lol-0.5.0.2: A library for lattice cryptography.

Safe HaskellNone
LanguageHaskell2010

Crypto.Lol.Cyclotomic.Linear

Description

\( \def\lcm{\text{lcm}} \)

Functions from one cyclotomic ring to another that are linear over a common subring.

Synopsis

Documentation

data Linear t z e r s Source #

An \(E\)-linear function from \(R\) to \(S\).

Instances

NFData (Cyc t s z) => NFData (Linear t z e r s) Source # 

Methods

rnf :: Linear t z e r s -> () #

Additive (Cyc t s z) => C (Linear t z e r s) Source # 

Methods

zero :: Linear t z e r s #

(+) :: Linear t z e r s -> Linear t z e r s -> Linear t z e r s #

(-) :: Linear t z e r s -> Linear t z e r s -> Linear t z e r s #

negate :: Linear t z e r s -> Linear t z e r s #

(CElt t zp, CElt t z, (~) * z (LiftOf zp), Lift zp z, Fact s) => Lift' (Linear t zp e r s) Source #

lifts with respect to powerful basis, for best geometry

Methods

lift :: Linear t zp e r s -> LiftOf (Linear t zp e r s) Source #

(Reduce z zq, Fact s, CElt t z, CElt t zq) => Reduce (Linear t z e r s) (Linear t zq e r s) Source # 

Methods

reduce :: Linear t z e r s -> Linear t zq e r s Source #

type LiftOf (Linear t zp e r s) Source # 
type LiftOf (Linear t zp e r s) = Linear t (LiftOf zp) e r s

type ExtendLinIdx e r s e' r' s' = (Fact r, e ~ FGCD r e', r' ~ FLCM r e', e' `Divides` s', s `Divides` s') Source #

A convenient constraint synonym for extending a linear function to larger rings.

linearDec :: forall t z e r s. (e `Divides` r, e `Divides` s, CElt t z) => [Cyc t s z] -> Linear t z e r s Source #

Construct an \(E\)-linear function given a list of its output values (in \(S\)) on the relative decoding basis of \(R/E\). The number of elements in the list must not exceed the size of the basis.

evalLin :: forall t z e r s. (e `Divides` r, e `Divides` s, CElt t z) => Linear t z e r s -> Cyc t r z -> Cyc t s z Source #

Evaluates the given linear function on the input.

extendLin :: ExtendLinIdx e r s e' r' s' => Linear t z e r s -> Linear t z e' r' s' Source #

Extend an \(E\)-linear function \(R\to S\) to an \(E'\)-linear function \(R'\to S'\). (Mathematically, such extension only requires \(\lcm(r,e') | r'\) (not equality), but this generality would significantly complicate the implementation, and for our purposes there's no reason to use any larger \(r'\).)