formatted

Author: nindanaoto

include/aes.hpp

@@ -1,41 +1,51 @@
 #pragma once
 #include <AES.h>
-//Transciphering by AES
-// Based on Hippogryph
-namespace TFHEpp
-{
+// Transciphering by AES
+//  Based on Hippogryph
+namespace TFHEpp {
 
 template <class P>
-inline Polynomial<P> AESInvSboxPoly(const uint8_t upperindex){
+inline Polynomial<P> AESInvSboxPoly(const uint8_t upperindex)
+{
     Polynomial<P> poly;
-    constexpr uint segment = P::n/16;
-    for(int i = 0; i < 16; i++)
-        for(int j = 0; j < segment/2; j++){
-            poly[i*segment+2*j] = (inv_sbox[upperindex][i]&0xF)*(1ULL<<(std::numeric_limits<typename P::T>::digits-5));
-            poly[i*segment+2*j+1] = (inv_sbox[upperindex][i]>>4)*(1ULL<<(std::numeric_limits<typename P::T>::digits-5));
+    constexpr uint segment = P::n / 16;
+    for (int i = 0; i < 16; i++)
+        for (int j = 0; j < segment / 2; j++) {
+            poly[i * segment + 2 * j] =
+                (inv_sbox[upperindex][i] & 0xF) *
+                (1ULL << (std::numeric_limits<typename P::T>::digits - 5));
+            poly[i * segment + 2 * j + 1] =
+                (inv_sbox[upperindex][i] >> 4) *
+                (1ULL << (std::numeric_limits<typename P::T>::digits - 5));
         }
     return poly;
 }
 
 template <class iksP, class brP>
 void AESInvSbox(std::array<TLWE<typename brP::targetP>, 2> &res,
-             const std::array<TLWE<typename iksP::domainP>, 2> &tlwe,
-             const EvalKey &ek)
+                const std::array<TLWE<typename iksP::domainP>, 2> &tlwe,
+                const EvalKey &ek)
 {
-    std::array<std::array<TLWE<typename brP::targetP>,2>,16> midtlwes;
+    std::array<std::array<TLWE<typename brP::targetP>, 2>, 16> midtlwes;
     TLWE<typename iksP::targetP> shifted;
     IdentityKeySwitch<iksP>(shifted, tlwe[0], ek.getiksk<iksP>());
-    shifted[iksP::targetP::k*iksP::targetP::n] += 1ULL<<(std::numeric_limits<typename iksP::targetP::T>::digits-6);
+    shifted[iksP::targetP::k * iksP::targetP::n] +=
+        1ULL << (std::numeric_limits<typename iksP::targetP::T>::digits - 6);
     for (int i = 0; i < 16; i++)
-        GateBootstrappingManyLUT<brP, 2>(midtlwes[i], shifted, ek.getbkfft<brP>(), AESInvSboxPoly<typename brP::targetP>(i));
+        GateBootstrappingManyLUT<brP, 2>(
+            midtlwes[i], shifted, ek.getbkfft<brP>(),
+            AESInvSboxPoly<typename brP::targetP>(i));
     IdentityKeySwitch<iksP>(shifted, tlwe[1], ek.getiksk<iksP>());
-    shifted[iksP::targetP::k*iksP::targetP::n] += 1ULL<<(std::numeric_limits<typename iksP::targetP::T>::digits-6);
-    for(int i = 0; i < 2; i++){
+    shifted[iksP::targetP::k * iksP::targetP::n] +=
+        1ULL << (std::numeric_limits<typename iksP::targetP::T>::digits - 6);
+    for (int i = 0; i < 2; i++) {
         TRLWE<typename brP::targetP> trlwe;
         std::array<TLWE<typename iksP::domainP>, 16> tabletlwe;
-        for(int j = 0; j < 16; j++) tabletlwe[j] = midtlwes[j][i];
-        TLWE2TablePacking<typename brP::targetP, 16>(trlwe, tabletlwe, ek.getahk<typename brP::targetP>());
-        GateBootstrappingTLWE2TLWEFFT<brP>(res[i], shifted, ek.getbkfft<brP>(), trlwe);
+        for (int j = 0; j < 16; j++) tabletlwe[j] = midtlwes[j][i];
+        TLWE2TablePacking<typename brP::targetP, 16>(
+            trlwe, tabletlwe, ek.getahk<typename brP::targetP>());
+        GateBootstrappingTLWE2TLWEFFT<brP>(res[i], shifted, ek.getbkfft<brP>(),
+                                           trlwe);
     }
 }
-}
+}  // namespace TFHEpp

include/evalkeygens.hpp

@@ -177,7 +177,7 @@ template <class P>
 void annihilatekeygen(AnnihilateKey<P>& ahk, const Key<P>& key)
 {
     for (int i = 0; i < P::nbit; i++)
-        evalautokeygen<P>(ahk[i], (1 << (i+1)) + 1, key);
+        evalautokeygen<P>(ahk[i], (1 << (i + 1)) + 1, key);
 }
 
 template <class P>

include/gatebootstrapping.hpp

@@ -119,8 +119,7 @@ void BlindRotate(TRLWE<typename P::targetP> &res,
                 << bitwidth;
         if (ā == 0) continue;
         // Do not use CMUXFFT to avoid unnecessary copy.
-        CMUXFFTwithPolynomialMulByXaiMinusOne<P>(res,
-                                                                   bkfft[i], ā);
+        CMUXFFTwithPolynomialMulByXaiMinusOne<P>(res, bkfft[i], ā);
     }
 #endif
 }
@@ -197,10 +196,10 @@ void GateBootstrappingTLWE2TLWEFFT(
 }
 
 template <class P>
-void GateBootstrappingTLWE2TLWEFFT(
-    TLWE<typename P::targetP> &res, const TLWE<typename P::domainP> &tlwe,
-    const BootstrappingKeyFFT<P> &bkfft,
-    const TRLWE<typename P::targetP> &testvector)
+void GateBootstrappingTLWE2TLWEFFT(TLWE<typename P::targetP> &res,
+                                   const TLWE<typename P::domainP> &tlwe,
+                                   const BootstrappingKeyFFT<P> &bkfft,
+                                   const TRLWE<typename P::targetP> &testvector)
 {
     alignas(64) TRLWE<typename P::targetP> acc;
     BlindRotate<P>(acc, tlwe, bkfft, testvector);

include/keyswitch.hpp

@@ -1,8 +1,8 @@
 #pragma once
 
 #include <array>
-#include <span>
 #include <bit>
+#include <span>
 
 #include "params.hpp"
 #include "trgsw.hpp"
@@ -307,7 +307,7 @@ void EvalAuto(TRLWE<P> &res, const TRLWE<P> &trlwe, const int d,
 }
 
 // https://eprint.iacr.org/2024/1318
-// Reversed order but this is easily proved by packing trivial all 0 TRLWE. 
+// Reversed order but this is easily proved by packing trivial all 0 TRLWE.
 // TODO: They says we should divide by N first, not by 2 for each step. Why?
 template <class P>
 void AnnihilateKeySwitching(TRLWE<P> &res, const TRLWE<P> &trlwe,
@@ -318,7 +318,7 @@ void AnnihilateKeySwitching(TRLWE<P> &res, const TRLWE<P> &trlwe,
     for (int i = 0; i < P::nbit; i++) {
         for (int j = 0; j < (P::k + 1) * P::n; j++) res[0][j] /= 2;
         TRLWE<P> evaledauto;
-        EvalAuto<P>(evaledauto, res, (1 << (i+1)) + 1, ahk[i]);
+        EvalAuto<P>(evaledauto, res, (1 << (i + 1)) + 1, ahk[i]);
         for (int j = 0; j < (P::k + 1) * P::n; j++)
             res[0][j] += evaledauto[0][j];
     }
@@ -349,13 +349,13 @@ void AnnihilateKeySwitching(TRLWE<P> &res, const TRLWE<P> &trlwe,
 // }
 
 // template <class P, uint num_tlwe>
-// void AnnihilatePacking(TRLWE<P> &res, const std::array<TLWE<P>, num_tlwe> &tlwes,
+// void AnnihilatePacking(TRLWE<P> &res, const std::array<TLWE<P>, num_tlwe>
+// &tlwes,
 //                             const AnnihilateKey<P> &ahk)
 // {
-//     static_assert(std::has_single_bit(num_tlwe), "Currently, num_tlwe must be power of 2");
-//     std::array<TRLWE<P>, num_tlwe> trlwes;
-//     constexpr uint l = std::count_zero(num_tlwe);
-//     for (int i = 0; i < num_tlwe; i++) {
+//     static_assert(std::has_single_bit(num_tlwe), "Currently, num_tlwe must be
+//     power of 2"); std::array<TRLWE<P>, num_tlwe> trlwes; constexpr uint l =
+//     std::count_zero(num_tlwe); for (int i = 0; i < num_tlwe; i++) {
 //         InvSampleExtractIndex<P>(trlwes[i], tlwes[i], 0);
 //         for (int j = 0; j <= P::k * P::n; j++)//rest are known to be 0
 //             trlwes[i][0][j] /= P::n;
@@ -369,8 +369,8 @@ void AnnihilateKeySwitching(TRLWE<P> &res, const TRLWE<P> &trlwe,
 //                 trlwes[stride+j][k] = trlwes[j][k] - res[k];
 //             for(int k = 0; i < (P::k+1) * P::n; k++)
 //                 trlwes[j][k] += res[k];
-//             EvalAuto<P>(res, trlwes[stride+j], (1 << (P::nbit - i)) + 1, ahk[i]);
-//             for(int k = 0; i < (P::k+1) * P::n; k++)
+//             EvalAuto<P>(res, trlwes[stride+j], (1 << (P::nbit - i)) + 1,
+//             ahk[i]); for(int k = 0; i < (P::k+1) * P::n; k++)
 //                 trlwes[j][k] += res[k];
 //         }
 //     }
@@ -385,9 +385,8 @@ void AnnihilateKeySwitching(TRLWE<P> &res, const TRLWE<P> &trlwe,
 // }
 
 template <class P, class Container>
-void PackLWEs(TRLWE<P> &res, const Container &tlwe,
-              const AnnihilateKey<P> &ahk, const uint l, const uint offset,
-              const uint interval)
+void PackLWEs(TRLWE<P> &res, const Container &tlwe, const AnnihilateKey<P> &ahk,
+              const uint l, const uint offset, const uint interval)
 {
     if (l == 0)
         InvSampleExtractIndex<P>(res, tlwe[offset], 0);
@@ -405,7 +404,7 @@ void PackLWEs(TRLWE<P> &res, const Container &tlwe,
                 tempodd[i][j] = tempeven[i][j] - tempoddmul[i][j];
             }
         }
-        EvalAuto<P>(res, tempodd, (1 << l) + 1, ahk[l-1]);
+        EvalAuto<P>(res, tempodd, (1 << l) + 1, ahk[l - 1]);
         for (int i = 0; i < P::k + 1; i++)
             for (int j = 0; j < P::n; j++)
                 res[i][j] += tempeven[i][j] + tempoddmul[i][j];
@@ -414,7 +413,7 @@ void PackLWEs(TRLWE<P> &res, const Container &tlwe,
 
 template <class P>
 void TLWE2TRLWEChensPacking(TRLWE<P> &res, std::vector<TLWE<P>> &tlwe,
-                             const AnnihilateKey<P> &ahk)
+                            const AnnihilateKey<P> &ahk)
 {
     uint l = std::bit_width(tlwe.size()) - 1;
     if (!std::has_single_bit(tlwe.size())) {
@@ -425,34 +424,34 @@ void TLWE2TRLWEChensPacking(TRLWE<P> &res, std::vector<TLWE<P>> &tlwe,
     for (int i = l; i < P::nbit; i++) {
         TRLWE<P> evaledauto;
         for (int j = 0; j < (P::k + 1) * P::n; j++) res[0][j] /= 2;
-        EvalAuto<P>(evaledauto, res, (1 << (i+1)) + 1, ahk[i]);
+        EvalAuto<P>(evaledauto, res, (1 << (i + 1)) + 1, ahk[i]);
         for (int j = 0; j < (P::k + 1) * P::n; j++)
             res[0][j] += evaledauto[0][j];
     }
 }
 
 template <class P, uint num_tlwe>
-void TLWE2TablePacking(TRLWE<P> &res, std::array<TLWE<P>,num_tlwe> &tlwe,
-                             const AnnihilateKey<P> &ahk)
+void TLWE2TablePacking(TRLWE<P> &res, std::array<TLWE<P>, num_tlwe> &tlwe,
+                       const AnnihilateKey<P> &ahk)
 {
-    static_assert(std::has_single_bit(num_tlwe), "Currently, num_tlwe must be power of 2");
+    static_assert(std::has_single_bit(num_tlwe),
+                  "Currently, num_tlwe must be power of 2");
     constexpr uint l = std::countr_zero(num_tlwe);
     PackLWEs<P>(res, tlwe, ahk, l, 0, 1);
     for (int i = l; i < P::nbit; i++) {
         TRLWE<P> tempmul;
-        for (int j = 0; j < P::k + 1; j++) 
-            PolynomialMulByXai<P>(tempmul[j], res[j], P::n >> (i+1));
+        for (int j = 0; j < P::k + 1; j++)
+            PolynomialMulByXai<P>(tempmul[j], res[j], P::n >> (i + 1));
         TRLWE<P> tempsub;
-        for (int j = 0; j < (P::k + 1) * P::n; j++){
+        for (int j = 0; j < (P::k + 1) * P::n; j++) {
             res[0][j] /= 2;
             tempmul[0][j] /= 2;
             tempsub[0][j] = res[0][j] - tempmul[0][j];
             res[0][j] += tempmul[0][j];
         }
-        //reuse tempmul
-        EvalAuto<P>(tempmul, tempsub, (1 << (i+1)) + 1, ahk[i]);
-        for (int j = 0; j < (P::k + 1) * P::n; j++)
-            res[0][j] += tempmul[0][j];
+        // reuse tempmul
+        EvalAuto<P>(tempmul, tempsub, (1 << (i + 1)) + 1, ahk[i]);
+        for (int j = 0; j < (P::k + 1) * P::n; j++) res[0][j] += tempmul[0][j];
     }
 }
 
@@ -480,7 +479,7 @@ void PackLWEsLSB(TRLWE<P> &res, const std::vector<TLWE<P>> &tlwe,
                 tempodd[i][j] = tempeven[i][j] - tempoddmul[i][j];
             }
         }
-        EvalAuto<P>(res, tempodd, (1 << l) + 1, ahk[l-1]);
+        EvalAuto<P>(res, tempodd, (1 << l) + 1, ahk[l - 1]);
         for (int i = 0; i < P::k + 1; i++)
             for (int j = 0; j < P::n; j++)
                 res[i][j] += tempeven[i][j] + tempoddmul[i][j];

include/params/concrete.hpp

@@ -75,7 +75,7 @@ struct lvl2param {
     static constexpr int32_t key_value_max = 1;
     static constexpr int32_t key_value_min = -1;
     static const std::uint32_t nbit = 10;  // dimension must be a power of 2 for
-                                          // ease of polynomial multiplication.
+                                           // ease of polynomial multiplication.
     static constexpr std::uint32_t n = 1 << nbit;  // dimension
     static constexpr std::uint32_t k = 2;
     static constexpr std::uint32_t lₐ = 3;

include/tlwe.hpp

@@ -54,7 +54,8 @@ TLWE<P> tlweSymEncrypt(const typename P::T p, const Key<P> &key)
 template <class P, uint plain_modulus = P::plain_modulus>
 TLWE<P> tlweSymIntEncrypt(const typename P::T p, const double α,
                           const Key<P> &key)
-{   constexpr double Δ =
+{
+    constexpr double Δ =
         std::pow(2.0, std::numeric_limits<typename P::T>::digits) /
         plain_modulus;
     return tlweSymEncrypt<P>(static_cast<typename P::T>(p * Δ), α, key);
@@ -82,7 +83,7 @@ TLWE<P> tlweSymIntEncrypt(const typename P::T p, const Key<P> &key)
 template <class P, uint plain_modulus = P::plain_modulus>
 TLWE<P> tlweSymIntEncrypt(const typename P::T p, const SecretKey &sk)
 {
-    return tlweSymIntEncrypt<P,plain_modulus>(p, sk.key.get<P>());
+    return tlweSymIntEncrypt<P, plain_modulus>(p, sk.key.get<P>());
 }
 
 template <class P>
@@ -117,7 +118,7 @@ typename P::T tlweSymIntDecrypt(const TLWE<P> &c, const Key<P> &key)
     return res >= plain_modulus / 2 ? res - plain_modulus : res;
 }
 
-template <class P, uint plain_modulus=P::plain_modulus>
+template <class P, uint plain_modulus = P::plain_modulus>
 typename P::T tlweSymIntDecrypt(const TLWE<P> &c, const SecretKey &sk)
 {
     return tlweSymIntDecrypt<P, plain_modulus>(c, sk.key.get<P>());

test/aesinvsbox.cpp

@@ -5,22 +5,29 @@
 #include <random>
 #include <tfhe++.hpp>
 
-int main(){
+int main()
+{
     using brP = TFHEpp::lvlh2param;
     using iksP = TFHEpp::lvl2hparam;
     std::random_device seed_gen;
     std::default_random_engine engine(seed_gen());
-    constexpr uint32_t plain_modulus = 1<<(4+1);
+    constexpr uint32_t plain_modulus = 1 << (4 + 1);
     std::unique_ptr<TFHEpp::SecretKey> sk(new TFHEpp::SecretKey());
-    constexpr uint num_test = 1U<<8;
+    constexpr uint num_test = 1U << 8;
     // constexpr uint num_test = 1U<<4;
-    std::vector<std::array<TFHEpp::TLWE<typename iksP::domainP>,2>> cin(num_test);
+    std::vector<std::array<TFHEpp::TLWE<typename iksP::domainP>, 2>> cin(
+        num_test);
 
-    for (int i = 0; i < num_test; i++){
-        cin[i][0] = TFHEpp::tlweSymIntEncrypt<typename iksP::domainP, plain_modulus>(i&0xF, *sk);
-        cin[i][1] = TFHEpp::tlweSymIntEncrypt<typename iksP::domainP, plain_modulus>((i>>4), *sk);
+    for (int i = 0; i < num_test; i++) {
+        cin[i][0] =
+            TFHEpp::tlweSymIntEncrypt<typename iksP::domainP, plain_modulus>(
+                i & 0xF, *sk);
+        cin[i][1] =
+            TFHEpp::tlweSymIntEncrypt<typename iksP::domainP, plain_modulus>(
+                (i >> 4), *sk);
     }
-    std::vector<std::array<TFHEpp::TLWE<typename brP::targetP>,2>> cres(num_test);
+    std::vector<std::array<TFHEpp::TLWE<typename brP::targetP>, 2>> cres(
+        num_test);
     TFHEpp::EvalKey ek;
     ek.emplacebkfft<brP>(*sk);
     ek.emplaceiksk<iksP>(*sk);
@@ -29,8 +36,8 @@ int main(){
     std::chrono::system_clock::time_point start, end;
     start = std::chrono::system_clock::now();
     for (int test = 0; test < num_test; test++) {
-        std::cout<<"test: " << test << std::endl;
-        TFHEpp::AESInvSbox<iksP,brP>(cres[test], cin[test], ek);
+        std::cout << "test: " << test << std::endl;
+        TFHEpp::AESInvSbox<iksP, brP>(cres[test], cin[test], ek);
     }
 
     end = std::chrono::system_clock::now();
@@ -39,9 +46,15 @@ int main(){
             .count();
     std::cout << elapsed / num_test << "ms" << std::endl;
     for (int i = 0; i < num_test; i++) {
-        const uint8_t pres = (TFHEpp::tlweSymIntDecrypt<typename brP::targetP, plain_modulus>(cres[i][1], *sk)<<4)+TFHEpp::tlweSymIntDecrypt<typename brP::targetP, plain_modulus>(cres[i][0], *sk);
-        // std::cout << "test: " << i << " pres: " << (int)pres << " expected: " << (int)inv_sbox[i>>4][i&0xF] << std::endl;
-        assert(pres == inv_sbox[i>>4][i&0xF]);
+        const uint8_t pres =
+            (TFHEpp::tlweSymIntDecrypt<typename brP::targetP, plain_modulus>(
+                 cres[i][1], *sk)
+             << 4) +
+            TFHEpp::tlweSymIntDecrypt<typename brP::targetP, plain_modulus>(
+                cres[i][0], *sk);
+        // std::cout << "test: " << i << " pres: " << (int)pres << " expected: "
+        // << (int)inv_sbox[i>>4][i&0xF] << std::endl;
+        assert(pres == inv_sbox[i >> 4][i & 0xF]);
     }
     std::cout << "Passed" << std::endl;
 }

test/annihilate.cpp

@@ -51,9 +51,9 @@ int main()
         pres[i] = TFHEpp::trlweSymDecrypt<P>(cres[i], sk->key.get<P>());
     for (int i = 0; i < num_test; i++) assert(pres[i][0] == (pin[i][0] > 0));
     // TFHEpp::Polynomial<P> phase =
-        // TFHEpp::trlwePhase<P>(cres[0], sk->key.get<P>());
+    // TFHEpp::trlwePhase<P>(cres[0], sk->key.get<P>());
     // for (int i = 0; i < P::n; i++)
-        // std::cout << static_cast<int64_t>(phase[i]) << ":";
+    // std::cout << static_cast<int64_t>(phase[i]) << ":";
     // std::cout << std::endl;
     std::cout << "Passed" << std::endl;
     double elapsed =

test/chenspacking.cpp

@@ -37,7 +37,7 @@ int main()
 
     for (int test = 0; test < num_test; test++) {
         TFHEpp::TLWE2TRLWEChensPacking<TFHEpp::lvl1param>(cres[test], ca[test],
-                                                           *ahk);
+                                                          *ahk);
     }
 
     end = std::chrono::system_clock::now();