def example_bfv_basics():
print("Example: BFV Basics")
#In this example, we demonstrate performing simple computations (a polynomial
#evaluation) on encrypted integers using the BFV encryption scheme.
#
#The first task is to set up an instance of the EncryptionParameters class.
#It is critical to understand how the different parameters behave, how they
#affect the encryption scheme, performance, and the security level. There are
#three encryption parameters that are necessary to set:
#
# - poly_modulus_degree (degree of polynomial modulus);
# - coeff_modulus ([ciphertext] coefficient modulus);
# - plain_modulus (plaintext modulus; only for the BFV scheme).
#
#The BFV scheme cannot perform arbitrary computations on encrypted data.
#Instead, each ciphertext has a specific quantity called the `invariant noise
#budget' -- or `noise budget' for short -- measured in bits. The noise budget
#in a freshly encrypted ciphertext (initial noise budget) is determined by
#the encryption parameters. Homomorphic operations consume the noise budget
#at a rate also determined by the encryption parameters. In BFV the two basic
#operations allowed on encrypted data are additions and multiplications, of
#which additions can generally be thought of as being nearly free in terms of
#noise budget consumption compared to multiplications. Since noise budget
#consumption compounds in sequential multiplications, the most significant
#factor in choosing appropriate encryption parameters is the multiplicative
#depth of the arithmetic circuit that the user wants to evaluate on encrypted
#data. Once the noise budget of a ciphertext reaches zero it becomes too
#corrupted to be decrypted. Thus, it is essential to choose the parameters to
#be large enough to support the desired computation; otherwise the result is
#impossible to make sense of even with the secret key.
parms = EncryptionParameters(scheme_type.BFV)
#The first parameter we set is the degree of the `polynomial modulus'. This
#must be a positive power of 2, representing the degree of a power-of-two
#cyclotomic polynomial; it is not necessary to understand what this means.
#
#Larger poly_modulus_degree makes ciphertext sizes larger and all operations
#slower, but enables more complicated encrypted computations. Recommended
#values are 1024, 2048, 4096, 8192, 16384, 32768, but it is also possible
#to go beyond this range.
#
#In this example we use a relatively small polynomial modulus. Anything
#smaller than this will enable only very restricted encrypted computations.
poly_modulus_degree = 4096
parms.set_poly_modulus_degree(poly_modulus_degree)
#Next we set the [ciphertext] `coefficient modulus' (coeff_modulus). This
#parameter is a large integer, which is a product of distinct prime numbers,
#each up to 60 bits in size. It is represented as a vector of these prime
#numbers, each represented by an instance of the SmallModulus class. The
#bit-length of coeff_modulus means the sum of the bit-lengths of its prime
#factors.
#
#A larger coeff_modulus implies a larger noise budget, hence more encrypted
#computation capabilities. However, an upper bound for the total bit-length
#of the coeff_modulus is determined by the poly_modulus_degree, as follows:
#
# +----------------------------------------------------+
# | poly_modulus_degree | max coeff_modulus bit-length |
# +---------------------+------------------------------+
# | 1024 | 27 |
# | 2048 | 54 |
# | 4096 | 109 |
# | 8192 | 218 |
# | 16384 | 438 |
# | 32768 | 881 |
# +---------------------+------------------------------+
#
#These numbers can also be found in native/src/seal/util/hestdparms.h encoded
#in the function SEAL_HE_STD_PARMS_128_TC, and can also be obtained from the
#function
#
# CoeffModulus::MaxBitCount(poly_modulus_degree).
#
#For example, if poly_modulus_degree is 4096, the coeff_modulus could consist
#of three 36-bit primes (108 bits).
#
#Microsoft SEAL comes with helper functions for selecting the coeff_modulus.
#For new users the easiest way is to simply use
#
# CoeffModulus::BFVDefault(poly_modulus_degree),
#
#which returns std::vector<SmallModulus> consisting of a generally good choice
#for the given poly_modulus_degree.
parms.set_coeff_modulus(CoeffModulus.BFVDefault(poly_modulus_degree))
#The plaintext modulus can be any positive integer, even though here we take
#it to be a power of two. In fact, in many cases one might instead want it
#to be a prime number; we will see this in later examples. The plaintext
#modulus determines the size of the plaintext data type and the consumption
#of noise budget in multiplications. Thus, it is essential to try to keep the
#plaintext data type as small as possible for best performance. The noise
#budget in a freshly encrypted ciphertext is
#
# ~ log2(coeff_modulus/plain_modulus) (bits)
#
#and the noise budget consumption in a homomorphic multiplication is of the
#form log2(plain_modulus) + (other terms).
#
#The plaintext modulus is specific to the BFV scheme, and cannot be set when
#using the CKKS scheme.
parms.set_plain_modulus(1024)
#Now that all parameters are set, we are ready to construct a SEALContext
#object. This is a heavy class that checks the validity and properties of the
#parameters we just set.
context = SEALContext.Create(parms)
#Print the parameters that we have chosen.
print("Set encryption parameters and print")
print_parameters(context)
print("~~~~~~ A naive way to calculate 4(x^2+1)(x+1)^2. ~~~~~~")
#The encryption schemes in Microsoft SEAL are public key encryption schemes.
#For users unfamiliar with this terminology, a public key encryption scheme
#has a separate public key for encrypting data, and a separate secret key for
#decrypting data. This way multiple parties can encrypt data using the same
#shared public key, but only the proper recipient of the data can decrypt it
#with the secret key.
#
#We are now ready to generate the secret and public keys. For this purpose
#we need an instance of the KeyGenerator class. Constructing a KeyGenerator
#automatically generates the public and secret key, which can immediately be
#read to local variables.
keygen = KeyGenerator(context)
public_key = keygen.public_key()
secret_key = keygen.secret_key()
#To be able to encrypt we need to construct an instance of Encryptor. Note
#that the Encryptor only requires the public key, as expected.
encryptor = Encryptor(context, public_key)
#Computations on the ciphertexts are performed with the Evaluator class. In
#a real use-case the Evaluator would not be constructed by the same party
#that holds the secret key.
evaluator = Evaluator(context)
#We will of course want to decrypt our results to verify that everything worked,
#so we need to also construct an instance of Decryptor. Note that the Decryptor
#requires the secret key.
decryptor = Decryptor(context, secret_key)
#As an example, we evaluate the degree 4 polynomial
#
# 4x^4 + 8x^3 + 8x^2 + 8x + 4
#
#over an encrypted x = 6. The coefficients of the polynomial can be considered
#as plaintext inputs, as we will see below. The computation is done modulo the
#plain_modulus 1024.
#
#While this examples is simple and easy to understand, it does not have much
#practical value. In later examples we will demonstrate how to compute more
#efficiently on encrypted integers and real or complex numbers.
#
#Plaintexts in the BFV scheme are polynomials of degree less than the degree
#of the polynomial modulus, and coefficients integers modulo the plaintext
#modulus. For readers with background in ring theory, the plaintext space is
#the polynomial quotient ring Z_T[X]/(X^N + 1), where N is poly_modulus_degree
#and T is plain_modulus.
#
#To get started, we create a plaintext containing the constant 6. For the
#plaintext element we use a constructor that takes the desired polynomial as
#a string with coefficients represented as hexadecimal numbers.
x = 6
x_plain = Plaintext(str(x))
print("Express x = {} as a plaintext polynomial 0x{}.".format(
x, x_plain.to_string()))
#We then encrypt the plaintext, producing a ciphertext.
x_encrypted = Ciphertext()
print("Encrypt x_plain to x_encrypted.")
encryptor.encrypt(x_plain, x_encrypted)
#In Microsoft SEAL, a valid ciphertext consists of two or more polynomials
#whose coefficients are integers modulo the product of the primes in the
#coeff_modulus. The number of polynomials in a ciphertext is called its `size'
#and is given by Ciphertext::size(). A freshly encrypted ciphertext always
#has size 2.
print(" + size of freshly encrypted x: {}".format(x_encrypted.size()))
#There is plenty of noise budget left in this freshly encrypted ciphertext.
print(" + noise budget in freshly encrypted x: {} bits".format(
decryptor.invariant_noise_budget(x_encrypted)))
#We decrypt the ciphertext and print the resulting plaintext in order to
#demonstrate correctness of the encryption.
x_decrypted = Plaintext()
decryptor.decrypt(x_encrypted, x_decrypted)
print(" + decryption of x_encrypted: 0x{} ...... Correct.".format(
x_decrypted.to_string()))
#When using Microsoft SEAL, it is typically advantageous to compute in a way
#that minimizes the longest chain of sequential multiplications. In other
#words, encrypted computations are best evaluated in a way that minimizes
#the multiplicative depth of the computation, because the total noise budget
#consumption is proportional to the multiplicative depth. For example, for
#our example computation it is advantageous to factorize the polynomial as
#
# 4x^4 + 8x^3 + 8x^2 + 8x + 4 = 4(x + 1)^2 * (x^2 + 1)
#
#to obtain a simple depth 2 representation. Thus, we compute (x + 1)^2 and
#(x^2 + 1) separately, before multiplying them, and multiplying by 4.
#
#First, we compute x^2 and add a plaintext "1". We can clearly see from the
#print-out that multiplication has consumed a lot of noise budget. The user
#can vary the plain_modulus parameter to see its effect on the rate of noise
#budget consumption.
print("Compute x_sq_plus_one (x^2+1).")
x_sq_plus_one = Ciphertext()
evaluator.square(x_encrypted, x_sq_plus_one)
plain_one = Plaintext("1")
evaluator.add_plain_inplace(x_sq_plus_one, plain_one)
#Encrypted multiplication results in the output ciphertext growing in size.
#More precisely, if the input ciphertexts have size M and N, then the output
#ciphertext after homomorphic multiplication will have size M+N-1. In this
#case we perform a squaring, and observe both size growth and noise budget
#consumption.
print(" + size of x_sq_plus_one: {}".format(x_sq_plus_one.size()))
print(" + noise budget in x_sq_plus_one: {} bits".format(
decryptor.invariant_noise_budget(x_sq_plus_one)))
#Even though the size has grown, decryption works as usual as long as noise
#budget has not reached 0.
decrypted_result = Plaintext()
decryptor.decrypt(x_sq_plus_one, decrypted_result)
print(" + decryption of x_sq_plus_one: 0x{} ...... Correct.".format(
decrypted_result.to_string()))
#Next, we compute (x + 1)^2.
print("Compute x_plus_one_sq ((x+1)^2).")
x_plus_one_sq = Ciphertext()
evaluator.add_plain(x_encrypted, plain_one, x_plus_one_sq)
evaluator.square_inplace(x_plus_one_sq)
print(" + size of x_plus_one_sq: {}".format(x_plus_one_sq.size()))
print(" + noise budget in x_plus_one_sq: {} bits".format(
decryptor.invariant_noise_budget(x_plus_one_sq)))
decryptor.decrypt(x_plus_one_sq, decrypted_result)
print(" + decryption of x_plus_one_sq: 0x{} ...... Correct.".format(
decrypted_result.to_string()))
#Finally, we multiply (x^2 + 1) * (x + 1)^2 * 4.
print("Compute encrypted_result (4(x^2+1)(x+1)^2).")
encrypted_result = Ciphertext()
plain_four = Plaintext("4")
evaluator.multiply_plain_inplace(x_sq_plus_one, plain_four)
evaluator.multiply(x_sq_plus_one, x_plus_one_sq, encrypted_result)
print(" + size of encrypted_result: {}".format(encrypted_result.size()))
print(" + noise budget in encrypted_result: {} bits".format(
decryptor.invariant_noise_budget(encrypted_result)))
print("NOTE: Decryption can be incorrect if noise budget is zero.")
print("~~~~~~ A better way to calculate 4(x^2+1)(x+1)^2. ~~~~~~")
#Noise budget has reached 0, which means that decryption cannot be expected
#to give the correct result. This is because both ciphertexts x_sq_plus_one
#and x_plus_one_sq consist of 3 polynomials due to the previous squaring
#operations, and homomorphic operations on large ciphertexts consume much more
#noise budget than computations on small ciphertexts. Computing on smaller
#ciphertexts is also computationally significantly cheaper.
#`Relinearization' is an operation that reduces the size of a ciphertext after
#multiplication back to the initial size, 2. Thus, relinearizing one or both
#input ciphertexts before the next multiplication can have a huge positive
#impact on both noise growth and performance, even though relinearization has
#a significant computational cost itself. It is only possible to relinearize
#size 3 ciphertexts down to size 2, so often the user would want to relinearize
#after each multiplication to keep the ciphertext sizes at 2.
#Relinearization requires special `relinearization keys', which can be thought
#of as a kind of public key. Relinearization keys can easily be created with
#the KeyGenerator.
#Relinearization is used similarly in both the BFV and the CKKS schemes, but
#in this example we continue using BFV. We repeat our computation from before,
#but this time relinearize after every multiplication.
#We use KeyGenerator::relin_keys() to create relinearization keys.
print("Generate relinearization keys.")
relin_keys = keygen.relin_keys()
#We now repeat the computation relinearizing after each multiplication.
print("Compute and relinearize x_squared (x^2),")
print("then compute x_sq_plus_one (x^2+1)")
x_squared = Ciphertext()
evaluator.square(x_encrypted, x_squared)
print(" + size of x_squared: {}".format(x_squared.size()))
evaluator.relinearize_inplace(x_squared, relin_keys)
print(" + size of x_squared (after relinearization): {}".format(
x_squared.size()))
evaluator.add_plain(x_squared, plain_one, x_sq_plus_one)
print(" + noise budget in x_sq_plus_one: {} bits".format(
decryptor.invariant_noise_budget(x_sq_plus_one)))
decryptor.decrypt(x_sq_plus_one, decrypted_result)
print(" + decryption of x_sq_plus_one: 0x{} ...... Correct.".format(
decrypted_result.to_string()))
x_plus_one = Ciphertext()
print("Compute x_plus_one (x+1),")
print("then compute and relinearize x_plus_one_sq ((x+1)^2).")
evaluator.add_plain(x_encrypted, plain_one, x_plus_one)
evaluator.square(x_plus_one, x_plus_one_sq)
print(" + size of x_plus_one_sq: {}".format(x_plus_one_sq.size()))
evaluator.relinearize_inplace(x_plus_one_sq, relin_keys)
print(" + noise budget in x_plus_one_sq: {} bits".format(
decryptor.invariant_noise_budget(x_plus_one_sq)))
decryptor.decrypt(x_plus_one_sq, decrypted_result)
print(" + decryption of x_plus_one_sq: 0x{} ...... Correct.".format(
decrypted_result.to_string()))
print("Compute and relinearize encrypted_result (4(x^2+1)(x+1)^2).")
evaluator.multiply_plain_inplace(x_sq_plus_one, plain_four)
evaluator.multiply(x_sq_plus_one, x_plus_one_sq, encrypted_result)
print(" + size of encrypted_result: {}".format(encrypted_result.size()))
evaluator.relinearize_inplace(encrypted_result, relin_keys)
print(" + size of encrypted_result (after relinearization): {}".format(
encrypted_result.size()))
print(" + noise budget in encrypted_result: {} bits".format(
decryptor.invariant_noise_budget(encrypted_result)))
print("NOTE: Notice the increase in remaining noise budget.")
#Relinearization clearly improved our noise consumption. We have still plenty
#of noise budget left, so we can expect the correct answer when decrypting.
print("Decrypt encrypted_result (4(x^2+1)(x+1)^2).")
decryptor.decrypt(encrypted_result, decrypted_result)
print(" + decryption of 4(x^2+1)(x+1)^2 = 0x{} ...... Correct.".format(
decrypted_result.to_string()))
def example_batching():
print_example_banner("Example: Batching with PolyCRTBuilder");
parms = EncryptionParameters()
parms.set_poly_modulus("1x^4096 + 1")
parms.set_coeff_modulus(seal.coeff_modulus_128(4096))
parms.set_plain_modulus(40961)
context = SEALContext(parms)
print_parameters(context)
qualifiers = context.qualifiers()
keygen = KeyGenerator(context)
public_key = keygen.public_key()
secret_key = keygen.secret_key()
gal_keys = GaloisKeys()
keygen.generate_galois_keys(30, gal_keys)
#ev_keys = EvaluationKeys()
#keygen.generate_evaluation_keys(30, ev_keys)
encryptor = Encryptor(context, public_key)
evaluator = Evaluator(context)
decryptor = Decryptor(context, secret_key)
crtbuilder = PolyCRTBuilder(context)
slot_count = (int)(crtbuilder.slot_count())
row_size = (int)(slot_count / 2)
print("Plaintext matrix row size: " + (str)(row_size))
def print_matrix(matrix):
print("")
print_size = 5
current_line = " ["
for i in range(print_size):
current_line += ((str)(matrix[i]) + ", ")
current_line += ("..., ")
for i in range(row_size - print_size, row_size):
current_line += ((str)(matrix[i]))
if i != row_size-1: current_line += ", "
else: current_line += "]"
print(current_line)
current_line = " ["
for i in range(row_size, row_size + print_size):
current_line += ((str)(matrix[i]) + ", ")
current_line += ("..., ")
for i in range(2*row_size - print_size, 2*row_size):
current_line += ((str)(matrix[i]))
if i != 2*row_size-1: current_line += ", "
else: current_line += "]"
print(current_line)
print("")
# [ 0, 1, 2, 3, 0, 0, ..., 0 ]
# [ 4, 5, 6, 7, 0, 0, ..., 0 ]
pod_matrix = [0]*slot_count
pod_matrix[0] = 0
pod_matrix[1] = 1
pod_matrix[2] = 2
pod_matrix[3] = 3
pod_matrix[row_size] = 4
pod_matrix[row_size + 1] = 5
pod_matrix[row_size + 2] = 6
pod_matrix[row_size + 3] = 7
print("Input plaintext matrix:")
print_matrix(pod_matrix)
plain_matrix = Plaintext()
crtbuilder.compose(pod_matrix, plain_matrix)
encrypted_matrix = Ciphertext()
print("Encrypting: ")
encryptor.encrypt(plain_matrix, encrypted_matrix)
print("Done")
print("Noise budget in fresh encryption: " +
(str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")
pod_matrix2 = []
for i in range(slot_count): pod_matrix2.append((i % 2) + 1)
plain_matrix2 = Plaintext()
crtbuilder.compose(pod_matrix2, plain_matrix2)
print("Second input plaintext matrix:")
print_matrix(pod_matrix2)
print("Adding and squaring: ")
evaluator.add_plain(encrypted_matrix, plain_matrix2)
evaluator.square(encrypted_matrix)
evaluator.relinearize(encrypted_matrix, ev_keys)
print("Done")
print("Noise budget in result: " + (str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")
plain_result = Plaintext()
print("Decrypting result: ")
decryptor.decrypt(encrypted_matrix, plain_result)
print("Done")
crtbuilder.decompose(plain_result)
pod_result = [plain_result.coeff_at(i) for i in range(plain_result.coeff_count())]
print("Result plaintext matrix:")
print_matrix(pod_result)
encryptor.encrypt(plain_matrix, encrypted_matrix)
print("Unrotated matrix: ")
print_matrix(pod_matrix)
print("Noise budget in fresh encryption: " +
(str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")
# Now rotate the rows to the left 3 steps, decrypt, decompose, and print.
evaluator.rotate_rows(encrypted_matrix, 3, gal_keys)
print("Rotated rows 3 steps left: ")
decryptor.decrypt(encrypted_matrix, plain_result)
crtbuilder.decompose(plain_result)
pod_result = [plain_result.coeff_at(i) for i in range(plain_result.coeff_count())]
print_matrix(pod_result)
print("Noise budget after rotation" +
(str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")
# Rotate columns (swap rows), decrypt, decompose, and print.
evaluator.rotate_columns(encrypted_matrix, gal_keys)
print("Rotated columns: ")
decryptor.decrypt(encrypted_matrix, plain_result)
crtbuilder.decompose(plain_result)
pod_result = [plain_result.coeff_at(i) for i in range(plain_result.coeff_count())]
print_matrix(pod_result)
print("Noise budget after rotation: " +
(str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")
# Rotate rows to the right 4 steps, decrypt, decompose, and print.
evaluator.rotate_rows(encrypted_matrix, -4, gal_keys)
print("Rotated rows 4 steps right: ")
decryptor.decrypt(encrypted_matrix, plain_result)
crtbuilder.decompose(plain_result)
pod_result = [plain_result.coeff_at(i) for i in range(plain_result.coeff_count())]
print_matrix(pod_result)
print("Noise budget after rotation: " +
(str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")
class CipherMatrix:
"""
"""
def __init__(self, matrix=None):
"""
:param matrix: numpy.ndarray to be encrypted.
"""
self.parms = EncryptionParameters()
self.parms.set_poly_modulus("1x^2048 + 1")
self.parms.set_coeff_modulus(seal.coeff_modulus_128(2048))
self.parms.set_plain_modulus(1 << 8)
self.context = SEALContext(self.parms)
# self.encoder = IntegerEncoder(self.context.plain_modulus())
self.encoder = FractionalEncoder(self.context.plain_modulus(),
self.context.poly_modulus(), 64, 32,
3)
self.keygen = KeyGenerator(self.context)
self.public_key = self.keygen.public_key()
self.secret_key = self.keygen.secret_key()
self.encryptor = Encryptor(self.context, self.public_key)
self.decryptor = Decryptor(self.context, self.secret_key)
self.evaluator = Evaluator(self.context)
self._saved = False
self._encrypted = False
self._id = '{0:04d}'.format(np.random.randint(1000))
if matrix is not None:
assert len(
matrix.shape) == 2, "Only 2D numpy matrices accepted currently"
self.matrix = np.copy(matrix)
self.encrypted_matrix = np.empty(self.matrix.shape, dtype=object)
for i in range(self.matrix.shape[0]):
for j in range(self.matrix.shape[1]):
self.encrypted_matrix[i, j] = Ciphertext()
else:
self.matrix = None
self.encrypted_matrix = None
print(self._id, "Created")
def __repr__(self):
"""
:return:
"""
print("Encrypted:", self._encrypted)
if not self._encrypted:
print(self.matrix)
return ""
else:
return '[]'
def __str__(self):
"""
:return:
"""
print("| Encryption parameters:")
print("| poly_modulus: " + self.context.poly_modulus().to_string())
# Print the size of the true (product) coefficient modulus
print("| coeff_modulus_size: " + (
str)(self.context.total_coeff_modulus().significant_bit_count()) +
" bits")
print("| plain_modulus: " +
(str)(self.context.plain_modulus().value()))
print("| noise_standard_deviation: " +
(str)(self.context.noise_standard_deviation()))
if self.matrix is not None:
print(self.matrix.shape)
return str(type(self))
def __add__(self, other):
"""
:param other:
:return:
"""
assert isinstance(
other, CipherMatrix), "Can only be added with a CipherMatrix"
A_enc = self._encrypted
B_enc = other._encrypted
if A_enc:
A = self.encrypted_matrix
else:
A = self.matrix
if B_enc:
B = other.encrypted_matrix
else:
B = other.matrix
assert A.shape == B.shape, "Dimension mismatch, Matrices must be of same shape. Got {} and {}".format(
A.shape, B.shape)
shape = A.shape
result = CipherMatrix(np.zeros(shape, dtype=np.int32))
result._update_cryptors(self.get_keygen())
if A_enc:
if B_enc:
res_mat = result.encrypted_matrix
for i in range(shape[0]):
for j in range(shape[1]):
self.evaluator.add(A[i, j], B[i, j], res_mat[i, j])
result._encrypted = True
else:
res_mat = result.encrypted_matrix
for i in range(shape[0]):
for j in range(shape[1]):
self.evaluator.add_plain(A[i, j],
self.encoder.encode(B[i, j]),
res_mat[i, j])
result._encrypted = True
else:
if B_enc:
res_mat = result.encrypted_matrix
for i in range(shape[0]):
for j in range(shape[1]):
self.evaluator.add_plain(B[i, j],
self.encoder.encode(A[i, j]),
res_mat[i, j])
result._encrypted = True
else:
result.matrix = A + B
result._encrypted = False
return result
def __sub__(self, other):
"""
:param other:
:return:
"""
assert isinstance(other, CipherMatrix)
if other._encrypted:
shape = other.encrypted_matrix.shape
for i in range(shape[0]):
for j in range(shape[1]):
self.evaluator.negate(other.encrypted_matrix[i, j])
else:
other.matrix = -1 * other.matrix
return self + other
def __mul__(self, other):
"""
:param other:
:return:
"""
assert isinstance(
other, CipherMatrix), "Can only be multiplied with a CipherMatrix"
# print("LHS", self._id, "RHS", other._id)
A_enc = self._encrypted
B_enc = other._encrypted
if A_enc:
A = self.encrypted_matrix
else:
A = self.matrix
if B_enc:
B = other.encrypted_matrix
else:
B = other.matrix
Ashape = A.shape
Bshape = B.shape
assert Ashape[1] == Bshape[0], "Dimensionality mismatch"
result_shape = [Ashape[0], Bshape[1]]
result = CipherMatrix(np.zeros(shape=result_shape))
if A_enc:
if B_enc:
for i in range(Ashape[0]):
for j in range(Bshape[1]):
result_array = []
for k in range(Ashape[1]):
res = Ciphertext()
self.evaluator.multiply(A[i, k], B[k, j], res)
result_array.append(res)
self.evaluator.add_many(result_array,
result.encrypted_matrix[i, j])
result._encrypted = True
else:
for i in range(Ashape[0]):
for j in range(Bshape[1]):
result_array = []
for k in range(Ashape[1]):
res = Ciphertext()
self.evaluator.multiply_plain(
A[i, k], self.encoder.encode(B[k, j]), res)
result_array.append(res)
self.evaluator.add_many(result_array,
result.encrypted_matrix[i, j])
result._encrypted = True
else:
if B_enc:
for i in range(Ashape[0]):
for j in range(Bshape[1]):
result_array = []
for k in range(Ashape[1]):
res = Ciphertext()
self.evaluator.multiply_plain(
B[i, k], self.encoder.encode(A[k, j]), res)
result_array.append(res)
self.evaluator.add_many(result_array,
result.encrypted_matrix[i, j])
result._encrypted = True
else:
result.matrix = np.matmul(A, B)
result._encrypted = False
return result
def save(self, path):
"""
:param path:
:return:
"""
save_dir = os.path.join(path, self._id)
if self._saved:
print("CipherMatrix already saved")
else:
assert not os.path.isdir(save_dir), "Directory already exists"
os.mkdir(save_dir)
if not self._encrypted:
self.encrypt()
shape = self.encrypted_matrix.shape
for i in range(shape[0]):
for j in range(shape[1]):
element_name = str(i) + '-' + str(j) + '.ahem'
self.encrypted_matrix[i, j].save(
os.path.join(save_dir, element_name))
self.secret_key.save("/keys/" + "." + self._id + '.wheskey')
self._saved = True
return save_dir
def load(self, path, load_secret_key=False):
"""
:param path:
:param load_secret_key:
:return:
"""
self._id = path.split('/')[-1]
print("Loading Matrix:", self._id)
file_list = os.listdir(path)
index_list = [[file.split('.')[0].split('-'), file]
for file in file_list]
M = int(max([int(ind[0][0]) for ind in index_list])) + 1
N = int(max([int(ind[0][1]) for ind in index_list])) + 1
del self.encrypted_matrix
self.encrypted_matrix = np.empty([M, N], dtype=object)
for index in index_list:
i = int(index[0][0])
j = int(index[0][1])
self.encrypted_matrix[i, j] = Ciphertext()
self.encrypted_matrix[i, j].load(os.path.join(path, index[1]))
if load_secret_key:
self.secret_key.load("/keys/" + "." + self._id + '.wheskey')
self.matrix = np.empty(self.encrypted_matrix.shape)
self._encrypted = True
def encrypt(self, matrix=None, keygen=None):
"""
:param matrix:
:return:
"""
assert not self._encrypted, "Matrix already encrypted"
if matrix is not None:
assert self.matrix is None, "matrix already exists"
self.matrix = np.copy(matrix)
shape = self.matrix.shape
self.encrypted_matrix = np.empty(shape, dtype=object)
if keygen is not None:
self._update_cryptors(keygen)
for i in range(shape[0]):
for j in range(shape[1]):
val = self.encoder.encode(self.matrix[i, j])
self.encrypted_matrix[i, j] = Ciphertext()
self.encryptor.encrypt(val, self.encrypted_matrix[i, j])
self._encrypted = True
def decrypt(self, encrypted_matrix=None, keygen=None):
"""
:return:
"""
if encrypted_matrix is not None:
self.encrypted_matrix = encrypted_matrix
assert self._encrypted, "No encrypted matrix"
del self.matrix
shape = self.encrypted_matrix.shape
self.matrix = np.empty(shape)
if keygen is not None:
self._update_cryptors(keygen)
for i in range(shape[0]):
for j in range(shape[1]):
plain_text = Plaintext()
self.decryptor.decrypt(self.encrypted_matrix[i, j], plain_text)
self.matrix[i, j] = self.encoder.decode(plain_text)
self._encrypted = False
return np.copy(self.matrix)
def get_keygen(self):
"""
:return:
"""
return self.keygen
def _update_cryptors(self, keygen):
"""
:param keygen:
:return:
"""
self.keygen = keygen
self.public_key = keygen.public_key()
self.secret_key = keygen.secret_key()
self.encryptor = Encryptor(self.context, self.public_key)
self.decryptor = Decryptor(self.context, self.secret_key)
return
class SealOps:
@classmethod
def with_env(cls):
parms = EncryptionParameters(scheme_type.CKKS)
parms.set_poly_modulus_degree(POLY_MODULUS_DEGREE)
parms.set_coeff_modulus(
CoeffModulus.Create(POLY_MODULUS_DEGREE, PRIME_SIZE_LIST))
context = SEALContext.Create(parms)
keygen = KeyGenerator(context)
public_key = keygen.public_key()
secret_key = keygen.secret_key()
relin_keys = keygen.relin_keys()
galois_keys = keygen.galois_keys()
return cls(context=context,
public_key=public_key,
secret_key=secret_key,
relin_keys=relin_keys,
galois_keys=galois_keys,
poly_modulus_degree=POLY_MODULUS_DEGREE,
scale=SCALE)
def __init__(self,
context: SEALContext,
scale: float,
poly_modulus_degree: int,
public_key: PublicKey = None,
secret_key: SecretKey = None,
relin_keys: RelinKeys = None,
galois_keys: GaloisKeys = None):
self.scale = scale
self.context = context
self.encoder = CKKSEncoder(context)
self.evaluator = Evaluator(context)
self.encryptor = Encryptor(context, public_key)
self.decryptor = Decryptor(context, secret_key)
self.relin_keys = relin_keys
self.galois_keys = galois_keys
self.poly_modulus_degree_log = np.log2(poly_modulus_degree)
def encrypt(self, matrix: np.array):
matrix = Matrix.from_numpy_array(array=matrix)
cipher_matrix = CipherMatrix(rows=matrix.rows, cols=matrix.cols)
for i in range(matrix.rows):
encoded_row = Plaintext()
self.encoder.encode(matrix[i], self.scale, encoded_row)
self.encryptor.encrypt(encoded_row, cipher_matrix[i])
return cipher_matrix
def decrypt(self, cipher_matrix: CipherMatrix) -> Matrix:
matrix = Matrix(rows=cipher_matrix.rows, cols=cipher_matrix.cols)
for i in range(matrix.rows):
row = Vector()
encoded_row = Plaintext()
self.decryptor.decrypt(cipher_matrix[i], encoded_row)
self.encoder.decode(encoded_row, row)
matrix[i] = row
return matrix
def add(self, matrix_a: CipherMatrix,
matrix_b: CipherMatrix) -> CipherMatrix:
self.validate_same_dimension(matrix_a, matrix_b)
result_matrix = CipherMatrix(rows=matrix_a.rows, cols=matrix_a.cols)
for i in range(matrix_a.rows):
a_tag, b_tag = self.get_matched_scale_vectors(
matrix_a[i], matrix_b[i])
self.evaluator.add(a_tag, b_tag, result_matrix[i])
return result_matrix
def add_plain(self, matrix_a: CipherMatrix,
matrix_b: np.array) -> CipherMatrix:
matrix_b = Matrix.from_numpy_array(matrix_b)
self.validate_same_dimension(matrix_a, matrix_b)
result_matrix = CipherMatrix(rows=matrix_a.rows, cols=matrix_a.cols)
for i in range(matrix_a.rows):
row = matrix_b[i]
encoded_row = Plaintext()
self.encoder.encode(row, self.scale, encoded_row)
self.evaluator.mod_switch_to_inplace(encoded_row,
matrix_a[i].parms_id())
self.evaluator.add_plain(matrix_a[i], encoded_row,
result_matrix[i])
return result_matrix
def multiply_plain(self, matrix_a: CipherMatrix,
matrix_b: np.array) -> CipherMatrix:
matrix_b = Matrix.from_numpy_array(matrix_b)
self.validate_same_dimension(matrix_a, matrix_b)
result_matrix = CipherMatrix(rows=matrix_a.rows, cols=matrix_a.cols)
for i in range(matrix_a.rows):
row = matrix_b[i]
encoded_row = Plaintext()
self.encoder.encode(row, self.scale, encoded_row)
self.evaluator.mod_switch_to_inplace(encoded_row,
matrix_a[i].parms_id())
self.evaluator.multiply_plain(matrix_a[i], encoded_row,
result_matrix[i])
return result_matrix
def dot_vector(self, a: Ciphertext, b: Ciphertext) -> Ciphertext:
result = Ciphertext()
self.evaluator.multiply(a, b, result)
self.evaluator.relinearize_inplace(result, self.relin_keys)
self.vector_sum_inplace(result)
self.get_vector_first_element(result)
self.evaluator.rescale_to_next_inplace(result)
return result
def dot_vector_with_plain(self, a: Ciphertext,
b: DoubleVector) -> Ciphertext:
result = Ciphertext()
b_plain = Plaintext()
self.encoder.encode(b, self.scale, b_plain)
self.evaluator.multiply_plain(a, b_plain, result)
self.vector_sum_inplace(result)
self.get_vector_first_element(result)
self.evaluator.rescale_to_next_inplace(result)
return result
def get_vector_range(self, vector_a: Ciphertext, i: int,
j: int) -> Ciphertext:
cipher_range = Ciphertext()
one_and_zeros = DoubleVector([0.0 if x < i else 1.0 for x in range(j)])
plain = Plaintext()
self.encoder.encode(one_and_zeros, self.scale, plain)
self.evaluator.mod_switch_to_inplace(plain, vector_a.parms_id())
self.evaluator.multiply_plain(vector_a, plain, cipher_range)
return cipher_range
def dot_matrix_with_matrix_transpose(self, matrix_a: CipherMatrix,
matrix_b: CipherMatrix):
result_matrix = CipherMatrix(rows=matrix_a.rows, cols=matrix_a.cols)
rows_a = matrix_a.rows
cols_b = matrix_b.rows
for i in range(rows_a):
vector_dot_products = []
zeros = Plaintext()
for j in range(cols_b):
vector_dot_products += [
self.dot_vector(matrix_a[i], matrix_b[j])
]
if j == 0:
zero = DoubleVector()
self.encoder.encode(zero, vector_dot_products[j].scale(),
zeros)
self.evaluator.mod_switch_to_inplace(
zeros, vector_dot_products[j].parms_id())
self.evaluator.add_plain(vector_dot_products[j], zeros,
result_matrix[i])
else:
self.evaluator.rotate_vector_inplace(
vector_dot_products[j], -j, self.galois_keys)
self.evaluator.add_inplace(result_matrix[i],
vector_dot_products[j])
for vec in result_matrix:
self.evaluator.relinearize_inplace(vec, self.relin_keys)
self.evaluator.rescale_to_next_inplace(vec)
return result_matrix
def dot_matrix_with_plain_matrix_transpose(self, matrix_a: CipherMatrix,
matrix_b: np.array):
matrix_b = Matrix.from_numpy_array(matrix_b)
result_matrix = CipherMatrix(rows=matrix_a.rows, cols=matrix_a.cols)
rows_a = matrix_a.rows
cols_b = matrix_b.rows
for i in range(rows_a):
vector_dot_products = []
zeros = Plaintext()
for j in range(cols_b):
vector_dot_products += [
self.dot_vector_with_plain(matrix_a[i], matrix_b[j])
]
if j == 0:
zero = DoubleVector()
self.encoder.encode(zero, vector_dot_products[j].scale(),
zeros)
self.evaluator.mod_switch_to_inplace(
zeros, vector_dot_products[j].parms_id())
self.evaluator.add_plain(vector_dot_products[j], zeros,
result_matrix[i])
else:
self.evaluator.rotate_vector_inplace(
vector_dot_products[j], -j, self.galois_keys)
self.evaluator.add_inplace(result_matrix[i],
vector_dot_products[j])
for vec in result_matrix:
self.evaluator.relinearize_inplace(vec, self.relin_keys)
self.evaluator.rescale_to_next_inplace(vec)
return result_matrix
@staticmethod
def validate_same_dimension(matrix_a, matrix_b):
if matrix_a.rows != matrix_b.rows or matrix_a.cols != matrix_b.cols:
raise ArithmeticError("Matrices aren't of the same dimension")
def vector_sum_inplace(self, cipher: Ciphertext):
rotated = Ciphertext()
for i in range(int(self.poly_modulus_degree_log - 1)):
self.evaluator.rotate_vector(cipher, pow(2, i), self.galois_keys,
rotated)
self.evaluator.add_inplace(cipher, rotated)
def get_vector_first_element(self, cipher: Ciphertext):
one_and_zeros = DoubleVector([1.0])
plain = Plaintext()
self.encoder.encode(one_and_zeros, self.scale, plain)
self.evaluator.multiply_plain_inplace(cipher, plain)
def get_matched_scale_vectors(self, a: Ciphertext,
b: Ciphertext) -> (Ciphertext, Ciphertext):
a_tag = Ciphertext(a)
b_tag = Ciphertext(b)
a_index = self.context.get_context_data(a.parms_id()).chain_index()
b_index = self.context.get_context_data(b.parms_id()).chain_index()
# Changing the mod if required, else just setting the scale
if a_index < b_index:
self.evaluator.mod_switch_to_inplace(b_tag, a.parms_id())
elif a_index > b_index:
self.evaluator.mod_switch_to_inplace(a_tag, b.parms_id())
a_tag.set_scale(self.scale)
b_tag.set_scale(self.scale)
return a_tag, b_tag
