Encapsulates linear transformations needed for cyclotomic ring arithmetic.

The type t m r represents a cyclotomic coefficient tensor of index \(m\) over base ring \(r\). Most of the methods represent linear transforms corresponding to operations in particular bases. CRT-related methods are wrapped in Maybe because they are well-defined only when a CRT basis exists over the ring \(r\) for index \(m\).

WARNING: as with all fixed-point arithmetic, the methods in TensorPowDec may result in overflow (and thereby incorrect answers and potential security flaws) if the input arguments are too close to the bounds imposed by the base type. The acceptable range of inputs for each method is determined by the linear transform it implements.

Encapsulates multiplication and division by \(g_m\)

Encapsulates functions related to the Chinese-remainder representation/transform.

A coefficient tensor that supports Gaussian sampling.

A coefficient tensor that supports taking norms under the canonical embedding.

A TensorPowDec that supports relative CRT sets for the element type fp representing a prime-order finite field.

Convenience value indicating whether crtFuncs exists.

Yield a tensor for a scalar in the CRT basis. (This function is simply an appropriate entry from crtFuncs.)

Multiply by \(g_m\) in the CRT basis. (This function is simply an appropriate entry from crtFuncs.)

Divide by \(g_m\) in the CRT basis. (This function is simply an appropriate entry from crtFuncs.)

The CRT transform. (This function is simply an appropriate entry from crtFuncs.)

The inverse CRT transform. (This function is simply an appropriate entry from crtFuncs.)

The "tweaked trace" function for tensors in the CRT basis: For cyclotomic indices \(m \mid m'\), \(\Tw(x) = (\hat{m}/\hat{m}') \cdot \Tr((g'/g) \cdot x)\). (This function is simply an appropriate entry from crtExtFuncs.)

Embed a tensor with index \(m\) in the CRT basis to a tensor with index \(m'\) in the CRT basis. (This function is simply an appropriate entry from crtExtFuncs.)

A Kronecker product of zero of more matrices over r.

Extract the (i,j) element of a Kron.

A \(\varphi(m)\)-by-1 matrix of the CRT coefficients of \(g_m\), for \(m\)th cyclotomic.

A \(\varphi(m)\)-by-1 matrix of the inverse CRT coefficients of \(g_m\), for \(m\)th cyclotomic.

The "tweaked" \(\CRT^*\) matrix: \(\CRT^* \cdot \text{diag}(\sigma(g_m))\).

Convert a \(\Z_m^*\) index to a linear tensor index in \([m]\).

A collection of useful information for working with tensor extensions. The first component is a list of triples \((p,e,e')\) where \(e\), \(e'\) are respectively the exponents of prime \(p\) in \(m\), \(m'\). The next two components are \(\varphi(m)\) and \(\varphi(m')\). The final component is a pair \( ( \varphi(p^e), \varphi(p^{e'}))\) for each triple in the first component.

A vector of \(\varphi(m)\) entries, where the \(i\)th entry is the index into the powerful/decoding basis of \(\O_{m'}\) of the \(i\)th entry of the powerful/decoding basis of \(\O_m\).

A vector of \(\varphi(m)\) blocks of \(\varphi(m')/\varphi(m)\) consecutive entries. Each block contains all those indices into the CRT basis of \(\O_{m'}\) that "lie above" the corresponding index into the CRT basis of \(\O_m\).

The \(i_0\)th entry of the \(i_1\)th vector is fromIndexPair \((i_1,i_0)\).

A lookup table for toIndexPair applied to indices \([\varphi(m')]\).

A lookup table for baseIndexDec applied to indices \([\varphi(m')]\).

Same as baseIndicesPow, but only includes the second component of each pair.

Base-(p) digit reversal; input and output are in \([p^e]\).