lol-0.0.1.0: A library for lattice cryptography.

Safe HaskellNone
LanguageHaskell2010

Crypto.Lol.Applications.SymmSHE

Contents

Description

Symmetric-key somewhat homomorphic encryption.

Synopsis

Algorithm inputs

data SK r Source

secret key

Instances

NFData r => NFData (SK r) Source 

type PT rp = rp Source

plaintext

data CT m zp r'q Source

Ciphertext over R'_q, encrypting a plaintext in R_p (R=O_m).

Instances

(Show zp, Show r'q) => Show (CT m zp r'q) Source 
(NFData zp, NFData r'q) => NFData (CT m zp r'q) Source 
(ToSDCtx t m' zp zq, Additive (CT m zp (Cyc t m' zq))) => C (CT m zp (Cyc t m' zq)) Source 
(Eq zp, Divides m m', ToSDCtx t m' zp zq) => C (CT m zp (Cyc t m' zq)) Source 

Encryption functions

genSK :: (GenSKCtx t m z v, MonadRandom rnd) => v -> rnd (SK (Cyc t m z)) Source

Generates a secret key with (index-independent) scaled variance parameter v; see errorRounded.

encrypt :: forall t m m' z zp zq e rnd. (EncryptCtx t m m' z zp zq, MonadRandom rnd) => SK (Cyc t m' z) -> PT (Cyc t m zp) -> rnd (CT m zp (Cyc t m' zq)) Source

Encrypt a plaintext under a secret key.

Decryption functions

errorTerm :: ErrorTermCtx t m' z zp zq => SK (Cyc t m' z) -> CT m zp (Cyc t m' zq) -> Cyc t m' (LiftOf zq) Source

Extract the error term of a ciphertext.

errorTermUnrestricted :: (Reduce z zq, Lift' zq, CElt t z, ToSDCtx t m' zp zq) => SK (Cyc t m' z) -> CT m zp (Cyc t m' zq) -> Cyc t m' (LiftOf zq) Source

More general form of errorTerm that works for unrestricted output coefficient types.

decrypt :: forall t m m' z zp zq. DecryptCtx t m m' z zp zq => SK (Cyc t m' z) -> CT m zp (Cyc t m' zq) -> PT (Cyc t m zp) Source

Decrypt a ciphertext.

decryptUnrestricted :: (Fact m, Fact m', CElt t zp, m `Divides` m', Reduce z zq, Lift' zq, CElt t z, ToSDCtx t m' zp zq, Reduce (LiftOf zq) zp) => SK (Cyc t m' z) -> CT m zp (Cyc t m' zq) -> PT (Cyc t m zp) Source

More general form of decrypt that works for unrestricted output coefficient types.

Functions for changing representation of a ciphertext

toMSD :: ToSDCtx t m' zp zq => CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) Source

Convert a ciphertext to MSD encoding.

toLSD :: ToSDCtx t m' zp zq => CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) Source

Convert a ciphertext to LSD encoding.

Arithmetic with public values

addScalar :: AddScalarCtx t m' zp zq => zp -> CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) Source

Homomorphically add a public Z_p value to an encrypted value. The ciphertext must not carry any g factors.

addPublic :: forall t m m' zp zq. AddPublicCtx t m m' zp zq => Cyc t m zp -> CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) Source

Homomorphically add a public R_p value to an encrypted value.

mulPublic :: forall t m m' zp zq. MulPublicCtx t m m' zp zq => Cyc t m zp -> CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) Source

Homomorphically multiply an encrypted value by a public R_p value.

Embedding/Twacing for keys and ciphertexts

embedSK :: (CElt t z, m `Divides` m') => SK (Cyc t m z) -> SK (Cyc t m' z) Source

Embed a secret key from a subring into a superring.

embedCT :: (CElt t zq, r `Divides` r', s `Divides` s', r `Divides` s, r' `Divides` s') => CT r zp (Cyc t r' zq) -> CT s zp (Cyc t s' zq) Source

Embed a ciphertext in R' encrypting a plaintext in R to a ciphertext in T' encrypting a plaintext in T. The target ciphertext ring T' must contain both the the source ciphertext ring R' and the target plaintext ring T.

twaceCT :: (CElt t zq, r `Divides` r', s' `Divides` r', s ~ FGCD s' r) => CT r zp (Cyc t r' zq) -> CT s zp (Cyc t s' zq) Source

"Tweaked trace" function for ciphertexts. Mathematically, the target plaintext ring S must contain the intersection of the source plaintext ring T and the target ciphertext ring S'. Here we make the stricter requirement that s = gcd(s', t).

Functions for changing the CT/PT modulus

rescaleLinearCT :: (RescaleCyc (Cyc t) zq zq', ToSDCtx t m' zp zq) => CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq') Source

Rescale a linear ciphertext.

modSwitchPT :: ModSwitchPTCtx t m' zp zp' zq => CT m zp (Cyc t m' zq) -> CT m zp' (Cyc t m' zq) Source

Homomorphically divide a plaintext that is known to be a multiple of (p/p') by that factor, thereby scaling the plaintext modulus from p to p'.

Key switching

keySwitchLinear :: forall gad t m' zp zq zq' z rnd m. (KeySwitchCtx gad t m' zp zq zq', KSHintCtx gad t m' z zq', MonadRandom rnd) => SK (Cyc t m' z) -> SK (Cyc t m' z) -> TaggedT (gad, zq') rnd (CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq)) Source

Switch a linear ciphertext under s_in to a linear one under s_out

keySwitchQuadCirc :: forall gad t m' zp zq zq' z m rnd. (KeySwitchCtx gad t m' zp zq zq', KSHintCtx gad t m' z zq', MonadRandom rnd) => SK (Cyc t m' z) -> TaggedT (gad, zq') rnd (CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq)) Source

Switch a quadratic ciphertext (i.e., one with three components) to a linear one under the same key.

Ring switching

tunnelCT :: forall gad t e r s e' r' s' z zp zq zq' rnd. (TunnelCtx t e r s e' r' s' z zp zq zq' gad, MonadRandom rnd) => Linear t zp e r s -> SK (Cyc t s' z) -> SK (Cyc t r' z) -> TaggedT (gad, zq') rnd (CT r zp (Cyc t r' zq) -> CT s zp (Cyc t s' zq)) Source

Homomorphically apply the E-linear function that maps the elements of the decoding basis of R/E to the corresponding S-elements in the input array.

Constraint synonyms

type AddPublicCtx t m m' zp zq = (Lift' zp, Reduce (LiftOf zp) zq, m `Divides` m', CElt t zp, CElt t (LiftOf zp), ToSDCtx t m' zp zq) Source

Constraint synonym for adding a public value to an encrypted value

type MulPublicCtx t m m' zp zq = (Lift' zp, Reduce (LiftOf zp) zq, Ring zq, m `Divides` m', CElt t zp, CElt t (LiftOf zp), CElt t zq) Source

Constraint synonym for multiplying a public value with an encrypted value

type KeySwitchCtx gad t m' zp zq zq' = (ToSDCtx t m' zp zq, RescaleCyc (Cyc t) zq' zq, RescaleCyc (Cyc t) zq zq', Decompose gad zq', KnapsackCtx t m' (DecompOf zq') zq') Source

Constraint synonym for key switching.

type KSHintCtx gad t m' z zq = (LWECtx t m' z zq, Reduce (DecompOf zq) zq, Gadget gad zq, CElt t (DecompOf zq)) Source

Constraint synonym for generating key-switch hints.

type ModSwitchPTCtx t m' zp zp' zq = (Lift' zp, Reduce (LiftOf zp) zp', ToSDCtx t m' zp zq) Source

Constraint synonym for modulus switching.

type ToSDCtx t m' zp zq = (Encode zp zq, Fact m', CElt t zq) Source

Constraint synonym for converting between ciphertext encodings.

type EncryptCtx t m m' z zp zq = (Mod zp, Ring zp, Ring zq, Lift zp (ModRep zp), Reduce z zq, Reduce (LiftOf zp) zq, CElt t zq, CElt t zp, CElt t z, CElt t (LiftOf zp), m `Divides` m') Source

Constraint synonym for encryption.

type TunnelCtx t e r s e' r' s' z zp zq zq' gad = (ExtendLinIdx e r s e' r' s', KSHintCtx gad t r' z zq', Reduce z zq, Lift zp z, CElt t zp, KeySwitchCtx gad t s' zp zq zq') Source

Constraint synonym for ring tunneling.

type GenSKCtx t m z v = (ToInteger z, Fact m, CElt t z, ToRational v, NFData v) Source

Constraint synonym for generating a secret key.

type DecryptCtx t m m' z zp zq = (ErrorTermCtx t m' z zp zq, Reduce (LiftOf zq) zp, m `Divides` m', CElt t zp) Source

Constraint synonym for decryption.

type ErrorTermCtx t m' z zp zq = (Reduce z zq, Lift' zq, CElt t z, CElt t (LiftOf zq), ToSDCtx t m' zp zq) Source

Constraint synonym for extracting the error term of a ciphertext.