-
Notifications
You must be signed in to change notification settings - Fork 713
/
Copy path4_BGV_Basics.cs
226 lines (202 loc) · 10.2 KB
/
4_BGV_Basics.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT license.
using System;
using System.Collections.Generic;
using Microsoft.Research.SEAL;
namespace SEALNetExamples
{
partial class Examples
{
private static void ExampleBGVBasics()
{
Utilities.PrintExampleBanner("Example: BGV Basics");
/*
As an example, we evaluate the degree 8 polynomial
x^8
over an encrypted x over integers 1, 2, 3, 4. The coefficients of the
polynomial can be considered as plaintext inputs, as we will see below. The
computation is done modulo the plain_modulus 1032193.
Computing over encrypted data in the BGV scheme is similar to that in BFV.
The purpose of this example is mainly to explain the differences between BFV
and BGV in terms of ciphertext coefficient modulus selection and noise control.
Most of the following code are repeated from "BFV basics" and "encoders" examples.
*/
/*
Note that scheme_type is now "bgv".
*/
using EncryptionParameters parms = new EncryptionParameters(SchemeType.BGV);
ulong polyModulusDegree = 8192;
parms.PolyModulusDegree = polyModulusDegree;
/*
We can certainly use BFVDefault coeff_modulus. In later parts of this example,
we will demonstrate how to choose coeff_modulus that is more useful in BGV.
*/
parms.CoeffModulus = CoeffModulus.BFVDefault(polyModulusDegree);
parms.PlainModulus = PlainModulus.Batching(polyModulusDegree, 20);
using SEALContext context = new SEALContext(parms);
/*
Print the parameters that we have chosen.
*/
Utilities.PrintLine();
Console.WriteLine("Set encryption parameters and print");
Utilities.PrintParameters(context);
using KeyGenerator keygen = new KeyGenerator(context);
using SecretKey secretKey = keygen.SecretKey;
keygen.CreatePublicKey(out PublicKey publicKey);
keygen.CreateRelinKeys(out RelinKeys relinKeys);
using Encryptor encryptor = new Encryptor(context, publicKey);
using Evaluator evaluator = new Evaluator(context);
using Decryptor decryptor = new Decryptor(context, secretKey);
/*
Batching and slot operations are the same in BFV and BGV.
*/
using BatchEncoder batchEncoder = new BatchEncoder(context);
ulong slotCount = batchEncoder.SlotCount;
ulong rowSize = slotCount / 2;
Console.WriteLine($"Plaintext matrix row size: {rowSize}");
/*
Here we create the following matrix:
[ 1, 2, 3, 4, 0, 0, ..., 0 ]
[ 0, 0, 0, 0, 0, 0, ..., 0 ]
*/
ulong[] podMatrix = new ulong[slotCount];
podMatrix[0] = 1;
podMatrix[1] = 2;
podMatrix[2] = 3;
podMatrix[3] = 4;
Console.WriteLine("Input plaintext matrix:");
Utilities.PrintMatrix(podMatrix, (int)rowSize);
using Plaintext xPlain = new Plaintext();
Console.WriteLine("Encode plaintext matrix to xPlain:");
batchEncoder.Encode(podMatrix, xPlain);
/*
Next we encrypt the encoded plaintext.
*/
using Ciphertext xEncrypted = new Ciphertext();
Utilities.PrintLine();
Console.WriteLine("Encrypt xPlain to xEncrypted.");
encryptor.Encrypt(xPlain, xEncrypted);
Console.WriteLine(" + noise budget in freshly encrypted x: {0} bits",
decryptor.InvariantNoiseBudget(xEncrypted));
Console.WriteLine();
/*
Then we compute x^2.
*/
Utilities.PrintLine();
Console.WriteLine("Compute and relinearize xSquared (x^2),");
using Ciphertext xSquared = new Ciphertext();
evaluator.Square(xEncrypted, xSquared);
Console.WriteLine($" + size of xSquared: {xSquared.Size}");
evaluator.RelinearizeInplace(xSquared, relinKeys);
Console.WriteLine(" + size of xSquared (after relinearization): {0}",
xSquared.Size);
Console.WriteLine(" + noise budget in xSquared: {0} bits",
decryptor.InvariantNoiseBudget(xSquared));
using Plaintext decryptedResult = new Plaintext();
decryptor.Decrypt(xSquared, decryptedResult);
List<ulong> podResult = new List<ulong>();
batchEncoder.Decode(decryptedResult, podResult);
Console.WriteLine(" + result plaintext matrix ...... Correct.");
Utilities.PrintMatrix(podResult, (int)rowSize);
/*
Next we compute x^4.
*/
Utilities.PrintLine();
Console.WriteLine("Compute and relinearize x4th (x^4),");
using Ciphertext x4th = new Ciphertext();
evaluator.Square(xSquared, x4th);
Console.WriteLine($" + size of x4th: {x4th.Size}");
evaluator.RelinearizeInplace(x4th, relinKeys);
Console.WriteLine(" + size of x4th (after relinearization): {0}",
x4th.Size);
Console.WriteLine(" + noise budget in x4th: {0} bits",
decryptor.InvariantNoiseBudget(x4th));
decryptor.Decrypt(x4th, decryptedResult);
batchEncoder.Decode(decryptedResult, podResult);
Console.WriteLine(" + result plaintext matrix ...... Correct.");
Utilities.PrintMatrix(podResult, (int)rowSize);
/*
Last we compute x^8. We run out of noise budget.
*/
Utilities.PrintLine();
Console.WriteLine("Compute and relinearize x8th (x^8),");
using Ciphertext x8th = new Ciphertext();
evaluator.Square(x4th, x8th);
Console.WriteLine($" + size of x8th: {x8th.Size}");
evaluator.RelinearizeInplace(x8th, relinKeys);
Console.WriteLine(" + size of x8th (after relinearization): {0}",
x8th.Size);
Console.WriteLine(" + noise budget in x8th: {0} bits",
decryptor.InvariantNoiseBudget(x8th));
Console.WriteLine("NOTE: Notice the increase in remaining noise budget.");
Console.WriteLine();
Console.WriteLine("~~~~~~ Use modulus switching to calculate x^8. ~~~~~~");
/*
Noise budget has reached 0, which means that decryption cannot be expected
to give the correct result. BGV requires modulus switching to reduce noise
growth. In the following demonstration, we will insert a modulus switching
after each relinearization.
*/
Utilities.PrintLine();
Console.WriteLine("Encrypt xPlain to xEncrypted.");
encryptor.Encrypt(xPlain, xEncrypted);
Console.WriteLine(" + noise budget in freshly encrypted x: {0} bits",
decryptor.InvariantNoiseBudget(xEncrypted));
Console.WriteLine();
/*
Then we compute x^2.
*/
Utilities.PrintLine();
Console.WriteLine("Compute and relinearize xSquared (x^2),");
Console.WriteLine(" + noise budget in xSquared (previously): {0} bits",
decryptor.InvariantNoiseBudget(xSquared));
evaluator.Square(xEncrypted, xSquared);
evaluator.RelinearizeInplace(xSquared, relinKeys);
evaluator.ModSwitchToNextInplace(xSquared);
Console.WriteLine(" + noise budget in xSquared (with modulus switching): {0} bits",
decryptor.InvariantNoiseBudget(xSquared));
decryptor.Decrypt(xSquared, decryptedResult);
batchEncoder.Decode(decryptedResult, podResult);
Console.WriteLine(" + result plaintext matrix ...... Correct.");
Utilities.PrintMatrix(podResult, (int)rowSize);
/*
Next we compute x^4.
*/
Utilities.PrintLine();
Console.WriteLine("Compute and relinearize x4th (x^4),");
Console.WriteLine(" + noise budget in x4th (previously): {0} bits",
decryptor.InvariantNoiseBudget(x4th));
evaluator.Square(xSquared, x4th);
evaluator.RelinearizeInplace(x4th, relinKeys);
evaluator.ModSwitchToNextInplace(x4th);
Console.WriteLine(" + noise budget in x4th (with modulus switching): {0} bits",
decryptor.InvariantNoiseBudget(x4th));
decryptor.Decrypt(x4th, decryptedResult);
batchEncoder.Decode(decryptedResult, podResult);
Console.WriteLine(" + result plaintext matrix ...... Correct.");
Utilities.PrintMatrix(podResult, (int)rowSize);
/*
Last we compute x^8. We still have budget left.
*/
Utilities.PrintLine();
Console.WriteLine("Compute and relinearize x8th (x^8),");
Console.WriteLine(" + noise budget in x8th (previously): {0} bits",
decryptor.InvariantNoiseBudget(x8th));
evaluator.Square(x4th, x8th);
evaluator.RelinearizeInplace(x8th, relinKeys);
evaluator.ModSwitchToNextInplace(x8th);
Console.WriteLine(" + noise budget in x8th (with modulus switching): {0} bits",
decryptor.InvariantNoiseBudget(x8th));
decryptor.Decrypt(x8th, decryptedResult);
batchEncoder.Decode(decryptedResult, podResult);
Console.WriteLine(" + result plaintext matrix ...... Correct.");
Utilities.PrintMatrix(podResult, (int)rowSize);
/*
Although with modulus switching x_squared has less noise budget than before,
noise budget is consumed at a slower rate. To achieve the optimal consumption
rate of noise budget in an application, one needs to carefully choose the
location to insert modulus switching and manually choose coeff_modulus.
*/
}
}
}