Copyright	(c) Eric Crockett 2011-2017 Chris Peikert 2011-2017
License	GPL-2
Maintainer	ecrockett0@email.com
Stability	experimental
Portability	POSIX \( \def\O{\mathcal{O}} \)
Safe Haskell	None
Language	Haskell2010

Crypto.Lol.Applications.SymmSHE

Contents

Data types
Keygen, encryption, decryption
Arithmetic with public values
Modulus switching
Key switching
Ring switching
Constraint synonyms
Orphan instances

Description

Symmetric-key somewhat homomorphic encryption. See Section 4 of http://eprint.iacr.org/2015/1134 for mathematical description.

Synopsis

Data types

data SK r Source #

secret key

Instances

NFData r => NFData (SK r) Source #
Methods rnf :: SK r -> () #
(Protoable r, (~) * (ProtoType r) R) => Protoable (SK r) Source #
Associated Types type ProtoType (SK r) :: * # Methods toProto :: SK r -> ProtoType (SK r) # fromProto :: MonadError String m => ProtoType (SK r) -> m (SK r) #
type ProtoType (SK r) Source #
type ProtoType (SK r) = SecretKey

type PT rp = rp Source #

plaintext

data CT m zp r'q Source #

Ciphertext over \( R'_q \) encrypting a plaintext in \( R_p \), where \( R=\mathcal{O}_m \).

Instances

(Show r'q, Show zp) => Show (CT m zp r'q) Source #
Methods showsPrec :: Int -> CT m zp r'q -> ShowS # show :: CT m zp r'q -> String # showList :: [CT m zp r'q] -> ShowS #
(NFData zp, NFData r'q) => NFData (CT m zp r'q) Source #
Methods rnf :: CT m zp r'q -> () #
(Lift' zp, Reduce (LiftOf zp) zq, Fact m', CElt t zq, Eq zp, Divides m m', ToSDCtx t m' zp zq) => C (CT m zp (Cyc t m' zq)) Source #
Methods zero :: CT m zp (Cyc t m' zq) # (+) :: CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) # (-) :: CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) # negate :: CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) #
(ToSDCtx t m' zp zq, Additive (CT m zp (Cyc t m' zq))) => C (CT m zp (Cyc t m' zq)) Source #
Methods (*) :: CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) # one :: CT m zp (Cyc t m' zq) # fromInteger :: Integer -> CT m zp (Cyc t m' zq) # (^) :: CT m zp (Cyc t m' zq) -> Integer -> CT m zp (Cyc t m' zq) #

Keygen, encryption, decryption

genSK :: (GenSKCtx t m z v, MonadRandom rnd) => v -> rnd (SK (Cyc t m z)) Source #

Generates a secret key with (index-independent) scaled variance parameter \( v \); see errorRounded.

genSKWithVar :: (ToInteger z, Fact m, CElt t z, MonadRandom rnd) => SK a -> rnd (SK (Cyc t m z)) Source #

Generates a secret key with the same scaled variance as the input secret key.

encrypt :: forall t m m' z zp zq rnd. (EncryptCtx t m m' z zp zq, MonadRandom rnd) => SK (Cyc t m' z) -> PT (Cyc t m zp) -> rnd (CT m zp (Cyc t m' zq)) Source #

Encrypt a plaintext under a secret key.

errorTerm :: ErrorTermCtx t m' z zp zq => SK (Cyc t m' z) -> CT m zp (Cyc t m' zq) -> Cyc t m' (LiftOf zq) Source #

Extract the error term of a ciphertext.

errorTermUnrestricted :: (Reduce z zq, Lift' zq, CElt t z, ToSDCtx t m' zp zq) => SK (Cyc t m' z) -> CT m zp (Cyc t m' zq) -> UCyc t m' D (LiftOf zq) Source #

More general form of errorTerm that works for unrestricted output coefficient types.

decrypt :: forall t m m' z zp zq. DecryptCtx t m m' z zp zq => SK (Cyc t m' z) -> CT m zp (Cyc t m' zq) -> PT (Cyc t m zp) Source #

Decrypt a ciphertext.

decryptUnrestricted :: DecryptUCtx t m m' z zp zq => SK (Cyc t m' z) -> CT m zp (Cyc t m' zq) -> PT (Cyc t m zp) Source #

More general form of decrypt that works for unrestricted output coefficient types.

Arithmetic with public values

addPublic :: forall t m m' zp zq. AddPublicCtx t m m' zp zq => Cyc t m zp -> CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) Source #

Homomorphically add a public \( R_p \) value to an encrypted value.

mulPublic :: forall t m m' zp zq. MulPublicCtx t m m' zp zq => Cyc t m zp -> CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) Source #

Homomorphically multiply an encrypted value by a public \( R_p \) value.

Modulus switching

rescaleLinearCT :: (RescaleCyc (Cyc t) zq zq', ToSDCtx t m' zp zq) => CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq') Source #

Rescale a linear ciphertext to a new modulus.

modSwitchPT :: ModSwitchPTCtx t m' zp zp' zq => CT m zp (Cyc t m' zq) -> CT m zp' (Cyc t m' zq) Source #

Homomorphically divide a plaintext that is known to be a multiple of \( (p/p') \) by that factor, thereby scaling the plaintext modulus from \( p \) to \( p' \).

Key switching

data KSLinearHint gad r'q' Source #

Hint for a linear key switch

Instances

NFData r'q' => NFData (KSLinearHint gad r'q') Source #
Methods rnf :: KSLinearHint gad r'q' -> () #
(Typeable * gad, Protoable r'q', (~) * (ProtoType r'q') RqProduct) => Protoable (KSLinearHint gad r'q') Source #
Associated Types type ProtoType (KSLinearHint gad r'q') :: * # Methods toProto :: KSLinearHint gad r'q' -> ProtoType (KSLinearHint gad r'q') # fromProto :: MonadError String m => ProtoType (KSLinearHint gad r'q') -> m (KSLinearHint gad r'q') #
type ProtoType (KSLinearHint gad r'q') Source #
type ProtoType (KSLinearHint gad r'q') = KSHint

data KSQuadCircHint gad r'q' Source #

Hint for a circular quadratic key switch.

Instances

NFData r'q' => NFData (KSQuadCircHint gad r'q') Source #
Methods rnf :: KSQuadCircHint gad r'q' -> () #
(Typeable * gad, Protoable r'q', (~) * (ProtoType r'q') RqProduct) => Protoable (KSQuadCircHint gad r'q') Source #
Associated Types type ProtoType (KSQuadCircHint gad r'q') :: * # Methods toProto :: KSQuadCircHint gad r'q' -> ProtoType (KSQuadCircHint gad r'q') # fromProto :: MonadError String m => ProtoType (KSQuadCircHint gad r'q') -> m (KSQuadCircHint gad r'q') #
type ProtoType (KSQuadCircHint gad r'q') Source #
type ProtoType (KSQuadCircHint gad r'q') = KSHint

ksLinearHint :: (KSHintCtx gad t m' z zq', MonadRandom rnd) => SK (Cyc t m' z) -> SK (Cyc t m' z) -> rnd (KSLinearHint gad (Cyc t m' zq')) Source #

A hint to switch a linear ciphertext under \( s_{\text{in}} \) to a linear one under \( s_{\text{out}} \).

ksQuadCircHint :: (KSHintCtx gad t m' z zq', MonadRandom rnd) => SK (Cyc t m' z) -> rnd (KSQuadCircHint gad (Cyc t m' zq')) Source #

A hint to switch a quadratic ciphertext to a linear one under the same key.

keySwitchLinear :: KeySwitchCtx gad t m' zp zq zq' => KSLinearHint gad (Cyc t m' zq') -> CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) Source #

Switch a linear ciphertext using the supplied hint.

keySwitchQuadCirc :: KeySwitchCtx gad t m' zp zq zq' => KSQuadCircHint gad (Cyc t m' zq') -> CT m zp (Cyc t m' zq) -> CT m zp (Cyc t m' zq) Source #

Switch a quadratic ciphertext (i.e., one with three components) to a linear one under the same key using the supplied hint.

Ring switching

embedSK :: m `Divides` m' => SK (Cyc t m z) -> SK (Cyc t m' z) Source #

Embed a secret key from a subring into a superring.

embedCT :: (CElt t zq, r `Divides` r', s `Divides` s', r `Divides` s, r' `Divides` s') => CT r zp (Cyc t r' zq) -> CT s zp (Cyc t s' zq) Source #

Embed a ciphertext in \( R' \) encrypting a plaintext in \( R \) to a ciphertext in \( T' \) encrypting a plaintext in \( T \). The target ciphertext ring \( T' \) must contain both the the source ciphertext ring \( R' \) and the target plaintext ring \( T \).

twaceCT :: (CElt t zq, r `Divides` r', s' `Divides` r', s ~ FGCD s' r) => CT r zp (Cyc t r' zq) -> CT s zp (Cyc t s' zq) Source #

"Tweaked trace" function for ciphertexts. Mathematically, the target plaintext ring \( S \) must contain the intersection of the source plaintext ring \( T \) and the target ciphertext ring ( S' ). Here we make the stricter requirement that ( s = gcd(s', t) ).

data TunnelInfo gad t e r s e' r' s' zp zq Source #

Auxilliary data needed to tunnel from \(\O_{r'}\) to \(\O_{s'}\).

Instances

(NFData (Linear t zq e' r' s'), NFData (Cyc t s' zq)) => NFData (TunnelInfo gad t e r s e' r' s' zp zq) Source #
Methods rnf :: TunnelInfo gad t e r s e' r' s' zp zq -> () #
(Mod zp, Typeable * gad, Protoable (Linear t zq e' r' s'), Protoable (KSLinearHint gad (Cyc t s' zq)), Reflects Factored s Int, Reflects Factored r Int, Reflects Factored e Int) => Protoable (TunnelInfo gad t e r s e' r' s' zp zq) Source #
Associated Types type ProtoType (TunnelInfo gad t e r s e' r' s' zp zq) :: * # Methods toProto :: TunnelInfo gad t e r s e' r' s' zp zq -> ProtoType (TunnelInfo gad t e r s e' r' s' zp zq) # fromProto :: MonadError String m => ProtoType (TunnelInfo gad t e r s e' r' s' zp zq) -> m (TunnelInfo gad t e r s e' r' s' zp zq) #
type ProtoType (TunnelInfo gad t e r s e' r' s' zp zq) Source #
type ProtoType (TunnelInfo gad t e r s e' r' s' zp zq) = TunnelInfo

tunnelInfo :: forall gad t e r s e' r' s' z zp zq rnd. (MonadRandom rnd, GenTunnelInfoCtx t e r s e' r' s' z zp zq gad) => Linear t zp e r s -> SK (Cyc t s' z) -> SK (Cyc t r' z) -> rnd (TunnelInfo gad t e r s e' r' s' zp zq) Source #

Generates auxilliary data needed to tunnel from \(\O_{r'}\) to \(\O_{s'}\).

tunnelCT :: forall gad t e r s e' r' s' zp zq. (TunnelCtx t r s e' r' s' zp zq gad, e ~ FGCD r s) => TunnelInfo gad t e r s e' r' s' zp zq -> CT r zp (Cyc t r' zq) -> CT s zp (Cyc t s' zq) Source #

Homomorphically apply the \( E \)-linear function that maps the elements of the decoding basis of \( R/E \) to the corresponding \( S \)-elements in the input array.

Constraint synonyms

type GenSKCtx t m z v = (ToInteger z, Fact m, CElt t z, ToRational v, NFData v) Source #

Constraint synonym for generating a secret key.

type EncryptCtx t m m' z zp zq = (Mod zp, Ring zp, Ring zq, Lift zp (ModRep zp), Random zq, Reduce z zq, Reduce (LiftOf zp) zq, CElt t zq, CElt t zp, CElt t z, CElt t (LiftOf zp), m `Divides` m') Source #

Constraint synonym for encryption.

type ToSDCtx t m' zp zq = (Encode zp zq, Fact m', CElt t zq) Source #

Constraint synonym for converting between ciphertext encodings.

type ErrorTermCtx t m' z zp zq = (Reduce z zq, Lift' zq, CElt t z, CElt t (LiftOf zq), ToSDCtx t m' zp zq) Source #

Constraint synonym for extracting the error term of a ciphertext.

type DecryptCtx t m m' z zp zq = (ErrorTermCtx t m' z zp zq, Reduce (LiftOf zq) zp, IntegralDomain zp, m `Divides` m', CElt t zp) Source #

Constraint synonym for decryption.

type DecryptUCtx t m m' z zp zq = (Fact m, Fact m', CElt t zp, m `Divides` m', Reduce z zq, Lift' zq, CElt t z, ToSDCtx t m' zp zq, Reduce (LiftOf zq) zp, IntegralDomain zp) Source #

Constraint synonym for unrestricted decryption.

type AddPublicCtx t m m' zp zq = (Lift' zp, Reduce (LiftOf zp) zq, CElt t zp, CElt t (LiftOf zp), ToSDCtx t m' zp zq, m `Divides` m') Source #

Constraint synonym for adding a public value to an encrypted value.

type MulPublicCtx t m m' zp zq = (Lift' zp, Reduce (LiftOf zp) zq, Fact m', CElt t zq, m `Divides` m', CElt t zp, CElt t (LiftOf zp)) Source #

Constraint synonym for multiplying a public value with an encrypted value.

type ModSwitchPTCtx t m' zp zp' zq = (Lift' zp, Reduce (LiftOf zp) zp', ToSDCtx t m' zp zq) Source #

Constraint synonym for modulus switching.

type KeySwitchCtx gad t m' zp zq zq' = (RescaleCyc (Cyc t) zq' zq, RescaleCyc (Cyc t) zq zq', ToSDCtx t m' zp zq, SwitchCtx gad t m' zq') Source #

Constraint synonym for key switching.

type KSHintCtx gad t m' z zq = (LWECtx t m' z zq, Reduce (DecompOf zq) zq, Gadget gad zq, NFElt zq, CElt t (DecompOf zq)) Source #

Constraint synonym for generating key-switch hints.

type GenTunnelInfoCtx t e r s e' r' s' z zp zq gad = (ExtendLinIdx e r s e' r' s', e' ~ (e * (r' / r)), KSHintCtx gad t r' z zq, Lift zp z, CElt t zp, CElt t z, e' `Divides` r') Source #

Constraint synonym for generating TunnelInfo.

type TunnelCtx t r s e' r' s' zp zq gad = (Fact r, Fact s, e' `Divides` r', e' `Divides` s', CElt t zp, ToSDCtx t r' zp zq, AbsorbGCtx t r' zp zq, SwitchCtx gad t s' zq) Source #

Constraint synonym for ring tunneling.

type SwitchCtx gad t m' zq = (Decompose gad zq, Fact m', CElt t zq, CElt t (DecompOf zq)) Source #

Constraint synonym for applying a key-switch hint.

type LWECtx t m' z zq = (ToInteger z, Reduce z zq, Ring zq, Random zq, Fact m', CElt t z, CElt t zq) Source #

Constraint synonym for generating a ring-LWE sample.

Orphan instances

(Protoable rq, (~) * (ProtoType rq) RqProduct) => Protoable (Polynomial rq) Source #
Associated Types type ProtoType (Polynomial rq) :: * # Methods toProto :: Polynomial rq -> ProtoType (Polynomial rq) # fromProto :: MonadError String m => ProtoType (Polynomial rq) -> m (Polynomial rq) #