class ParticipantTest(unittest.TestCase): participant = Participant() parms = EncryptionParameters(scheme_type.BFV) parms.set_poly_modulus_degree(4096) parms.set_coeff_modulus(CoeffModulus.BFVDefault(4096)) parms.set_plain_modulus(1 << 8) def test_set_get_parms(self): self.participant.set_parms(self.parms) self.assertIsInstance(Participant(), type(self.participant)) self.assertEqual(self.participant.get_parms().poly_modulus_degree(), 4096) self.assertEqual(self.participant.get_parms().plain_modulus().value(), 1 << 8) self.assertIsInstance(self.participant._context, SEALContext) self.assertIsInstance(self.participant._encoder, IntegerEncoder) self.assertIsInstance(self.participant._evaluator, Evaluator) def test_save_load_c_array(self): client = Client() arr = np.array([3, 1, 0, -2, -4]) self.participant.set_parms(self.parms) arr_cipher = client.enc(arr) arr_string = self.participant.save_c_arr(arr_cipher) arr_cipher_load = self.participant.load_c_arr(arr_string) arr_load = client.dec(arr_cipher_load) self.assertTrue(np.array_equal(arr, arr_load))
def set_parms_from_dict(self, **parms_dict): default_parms_dict = {"poly": 4096, "coeff": 4096, "plain": (1 << 8)} if parms_dict: for key, value in parms_dict.items(): assert key in parms_dict, "Accepted parameters are poly, coeff, plain, and print_parms" default_parms_dict[key] = parms_dict[key] self._parms.set_poly_modulus_degree(default_parms_dict['poly']) self._parms.set_coeff_modulus( CoeffModulus.BFVDefault(default_parms_dict['coeff'])) self._parms.set_plain_modulus(default_parms_dict['plain']) self.set_parms(self._parms)
def __init__(self, modulus, degree): self.modulus = modulus self.degree = degree self.acceptable_degree = [1024, 2048, 4096, 8192, 16384] if self.degree not in self.acceptable_degree: raise Exception(f"Get {self.degree}, but expect degree {self.acceptable_degree}") self.parms = EncryptionParameters(scheme_type.BFV) self.parms.set_poly_modulus_degree(self.degree) self.parms.set_coeff_modulus(CoeffModulus.BFVDefault(self.degree)) # self.parms.set_coeff_modulus(CoeffModulus.Create(self.degree, [60])) self.parms.set_plain_modulus(self.modulus) # print(self.parms.coeff_modulus()[0].value()) self.context = SEALContext.Create(self.parms) self.keygen = KeyGenerator(self.context) self.evaluator = Evaluator(self.context) self.batch_encoder = BatchEncoder(self.context)
def example_rotation_bfv(): print("Example: Rotation / Rotation in BFV") parms = EncryptionParameters(scheme_type.BFV) poly_modulus_degree = 8192 parms.set_poly_modulus_degree(poly_modulus_degree) parms.set_coeff_modulus(CoeffModulus.BFVDefault(poly_modulus_degree)) parms.set_plain_modulus(PlainModulus.Batching(poly_modulus_degree, 20)) context = SEALContext.Create(parms) print_parameters(context) keygen = KeyGenerator(context) public_key = keygen.public_key() secret_key = keygen.secret_key() relin_keys = keygen.relin_keys() encryptor = Encryptor(context, public_key) evaluator = Evaluator(context) decryptor = Decryptor(context, secret_key) batch_encoder = BatchEncoder(context) slot_count = batch_encoder.slot_count() row_size = int(slot_count / 2) print("Plaintext matrix row size: {}".format(row_size)) pod_matrix = UInt64Vector([0]*slot_count) pod_matrix[0] = 0 pod_matrix[1] = 1 pod_matrix[2] = 2 pod_matrix[3] = 3 pod_matrix[row_size] = 4 pod_matrix[row_size + 1] = 5 pod_matrix[row_size + 2] = 6 pod_matrix[row_size + 3] = 7 print("Input plaintext matrix:") print_matrix(pod_matrix, row_size) #First we use BatchEncoder to encode the matrix into a plaintext. We encrypt #the plaintext as usual. plain_matrix = Plaintext() print("Encode and encrypt.") batch_encoder.encode(pod_matrix, plain_matrix) encrypted_matrix = Ciphertext() encryptor.encrypt(plain_matrix, encrypted_matrix) print(" + Noise budget in fresh encryption: {} bits".format( decryptor.invariant_noise_budget(encrypted_matrix))) #Rotations require yet another type of special key called `Galois keys'. These #are easily obtained from the KeyGenerator. gal_keys = keygen.galois_keys() #Now rotate both matrix rows 3 steps to the left, decrypt, decode, and print. print("Rotate rows 3 steps left.") evaluator.rotate_rows_inplace(encrypted_matrix, 3, gal_keys) plain_result = Plaintext() print(" + Noise budget after rotation: {} bits".format( decryptor.invariant_noise_budget(encrypted_matrix))) print(" + Decrypt and decode ...... Correct.") decryptor.decrypt(encrypted_matrix, plain_result) batch_encoder.decode(plain_result, pod_matrix) print_matrix(pod_matrix, row_size) #We can also rotate the columns, i.e., swap the rows. print("Rotate columns.") evaluator.rotate_columns_inplace(encrypted_matrix, gal_keys) print(" + Noise budget after rotation: {} bits".format( decryptor.invariant_noise_budget(encrypted_matrix))) print(" + Decrypt and decode ...... Correct.") decryptor.decrypt(encrypted_matrix, plain_result) batch_encoder.decode(plain_result, pod_matrix) print_matrix(pod_matrix, row_size) #Finally, we rotate the rows 4 steps to the right, decrypt, decode, and print. print("Rotate rows 4 steps right.") evaluator.rotate_rows_inplace(encrypted_matrix, -4, gal_keys) print(" + Noise budget after rotation: {} bits".format( decryptor.invariant_noise_budget(encrypted_matrix))) print(" + Decrypt and decode ...... Correct.") decryptor.decrypt(encrypted_matrix, plain_result) batch_encoder.decode(plain_result, pod_matrix) print_matrix(pod_matrix, row_size)
def example_bfv_basics(): print("Example: BFV Basics") #In this example, we demonstrate performing simple computations (a polynomial #evaluation) on encrypted integers using the BFV encryption scheme. # #The first task is to set up an instance of the EncryptionParameters class. #It is critical to understand how the different parameters behave, how they #affect the encryption scheme, performance, and the security level. There are #three encryption parameters that are necessary to set: # # - poly_modulus_degree (degree of polynomial modulus); # - coeff_modulus ([ciphertext] coefficient modulus); # - plain_modulus (plaintext modulus; only for the BFV scheme). # #The BFV scheme cannot perform arbitrary computations on encrypted data. #Instead, each ciphertext has a specific quantity called the `invariant noise #budget' -- or `noise budget' for short -- measured in bits. The noise budget #in a freshly encrypted ciphertext (initial noise budget) is determined by #the encryption parameters. Homomorphic operations consume the noise budget #at a rate also determined by the encryption parameters. In BFV the two basic #operations allowed on encrypted data are additions and multiplications, of #which additions can generally be thought of as being nearly free in terms of #noise budget consumption compared to multiplications. Since noise budget #consumption compounds in sequential multiplications, the most significant #factor in choosing appropriate encryption parameters is the multiplicative #depth of the arithmetic circuit that the user wants to evaluate on encrypted #data. Once the noise budget of a ciphertext reaches zero it becomes too #corrupted to be decrypted. Thus, it is essential to choose the parameters to #be large enough to support the desired computation; otherwise the result is #impossible to make sense of even with the secret key. parms = EncryptionParameters(scheme_type.BFV) #The first parameter we set is the degree of the `polynomial modulus'. This #must be a positive power of 2, representing the degree of a power-of-two #cyclotomic polynomial; it is not necessary to understand what this means. # #Larger poly_modulus_degree makes ciphertext sizes larger and all operations #slower, but enables more complicated encrypted computations. Recommended #values are 1024, 2048, 4096, 8192, 16384, 32768, but it is also possible #to go beyond this range. # #In this example we use a relatively small polynomial modulus. Anything #smaller than this will enable only very restricted encrypted computations. poly_modulus_degree = 4096 parms.set_poly_modulus_degree(poly_modulus_degree) #Next we set the [ciphertext] `coefficient modulus' (coeff_modulus). This #parameter is a large integer, which is a product of distinct prime numbers, #each up to 60 bits in size. It is represented as a vector of these prime #numbers, each represented by an instance of the SmallModulus class. The #bit-length of coeff_modulus means the sum of the bit-lengths of its prime #factors. # #A larger coeff_modulus implies a larger noise budget, hence more encrypted #computation capabilities. However, an upper bound for the total bit-length #of the coeff_modulus is determined by the poly_modulus_degree, as follows: # # +----------------------------------------------------+ # | poly_modulus_degree | max coeff_modulus bit-length | # +---------------------+------------------------------+ # | 1024 | 27 | # | 2048 | 54 | # | 4096 | 109 | # | 8192 | 218 | # | 16384 | 438 | # | 32768 | 881 | # +---------------------+------------------------------+ # #These numbers can also be found in native/src/seal/util/hestdparms.h encoded #in the function SEAL_HE_STD_PARMS_128_TC, and can also be obtained from the #function # # CoeffModulus::MaxBitCount(poly_modulus_degree). # #For example, if poly_modulus_degree is 4096, the coeff_modulus could consist #of three 36-bit primes (108 bits). # #Microsoft SEAL comes with helper functions for selecting the coeff_modulus. #For new users the easiest way is to simply use # # CoeffModulus::BFVDefault(poly_modulus_degree), # #which returns std::vector<SmallModulus> consisting of a generally good choice #for the given poly_modulus_degree. parms.set_coeff_modulus(CoeffModulus.BFVDefault(poly_modulus_degree)) #The plaintext modulus can be any positive integer, even though here we take #it to be a power of two. In fact, in many cases one might instead want it #to be a prime number; we will see this in later examples. The plaintext #modulus determines the size of the plaintext data type and the consumption #of noise budget in multiplications. Thus, it is essential to try to keep the #plaintext data type as small as possible for best performance. The noise #budget in a freshly encrypted ciphertext is # # ~ log2(coeff_modulus/plain_modulus) (bits) # #and the noise budget consumption in a homomorphic multiplication is of the #form log2(plain_modulus) + (other terms). # #The plaintext modulus is specific to the BFV scheme, and cannot be set when #using the CKKS scheme. parms.set_plain_modulus(1024) #Now that all parameters are set, we are ready to construct a SEALContext #object. This is a heavy class that checks the validity and properties of the #parameters we just set. context = SEALContext.Create(parms) #Print the parameters that we have chosen. print("Set encryption parameters and print") print_parameters(context) print("~~~~~~ A naive way to calculate 4(x^2+1)(x+1)^2. ~~~~~~") #The encryption schemes in Microsoft SEAL are public key encryption schemes. #For users unfamiliar with this terminology, a public key encryption scheme #has a separate public key for encrypting data, and a separate secret key for #decrypting data. This way multiple parties can encrypt data using the same #shared public key, but only the proper recipient of the data can decrypt it #with the secret key. # #We are now ready to generate the secret and public keys. For this purpose #we need an instance of the KeyGenerator class. Constructing a KeyGenerator #automatically generates the public and secret key, which can immediately be #read to local variables. keygen = KeyGenerator(context) public_key = keygen.public_key() secret_key = keygen.secret_key() #To be able to encrypt we need to construct an instance of Encryptor. Note #that the Encryptor only requires the public key, as expected. encryptor = Encryptor(context, public_key) #Computations on the ciphertexts are performed with the Evaluator class. In #a real use-case the Evaluator would not be constructed by the same party #that holds the secret key. evaluator = Evaluator(context) #We will of course want to decrypt our results to verify that everything worked, #so we need to also construct an instance of Decryptor. Note that the Decryptor #requires the secret key. decryptor = Decryptor(context, secret_key) #As an example, we evaluate the degree 4 polynomial # # 4x^4 + 8x^3 + 8x^2 + 8x + 4 # #over an encrypted x = 6. The coefficients of the polynomial can be considered #as plaintext inputs, as we will see below. The computation is done modulo the #plain_modulus 1024. # #While this examples is simple and easy to understand, it does not have much #practical value. In later examples we will demonstrate how to compute more #efficiently on encrypted integers and real or complex numbers. # #Plaintexts in the BFV scheme are polynomials of degree less than the degree #of the polynomial modulus, and coefficients integers modulo the plaintext #modulus. For readers with background in ring theory, the plaintext space is #the polynomial quotient ring Z_T[X]/(X^N + 1), where N is poly_modulus_degree #and T is plain_modulus. # #To get started, we create a plaintext containing the constant 6. For the #plaintext element we use a constructor that takes the desired polynomial as #a string with coefficients represented as hexadecimal numbers. x = 6 x_plain = Plaintext(str(x)) print("Express x = {} as a plaintext polynomial 0x{}.".format( x, x_plain.to_string())) #We then encrypt the plaintext, producing a ciphertext. x_encrypted = Ciphertext() print("Encrypt x_plain to x_encrypted.") encryptor.encrypt(x_plain, x_encrypted) #In Microsoft SEAL, a valid ciphertext consists of two or more polynomials #whose coefficients are integers modulo the product of the primes in the #coeff_modulus. The number of polynomials in a ciphertext is called its `size' #and is given by Ciphertext::size(). A freshly encrypted ciphertext always #has size 2. print(" + size of freshly encrypted x: {}".format(x_encrypted.size())) #There is plenty of noise budget left in this freshly encrypted ciphertext. print(" + noise budget in freshly encrypted x: {} bits".format( decryptor.invariant_noise_budget(x_encrypted))) #We decrypt the ciphertext and print the resulting plaintext in order to #demonstrate correctness of the encryption. x_decrypted = Plaintext() decryptor.decrypt(x_encrypted, x_decrypted) print(" + decryption of x_encrypted: 0x{} ...... Correct.".format( x_decrypted.to_string())) #When using Microsoft SEAL, it is typically advantageous to compute in a way #that minimizes the longest chain of sequential multiplications. In other #words, encrypted computations are best evaluated in a way that minimizes #the multiplicative depth of the computation, because the total noise budget #consumption is proportional to the multiplicative depth. For example, for #our example computation it is advantageous to factorize the polynomial as # # 4x^4 + 8x^3 + 8x^2 + 8x + 4 = 4(x + 1)^2 * (x^2 + 1) # #to obtain a simple depth 2 representation. Thus, we compute (x + 1)^2 and #(x^2 + 1) separately, before multiplying them, and multiplying by 4. # #First, we compute x^2 and add a plaintext "1". We can clearly see from the #print-out that multiplication has consumed a lot of noise budget. The user #can vary the plain_modulus parameter to see its effect on the rate of noise #budget consumption. print("Compute x_sq_plus_one (x^2+1).") x_sq_plus_one = Ciphertext() evaluator.square(x_encrypted, x_sq_plus_one) plain_one = Plaintext("1") evaluator.add_plain_inplace(x_sq_plus_one, plain_one) #Encrypted multiplication results in the output ciphertext growing in size. #More precisely, if the input ciphertexts have size M and N, then the output #ciphertext after homomorphic multiplication will have size M+N-1. In this #case we perform a squaring, and observe both size growth and noise budget #consumption. print(" + size of x_sq_plus_one: {}".format(x_sq_plus_one.size())) print(" + noise budget in x_sq_plus_one: {} bits".format( decryptor.invariant_noise_budget(x_sq_plus_one))) #Even though the size has grown, decryption works as usual as long as noise #budget has not reached 0. decrypted_result = Plaintext() decryptor.decrypt(x_sq_plus_one, decrypted_result) print(" + decryption of x_sq_plus_one: 0x{} ...... Correct.".format( decrypted_result.to_string())) #Next, we compute (x + 1)^2. print("Compute x_plus_one_sq ((x+1)^2).") x_plus_one_sq = Ciphertext() evaluator.add_plain(x_encrypted, plain_one, x_plus_one_sq) evaluator.square_inplace(x_plus_one_sq) print(" + size of x_plus_one_sq: {}".format(x_plus_one_sq.size())) print(" + noise budget in x_plus_one_sq: {} bits".format( decryptor.invariant_noise_budget(x_plus_one_sq))) decryptor.decrypt(x_plus_one_sq, decrypted_result) print(" + decryption of x_plus_one_sq: 0x{} ...... Correct.".format( decrypted_result.to_string())) #Finally, we multiply (x^2 + 1) * (x + 1)^2 * 4. print("Compute encrypted_result (4(x^2+1)(x+1)^2).") encrypted_result = Ciphertext() plain_four = Plaintext("4") evaluator.multiply_plain_inplace(x_sq_plus_one, plain_four) evaluator.multiply(x_sq_plus_one, x_plus_one_sq, encrypted_result) print(" + size of encrypted_result: {}".format(encrypted_result.size())) print(" + noise budget in encrypted_result: {} bits".format( decryptor.invariant_noise_budget(encrypted_result))) print("NOTE: Decryption can be incorrect if noise budget is zero.") print("~~~~~~ A better way to calculate 4(x^2+1)(x+1)^2. ~~~~~~") #Noise budget has reached 0, which means that decryption cannot be expected #to give the correct result. This is because both ciphertexts x_sq_plus_one #and x_plus_one_sq consist of 3 polynomials due to the previous squaring #operations, and homomorphic operations on large ciphertexts consume much more #noise budget than computations on small ciphertexts. Computing on smaller #ciphertexts is also computationally significantly cheaper. #`Relinearization' is an operation that reduces the size of a ciphertext after #multiplication back to the initial size, 2. Thus, relinearizing one or both #input ciphertexts before the next multiplication can have a huge positive #impact on both noise growth and performance, even though relinearization has #a significant computational cost itself. It is only possible to relinearize #size 3 ciphertexts down to size 2, so often the user would want to relinearize #after each multiplication to keep the ciphertext sizes at 2. #Relinearization requires special `relinearization keys', which can be thought #of as a kind of public key. Relinearization keys can easily be created with #the KeyGenerator. #Relinearization is used similarly in both the BFV and the CKKS schemes, but #in this example we continue using BFV. We repeat our computation from before, #but this time relinearize after every multiplication. #We use KeyGenerator::relin_keys() to create relinearization keys. print("Generate relinearization keys.") relin_keys = keygen.relin_keys() #We now repeat the computation relinearizing after each multiplication. print("Compute and relinearize x_squared (x^2),") print("then compute x_sq_plus_one (x^2+1)") x_squared = Ciphertext() evaluator.square(x_encrypted, x_squared) print(" + size of x_squared: {}".format(x_squared.size())) evaluator.relinearize_inplace(x_squared, relin_keys) print(" + size of x_squared (after relinearization): {}".format( x_squared.size())) evaluator.add_plain(x_squared, plain_one, x_sq_plus_one) print(" + noise budget in x_sq_plus_one: {} bits".format( decryptor.invariant_noise_budget(x_sq_plus_one))) decryptor.decrypt(x_sq_plus_one, decrypted_result) print(" + decryption of x_sq_plus_one: 0x{} ...... Correct.".format( decrypted_result.to_string())) x_plus_one = Ciphertext() print("Compute x_plus_one (x+1),") print("then compute and relinearize x_plus_one_sq ((x+1)^2).") evaluator.add_plain(x_encrypted, plain_one, x_plus_one) evaluator.square(x_plus_one, x_plus_one_sq) print(" + size of x_plus_one_sq: {}".format(x_plus_one_sq.size())) evaluator.relinearize_inplace(x_plus_one_sq, relin_keys) print(" + noise budget in x_plus_one_sq: {} bits".format( decryptor.invariant_noise_budget(x_plus_one_sq))) decryptor.decrypt(x_plus_one_sq, decrypted_result) print(" + decryption of x_plus_one_sq: 0x{} ...... Correct.".format( decrypted_result.to_string())) print("Compute and relinearize encrypted_result (4(x^2+1)(x+1)^2).") evaluator.multiply_plain_inplace(x_sq_plus_one, plain_four) evaluator.multiply(x_sq_plus_one, x_plus_one_sq, encrypted_result) print(" + size of encrypted_result: {}".format(encrypted_result.size())) evaluator.relinearize_inplace(encrypted_result, relin_keys) print(" + size of encrypted_result (after relinearization): {}".format( encrypted_result.size())) print(" + noise budget in encrypted_result: {} bits".format( decryptor.invariant_noise_budget(encrypted_result))) print("NOTE: Notice the increase in remaining noise budget.") #Relinearization clearly improved our noise consumption. We have still plenty #of noise budget left, so we can expect the correct answer when decrypting. print("Decrypt encrypted_result (4(x^2+1)(x+1)^2).") decryptor.decrypt(encrypted_result, decrypted_result) print(" + decryption of 4(x^2+1)(x+1)^2 = 0x{} ...... Correct.".format( decrypted_result.to_string()))
class ServerTest(unittest.TestCase): server = Server() fence = [[-3, -3], [-3, 3], [3, 3], [3, -3]] parms = EncryptionParameters(scheme_type.BFV) poly_modulus_degree = 4096 parms.set_poly_modulus_degree(poly_modulus_degree) parms.set_coeff_modulus(CoeffModulus.BFVDefault(poly_modulus_degree)) parms.set_plain_modulus(1 << 8) server.set_parms(parms) server.fence = fence def test_sever(self): server1 = Server() self.assertIsInstance(Server(), type(server1)) def test_fence(self): self.server.fence = self.fence self.assertEqual(self.server.fence, self.fence) def test_load_fence(self): file_path = "hegeo/tests/resources/sics.json" self.server.load_fence(file_path) with open(file_path) as file: data = (json.load(file)[0]).get('path') self.assertEqual(self.server.fence, data) def test_sub_array_with_c(self): arr = np.array([5, 6, 3, 9, -2, -4, 0]) client = Client() p = np.array([8]) c = client.enc(p) delta = self.server.sub_array_with_c(arr, c[0]) delta_p = client.dec(delta) self.assertTrue(np.array_equal(p - arr, delta_p)) def test_compute_is_left(self): client = Client() arr1 = np.array([5, 6, 3, 9, -2, -4, 7]) arr2 = np.array([6, 8, 3, 9, -2, -4, 5]) arr1_c = client.enc(arr1) arr2_c = client.enc(arr2) is_left_c = self.server.compute_is_left(arr1_c, arr2_c) is_left_p = client.dec(is_left_c) arr1_next = np.roll(arr1, -1) arr2_next = np.roll(arr2, -1) is_left = arr1 * arr2_next - arr2 * arr1_next self.assertTrue(np.array_equal(is_left_p, is_left)) def test_masking_demasking(self): client = Client() arr = np.array([39324356456, 144444, 0, -200, -49]) arr_c = client.enc(arr) flag, arr_m = self.server.masking(arr_c) arr_m_p = client.dec(arr_m) arr_d = self.server.demasking(flag, arr_m_p) self.assertTrue(np.array_equal(arr, arr_d)) def test_detection(self): def detection(point_c, fence): self.server.fence = fence is_left, dy = self.server.compute_intermediate(point_c) flag_is_left, is_left_m = self.server.masking(is_left) flag_dy, dy_m = self.server.masking(dy) is_left = client.dec(is_left_m) dy = client.dec(dy_m) # is_left = self.server.demasking(flag_is_left, is_left) # dy = self.server.demasking(flag_dy, dy) return self.server.detect_inclusion(is_left, dy, flag_is_left, flag_dy) client = Client() vertices = [[0, 0], [0, 20], [30, 20], [30, 0], [20, 0], [20, 10], [10, 10], [10, 0]] point1 = [15, 15] # inside vertical area point1_c = client.enc(point1) self.assertTrue(detection(point1_c, vertices)) point2 = [15, 5] # outside between horizontal areas point2_c = client.enc(point2) detection(point2_c, vertices) self.assertFalse(detection(point2_c, vertices)) point3 = [40, 20] # outside above point3_c = client.enc(point3) self.assertFalse(detection(point3_c, vertices)) point4 = [25, 5] # inside top horizontal area point4_c = client.enc(point4) self.assertTrue(detection(point4_c, vertices))
def example_integer_encoder(): print("Example: Encoders / Integer Encoder") #[IntegerEncoder] (For BFV scheme only) # #The IntegerEncoder encodes integers to BFV plaintext polynomials as follows. #First, a binary expansion of the integer is computed. Next, a polynomial is #created with the bits as coefficients. For example, the integer # # 26 = 2^4 + 2^3 + 2^1 # #is encoded as the polynomial 1x^4 + 1x^3 + 1x^1. Conversely, plaintext #polynomials are decoded by evaluating them at x=2. For negative numbers the #IntegerEncoder simply stores all coefficients as either 0 or -1, where -1 is #represented by the unsigned integer plain_modulus - 1 in memory. # #Since encrypted computations operate on the polynomials rather than on the #encoded integers themselves, the polynomial coefficients will grow in the #course of such computations. For example, computing the sum of the encrypted #encoded integer 26 with itself will result in an encrypted polynomial with #larger coefficients: 2x^4 + 2x^3 + 2x^1. Squaring the encrypted encoded #integer 26 results also in increased coefficients due to cross-terms, namely, # # (2x^4 + 2x^3 + 2x^1)^2 = 1x^8 + 2x^7 + 1x^6 + 2x^5 + 2x^4 + 1x^2; # #further computations will quickly increase the coefficients much more. #Decoding will still work correctly in this case (evaluating the polynomial #at x=2), but since the coefficients of plaintext polynomials are really #integers modulo plain_modulus, implicit reduction modulo plain_modulus may #yield unexpected results. For example, adding 1x^4 + 1x^3 + 1x^1 to itself #plain_modulus many times will result in the constant polynomial 0, which is #clearly not equal to 26 * plain_modulus. It can be difficult to predict when #such overflow will take place especially when computing several sequential #multiplications. # #The IntegerEncoder is easy to understand and use for simple computations, #and can be a good tool to experiment with for users new to Microsoft SEAL. #However, advanced users will probably prefer more efficient approaches, #such as the BatchEncoder or the CKKSEncoder. parms = EncryptionParameters(scheme_type.BFV) poly_modulus_degree = 4096 parms.set_poly_modulus_degree(poly_modulus_degree) parms.set_coeff_modulus(CoeffModulus.BFVDefault(poly_modulus_degree)) #There is no hidden logic behind our choice of the plain_modulus. The only #thing that matters is that the plaintext polynomial coefficients will not #exceed this value at any point during our computation; otherwise the result #will be incorrect. parms.set_plain_modulus(512) context = SEALContext.Create(parms) print_parameters(context) keygen = KeyGenerator(context) public_key = keygen.public_key() secret_key = keygen.secret_key() encryptor = Encryptor(context, public_key) evaluator = Evaluator(context) decryptor = Decryptor(context, secret_key) #We create an IntegerEncoder. encoder = IntegerEncoder(context) #First, we encode two integers as plaintext polynomials. Note that encoding #is not encryption: at this point nothing is encrypted. value1 = 5 plain1 = encoder.encode(value1) print("Encode {} as polynomial {} (plain1), ".format( value1, plain1.to_string())) value2 = -7 plain2 = encoder.encode(value2) print(" encode {} as polynomial {} (plain2)".format( value2, plain2.to_string())) #Now we can encrypt the plaintext polynomials. encrypted1 = Ciphertext() encrypted2 = Ciphertext() print("Encrypt plain1 to encrypted1 and plain2 to encrypted2.") encryptor.encrypt(plain1, encrypted1) encryptor.encrypt(plain2, encrypted2) print(" + Noise budget in encrypted1: {} bits".format( decryptor.invariant_noise_budget(encrypted1))) print(" + Noise budget in encrypted2: {} bits".format( decryptor.invariant_noise_budget(encrypted2))) #As a simple example, we compute (-encrypted1 + encrypted2) * encrypted2. encryptor.encrypt(plain2, encrypted2) encrypted_result = Ciphertext() print( "Compute encrypted_result = (-encrypted1 + encrypted2) * encrypted2.") evaluator.negate(encrypted1, encrypted_result) evaluator.add_inplace(encrypted_result, encrypted2) evaluator.multiply_inplace(encrypted_result, encrypted2) print(" + Noise budget in encrypted_result: {} bits".format( decryptor.invariant_noise_budget(encrypted_result))) plain_result = Plaintext() print("Decrypt encrypted_result to plain_result.") decryptor.decrypt(encrypted_result, plain_result) #Print the result plaintext polynomial. The coefficients are not even close #to exceeding our plain_modulus, 512. print(" + Plaintext polynomial: {}".format(plain_result.to_string())) #Decode to obtain an integer result. print("Decode plain_result.") print(" + Decoded integer: {} ...... Correct.".format( encoder.decode_int32(plain_result)))
def example_batch_encoder(): print("Example: Encoders / Batch Encoder") #[BatchEncoder] (For BFV scheme only) # #Let N denote the poly_modulus_degree and T denote the plain_modulus. Batching #allows the BFV plaintext polynomials to be viewed as 2-by-(N/2) matrices, with #each element an integer modulo T. In the matrix view, encrypted operations act #element-wise on encrypted matrices, allowing the user to obtain speeds-ups of #several orders of magnitude in fully vectorizable computations. Thus, in all #but the simplest computations, batching should be the preferred method to use #with BFV, and when used properly will result in implementations outperforming #anything done with the IntegerEncoder. parms = EncryptionParameters(scheme_type.BFV) poly_modulus_degree = 8192 parms.set_poly_modulus_degree(poly_modulus_degree) parms.set_coeff_modulus(CoeffModulus.BFVDefault(poly_modulus_degree)) #To enable batching, we need to set the plain_modulus to be a prime number #congruent to 1 modulo 2*poly_modulus_degree. Microsoft SEAL provides a helper #method for finding such a prime. In this example we create a 20-bit prime #that supports batching. parms.set_plain_modulus(PlainModulus.Batching(poly_modulus_degree, 20)) context = SEALContext.Create(parms) print_parameters(context) #We can verify that batching is indeed enabled by looking at the encryption #parameter qualifiers created by SEALContext. ##HERE qualifiers = context.qualifiers() print("Batching enabled: {}".format(qualifiers.using_batching)) keygen = KeyGenerator(context) public_key = keygen.public_key() secret_key = keygen.secret_key() relin_keys = keygen.relin_keys() encryptor = Encryptor(context, public_key) evaluator = Evaluator(context) decryptor = Decryptor(context, secret_key) #Batching is done through an instance of the BatchEncoder class. batch_encoder = BatchEncoder(context) #The total number of batching `slots' equals the poly_modulus_degree, N, and #these slots are organized into 2-by-(N/2) matrices that can be encrypted and #computed on. Each slot contains an integer modulo plain_modulus. slot_count = batch_encoder.slot_count() row_size = int(slot_count / 2) print("Plaintext matrix row size: {}".format(row_size)) #The matrix plaintext is simply given to BatchEncoder as a flattened vector #of numbers. The first `row_size' many numbers form the first row, and the #rest form the second row. Here we create the following matrix: # # [ 0, 1, 2, 3, 0, 0, ..., 0 ] # [ 4, 5, 6, 7, 0, 0, ..., 0 ] pod_matrix = Int64Vector([0] * slot_count) pod_matrix[0] = 0 pod_matrix[1] = 1 pod_matrix[2] = 2 pod_matrix[3] = 3 pod_matrix[row_size] = 4 pod_matrix[row_size + 1] = 5 pod_matrix[row_size + 2] = 6 pod_matrix[row_size + 3] = 7 print("Input plaintext matrix:") print_matrix(pod_matrix, row_size) #First we use BatchEncoder to encode the matrix into a plaintext polynomial. plain_matrix = Plaintext() print("Encode plaintext matrix:") batch_encoder.encode(pod_matrix, plain_matrix) #We can instantly decode to verify correctness of the encoding. Note that no #encryption or decryption has yet taken place. print(" + Decode plaintext matrix ...... Correct.") pod_result = Int64Vector([0] * slot_count) batch_encoder.decode(plain_matrix, pod_result) print_matrix(pod_result, row_size) #Next we encrypt the encoded plaintext. encrypted_matrix = Ciphertext() print("Encrypt plain_matrix to encrypted_matrix.") encryptor.encrypt(plain_matrix, encrypted_matrix) print(" + Noise budget in encrypted_matrix: {} bits".format( decryptor.invariant_noise_budget(encrypted_matrix))) #Operating on the ciphertext results in homomorphic operations being performed #simultaneously in all 8192 slots (matrix elements). To illustrate this, we #form another plaintext matrix # # [ 1, 2, 1, 2, 1, 2, ..., 2 ] # [ 1, 2, 1, 2, 1, 2, ..., 2 ] # #and encode it into a plaintext. pod_matrix2 = UInt64Vector([1, 2] * row_size) plain_matrix2 = Plaintext() batch_encoder.encode(pod_matrix2, plain_matrix2) print("Second input plaintext matrix:") print_matrix(pod_matrix2, row_size) #We now add the second (plaintext) matrix to the encrypted matrix, and square #the sum. print("Sum, square, and relinearize.") evaluator.add_plain_inplace(encrypted_matrix, plain_matrix2) evaluator.square_inplace(encrypted_matrix) evaluator.relinearize_inplace(encrypted_matrix, relin_keys) #How much noise budget do we have left? print(" + Noise budget in result: {} bits".format( decryptor.invariant_noise_budget(encrypted_matrix))) #We decrypt and decompose the plaintext to recover the result as a matrix. plain_result = Plaintext() print("Decrypt and decode result.") decryptor.decrypt(encrypted_matrix, plain_result) batch_encoder.decode(plain_result, pod_result) print(" + Result plaintext matrix ...... Correct.") print_matrix(pod_result, row_size)