Copyright	(c) Eric Crockett 2011-2017 Chris Peikert 2011-2017
License	GPL-3
Maintainer	ecrockett0@gmail.com
Stability	experimental
Portability	POSIX $ \def\Z{\mathbb{Z}} $ $ \def\F{\mathbb{F}} $ $ \def\Q{\mathbb{Q}} $ $ \def\O{\mathcal{O}} $
Safe Haskell	None
Language	Haskell2010

Crypto.Lol.Cyclotomic.CycRep

Contents

Data types and constraints
Changing representation
Scalars
Basic operations
Error sampling
Inter-ring operations and values

Description

A low-level implementation of cyclotomic rings that allows (and requires) the programmer to control the underlying representation of ring elements, i.e., powerful, decoding, or CRT basis.

WARNING: as with all fixed-point arithmetic, the functions associated with CycRep may result in overflow (and thereby incorrect answers and potential security flaws) if the input arguments are too close to the bounds imposed by the base type. The acceptable range of inputs for each function is determined by the internal linear transforms and other operations it performs.

Synopsis

data family CycRep (t :: Factored -> * -> *) rep (m :: Factored) r
data P
data D
data C
data E
type CycRepEC t m r = Either (CycRep t E m r) (CycRep t C m r)
type CycRepPC t m r = Either (CycRep t P m r) (CycRep t C m r)
type CRTElt t r = (TensorG t r, CRTEmbed r, TensorCRT t Maybe r, TensorCRT t Identity (CRTExt r))
toPow :: (ToPowDec t rep r, Fact m) => CycRep t rep m r -> CycRep t P m r
toDec :: (ToPowDec t rep r, Fact m) => CycRep t rep m r -> CycRep t D m r
toCRT :: (ToCRT t rep r, Fact m) => CycRep t rep m r -> Either (CycRep t E m r) (CycRep t C m r)
scalarPow :: (TensorPowDec t r, Fact m) => r -> CycRep t P m r
scalarCRT :: (Fact m, CRTElt t r) => r -> CycRepEC t m r
mulGPow :: (Fact m, TensorG t r) => CycRep t P m r -> CycRep t P m r
mulGDec :: (Fact m, TensorG t r) => CycRep t D m r -> CycRep t D m r
mulGCRTC :: (Fact m, TensorCRT t Maybe r) => CycRep t C m r -> CycRep t C m r
divGPow :: (Fact m, TensorG t r) => CycRep t P m r -> Maybe (CycRep t P m r)
divGDec :: (Fact m, TensorG t r) => CycRep t D m r -> Maybe (CycRep t D m r)
divGCRTC :: (Fact m, CRTElt t r) => CycRep t C m r -> CycRep t C m r
gSqNormDec :: (TensorGSqNorm t r, Fact m) => CycRep t D m r -> r
tweakedGaussian :: (TensorGaussian t q, MonadRandom rnd, Fact m, ToRational v) => v -> rnd (CycRep t D m q)
roundedGaussian :: forall v rnd t m z. (TensorGaussian t Double, IFElt t Double, IFunctor t, ToInteger z, IFElt t z, Fact m, ToRational v, MonadRandom rnd) => v -> rnd (CycRep t D m z)
cosetGaussian :: forall t m zp z v rnd. (TensorGaussian t Double, IFElt t Double, IFunctor t, Lift zp z, Mod zp, z ~ ModRep zp, IFElt t zp, IFElt t z, Fact m, ToRational v, MonadRandom rnd) => v -> CycRep t D m zp -> rnd (CycRep t D m z)
embedPow :: (TensorPowDec t r, m `Divides` m') => CycRep t P m r -> CycRep t P m' r
embedCRTC :: (m `Divides` m', CRTElt t r) => CycRep t C m r -> Either (CycRep t P m' r) (CycRep t C m' r)
embedCRTE :: forall m m' t r. (m `Divides` m', CRTElt t r) => CycRep t E m r -> Either (CycRep t P m' r) (CycRep t E m' r)
twacePow :: (TensorPowDec t r, m `Divides` m') => CycRep t P m' r -> CycRep t P m r
twaceDec :: (TensorPowDec t r, m `Divides` m') => CycRep t D m' r -> CycRep t D m r
twaceCRTC :: (m `Divides` m', CRTElt t r) => CycRep t C m' r -> CycRepPC t m r
twaceCRTE :: forall t m m' r. (m `Divides` m', CRTElt t r) => CycRep t E m' r -> Either (CycRep t P m r) (CycRep t E m r)
coeffsPow :: (TensorPowDec t r, m `Divides` m') => CycRep t P m' r -> [CycRep t P m r]
coeffsDec :: (TensorPowDec t r, m `Divides` m') => CycRep t D m' r -> [CycRep t D m r]
powBasis :: forall m m' t r. (TensorPowDec t r, m `Divides` m') => [CycRep t P m' r]
crtSet :: forall m m' pp p mbar m'bar t z zpp. (m `Divides` m', p ~ PrimePP pp, mbar ~ PFree p m, m'bar ~ PFree p m', PPow pp, Prime p, zpp ~ ZqBasic pp z, ToInteger z, CRTElt t zpp, TensorCRTSet t (ZqBasic p z)) => [CycRep t P m' (ZqBasic pp z)]

Data types and constraints

data family CycRep (t :: Factored -> * -> *) rep (m :: Factored) r Source #

Instances

(CRTElt t r, Fact m) => C r (CycRepEC t m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*>) :: r -> CycRepEC t m r -> CycRepEC t m r #
(Ring r, TensorPowDec t r, Fact m) => C r (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*>) :: r -> CycRep t D m r -> CycRep t D m r #
(Ring r, TensorPowDec t r, Fact m) => C r (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*>) :: r -> CycRep t P m r -> CycRep t P m r #
IFunctor t => IFunctor (CycRep t D) Source #	apply coefficient-wise
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Associated Types type IFElt (CycRep t D) a :: Constraint Source # Methods fmapI :: (IFElt (CycRep t D) a, IFElt (CycRep t D) b, Fact m) => (a -> b) -> CycRep t D m a -> CycRep t D m b Source # zipWithI :: (IFElt (CycRep t D) a, IFElt (CycRep t D) b, IFElt (CycRep t D) c, Fact m) => (a -> b -> c) -> CycRep t D m a -> CycRep t D m b -> CycRep t D m c Source #
IFunctor t => IFunctor (CycRep t P) Source #	apply coefficient-wise
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Associated Types type IFElt (CycRep t P) a :: Constraint Source # Methods fmapI :: (IFElt (CycRep t P) a, IFElt (CycRep t P) b, Fact m) => (a -> b) -> CycRep t P m a -> CycRep t P m b Source # zipWithI :: (IFElt (CycRep t P) a, IFElt (CycRep t P) b, IFElt (CycRep t P) c, Fact m) => (a -> b -> c) -> CycRep t P m a -> CycRep t P m b -> CycRep t P m c Source #
Functor (t m) => Functor (CycRep t D m) Source #	apply coefficient-wise
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods fmap :: (a -> b) -> CycRep t D m a -> CycRep t D m b # (<$) :: a -> CycRep t D m b -> CycRep t D m a #
Functor (t m) => Functor (CycRep t P m) Source #	apply coefficient-wise
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods fmap :: (a -> b) -> CycRep t P m a -> CycRep t P m b # (<$) :: a -> CycRep t P m b -> CycRep t P m a #
Applicative (t m) => Applicative (CycRep t D m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods pure :: a -> CycRep t D m a # (<>) :: CycRep t D m (a -> b) -> CycRep t D m a -> CycRep t D m b # liftA2 :: (a -> b -> c) -> CycRep t D m a -> CycRep t D m b -> CycRep t D m c # (>) :: CycRep t D m a -> CycRep t D m b -> CycRep t D m b # (<*) :: CycRep t D m a -> CycRep t D m b -> CycRep t D m a #
Applicative (t m) => Applicative (CycRep t P m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods pure :: a -> CycRep t P m a # (<>) :: CycRep t P m (a -> b) -> CycRep t P m a -> CycRep t P m b # liftA2 :: (a -> b -> c) -> CycRep t P m a -> CycRep t P m b -> CycRep t P m c # (>) :: CycRep t P m a -> CycRep t P m b -> CycRep t P m b # (<*) :: CycRep t P m a -> CycRep t P m b -> CycRep t P m a #
Foldable (t m) => Foldable (CycRep t C m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods fold :: Monoid m0 => CycRep t C m m0 -> m0 # foldMap :: Monoid m0 => (a -> m0) -> CycRep t C m a -> m0 # foldr :: (a -> b -> b) -> b -> CycRep t C m a -> b # foldr' :: (a -> b -> b) -> b -> CycRep t C m a -> b # foldl :: (b -> a -> b) -> b -> CycRep t C m a -> b # foldl' :: (b -> a -> b) -> b -> CycRep t C m a -> b # foldr1 :: (a -> a -> a) -> CycRep t C m a -> a # foldl1 :: (a -> a -> a) -> CycRep t C m a -> a # toList :: CycRep t C m a -> [a] # null :: CycRep t C m a -> Bool # length :: CycRep t C m a -> Int # elem :: Eq a => a -> CycRep t C m a -> Bool # maximum :: Ord a => CycRep t C m a -> a # minimum :: Ord a => CycRep t C m a -> a # sum :: Num a => CycRep t C m a -> a # product :: Num a => CycRep t C m a -> a #
Foldable (t m) => Foldable (CycRep t D m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods fold :: Monoid m0 => CycRep t D m m0 -> m0 # foldMap :: Monoid m0 => (a -> m0) -> CycRep t D m a -> m0 # foldr :: (a -> b -> b) -> b -> CycRep t D m a -> b # foldr' :: (a -> b -> b) -> b -> CycRep t D m a -> b # foldl :: (b -> a -> b) -> b -> CycRep t D m a -> b # foldl' :: (b -> a -> b) -> b -> CycRep t D m a -> b # foldr1 :: (a -> a -> a) -> CycRep t D m a -> a # foldl1 :: (a -> a -> a) -> CycRep t D m a -> a # toList :: CycRep t D m a -> [a] # null :: CycRep t D m a -> Bool # length :: CycRep t D m a -> Int # elem :: Eq a => a -> CycRep t D m a -> Bool # maximum :: Ord a => CycRep t D m a -> a # minimum :: Ord a => CycRep t D m a -> a # sum :: Num a => CycRep t D m a -> a # product :: Num a => CycRep t D m a -> a #
Foldable (t m) => Foldable (CycRep t P m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods fold :: Monoid m0 => CycRep t P m m0 -> m0 # foldMap :: Monoid m0 => (a -> m0) -> CycRep t P m a -> m0 # foldr :: (a -> b -> b) -> b -> CycRep t P m a -> b # foldr' :: (a -> b -> b) -> b -> CycRep t P m a -> b # foldl :: (b -> a -> b) -> b -> CycRep t P m a -> b # foldl' :: (b -> a -> b) -> b -> CycRep t P m a -> b # foldr1 :: (a -> a -> a) -> CycRep t P m a -> a # foldl1 :: (a -> a -> a) -> CycRep t P m a -> a # toList :: CycRep t P m a -> [a] # null :: CycRep t P m a -> Bool # length :: CycRep t P m a -> Int # elem :: Eq a => a -> CycRep t P m a -> Bool # maximum :: Ord a => CycRep t P m a -> a # minimum :: Ord a => CycRep t P m a -> a # sum :: Num a => CycRep t P m a -> a # product :: Num a => CycRep t P m a -> a #
Traversable (t m) => Traversable (CycRep t D m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods traverse :: Applicative f => (a -> f b) -> CycRep t D m a -> f (CycRep t D m b) # sequenceA :: Applicative f => CycRep t D m (f a) -> f (CycRep t D m a) # mapM :: Monad m0 => (a -> m0 b) -> CycRep t D m a -> m0 (CycRep t D m b) # sequence :: Monad m0 => CycRep t D m (m0 a) -> m0 (CycRep t D m a) #
Traversable (t m) => Traversable (CycRep t P m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods traverse :: Applicative f => (a -> f b) -> CycRep t P m a -> f (CycRep t P m b) # sequenceA :: Applicative f => CycRep t P m (f a) -> f (CycRep t P m a) # mapM :: Monad m0 => (a -> m0 b) -> CycRep t P m a -> m0 (CycRep t P m b) # sequence :: Monad m0 => CycRep t P m (m0 a) -> m0 (CycRep t P m a) #
(Random (t m r), Fact m, TensorCRT t Maybe r) => Random (CycRepPC t m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods randomR :: RandomGen g => (CycRepPC t m r, CycRepPC t m r) -> g -> (CycRepPC t m r, g) # random :: RandomGen g => g -> (CycRepPC t m r, g) # randomRs :: RandomGen g => (CycRepPC t m r, CycRepPC t m r) -> g -> [CycRepPC t m r] # randoms :: RandomGen g => g -> [CycRepPC t m r] # randomRIO :: (CycRepPC t m r, CycRepPC t m r) -> IO (CycRepPC t m r) # randomIO :: IO (CycRepPC t m r) #
(Fact m, CRTElt t r) => C (CycRepEC t m r) Source #	only for appropriate CRT representation
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*) :: CycRepEC t m r -> CycRepEC t m r -> CycRepEC t m r # one :: CycRepEC t m r # fromInteger :: Integer -> CycRepEC t m r # (^) :: CycRepEC t m r -> Integer -> CycRepEC t m r #
(Fact m, CRTElt t r) => C (CycRepEC t m r) Source #	only for appropriate CRT representation (otherwise `zero` would violate internal invariant)
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods zero :: CycRepEC t m r # (+) :: CycRepEC t m r -> CycRepEC t m r -> CycRepEC t m r # (-) :: CycRepEC t m r -> CycRepEC t m r -> CycRepEC t m r # negate :: CycRepEC t m r -> CycRepEC t m r #
(GFCtx fp d, Fact m, TensorPowDec t fp, Module (GF fp d) (t m fp)) => C (GF fp d) (CycRep t P m fp) Source #	$R_p$ is an $\F_{p^d}$-module when $d$ divides $\varphi(m)$, by applying $d$-dimensional $\F_p$-linear transform on $d$-dim chunks of powerful basis coeffs.
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*>) :: GF fp d -> CycRep t P m fp -> CycRep t P m fp #
Eq (t m r) => Eq (CycRep t C m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (==) :: CycRep t C m r -> CycRep t C m r -> Bool # (/=) :: CycRep t C m r -> CycRep t C m r -> Bool #
Eq (t m r) => Eq (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (==) :: CycRep t D m r -> CycRep t D m r -> Bool # (/=) :: CycRep t D m r -> CycRep t D m r -> Bool #
Eq (t m r) => Eq (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (==) :: CycRep t P m r -> CycRep t P m r -> Bool # (/=) :: CycRep t P m r -> CycRep t P m r -> Bool #
Show (t m (CRTExt r)) => Show (CycRep t E m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods showsPrec :: Int -> CycRep t E m r -> ShowS # show :: CycRep t E m r -> String # showList :: [CycRep t E m r] -> ShowS #
Show (t m r) => Show (CycRep t C m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods showsPrec :: Int -> CycRep t C m r -> ShowS # show :: CycRep t C m r -> String # showList :: [CycRep t C m r] -> ShowS #
Show (t m r) => Show (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods showsPrec :: Int -> CycRep t D m r -> ShowS # show :: CycRep t D m r -> String # showList :: [CycRep t D m r] -> ShowS #
Show (t m r) => Show (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods showsPrec :: Int -> CycRep t P m r -> ShowS # show :: CycRep t P m r -> String # showList :: [CycRep t P m r] -> ShowS #
Random (t m r) => Random (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods randomR :: RandomGen g => (CycRep t D m r, CycRep t D m r) -> g -> (CycRep t D m r, g) # random :: RandomGen g => g -> (CycRep t D m r, g) # randomRs :: RandomGen g => (CycRep t D m r, CycRep t D m r) -> g -> [CycRep t D m r] # randoms :: RandomGen g => g -> [CycRep t D m r] # randomRIO :: (CycRep t D m r, CycRep t D m r) -> IO (CycRep t D m r) # randomIO :: IO (CycRep t D m r) #
Random (t m r) => Random (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods randomR :: RandomGen g => (CycRep t P m r, CycRep t P m r) -> g -> (CycRep t P m r, g) # random :: RandomGen g => g -> (CycRep t P m r, g) # randomRs :: RandomGen g => (CycRep t P m r, CycRep t P m r) -> g -> [CycRep t P m r] # randoms :: RandomGen g => g -> [CycRep t P m r] # randomRIO :: (CycRep t P m r, CycRep t P m r) -> IO (CycRep t P m r) # randomIO :: IO (CycRep t P m r) #
NFData (t m (CRTExt r)) => NFData (CycRep t E m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rnf :: CycRep t E m r -> () #
NFData (t m r) => NFData (CycRep t C m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rnf :: CycRep t C m r -> () #
NFData (t m r) => NFData (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rnf :: CycRep t D m r -> () #
NFData (t m r) => NFData (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rnf :: CycRep t P m r -> () #
ZeroTestable (t m r) => C (CycRep t C m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods isZero :: CycRep t C m r -> Bool #
C (t m r) => C (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods isZero :: CycRep t D m r -> Bool #
C (t m r) => C (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods isZero :: CycRep t P m r -> Bool #
(TensorPowDec t r, Fact m) => C (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods zero :: CycRep t D m r # (+) :: CycRep t D m r -> CycRep t D m r -> CycRep t D m r # (-) :: CycRep t D m r -> CycRep t D m r -> CycRep t D m r # negate :: CycRep t D m r -> CycRep t D m r #
(TensorPowDec t r, Fact m) => C (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods zero :: CycRep t P m r # (+) :: CycRep t P m r -> CycRep t P m r -> CycRep t P m r # (-) :: CycRep t P m r -> CycRep t P m r -> CycRep t P m r # negate :: CycRep t P m r -> CycRep t P m r #
(Lift' r, IFunctor t, IFElt t r, IFElt t (LiftOf r), Fact m) => Lift' (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods lift :: CycRep t D m r -> LiftOf (CycRep t D m r) Source #
(Fact m, Lift' r, IFunctor t, IFElt t r, IFElt t (LiftOf r)) => Lift' (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods lift :: CycRep t P m r -> LiftOf (CycRep t P m r) Source #
Protoable (t m r) => Protoable (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Associated Types type ProtoType (CycRep t D m r) :: Type Source # Methods toProto :: CycRep t D m r -> ProtoType (CycRep t D m r) Source # fromProto :: MonadError String m0 => ProtoType (CycRep t D m r) -> m0 (CycRep t D m r) Source #
(Rescale a b, TensorPowDec t a, TensorPowDec t b, Fact m) => Rescale (CycRep t D m a) (CycRep t D m b) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rescale :: CycRep t D m a -> CycRep t D m b Source #
(Rescale a b, TensorPowDec t a, TensorPowDec t b, Fact m) => Rescale (CycRep t P m a) (CycRep t P m b) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rescale :: CycRep t P m a -> CycRep t P m b Source #
(Fact m, Reduce a b, IFunctor t, IFElt t a, IFElt t b) => Reduce (CycRep t D m a) (CycRep t D m b) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods reduce :: CycRep t D m a -> CycRep t D m b Source #
(Fact m, Reduce a b, IFunctor t, IFElt t a, IFElt t b) => Reduce (CycRep t P m a) (CycRep t P m b) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods reduce :: CycRep t P m a -> CycRep t P m b Source #
data CycRep t E m r Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep data CycRep t E m r = CRTE !(ESentinel t m r) !(t m (CRTExt r))
data CycRep t C m r Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep data CycRep t C m r = CRTC !(CSentinel t m r) !(t m r)
newtype CycRep t D m r Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep newtype CycRep t D m r = Dec (t m r)
newtype CycRep t P m r Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep newtype CycRep t P m r = Pow (t m r)
type IFElt (CycRep t D) a Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep type IFElt (CycRep t D) a = IFElt t a
type IFElt (CycRep t P) a Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep type IFElt (CycRep t P) a = IFElt t a
type LiftOf (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep type LiftOf (CycRep t D m r) = CycRep t D m (LiftOf r)
type LiftOf (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep type LiftOf (CycRep t P m r) = CycRep t P m (LiftOf r)
type ProtoType (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep type ProtoType (CycRep t D m r) = ProtoType (t m r)

data P Source #

Represents a cyclotomic ring such as $\Z[\zeta_m]$, $\Z_q[\zeta_m]$, and $\Q(\zeta_m)$ in an explicit representation: t is the TensorPowDec type for storing coefficient tensors; m is the cyclotomic index; rep is the representation (e.g., P, D, C, E); r is the base ring of the coefficients (e.g., $\Z$, $\Z_q$).

Nullary index type representing the powerful basis.

Instances

(Ring r, TensorPowDec t r, Fact m) => C r (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*>) :: r -> CycRep t P m r -> CycRep t P m r #
IFunctor t => IFunctor (CycRep t P) Source #	apply coefficient-wise
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Associated Types type IFElt (CycRep t P) a :: Constraint Source # Methods fmapI :: (IFElt (CycRep t P) a, IFElt (CycRep t P) b, Fact m) => (a -> b) -> CycRep t P m a -> CycRep t P m b Source # zipWithI :: (IFElt (CycRep t P) a, IFElt (CycRep t P) b, IFElt (CycRep t P) c, Fact m) => (a -> b -> c) -> CycRep t P m a -> CycRep t P m b -> CycRep t P m c Source #
Functor (t m) => Functor (CycRep t P m) Source #	apply coefficient-wise
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods fmap :: (a -> b) -> CycRep t P m a -> CycRep t P m b # (<$) :: a -> CycRep t P m b -> CycRep t P m a #
Applicative (t m) => Applicative (CycRep t P m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods pure :: a -> CycRep t P m a # (<>) :: CycRep t P m (a -> b) -> CycRep t P m a -> CycRep t P m b # liftA2 :: (a -> b -> c) -> CycRep t P m a -> CycRep t P m b -> CycRep t P m c # (>) :: CycRep t P m a -> CycRep t P m b -> CycRep t P m b # (<*) :: CycRep t P m a -> CycRep t P m b -> CycRep t P m a #
Foldable (t m) => Foldable (CycRep t P m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods fold :: Monoid m0 => CycRep t P m m0 -> m0 # foldMap :: Monoid m0 => (a -> m0) -> CycRep t P m a -> m0 # foldr :: (a -> b -> b) -> b -> CycRep t P m a -> b # foldr' :: (a -> b -> b) -> b -> CycRep t P m a -> b # foldl :: (b -> a -> b) -> b -> CycRep t P m a -> b # foldl' :: (b -> a -> b) -> b -> CycRep t P m a -> b # foldr1 :: (a -> a -> a) -> CycRep t P m a -> a # foldl1 :: (a -> a -> a) -> CycRep t P m a -> a # toList :: CycRep t P m a -> [a] # null :: CycRep t P m a -> Bool # length :: CycRep t P m a -> Int # elem :: Eq a => a -> CycRep t P m a -> Bool # maximum :: Ord a => CycRep t P m a -> a # minimum :: Ord a => CycRep t P m a -> a # sum :: Num a => CycRep t P m a -> a # product :: Num a => CycRep t P m a -> a #
Traversable (t m) => Traversable (CycRep t P m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods traverse :: Applicative f => (a -> f b) -> CycRep t P m a -> f (CycRep t P m b) # sequenceA :: Applicative f => CycRep t P m (f a) -> f (CycRep t P m a) # mapM :: Monad m0 => (a -> m0 b) -> CycRep t P m a -> m0 (CycRep t P m b) # sequence :: Monad m0 => CycRep t P m (m0 a) -> m0 (CycRep t P m a) #
(Random (t m r), Fact m, TensorCRT t Maybe r) => Random (CycRepPC t m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods randomR :: RandomGen g => (CycRepPC t m r, CycRepPC t m r) -> g -> (CycRepPC t m r, g) # random :: RandomGen g => g -> (CycRepPC t m r, g) # randomRs :: RandomGen g => (CycRepPC t m r, CycRepPC t m r) -> g -> [CycRepPC t m r] # randoms :: RandomGen g => g -> [CycRepPC t m r] # randomRIO :: (CycRepPC t m r, CycRepPC t m r) -> IO (CycRepPC t m r) # randomIO :: IO (CycRepPC t m r) #
(GFCtx fp d, Fact m, TensorPowDec t fp, Module (GF fp d) (t m fp)) => C (GF fp d) (CycRep t P m fp) Source #	$R_p$ is an $\F_{p^d}$-module when $d$ divides $\varphi(m)$, by applying $d$-dimensional $\F_p$-linear transform on $d$-dim chunks of powerful basis coeffs.
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*>) :: GF fp d -> CycRep t P m fp -> CycRep t P m fp #
Eq (t m r) => Eq (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (==) :: CycRep t P m r -> CycRep t P m r -> Bool # (/=) :: CycRep t P m r -> CycRep t P m r -> Bool #
Show (t m r) => Show (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods showsPrec :: Int -> CycRep t P m r -> ShowS # show :: CycRep t P m r -> String # showList :: [CycRep t P m r] -> ShowS #
Random (t m r) => Random (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods randomR :: RandomGen g => (CycRep t P m r, CycRep t P m r) -> g -> (CycRep t P m r, g) # random :: RandomGen g => g -> (CycRep t P m r, g) # randomRs :: RandomGen g => (CycRep t P m r, CycRep t P m r) -> g -> [CycRep t P m r] # randoms :: RandomGen g => g -> [CycRep t P m r] # randomRIO :: (CycRep t P m r, CycRep t P m r) -> IO (CycRep t P m r) # randomIO :: IO (CycRep t P m r) #
NFData (t m r) => NFData (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rnf :: CycRep t P m r -> () #
C (t m r) => C (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods isZero :: CycRep t P m r -> Bool #
(TensorPowDec t r, Fact m) => C (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods zero :: CycRep t P m r # (+) :: CycRep t P m r -> CycRep t P m r -> CycRep t P m r # (-) :: CycRep t P m r -> CycRep t P m r -> CycRep t P m r # negate :: CycRep t P m r -> CycRep t P m r #
(Fact m, Lift' r, IFunctor t, IFElt t r, IFElt t (LiftOf r)) => Lift' (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods lift :: CycRep t P m r -> LiftOf (CycRep t P m r) Source #
(Rescale a b, TensorPowDec t a, TensorPowDec t b, Fact m) => Rescale (CycRep t P m a) (CycRep t P m b) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rescale :: CycRep t P m a -> CycRep t P m b Source #
(Fact m, Reduce a b, IFunctor t, IFElt t a, IFElt t b) => Reduce (CycRep t P m a) (CycRep t P m b) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods reduce :: CycRep t P m a -> CycRep t P m b Source #
newtype CycRep t P m r Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep newtype CycRep t P m r = Pow (t m r)
type IFElt (CycRep t P) a Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep type IFElt (CycRep t P) a = IFElt t a
type LiftOf (CycRep t P m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep type LiftOf (CycRep t P m r) = CycRep t P m (LiftOf r)

data D Source #

Nullary index type representing the decoding basis.

Instances

(Ring r, TensorPowDec t r, Fact m) => C r (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*>) :: r -> CycRep t D m r -> CycRep t D m r #
IFunctor t => IFunctor (CycRep t D) Source #	apply coefficient-wise
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Associated Types type IFElt (CycRep t D) a :: Constraint Source # Methods fmapI :: (IFElt (CycRep t D) a, IFElt (CycRep t D) b, Fact m) => (a -> b) -> CycRep t D m a -> CycRep t D m b Source # zipWithI :: (IFElt (CycRep t D) a, IFElt (CycRep t D) b, IFElt (CycRep t D) c, Fact m) => (a -> b -> c) -> CycRep t D m a -> CycRep t D m b -> CycRep t D m c Source #
Functor (t m) => Functor (CycRep t D m) Source #	apply coefficient-wise
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods fmap :: (a -> b) -> CycRep t D m a -> CycRep t D m b # (<$) :: a -> CycRep t D m b -> CycRep t D m a #
Applicative (t m) => Applicative (CycRep t D m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods pure :: a -> CycRep t D m a # (<>) :: CycRep t D m (a -> b) -> CycRep t D m a -> CycRep t D m b # liftA2 :: (a -> b -> c) -> CycRep t D m a -> CycRep t D m b -> CycRep t D m c # (>) :: CycRep t D m a -> CycRep t D m b -> CycRep t D m b # (<*) :: CycRep t D m a -> CycRep t D m b -> CycRep t D m a #
Foldable (t m) => Foldable (CycRep t D m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods fold :: Monoid m0 => CycRep t D m m0 -> m0 # foldMap :: Monoid m0 => (a -> m0) -> CycRep t D m a -> m0 # foldr :: (a -> b -> b) -> b -> CycRep t D m a -> b # foldr' :: (a -> b -> b) -> b -> CycRep t D m a -> b # foldl :: (b -> a -> b) -> b -> CycRep t D m a -> b # foldl' :: (b -> a -> b) -> b -> CycRep t D m a -> b # foldr1 :: (a -> a -> a) -> CycRep t D m a -> a # foldl1 :: (a -> a -> a) -> CycRep t D m a -> a # toList :: CycRep t D m a -> [a] # null :: CycRep t D m a -> Bool # length :: CycRep t D m a -> Int # elem :: Eq a => a -> CycRep t D m a -> Bool # maximum :: Ord a => CycRep t D m a -> a # minimum :: Ord a => CycRep t D m a -> a # sum :: Num a => CycRep t D m a -> a # product :: Num a => CycRep t D m a -> a #
Traversable (t m) => Traversable (CycRep t D m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods traverse :: Applicative f => (a -> f b) -> CycRep t D m a -> f (CycRep t D m b) # sequenceA :: Applicative f => CycRep t D m (f a) -> f (CycRep t D m a) # mapM :: Monad m0 => (a -> m0 b) -> CycRep t D m a -> m0 (CycRep t D m b) # sequence :: Monad m0 => CycRep t D m (m0 a) -> m0 (CycRep t D m a) #
Eq (t m r) => Eq (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (==) :: CycRep t D m r -> CycRep t D m r -> Bool # (/=) :: CycRep t D m r -> CycRep t D m r -> Bool #
Show (t m r) => Show (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods showsPrec :: Int -> CycRep t D m r -> ShowS # show :: CycRep t D m r -> String # showList :: [CycRep t D m r] -> ShowS #
Random (t m r) => Random (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods randomR :: RandomGen g => (CycRep t D m r, CycRep t D m r) -> g -> (CycRep t D m r, g) # random :: RandomGen g => g -> (CycRep t D m r, g) # randomRs :: RandomGen g => (CycRep t D m r, CycRep t D m r) -> g -> [CycRep t D m r] # randoms :: RandomGen g => g -> [CycRep t D m r] # randomRIO :: (CycRep t D m r, CycRep t D m r) -> IO (CycRep t D m r) # randomIO :: IO (CycRep t D m r) #
NFData (t m r) => NFData (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rnf :: CycRep t D m r -> () #
C (t m r) => C (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods isZero :: CycRep t D m r -> Bool #
(TensorPowDec t r, Fact m) => C (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods zero :: CycRep t D m r # (+) :: CycRep t D m r -> CycRep t D m r -> CycRep t D m r # (-) :: CycRep t D m r -> CycRep t D m r -> CycRep t D m r # negate :: CycRep t D m r -> CycRep t D m r #
(Lift' r, IFunctor t, IFElt t r, IFElt t (LiftOf r), Fact m) => Lift' (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods lift :: CycRep t D m r -> LiftOf (CycRep t D m r) Source #
Protoable (t m r) => Protoable (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Associated Types type ProtoType (CycRep t D m r) :: Type Source # Methods toProto :: CycRep t D m r -> ProtoType (CycRep t D m r) Source # fromProto :: MonadError String m0 => ProtoType (CycRep t D m r) -> m0 (CycRep t D m r) Source #
(Rescale a b, TensorPowDec t a, TensorPowDec t b, Fact m) => Rescale (CycRep t D m a) (CycRep t D m b) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rescale :: CycRep t D m a -> CycRep t D m b Source #
(Fact m, Reduce a b, IFunctor t, IFElt t a, IFElt t b) => Reduce (CycRep t D m a) (CycRep t D m b) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods reduce :: CycRep t D m a -> CycRep t D m b Source #
newtype CycRep t D m r Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep newtype CycRep t D m r = Dec (t m r)
type IFElt (CycRep t D) a Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep type IFElt (CycRep t D) a = IFElt t a
type LiftOf (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep type LiftOf (CycRep t D m r) = CycRep t D m (LiftOf r)
type ProtoType (CycRep t D m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep type ProtoType (CycRep t D m r) = ProtoType (t m r)

data C Source #

Nullary index type representing the CRT basis over base ring.

Instances

(CRTElt t r, Fact m) => C r (CycRepEC t m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*>) :: r -> CycRepEC t m r -> CycRepEC t m r #
Foldable (t m) => Foldable (CycRep t C m) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods fold :: Monoid m0 => CycRep t C m m0 -> m0 # foldMap :: Monoid m0 => (a -> m0) -> CycRep t C m a -> m0 # foldr :: (a -> b -> b) -> b -> CycRep t C m a -> b # foldr' :: (a -> b -> b) -> b -> CycRep t C m a -> b # foldl :: (b -> a -> b) -> b -> CycRep t C m a -> b # foldl' :: (b -> a -> b) -> b -> CycRep t C m a -> b # foldr1 :: (a -> a -> a) -> CycRep t C m a -> a # foldl1 :: (a -> a -> a) -> CycRep t C m a -> a # toList :: CycRep t C m a -> [a] # null :: CycRep t C m a -> Bool # length :: CycRep t C m a -> Int # elem :: Eq a => a -> CycRep t C m a -> Bool # maximum :: Ord a => CycRep t C m a -> a # minimum :: Ord a => CycRep t C m a -> a # sum :: Num a => CycRep t C m a -> a # product :: Num a => CycRep t C m a -> a #
(Random (t m r), Fact m, TensorCRT t Maybe r) => Random (CycRepPC t m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods randomR :: RandomGen g => (CycRepPC t m r, CycRepPC t m r) -> g -> (CycRepPC t m r, g) # random :: RandomGen g => g -> (CycRepPC t m r, g) # randomRs :: RandomGen g => (CycRepPC t m r, CycRepPC t m r) -> g -> [CycRepPC t m r] # randoms :: RandomGen g => g -> [CycRepPC t m r] # randomRIO :: (CycRepPC t m r, CycRepPC t m r) -> IO (CycRepPC t m r) # randomIO :: IO (CycRepPC t m r) #
(Fact m, CRTElt t r) => C (CycRepEC t m r) Source #	only for appropriate CRT representation
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*) :: CycRepEC t m r -> CycRepEC t m r -> CycRepEC t m r # one :: CycRepEC t m r # fromInteger :: Integer -> CycRepEC t m r # (^) :: CycRepEC t m r -> Integer -> CycRepEC t m r #
(Fact m, CRTElt t r) => C (CycRepEC t m r) Source #	only for appropriate CRT representation (otherwise `zero` would violate internal invariant)
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods zero :: CycRepEC t m r # (+) :: CycRepEC t m r -> CycRepEC t m r -> CycRepEC t m r # (-) :: CycRepEC t m r -> CycRepEC t m r -> CycRepEC t m r # negate :: CycRepEC t m r -> CycRepEC t m r #
Eq (t m r) => Eq (CycRep t C m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (==) :: CycRep t C m r -> CycRep t C m r -> Bool # (/=) :: CycRep t C m r -> CycRep t C m r -> Bool #
Show (t m r) => Show (CycRep t C m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods showsPrec :: Int -> CycRep t C m r -> ShowS # show :: CycRep t C m r -> String # showList :: [CycRep t C m r] -> ShowS #
NFData (t m r) => NFData (CycRep t C m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rnf :: CycRep t C m r -> () #
ZeroTestable (t m r) => C (CycRep t C m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods isZero :: CycRep t C m r -> Bool #
data CycRep t C m r Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep data CycRep t C m r = CRTC !(CSentinel t m r) !(t m r)

data E Source #

Nullary index type representing the CRT basis over extension of base ring.

Instances

(CRTElt t r, Fact m) => C r (CycRepEC t m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*>) :: r -> CycRepEC t m r -> CycRepEC t m r #
(Fact m, CRTElt t r) => C (CycRepEC t m r) Source #	only for appropriate CRT representation
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods (*) :: CycRepEC t m r -> CycRepEC t m r -> CycRepEC t m r # one :: CycRepEC t m r # fromInteger :: Integer -> CycRepEC t m r # (^) :: CycRepEC t m r -> Integer -> CycRepEC t m r #
(Fact m, CRTElt t r) => C (CycRepEC t m r) Source #	only for appropriate CRT representation (otherwise `zero` would violate internal invariant)
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods zero :: CycRepEC t m r # (+) :: CycRepEC t m r -> CycRepEC t m r -> CycRepEC t m r # (-) :: CycRepEC t m r -> CycRepEC t m r -> CycRepEC t m r # negate :: CycRepEC t m r -> CycRepEC t m r #
Show (t m (CRTExt r)) => Show (CycRep t E m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods showsPrec :: Int -> CycRep t E m r -> ShowS # show :: CycRep t E m r -> String # showList :: [CycRep t E m r] -> ShowS #
NFData (t m (CRTExt r)) => NFData (CycRep t E m r) Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep Methods rnf :: CycRep t E m r -> () #
data CycRep t E m r Source #
Instance details Defined in Crypto.Lol.Cyclotomic.CycRep data CycRep t E m r = CRTE !(ESentinel t m r) !(t m (CRTExt r))

type CycRepEC t m r = Either (CycRep t E m r) (CycRep t C m r) Source #

Convenient synonym for either CRT representation.

type CycRepPC t m r = Either (CycRep t P m r) (CycRep t C m r) Source #

Convenient synonym for random sampling.

type CRTElt t r = (TensorG t r, CRTEmbed r, TensorCRT t Maybe r, TensorCRT t Identity (CRTExt r)) Source #

Constraints needed for CRT-related operations on CycRep data.

Changing representation

toPow :: (ToPowDec t rep r, Fact m) => CycRep t rep m r -> CycRep t P m r Source #

Convert to powerful-basis representation.

toDec :: (ToPowDec t rep r, Fact m) => CycRep t rep m r -> CycRep t D m r Source #

Convert to decoding-basis representation.

toCRT :: (ToCRT t rep r, Fact m) => CycRep t rep m r -> Either (CycRep t E m r) (CycRep t C m r) Source #

Convert to an appropriate CRT-basis representation.

Scalars

scalarPow :: (TensorPowDec t r, Fact m) => r -> CycRep t P m r Source #

Embed a scalar from the base ring.

scalarCRT :: (Fact m, CRTElt t r) => r -> CycRepEC t m r Source #

Embed a scalar from the base ring.

Basic operations

mulGPow :: (Fact m, TensorG t r) => CycRep t P m r -> CycRep t P m r Source #

multiply by the special element g

mulGDec :: (Fact m, TensorG t r) => CycRep t D m r -> CycRep t D m r Source #

multiply by the special element g

mulGCRTC :: (Fact m, TensorCRT t Maybe r) => CycRep t C m r -> CycRep t C m r Source #

multiply by the special element g

divGPow :: (Fact m, TensorG t r) => CycRep t P m r -> Maybe (CycRep t P m r) Source #

Divide by the special element $g_m$. WARNING: this implementation is not a constant-time algorithm, so information about the argument may be leaked through a timing channel.

divGDec :: (Fact m, TensorG t r) => CycRep t D m r -> Maybe (CycRep t D m r) Source #

Similar to divGPow.

divGCRTC :: (Fact m, CRTElt t r) => CycRep t C m r -> CycRep t C m r Source #

Similar to divGPow.

gSqNormDec :: (TensorGSqNorm t r, Fact m) => CycRep t D m r -> r Source #

Yield the scaled squared norm of $g_m \cdot e$ under the canonical embedding, namely, $\hat{m}^{-1} \cdot \| \sigma(g_m \cdot e) \|^2$ .

Error sampling

tweakedGaussian :: (TensorGaussian t q, MonadRandom rnd, Fact m, ToRational v) => v -> rnd (CycRep t D m q) Source #

Sample from the "tweaked" Gaussian error distribution $t\cdot D$ in the decoding basis, where $D$ has scaled variance $v$.

roundedGaussian :: forall v rnd t m z. (TensorGaussian t Double, IFElt t Double, IFunctor t, ToInteger z, IFElt t z, Fact m, ToRational v, MonadRandom rnd) => v -> rnd (CycRep t D m z) Source #

Sample from the tweaked Gaussian with given scaled variance, deterministically rounded using the decoding basis. (This implementation uses Double precision to generate the Gaussian sample, which might not be sufficient for rigorous proof-based security.)

cosetGaussian :: forall t m zp z v rnd. (TensorGaussian t Double, IFElt t Double, IFunctor t, Lift zp z, Mod zp, z ~ ModRep zp, IFElt t zp, IFElt t z, Fact m, ToRational v, MonadRandom rnd) => v -> CycRep t D m zp -> rnd (CycRep t D m z) Source #

Sample from the tweaked Gaussian with scaled variance (v cdot p^2), deterministically rounded to the given coset of $R_p$ using the decoding basis. (This implementation uses Double precision to generate the Gaussian sample, which may not be sufficient for rigorous proof-based security.)

Inter-ring operations and values

embedPow :: (TensorPowDec t r, m `Divides` m') => CycRep t P m r -> CycRep t P m' r Source #

Embed into an extension ring, for the powerful basis.

embedCRTC :: (m `Divides` m', CRTElt t r) => CycRep t C m r -> Either (CycRep t P m' r) (CycRep t C m' r) Source #

Embed into an extension ring, for the CRT basis. (The output is an Either because the extension ring might not support C.)

embedCRTE :: forall m m' t r. (m `Divides` m', CRTElt t r) => CycRep t E m r -> Either (CycRep t P m' r) (CycRep t E m' r) Source #

Similar to embedCRTC. (The output is an Either because the extension ring might support C, in which case we never use E.)

twacePow :: (TensorPowDec t r, m `Divides` m') => CycRep t P m' r -> CycRep t P m r Source #

Twace into a subring, for the powerful basis.

twaceDec :: (TensorPowDec t r, m `Divides` m') => CycRep t D m' r -> CycRep t D m r Source #

Twace into a subring, for the decoding basis.

twaceCRTC :: (m `Divides` m', CRTElt t r) => CycRep t C m' r -> CycRepPC t m r Source #

Twace into a subring, for the CRT basis. (The output is an Either because the subring might not support C.)

twaceCRTE :: forall t m m' r. (m `Divides` m', CRTElt t r) => CycRep t E m' r -> Either (CycRep t P m r) (CycRep t E m r) Source #

Similar to twaceCRTC. (The output is an Either because the subring might support C, in which case we never use E.)

coeffsPow :: (TensorPowDec t r, m `Divides` m') => CycRep t P m' r -> [CycRep t P m r] Source #

Yield the $\O_m$-coefficients of an $\O_{m'}$-element, with respect to the relative powerful $\O_m$-basis.

coeffsDec :: (TensorPowDec t r, m `Divides` m') => CycRep t D m' r -> [CycRep t D m r] Source #

Yield the $\O_m$-coefficients of an $\O_{m'}$ element, with respect to the relative decoding $\O_m$-basis.

powBasis :: forall m m' t r. (TensorPowDec t r, m `Divides` m') => [CycRep t P m' r] Source #

The relative powerful basis of $\O_{m'} / \O_m$.

crtSet :: forall m m' pp p mbar m'bar t z zpp. (m `Divides` m', p ~ PrimePP pp, mbar ~ PFree p m, m'bar ~ PFree p m', PPow pp, Prime p, zpp ~ ZqBasic pp z, ToInteger z, CRTElt t zpp, TensorCRTSet t (ZqBasic p z)) => [CycRep t P m' (ZqBasic pp z)] Source #

The relative mod-(r) CRT set of $\O_{m'} / \O_m$, represented with respect to the powerful basis (which seems to be the best choice for typical use cases).