Template Class LatticeGaussSampUtility

Page Contents

Template Parameter Order

  1. class Element

Class Documentation

template<class Element>
class lbcrypto::LatticeGaussSampUtility

Utility class containing operations needed for lattice sampling; Sources: https://eprint.iacr.org/2017/844.pdf and https://eprint.iacr.org/2017/308.pdf This construction is based on the hardness of Ring-LWE problem.

Public Static Functions

static void GaussSampGq(const Element &u, double stddev, size_t k, const typename Element::Integer &q, int64_t base, typename Element::DggType &dgg, Matrix<int64_t> *z)

Gaussian sampling from lattice for gagdet matrix G, syndrome u, and arbitrary modulus q Discrete sampling variant As described in Figure 2 of https://eprint.iacr.org/2017/308.pdf

Parameters

  • u – syndrome (a polynomial)

  • sttdev – standard deviation

  • k – number of components in the gadget vector

  • q – integer modulus

  • base – base of gadget matrix

  • dgg – discrete Gaussian generator

  • *z – a set of k sampled polynomials corresponding to the gadget matrix G; represented as Z^(k x n)

static void GaussSampGqArbBase(const Element &u, double stddev, size_t k, const typename Element::Integer &q, int64_t base, typename Element::DggType &dgg, Matrix<int64_t> *z)

Gaussian sampling from lattice for gagdet matrix G, syndrome u, and arbitrary modulus q Continuous sampling variant As described in Algorithm 3 of https://eprint.iacr.org/2017/844.pdf

Parameters

  • u – syndrome (a polynomial)

  • sttdev – standard deviation

  • k – number of components in the gadget vector

  • q – integer modulus

  • base – base of gadget matrix

  • dgg – discrete Gaussian generator

  • *z – a set of k sampled polynomials corresponding to the gadget matrix G; represented as Z^(k x n)

static void ZSampleSigma2x2(const Field2n &a, const Field2n &b, const Field2n &d, const Matrix<Field2n> &c, const typename Element::DggType &dgg, std::shared_ptr<Matrix<int64_t>> p)

Subroutine used by ZSampleSigmaP as described Algorithm 4 in https://eprint.iacr.org/2017/844.pdf

Parameters

  • a – field element in DFT format

  • b – field element in DFT format

  • d – field element in DFT format

  • c – a vector of field elements in Coefficient format

  • dgg – discrete Gaussian generator

  • p – non-spherical perturbation vector; output of the function

static void SampleMat(const Matrix<Field2n> &A, const Matrix<Field2n> &B, const Matrix<Field2n> &D, const Matrix<Field2n> &C, const typename Element::DggType &dgg, std::shared_ptr<Matrix<int64_t>> p)

Subroutine used by SamplePertSquareMat as described in “Implementing

Token-Based Obfuscation under (Ring) LWE”

Parameters

  • A – a matrix of field elements in DFT format

  • B – a matrix of field elements in DFT format

  • D – a matrix of field elements in DFT format

  • C – a matrix of field elements in Coefficient format

  • dgg – discrete Gaussian generator

  • *p – non-spherical perturbation matrix; output of the function

static std::shared_ptr<Matrix<int64_t>> ZSampleF(const Field2n &f, const Field2n &c, const typename Element::DggType &dgg, size_t n)

Subroutine used by ZSampleSigma2x2 as described Algorithm 4 in https://eprint.iacr.org/2017/844.pdf

Parameters

  • f – field element in Coefficient format

  • c – field element in Coefficient format

  • dgg – discrete Gaussian generator

  • n – ring dimension used for rejection sampling