int main(int argc, char *argv[])
{
argmap_t argmap;
argmap["c"] = "2";
argmap["k"] = "80";
argmap["L"] = "20";
argmap["m"] = "0";
argmap["n"] = "0";
// get parameters from the command line
if (!parseArgs(argc, argv, argmap)) usage(argv[0]);
long c = atoi(argmap["c"]);
long k = atoi(argmap["k"]);
long L = atoi(argmap["L"]);
long chosen_m = atoi(argmap["m"]);
long n = atoi(argmap["n"]);
long w = 64; // Hamming weight of secret key
// long L = z*R; // number of levels
long m = FindM(k, L, c, 2, 1, 0, chosen_m, true);
setTimersOn();
TestIt(c, k, w, L, m, n);
cerr << endl;
printAllTimers();
cerr << endl;
}
void checkCiphertext(const Ctxt& ctxt, const ZZX& ptxt, const FHESecKey& sk)
{
const FHEcontext& context = ctxt.getContext();
/*
IndexSet base = baseSetOf(ctxt);
double addedNoise = log(ctxt.modSwitchAddedNoiseVar());
Ctxt tmp = ctxt;
tmp.modDownToSet(base);
double totalNoise = log(tmp.getNoiseVar());
cout << " @@@ log(added-noise)="<<addedNoise
<< ", log(total-noise)="<<totalNoise<<endl;
*/
cout << " ln(q)="<< context.logOfProduct(ctxt.getPrimeSet())
<< ", ln(nVar)/2="<< log(ctxt.getNoiseVar())/2;
// << ", ln(nMag)="<< log(ctxt.getNoiseMag());
ZZX res;
// sk.Decrypt(res, ctxt);
ZZX f;
sk.Decrypt(res, ctxt, f);
cout << ", ln(mxPtxtCoef)=" << log(largestCoeff(f));
// ensure we reduce the same way on both
PolyRed((ZZX&)res,res,ctxt.getPtxtSpace(),true);
PolyRed((ZZX&)ptxt,ptxt,ctxt.getPtxtSpace(),true);
if (res != ptxt) {
cout << ", failed\n";
for (long i=0; i<=deg(ptxt); i++) if (coeff(res,i)!=coeff(ptxt,i)) {
cout << "first mismatch in coeff "<<i<<": "
<< coeff(res,i)<<"!="<<coeff(ptxt,i)<<"\n";
break;
}
cout << "Timing information:\n";
printAllTimers();
cout << "\n";
exit(0);
}
else cout << ", succeeded\n";
}
/************** Each round consists of the following:
1. c1.multiplyBy(c0)
2. c0 += random constant
3. c2 *= random constant
4. tmp = c1
5. ea.rotate(tmp, random amount in [-nSlots/2, nSlots/2])
6. c2 += tmp
7. ea.rotate(c2, random amount in [1-nSlots, nSlots-1])
8. c1.negate()
9. c3.multiplyBy(c2)
10. c0 -= c3
**************/
void testGeneralOps(const FHEPubKey& publicKey, const FHESecKey& secretKey,
const EncryptedArrayCx& ea, double epsilon,
long nRounds)
{
long nslots = ea.size();
char buffer[32];
vector<cx_double> p0, p1, p2, p3;
ea.random(p0);
ea.random(p1);
ea.random(p2);
ea.random(p3);
Ctxt c0(publicKey), c1(publicKey), c2(publicKey), c3(publicKey);
ea.encrypt(c0, publicKey, p0, /*size=*/1.0);
ea.encrypt(c1, publicKey, p1, /*size=*/1.0);
ea.encrypt(c2, publicKey, p2, /*size=*/1.0);
ea.encrypt(c3, publicKey, p3, /*size=*/1.0);
resetAllTimers();
FHE_NTIMER_START(Circuit);
for (long i = 0; i < nRounds; i++) {
if (verbose) std::cout << "*** round " << i << "..."<<endl;
long shamt = RandomBnd(2*(nslots/2) + 1) - (nslots/2);
// random number in [-nslots/2..nslots/2]
long rotamt = RandomBnd(2*nslots - 1) - (nslots - 1);
// random number in [-(nslots-1)..nslots-1]
// two random constants
vector<cx_double> const1, const2;
ea.random(const1);
ea.random(const2);
ZZX const1_poly, const2_poly;
ea.encode(const1_poly, const1, /*size=*/1.0);
ea.encode(const2_poly, const2, /*size=*/1.0);
mul(p1, p0); // c1.multiplyBy(c0)
c1.multiplyBy(c0);
if (verbose) {
CheckCtxt(c1, "c1*=c0");
debugCompare(ea, secretKey, p1, c1, epsilon);
}
add(p0, const1); // c0 += random constant
c0.addConstant(const1_poly);
if (verbose) {
CheckCtxt(c0, "c0+=k1");
debugCompare(ea, secretKey, p0, c0, epsilon);
}
mul(p2, const2); // c2 *= random constant
c2.multByConstant(const2_poly);
if (verbose) {
CheckCtxt(c2, "c2*=k2");
debugCompare(ea, secretKey, p2, c2, epsilon);
}
vector<cx_double> tmp_p(p1); // tmp = c1
Ctxt tmp(c1);
sprintf(buffer, "tmp=c1>>=%d", (int)shamt);
rotate(tmp_p, shamt); // ea.shift(tmp, random amount in [-nSlots/2,nSlots/2])
ea.rotate(tmp, shamt);
if (verbose) {
CheckCtxt(tmp, buffer);
debugCompare(ea, secretKey, tmp_p, tmp, epsilon);
}
add(p2, tmp_p); // c2 += tmp
c2 += tmp;
if (verbose) {
CheckCtxt(c2, "c2+=tmp");
debugCompare(ea, secretKey, p2, c2, epsilon);
}
sprintf(buffer, "c2>>>=%d", (int)rotamt);
rotate(p2, rotamt); // ea.rotate(c2, random amount in [1-nSlots, nSlots-1])
ea.rotate(c2, rotamt);
if (verbose) {
CheckCtxt(c2, buffer);
debugCompare(ea, secretKey, p2, c2, epsilon);
}
negateVec(p1); // c1.negate()
c1.negate();
if (verbose) {
CheckCtxt(c1, "c1=-c1");
debugCompare(ea, secretKey, p1, c1, epsilon);
}
mul(p3, p2); // c3.multiplyBy(c2)
c3.multiplyBy(c2);
if (verbose) {
CheckCtxt(c3, "c3*=c2");
debugCompare(ea, secretKey, p3, c3, epsilon);
}
sub(p0, p3); // c0 -= c3
c0 -= c3;
if (verbose) {
CheckCtxt(c0, "c0=-c3");
debugCompare(ea, secretKey, p0, c0, epsilon);
}
}
c0.cleanUp();
c1.cleanUp();
c2.cleanUp();
c3.cleanUp();
FHE_NTIMER_STOP(Circuit);
vector<cx_double> pp0, pp1, pp2, pp3;
ea.decrypt(c0, secretKey, pp0);
ea.decrypt(c1, secretKey, pp1);
ea.decrypt(c2, secretKey, pp2);
ea.decrypt(c3, secretKey, pp3);
std::cout << "Test "<<nRounds<<" rounds of mixed operations, ";
if (cx_equals(pp0, p0,conv<double>(epsilon*c0.getPtxtMag()))
&& cx_equals(pp1, p1,conv<double>(epsilon*c1.getPtxtMag()))
&& cx_equals(pp2, p2,conv<double>(epsilon*c2.getPtxtMag()))
&& cx_equals(pp3, p3,conv<double>(epsilon*c3.getPtxtMag())))
std::cout << "PASS\n\n";
else {
std::cout << "FAIL:\n";
std::cout << " max(p0)="<<largestCoeff(p0)
<< ", max(pp0)="<<largestCoeff(pp0)
<< ", maxDiff="<<calcMaxDiff(p0,pp0) << endl;
std::cout << " max(p1)="<<largestCoeff(p1)
<< ", max(pp1)="<<largestCoeff(pp1)
<< ", maxDiff="<<calcMaxDiff(p1,pp1) << endl;
std::cout << " max(p2)="<<largestCoeff(p2)
<< ", max(pp2)="<<largestCoeff(pp2)
<< ", maxDiff="<<calcMaxDiff(p2,pp2) << endl;
std::cout << " max(p3)="<<largestCoeff(p3)
<< ", max(pp3)="<<largestCoeff(pp3)
<< ", maxDiff="<<calcMaxDiff(p3,pp3) << endl<<endl;
}
if (verbose) {
std::cout << endl;
printAllTimers();
std::cout << endl;
}
resetAllTimers();
}
void TestIt(long m, long p, long r, long d, long L, long bnd, long B)
{
cout << "*** TestIt" << (isDryRun()? "(dry run):" : ":")
<< " m=" << m
<< ", p=" << p
<< ", r=" << r
<< ", d=" << d
<< ", L=" << L
<< ", bnd=" << bnd
<< ", B=" << B
<< endl;
setTimersOn();
FHEcontext context(m, p, r);
buildModChain(context, L, /*c=*/2);
context.zMStar.printout();
cout << endl;
FHESecKey secretKey(context);
const FHEPubKey& publicKey = secretKey;
secretKey.GenSecKey(/*w=*/64); // A Hamming-weight-w secret key
ZZX G;
if (d == 0)
G = context.alMod.getFactorsOverZZ()[0];
else
G = makeIrredPoly(p, d);
cout << "G = " << G << "\n";
cout << "generating key-switching matrices... ";
addSome1DMatrices(secretKey); // compute key-switching matrices that we need
cout << "done\n";
cout << "computing masks and tables for rotation...";
EncryptedArray ea(context, G);
cout << "done\n";
PlaintextArray xp0(ea), xp1(ea);
xp0.random();
xp1.random();
Ctxt xc0(publicKey);
ea.encrypt(xc0, publicKey, xp0);
ZZX poly_xp1;
ea.encode(poly_xp1, xp1);
cout << "** Testing replicate():\n";
bool error = false;
Ctxt xc1 = xc0;
CheckCtxt(xc1, "before replicate");
replicate(ea, xc1, ea.size()/2);
if (!check_replicate(xc1, xc0, ea.size()/2, secretKey, ea)) error = true;
CheckCtxt(xc1, "after replicate");
// Get some timing results
for (long i=0; i<20 && i<ea.size(); i++) {
xc1 = xc0;
FHE_NTIMER_START(replicate);
replicate(ea, xc1, i);
if (!check_replicate(xc1, xc0, i, secretKey, ea)) error = true;
FHE_NTIMER_STOP(replicate);
}
cout << " Replicate test " << (error? "failed :(\n" : "succeeded :)")
<< endl<< endl;
printAllTimers();
cout << "\n** Testing replicateAll()... " << std::flush;
#ifdef DEBUG_PRINTOUT
replicateVerboseFlag = true;
#else
replicateVerboseFlag = false;
#endif
error = false;
ReplicateTester *handler = new ReplicateTester(secretKey, ea, xp0, B);
try {
FHE_NTIMER_START(replicateAll);
replicateAll(ea, xc0, handler, bnd);
}
catch (StopReplicate) {
}
cout << (handler->error? "failed :(\n" : "succeeded :)")
<< ", total time=" << handler->t_total << " ("
<< ((B>0)? B : ea.size())
<< " vectors)\n";
delete handler;
}
int main(int argc, char **argv)
{
/* On our trusted system we generate a new key
* (or read one in) and encrypt the secret data set.
*/
long m=0, p=2, r=1; // Native plaintext space
// Computations will be 'modulo p'
long L=16; // Levels
long c=3; // Columns in key switching matrix
long w=64; // Hamming weight of secret key
long d=0;
long security = 128;
ZZX G;
m = FindM(security,L,c,p, d, 0, 0);
FHEcontext context(m, p, r);
// initialize context
buildModChain(context, L, c);
// modify the context, adding primes to the modulus chain
FHESecKey secretKey(context);
// construct a secret key structure
const FHEPubKey& publicKey = secretKey;
// an "upcast": FHESecKey is a subclass of FHEPubKey
//if(0 == d)
G = context.alMod.getFactorsOverZZ()[0];
secretKey.GenSecKey(w);
// actually generate a secret key with Hamming weight w
addSome1DMatrices(secretKey);
cout << "Generated key..." << endl;
EncryptedArray ea(context, G);
// constuct an Encrypted array object ea that is
// associated with the given context and the polynomial G
long nslots = ea.size();
cout << "Vector Size " << nslots << endl;;
vector<long> v1;
for(int i = 0 ; i < nslots; i++) {
v1.push_back(1);
//v1.push_back(i*2);
}
Ctxt ct1(publicKey);
startFHEtimer("ea.encrypt1");
ea.encrypt(ct1, publicKey, v1);
stopFHEtimer("ea.encrypt1");
vector<long> v2;
Ctxt ct2(publicKey);
for(int i = 0 ; i < nslots; i++) {
v2.push_back(1);
//v2.push_back(i*3);
}
startFHEtimer("ea.encrypt2");
ea.encrypt(ct2, publicKey, v2);
stopFHEtimer("ea.encrypt2");
// v1.mul(v2); // c3.multiplyBy(c2)
// ct2.multiplyBy(ct1);
// CheckCtxt(ct2, "c3*=c2");
// debugCompare(ea,secretKey,v1,ct2);
// On the public (untrusted) system we
// can now perform our computation
Ctxt ctSum = ct1;
Ctxt ctProd = ct1;
startFHEtimer("sum");
ctSum += ct2;
stopFHEtimer("sum");
//ctProd *= ct2;
startFHEtimer("product");
ctProd *= ct2;
//ctProd.multiplyBy(ct2);
stopFHEtimer("product");
//ea.mat_mul(ctProd,ct2);
vector<long> res;
startFHEtimer("decryptsum");
ea.decrypt(ctSum, secretKey, res);
stopFHEtimer("decryptsum");
//cout << "All computations are modulo " << p << "." << endl;
for (unsigned int i = 0; i<res.size(); i++){
cout<< res[i];
}
for(unsigned int i = 0; i < res.size(); i++) {
cout << v1[i] << " + " << v2[i] << " = " << res[i] << endl;
}
startFHEtimer("decryptproduct");
ea.decrypt(ctProd, secretKey, res);
stopFHEtimer("decryptproduct");
for (unsigned int i = 0; i<res.size(); i++){
cout<< res[i];
}
for(unsigned int i = 0; i < res.size(); i++) {
cout << v1[i] << " * " << v2[i] << " = " << res[i] << endl;
}
printAllTimers();
cout << endl;
cout << "All computations are modulo " << p << "." << endl;
return 0;
}
void TestIt(long p, long r, long c, long _k, long w,
long L, Vec<long>& mvec,
Vec<long>& gens, Vec<long>& ords, long useCache)
{
if (lsize(mvec)<1) { // use default values
mvec.SetLength(3); gens.SetLength(3); ords.SetLength(3);
mvec[0] = 7; mvec[1] = 3; mvec[2] = 221;
gens[0] = 3979; gens[1] = 3095; gens[2] = 3760;
ords[0] = 6; ords[1] = 2; ords[2] = -8;
}
if (!noPrint)
cout << "*** TestIt"
<< (dry? " (dry run):" : ":")
<< " p=" << p
<< ", r=" << r
<< ", c=" << c
<< ", k=" << _k
<< ", w=" << w
<< ", L=" << L
<< ", mvec=" << mvec << ", "
<< ", useCache = " << useCache
<< endl;
setTimersOn();
setDryRun(false); // Need to get a "real context" to test ThinEvalMap
// mvec is supposed to include the prime-power factorization of m
long nfactors = mvec.length();
for (long i = 0; i < nfactors; i++)
for (long j = i+1; j < nfactors; j++)
assert(GCD(mvec[i], mvec[j]) == 1);
// multiply all the prime powers to get m itself
long m = computeProd(mvec);
assert(GCD(p, m) == 1);
// build a context with these generators and orders
vector<long> gens1, ords1;
convert(gens1, gens);
convert(ords1, ords);
FHEcontext context(m, p, r, gens1, ords1);
buildModChain(context, L, c);
if (!noPrint) {
context.zMStar.printout(); // print structure of Zm* /(p) to cout
cout << endl;
}
long d = context.zMStar.getOrdP();
long phim = context.zMStar.getPhiM();
long nslots = phim/d;
setDryRun(dry); // Now we can set the dry-run flag if desired
FHESecKey secretKey(context);
const FHEPubKey& publicKey = secretKey;
secretKey.GenSecKey(w); // A Hamming-weight-w secret key
addSome1DMatrices(secretKey); // compute key-switching matrices that we need
addFrbMatrices(secretKey); // compute key-switching matrices that we need
// GG defines the plaintext space Z_p[X]/GG(X)
ZZX GG;
GG = context.alMod.getFactorsOverZZ()[0];
EncryptedArray ea(context, GG);
zz_p::init(context.alMod.getPPowR());
Vec<zz_p> val0(INIT_SIZE, nslots);
for (auto& x: val0)
random(x);
vector<ZZX> val1;
val1.resize(nslots);
for (long i = 0; i < nslots; i++) {
val1[i] = conv<ZZX>(conv<ZZ>(rep(val0[i])));
}
Ctxt ctxt(publicKey);
ea.encrypt(ctxt, publicKey, val1);
resetAllTimers();
FHE_NTIMER_START(ALL);
// Compute homomorphically the transformation that takes the
// coefficients packed in the slots and produces the polynomial
// corresponding to cube
if (!noPrint) CheckCtxt(ctxt, "init");
if (!noPrint) cout << "build ThinEvalMap\n";
ThinEvalMap map(ea, /*minimal=*/false, mvec,
/*invert=*/false, /*build_cache=*/false);
// compute the transformation to apply
if (!noPrint) cout << "apply ThinEvalMap\n";
if (useCache) map.upgrade();
map.apply(ctxt); // apply the transformation to ctxt
if (!noPrint) CheckCtxt(ctxt, "ThinEvalMap");
if (!noPrint) cout << "check results\n";
if (!noPrint) cout << "build ThinEvalMap\n";
ThinEvalMap imap(ea, /*minimal=*/false, mvec,
/*invert=*/true, /*build_cache=*/false);
// compute the transformation to apply
if (!noPrint) cout << "apply ThinEvalMap\n";
if (useCache) imap.upgrade();
imap.apply(ctxt); // apply the transformation to ctxt
if (!noPrint) {
CheckCtxt(ctxt, "ThinEvalMap");
cout << "check results\n";
}
#if 1
/* create dirty version of ctxt */
Vec<zz_pX> dirty_val0;
dirty_val0.SetLength(nslots);
for (long i = 0; i < nslots; i++) {
random(dirty_val0[i], d);
SetCoeff(dirty_val0[i], 0, val0[i]);
}
vector<ZZX> dirty_val1;
dirty_val1.resize(nslots);
for (long i = 0; i < nslots; i++) {
dirty_val1[i] = conv<ZZX>(dirty_val0[i]);
}
Ctxt dirty_ctxt(publicKey);
ea.encrypt(dirty_ctxt, publicKey, dirty_val1);
EvalMap dirty_map(ea, /*minimal=*/false, mvec,
/*invert=*/false, /*build_cache=*/false);
dirty_map.apply(dirty_ctxt);
imap.apply(dirty_ctxt);
#endif
vector<ZZX> val2;
ea.decrypt(ctxt, secretKey, val2);
if (val1 == val2)
cout << "ThinEvalMap: GOOD\n";
else
cout << "ThinEvalMap: BAD\n";
#if 1
vector<ZZX> dirty_val2;
ea.decrypt(dirty_ctxt, secretKey, dirty_val2);
if (val1 == dirty_val2)
cout << "ThinEvalMap: GOOD\n";
else
cout << "ThinEvalMap: BAD\n";
#endif
FHE_NTIMER_STOP(ALL);
if (!noPrint) {
cout << "\n*********\n";
printAllTimers();
cout << endl;
}
}