copy(allocate_uint(exponent_uint64_count, pool));
set_uint_uint(exponent, exponent_uint64_count, exponent_copy.get());
// Perform binary exponentiation.
Pointer big_alloc(allocate_uint((static_cast<int64_t>(result_coeff_count) +
result_coeff_count + result_coeff_count) * result_coeff_uint64_count, pool));
uint64_t *powerptr = big_alloc.get();
uint64_t *productptr = get_poly_coeff(powerptr, result_coeff_count, result_coeff_uint64_count);
uint64_t *intermediateptr = get_poly_coeff(productptr, result_coeff_count, result_coeff_uint64_count);
set_poly_poly(poly, poly_coeff_count, poly_coeff_uint64_count, result_coeff_count, result_coeff_uint64_count, powerptr);
set_zero_poly(result_coeff_count, result_coeff_uint64_count, intermediateptr);
*intermediateptr = 1;
// Initially: power = operand and intermediate = 1, product is not initialized.
while (true)
{
if ((*exponent_copy.get() % 2) == 1)
{
multiply_poly_poly(powerptr, result_coeff_count, result_coeff_uint64_count, intermediateptr, result_coeff_count, result_coeff_uint64_count,
result_coeff_count, result_coeff_uint64_count, productptr, pool);
swap(productptr, intermediateptr);
}
right_shift_uint(exponent_copy.get(), 1, exponent_uint64_count, exponent_copy.get());
if (is_zero_uint(exponent_copy.get(), exponent_uint64_count))
{
break;
}
multiply_poly_poly(powerptr, result_coeff_count, result_coeff_uint64_count, powerptr, result_coeff_count, result_coeff_uint64_count,
result_coeff_count, result_coeff_uint64_count, productptr, pool);
swap(productptr, powerptr);
}
set_poly_poly(intermediateptr, result_coeff_count, result_coeff_uint64_count, result);
}
HkeyGen::HkeyGen(const EncryptionParameters &parms, const BigPoly &secret_key) :
poly_modulus_(parms.poly_modulus()), coeff_modulus_(parms.coeff_modulus()), plain_modulus_(parms.plain_modulus()), secret_key_(secret_key), orig_plain_modulus_bit_count_(parms.plain_modulus().significant_bit_count())
{
// Verify required parameters are non-zero and non-nullptr.
if (poly_modulus_.is_zero())
{
throw invalid_argument("poly_modulus cannot be zero");
}
if (coeff_modulus_.is_zero())
{
throw invalid_argument("coeff_modulus cannot be zero");
}
if (plain_modulus_.is_zero())
{
throw invalid_argument("plain_modulus cannot be zero");
}
if (secret_key_.is_zero())
{
throw invalid_argument("secret_key cannot be zero");
}
// Verify parameters.
if (plain_modulus_ >= coeff_modulus_)
{
throw invalid_argument("plain_modulus must be smaller than coeff_modulus");
}
if (!are_poly_coefficients_less_than(poly_modulus_, coeff_modulus_))
{
throw invalid_argument("poly_modulus cannot have coefficients larger than coeff_modulus");
}
// Resize encryption parameters to consistent size.
int coeff_count = poly_modulus_.significant_coeff_count();
int coeff_bit_count = coeff_modulus_.significant_bit_count();
int coeff_uint64_count = divide_round_up(coeff_bit_count, bits_per_uint64);
if (poly_modulus_.coeff_count() != coeff_count || poly_modulus_.coeff_bit_count() != coeff_bit_count)
{
poly_modulus_.resize(coeff_count, coeff_bit_count);
}
if (coeff_modulus_.bit_count() != coeff_bit_count)
{
coeff_modulus_.resize(coeff_bit_count);
}
if (plain_modulus_.bit_count() != coeff_bit_count)
{
plain_modulus_.resize(coeff_bit_count);
}
if (secret_key_.coeff_count() != coeff_count || secret_key_.coeff_bit_count() != coeff_bit_count ||
secret_key_.significant_coeff_count() == coeff_count || !are_poly_coefficients_less_than(secret_key_, coeff_modulus_))
{
throw invalid_argument("secret_key is not valid for encryption parameters");
}
// Set the secret_key_array to have size 1 (first power of secret)
secret_key_array_.resize(1, coeff_count, coeff_bit_count);
set_poly_poly(secret_key_.pointer(), coeff_count, coeff_uint64_count, secret_key_array_.pointer(0));
MemoryPool &pool = *MemoryPool::default_pool();
// Calculate coeff_modulus / plain_modulus.
coeff_div_plain_modulus_.resize(coeff_bit_count);
Pointer temp(allocate_uint(coeff_uint64_count, pool));
divide_uint_uint(coeff_modulus_.pointer(), plain_modulus_.pointer(), coeff_uint64_count, coeff_div_plain_modulus_.pointer(), temp.get(), pool);
// Calculate coeff_modulus / plain_modulus / 2.
coeff_div_plain_modulus_div_two_.resize(coeff_bit_count);
right_shift_uint(coeff_div_plain_modulus_.pointer(), 1, coeff_uint64_count, coeff_div_plain_modulus_div_two_.pointer());
// Calculate coeff_modulus / 2.
upper_half_threshold_.resize(coeff_bit_count);
half_round_up_uint(coeff_modulus_.pointer(), coeff_uint64_count, upper_half_threshold_.pointer());
// Calculate upper_half_increment.
upper_half_increment_.resize(coeff_bit_count);
multiply_truncate_uint_uint(plain_modulus_.pointer(), coeff_div_plain_modulus_.pointer(), coeff_uint64_count, upper_half_increment_.pointer());
sub_uint_uint(coeff_modulus_.pointer(), upper_half_increment_.pointer(), coeff_uint64_count, upper_half_increment_.pointer());
// Initialize moduli.
polymod_ = PolyModulus(poly_modulus_.pointer(), coeff_count, coeff_uint64_count);
mod_ = Modulus(coeff_modulus_.pointer(), coeff_uint64_count, pool);
}
void Evaluator::multiply(const uint64_t *encrypted1, const uint64_t *encrypted2, uint64_t *destination)
{
// Extract encryption parameters.
int coeff_count = poly_modulus_.coeff_count();
int coeff_bit_count = poly_modulus_.coeff_bit_count();
int coeff_uint64_count = divide_round_up(coeff_bit_count, bits_per_uint64);
// Clear destatintion.
set_zero_poly(coeff_count, coeff_uint64_count, destination);
// Determine if FFT can be used.
bool use_fft = polymod_.coeff_count_power_of_two() >= 0 && polymod_.is_one_zero_one();
if (use_fft)
{
// Use FFT to multiply polynomials.
// Allocate polynomial to store product of two polynomials, with poly but no coeff modulo yet (and signed).
int product_coeff_bit_count = coeff_bit_count + coeff_bit_count + get_significant_bit_count(static_cast<uint64_t>(coeff_count)) + 2;
int product_coeff_uint64_count = divide_round_up(product_coeff_bit_count, bits_per_uint64);
Pointer product(allocate_poly(coeff_count, product_coeff_uint64_count, pool_));
// Use FFT to multiply polynomials.
set_zero_uint(product_coeff_uint64_count, get_poly_coeff(product.get(), coeff_count - 1, product_coeff_uint64_count));
fftmultiply_poly_poly_polymod(encrypted1, encrypted2, polymod_.coeff_count_power_of_two(), coeff_uint64_count, product_coeff_uint64_count, product.get(), pool_);
// For each coefficient in product, multiply by plain_modulus and divide by coeff_modulus and then modulo by coeff_modulus.
int plain_modulus_bit_count = plain_modulus_.significant_bit_count();
int plain_modulus_uint64_count = divide_round_up(plain_modulus_bit_count, bits_per_uint64);
int intermediate_bit_count = product_coeff_bit_count + plain_modulus_bit_count - 1;
int intermediate_uint64_count = divide_round_up(intermediate_bit_count, bits_per_uint64);
Pointer intermediate(allocate_uint(intermediate_uint64_count, pool_));
Pointer quotient(allocate_uint(intermediate_uint64_count, pool_));
for (int coeff_index = 0; coeff_index < coeff_count; ++coeff_index)
{
uint64_t *product_coeff = get_poly_coeff(product.get(), coeff_index, product_coeff_uint64_count);
bool coeff_is_negative = is_high_bit_set_uint(product_coeff, product_coeff_uint64_count);
if (coeff_is_negative)
{
negate_uint(product_coeff, product_coeff_uint64_count, product_coeff);
}
multiply_uint_uint(product_coeff, product_coeff_uint64_count, plain_modulus_.pointer(), plain_modulus_uint64_count, intermediate_uint64_count, intermediate.get());
add_uint_uint(intermediate.get(), wide_coeff_modulus_div_two_.pointer(), intermediate_uint64_count, intermediate.get());
divide_uint_uint_inplace(intermediate.get(), wide_coeff_modulus_.pointer(), intermediate_uint64_count, quotient.get(), pool_);
modulo_uint_inplace(quotient.get(), intermediate_uint64_count, mod_, pool_);
uint64_t *dest_coeff = get_poly_coeff(destination, coeff_index, coeff_uint64_count);
if (coeff_is_negative)
{
negate_uint_mod(quotient.get(), coeff_modulus_.pointer(), coeff_uint64_count, dest_coeff);
}
else
{
set_uint_uint(quotient.get(), coeff_uint64_count, dest_coeff);
}
}
}
else
{
// Use normal multiplication to multiply polynomials.
// Allocate polynomial to store product of two polynomials, with no poly or coeff modulo yet.
int product_coeff_count = coeff_count + coeff_count - 1;
int product_coeff_bit_count = coeff_bit_count + coeff_bit_count + get_significant_bit_count(static_cast<uint64_t>(coeff_count));
int product_coeff_uint64_count = divide_round_up(product_coeff_bit_count, bits_per_uint64);
Pointer product(allocate_poly(product_coeff_count, product_coeff_uint64_count, pool_));
// Multiply polynomials.
multiply_poly_poly(encrypted1, coeff_count, coeff_uint64_count, encrypted2, coeff_count, coeff_uint64_count, product_coeff_count, product_coeff_uint64_count, product.get(), pool_);
// For each coefficient in product, multiply by plain_modulus and divide by coeff_modulus and then modulo by coeff_modulus.
int plain_modulus_bit_count = plain_modulus_.significant_bit_count();
int plain_modulus_uint64_count = divide_round_up(plain_modulus_bit_count, bits_per_uint64);
int intermediate_bit_count = product_coeff_bit_count + plain_modulus_bit_count;
int intermediate_uint64_count = divide_round_up(intermediate_bit_count, bits_per_uint64);
Pointer intermediate(allocate_uint(intermediate_uint64_count, pool_));
Pointer quotient(allocate_uint(intermediate_uint64_count, pool_));
Pointer productmoded(allocate_poly(product_coeff_count, coeff_uint64_count, pool_));
for (int coeff_index = 0; coeff_index < product_coeff_count; ++coeff_index)
{
const uint64_t *product_coeff = get_poly_coeff(product.get(), coeff_index, product_coeff_uint64_count);
multiply_uint_uint(product_coeff, product_coeff_uint64_count, plain_modulus_.pointer(), plain_modulus_uint64_count, intermediate_uint64_count, intermediate.get());
add_uint_uint(intermediate.get(), wide_coeff_modulus_div_two_.pointer(), intermediate_uint64_count, intermediate.get());
divide_uint_uint_inplace(intermediate.get(), wide_coeff_modulus_.pointer(), intermediate_uint64_count, quotient.get(), pool_);
modulo_uint_inplace(quotient.get(), intermediate_uint64_count, mod_, pool_);
uint64_t *productmoded_coeff = get_poly_coeff(productmoded.get(), coeff_index, coeff_uint64_count);
set_uint_uint(quotient.get(), coeff_uint64_count, productmoded_coeff);
}
// Perform polynomial modulo.
modulo_poly_inplace(productmoded.get(), product_coeff_count, polymod_, mod_, pool_);
// Copy to destination.
set_poly_poly(productmoded.get(), coeff_count, coeff_uint64_count, destination);
}
}
