Design and Implementation of a Homomorphic ... - Researcher
Design and Implementation of a Homomorphic ... - Researcher
Design and Implementation of a Homomorphic ... - Researcher
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ool isOne() const; // does it point to 1<br />
bool operator==(const SKH<strong>and</strong>le& other) const;<br />
bool operator!=(const SKH<strong>and</strong>le& other) const;<br />
bool mul(const SKH<strong>and</strong>le& a, const SKH<strong>and</strong>le& b); // multiply the h<strong>and</strong>les<br />
// result returned in *this, returns true if h<strong>and</strong>les can be multiplied<br />
3.1.2 The CtxtPart class<br />
A ciphertext-part is a polynomial with a h<strong>and</strong>le (that “points” to a secret-key polynomial). Accordingly,<br />
the class CtxtPart is derived from DoubleCRT, <strong>and</strong> includes an additional data member <strong>of</strong><br />
type SKH<strong>and</strong>le. This class does not provide any methods beyond the ones that are provided by the<br />
base class DoubleCRT, except for access to the secret-key h<strong>and</strong>le (<strong>and</strong> constructors that initialize<br />
it).<br />
3.1.3 The Ctxt class<br />
A Ctxt object is always defined relative to a fixed public key <strong>and</strong> context, both must be supplied<br />
to the constructor <strong>and</strong> are fixed thereafter. As described above, a ciphertext contains a vector <strong>of</strong><br />
parts, each part with its own h<strong>and</strong>le. This type <strong>of</strong> representation is quite flexible, for example you<br />
can in principle add ciphertexts that are defined with respect to different keys, as follows:<br />
• For parts <strong>of</strong> the two ciphertexts that point to the same secret-key polynomial (i.e., have the<br />
same h<strong>and</strong>le), you just add the two DoubleCRT polynomials.<br />
• Parts in one ciphertext that do not have counter-part in the other ciphertext will just be<br />
included in the result intact.<br />
For example, suppose that you wanted to add the following two ciphertexts. one “canonical” <strong>and</strong><br />
the other after an automorphism X ↦→ X 3 :<br />
⃗c = (c 0 [i = 0, r = 0, t = 0], c 1 [i = 0, r = 1, t = 1])<br />
<strong>and</strong> ⃗c ′ = (c ′ 0[i = 0, r = 0, t = 0], c ′ 3[i = 0, r = 1, t = 3]).<br />
Adding these ciphertexts, we obtain a three-part ciphertext,<br />
⃗c + ⃗c ′ = ((c 0 + c ′ 0)[i = 0, r = 0, t = 0], c 1 [i = 0, r = 1, t = 1], c ′ 3[i = 0, r = 1, t = 3]).<br />
Similarly, we also have flexibility in multiplying ciphertexts using a tensor product, as long as all<br />
the pairwise h<strong>and</strong>les <strong>of</strong> all the parts can be multiplied according to the rules from Section 3.1.1<br />
above.<br />
The Ctxt class therefore contains a data member vector parts that keeps all <strong>of</strong><br />
the ciphertext-parts. By convention, the first part, parts[0], always has a h<strong>and</strong>le pointing to<br />
the constant polynomial 1. Also, we maintain the invariant that all the DoubleCRT objects in the<br />
parts <strong>of</strong> a ciphertext are defined relative to the same subset <strong>of</strong> primes, <strong>and</strong> the IndexSet for this<br />
subset is accessible as ctxt.getPrimeSet(). (The current BGV modulus for this ciphertext can<br />
be computed as q = ctxt.getContext().productOfPrimes(ctxt.getPrimeSet()).)<br />
15