Program Listing for File dgsampling.h
↰ Return to documentation for file (core/include/lattice/dgsampling.h
)
//==================================================================================
// BSD 2-Clause License
//
// Copyright (c) 2014-2023, NJIT, Duality Technologies Inc. and other contributors
//
// All rights reserved.
//
// Author TPOC: contact@openfhe.org
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this
// list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//==================================================================================
/*
Provides detailed algorithms for G-sampling and perturbation sampling as described in https://eprint.iacr.org/2017/844.pdf,
https://eprint.iacr.org/2018/946, and "Implementing Token-Based Obfuscation under (Ring) LWE" (not publicly available yet)
*/
#ifndef LBCRYPTO_INC_LATTICE_DGSAMPLING_H
#define LBCRYPTO_INC_LATTICE_DGSAMPLING_H
#include "lattice/field2n.h"
#include "math/matrix.h"
#include "math/nbtheory.h"
#include <memory>
#include <vector>
namespace lbcrypto {
// Statistical error in Gaussian sampling
// corresponds to statistical error of 2^(-80)
const double DG_ERROR = 8.27181e-25;
// Maximum ring dimension to be supported - up to 560 bits in the modulus
const int32_t N_MAX = 16384;
// Smoothing parameter also used as a "standard deviation" for generating error
// polynomials
const double SIGMA = std::sqrt(std::log(2 * N_MAX / DG_ERROR) / M_PI);
// Spectral norm for preimage samples
const double SPECTRAL_CONSTANT = 1.8;
const auto SPECTRAL_BOUND = [](uint64_t n, uint64_t k, uint64_t base) -> double {
return SPECTRAL_CONSTANT * (base + 1) * SIGMA * SIGMA * (std::sqrt(n * k) + std::sqrt(2 * n) + 4.7);
};
// Spectral norm for preimage samples - for the case of matrices of ring
// elements
const auto SPECTRAL_BOUND_D = [](uint64_t n, uint64_t k, uint64_t base, uint64_t d) -> double {
return SPECTRAL_CONSTANT * (base + 1) * SIGMA * SIGMA * (std::sqrt(d * n * k) + std::sqrt(2 * n) + 4.7);
};
template <class Element>
class LatticeGaussSampUtility {
public:
static void GaussSampGq(const Element& u, double stddev, size_t k, const typename Element::Integer& q, int64_t base,
typename Element::DggType& dgg, Matrix<int64_t>* z);
static void GaussSampGqArbBase(const Element& u, double stddev, size_t k, const typename Element::Integer& q,
int64_t base, typename Element::DggType& dgg, Matrix<int64_t>* z);
static void ZSampleSigma2x2(const Field2n& a, const Field2n& b, const Field2n& d, const Matrix<Field2n>& c,
const typename Element::DggType& dgg, std::shared_ptr<Matrix<int64_t>> p);
static void SampleMat(const Matrix<Field2n>& A, const Matrix<Field2n>& B, const Matrix<Field2n>& D,
const Matrix<Field2n>& C, const typename Element::DggType& dgg,
std::shared_ptr<Matrix<int64_t>> p);
static std::shared_ptr<Matrix<int64_t>> ZSampleF(const Field2n& f, const Field2n& c,
const typename Element::DggType& dgg, size_t n);
private:
// subroutine used by GaussSampGq
// Discrete sampling variant
// As described in Figure 2 of https://eprint.iacr.org/2017/308.pdf
static void Perturb(double sigma, size_t k, size_t n, const std::vector<double>& l, const std::vector<double>& h,
int64_t base, typename Element::DggType& dgg, std::vector<int64_t>* p);
// subroutine used by GaussSampGqArbBase
// Continuous sampling variant
// As described in Algorithm 3 of https://eprint.iacr.org/2017/844.pdf
static void PerturbFloat(double sigma, size_t k, size_t n, const std::vector<double>& l,
const std::vector<double>& h, int64_t base, typename Element::DggType& dgg,
std::vector<double>* p);
// subroutine used by GaussSampGq
// As described in Algorithm 3 of https://eprint.iacr.org/2017/844.pdf
static void SampleC(const Matrix<double>& c, size_t k, size_t n, double sigma, typename Element::DggType& dgg,
Matrix<double>* a, std::vector<int64_t>* z);
// subroutine earlier used by ZSampleF
// Algorithm utilizes the same permutation algorithm as discussed in
// https://eprint.iacr.org/2017/844.pdf
static Matrix<int32_t> Permute(Matrix<int32_t>* p);
// subroutine used by ZSampleF
// Algorithm utilizes the same inverse permutation algorithm as discussed in
// https://eprint.iacr.org/2017/844.pdf
static void InversePermute(std::shared_ptr<Matrix<int64_t>> p);
};
} // namespace lbcrypto
#endif