示例#1
0
def test2():
    img_path = '00001.jpg'
    img = cv2.imread(img_path, cv2.IMREAD_GRAYSCALE)
    print("Original image dimensions {}".format(img.shape))
    sift = cv2.xfeatures2d.SIFT_create()
    (kps, desc) = sift.detectAndCompute(img, None)

    desc = preprocessing.normalize(np.array(
        desc.flatten()[:DESC_SIZE]).reshape(1, DESC_SIZE),
                                   norm='l2')
    descriptor_vec1 = desc
    descriptor_vec2 = descriptor_vec1
    context = config()
    public_key, secret_key = keygen(context)

    encoder = IntegerEncoder(context.plain_modulus())
    encryptor = Encryptor(context, public_key)
    crtbuilder = PolyCRTBuilder(context)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    slot_count = (int)(crtbuilder.slot_count())
    print("slot count {}".format(slot_count))
    print("Plaintext shape", descriptor_vec1.shape)
    plain_matrix = decompose_plain(slot_count, descriptor_vec1, crtbuilder)

    for i in range(10000):
        encrypted_matrix = Ciphertext()
        print("Encrypting: ")
        time_start = time.time()
        encryptor.encrypt(plain_matrix, encrypted_matrix)
        time_end = time.time()
        print("Done in time {}".format((str)(1000 * (time_end - time_start))))

        print("Square:")
        time_start = time.time()
        evaluator.square(encrypted_matrix)
        time_end = time.time()
        print("Square is done in {} miliseconds".format(
            (str)(1000 * (time_end - time_start))))

        plain_result = Plaintext()
        print("Decryption plain: ")
        time_start = time.time()
        decryptor.decrypt(encrypted_matrix, plain_result)
        time_end = time.time()
        print("Decryption is done in {} miliseconds".format(
            (str)(1000 * (time_end - time_start))))
        # print("Plaintext polynomial: {}".format(plain_result.to_string()))
        # print("Decoded integer: {}".format(encoder.decode_int32(plain_result)))
        print("Noise budget {} bits".format(
            decryptor.invariant_noise_budget(encrypted_matrix)))
示例#2
0
def example_rotation_ckks():
    print("Example: Rotation / Rotation in CKKS");

    #Rotations in the CKKS scheme work very similarly to rotations in BFV.
    parms = EncryptionParameters(scheme_type.CKKS)

    poly_modulus_degree = 8192
    parms.set_poly_modulus_degree(poly_modulus_degree)
    parms.set_coeff_modulus(CoeffModulus.Create(
        poly_modulus_degree, IntVector([40, 40, 40, 40, 40])))

    context = SEALContext.Create(parms)
    print_parameters(context)

    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()
    relin_keys = keygen.relin_keys()
    gal_keys = keygen.galois_keys()
    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    ckks_encoder = CKKSEncoder(context)

    slot_count = ckks_encoder.slot_count()
    print("Number of slots: {}".format(slot_count))

    step_size = 1.0 / (slot_count - 1)
    input = DoubleVector(list(map(lambda x: x*step_size, range(0, slot_count))))

    print_vector(input)

    scale = 2.0**50

    print("Encode and encrypt.")
    plain = Plaintext() 
    ckks_encoder.encode(input, scale, plain)
    encrypted = Ciphertext() 
    encryptor.encrypt(plain, encrypted)

    rotated = Ciphertext()  
    print("Rotate 2 steps left.")
    evaluator.rotate_vector(encrypted, 2, gal_keys, rotated)
    print("    + Decrypt and decode ...... Correct.")
    decryptor.decrypt(rotated, plain)
    result = DoubleVector()
    ckks_encoder.decode(plain, result)
    print_vector(result)
class FractionalDecryptorUtils:
    def __init__(self, context):
        """
        Class providing decryption operation
        :param context: Context initialising HE parameters
        """
        self.context = context.context
        self.secret_key = context.secret_key
        self.decryptor = Decryptor(self.context, self.secret_key)
        self.encoder = FractionalEncoder(self.context.plain_modulus(),
                                         self.context.poly_modulus(), 64, 32,
                                         3)
        self.evaluator = context.evaluator

    def decrypt(self, encrypted_res):
        plain_result = Plaintext()
        self.decryptor.decrypt(encrypted_res, plain_result)
        result = self.encoder.decode(plain_result)
        return result
示例#4
0
def decryptMatrix(cm):
    r, c = len(cm), len(cm[0])
    m = [[0] * c for i in range(r)]
    decryptor = Decryptor(context, secret_key)
    plain_result = Plaintext()
    for i in range(r):
        for j in range(c):
            decryptor.decrypt(cm[i][j], plain_result)
            m[i][j] = encoder.decode(plain_result)
    return m


# m1 = [[1,3,2],[4,3,1]]
# m2 = [[2,2,1]]
# cm1, cm2 = encryptMatrix(m1), encryptMatrix(m2)
# cm = matrixProduct(cm1, cm2)
# print(decryptMatrix(cm))

# need to multiply encrypted matrix by encrypted vector
示例#5
0
def do_per_amount(amount, subtract_from=15):
    """
	Called on every message in the stream
	"""
    print("Transaction amount ", amount)
    parms = EncryptionParameters()
    parms.set_poly_modulus("1x^2048 + 1")
    parms.set_coeff_modulus(seal.coeff_modulus_128(2048))
    parms.set_plain_modulus(1 << 8)
    context = SEALContext(parms)

    # Encode
    encoder = FractionalEncoder(context.plain_modulus(),
                                context.poly_modulus(), 64, 32, 3)

    # To create a fresh pair of keys one can call KeyGenerator::generate() at any time.
    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()

    encryptor = Encryptor(context, public_key)

    plain1 = encoder.encode(amount)
    encoded2 = encoder.encode(subtract_from)

    # Encrypt
    encrypted1 = Ciphertext(parms)
    encryptor.encrypt(plain1, encrypted1)

    # Evaluate
    evaluator = Evaluator(context)
    evaluated = evaluate_subtraction_from_plain(evaluator, encrypted1,
                                                encoded2)

    # Decrypt and decode
    decryptor = Decryptor(context, secret_key)
    plain_result = Plaintext()
    decryptor.decrypt(evaluated, plain_result)
    result = encoder.decode(plain_result)

    str_result = "Amount left = " + str(result)
    print(str_result)
    return str_result
def encryption(value):
    # IntegerEncoder with base 2
    encoder = IntegerEncoder(context.plain_modulus())

    # generate public/private keys
    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()

    # encrypts public key
    encryptor = Encryptor(context, public_key)

    # perform computations on ciphertexts
    evaluator = Evaluator(context)

    # decrypts secret key
    decryptor = Decryptor(context, secret_key)

    # perform encryptions
    plaintext = encoder.encode(value)

    # convert into encrypted ciphertext
    encrypt = Ciphertext()
    encryptor.encrypt(plaintext, encrypt)
    print("Encryption successful!")
    print("Encrypted ciphertext: " + (str)(value) + " as " +
          plaintext.to_string())

    # noise budget of fresh encryptions
    print("Noise budget: " + (str)(decryptor.invariant_noise_budget(encrypt)) +
          " bits")

    # decrypts result
    result = Plaintext()
    decryptor.decrypt(encrypt, result)
    print("Decryption successful!")

    print("Plaintext: " + result.to_string())

    # decode for original integer
    print("Original node: " + (str)(encoder.decode_int32(result)) + "\n")
示例#7
0
def example_rotation_bfv():
    print("Example: Rotation / Rotation in BFV")

    parms = EncryptionParameters(scheme_type.BFV)

    poly_modulus_degree = 8192
    parms.set_poly_modulus_degree(poly_modulus_degree)
    parms.set_coeff_modulus(CoeffModulus.BFVDefault(poly_modulus_degree))
    parms.set_plain_modulus(PlainModulus.Batching(poly_modulus_degree, 20))

    context = SEALContext.Create(parms)
    print_parameters(context)

    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()
    relin_keys = keygen.relin_keys()
    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    batch_encoder = BatchEncoder(context)
    slot_count = batch_encoder.slot_count()
    row_size = int(slot_count / 2)
    print("Plaintext matrix row size: {}".format(row_size))

    pod_matrix = UInt64Vector([0]*slot_count)
    pod_matrix[0] = 0
    pod_matrix[1] = 1
    pod_matrix[2] = 2
    pod_matrix[3] = 3
    pod_matrix[row_size] = 4
    pod_matrix[row_size + 1] = 5
    pod_matrix[row_size + 2] = 6
    pod_matrix[row_size + 3] = 7

    print("Input plaintext matrix:")
    print_matrix(pod_matrix, row_size)

    #First we use BatchEncoder to encode the matrix into a plaintext. We encrypt
    #the plaintext as usual.

    plain_matrix = Plaintext()  
    print("Encode and encrypt.")
    batch_encoder.encode(pod_matrix, plain_matrix)
    encrypted_matrix = Ciphertext() 
    encryptor.encrypt(plain_matrix, encrypted_matrix)
    print("    + Noise budget in fresh encryption: {} bits".format(
        decryptor.invariant_noise_budget(encrypted_matrix))) 

    #Rotations require yet another type of special key called `Galois keys'. These
    #are easily obtained from the KeyGenerator.

    gal_keys = keygen.galois_keys()

    #Now rotate both matrix rows 3 steps to the left, decrypt, decode, and print.
    print("Rotate rows 3 steps left.")
    evaluator.rotate_rows_inplace(encrypted_matrix, 3, gal_keys)
    plain_result = Plaintext()  
    print("    + Noise budget after rotation: {} bits".format(
        decryptor.invariant_noise_budget(encrypted_matrix)))
    print("    + Decrypt and decode ...... Correct.")
    decryptor.decrypt(encrypted_matrix, plain_result)
    batch_encoder.decode(plain_result, pod_matrix)
    print_matrix(pod_matrix, row_size)

    #We can also rotate the columns, i.e., swap the rows.
    print("Rotate columns.")
    evaluator.rotate_columns_inplace(encrypted_matrix, gal_keys)
    print("    + Noise budget after rotation: {} bits".format(
        decryptor.invariant_noise_budget(encrypted_matrix)))
    print("    + Decrypt and decode ...... Correct.")
    decryptor.decrypt(encrypted_matrix, plain_result)
    batch_encoder.decode(plain_result, pod_matrix)
    print_matrix(pod_matrix, row_size)

    #Finally, we rotate the rows 4 steps to the right, decrypt, decode, and print.
    print("Rotate rows 4 steps right.")
    evaluator.rotate_rows_inplace(encrypted_matrix, -4, gal_keys)
    print("    + Noise budget after rotation: {} bits".format(
        decryptor.invariant_noise_budget(encrypted_matrix)))
    print("    + Decrypt and decode ...... Correct.")
    decryptor.decrypt(encrypted_matrix, plain_result)
    batch_encoder.decode(plain_result, pod_matrix)
    print_matrix(pod_matrix, row_size)
示例#8
0
def example_basics_ii():
    print_example_banner("Example: Basics II")

    # In this example we explain what relinearization is, how to use it, and how
    # it affects noise budget consumption.

    # First we set the parameters, create a SEALContext, and generate the public
    # and secret keys. We use slightly larger parameters than be fore to be able
    # to do more homomorphic multiplications.
    parms = EncryptionParameters()
    parms.set_poly_modulus("1x^8192 + 1")

    # The default coefficient modulus consists of the following primes:

    #     0x7fffffffba0001,
    #     0x7fffffffaa0001,
    #     0x7fffffff7e0001,
    #     0x3fffffffd60001.

    # The total size is 219 bits.
    parms.set_coeff_modulus(seal.coeff_modulus_128(8192))
    parms.set_plain_modulus(1 << 10)

    context = SEALContext(parms)
    print_parameters(context)

    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()

    # We also set up an Encryptor, Evaluator, and Decryptor here. We will
    # encrypt polynomials directly in this example, so there is no need for
    # an encoder.
    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    # There are actually two more types of keys in SEAL: `evaluation keys' and
    # `Galois keys'. Here we will discuss evaluation keys, and Galois keys will
    # be discussed later in example_batching().

    # In SEAL, a valid ciphertext consists of two or more polynomials with
    # coefficients integers modulo the product of the primes in coeff_modulus.
    # The current size of a ciphertext can be found using Ciphertext::size().
    # A freshly encrypted ciphertext always has size 2.
    #plain1 = Plaintext("1x^2 + 2x^1 + 3")
    plain1 = Plaintext("1x^2 + 2x^1 + 3")
    encrypted = Ciphertext()

    print("")
    print("Encrypting " + plain1.to_string() + ": ")
    encryptor.encrypt(plain1, encrypted)
    print("Done")
    print("Size of a fresh encryption: " + (str)(encrypted.size()))
    print("Noise budget in fresh encryption: " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    # Homomorphic multiplication results in the output ciphertext growing in size.
    # More precisely, if the input ciphertexts have size M and N, then the output
    # ciphertext after homomorphic multiplication will have size M+N-1. In this
    # case we square encrypted twice to observe this growth (also observe noise
    # budget consumption).
    evaluator.square(encrypted)
    print("Size after squaring: " + (str)(encrypted.size()))
    print("Noise budget after squaring: " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")
    plain2 = Plaintext()
    decryptor.decrypt(encrypted, plain2)
    print("Second power: " + plain2.to_string())

    evaluator.square(encrypted)
    print("Size after squaring: " + (str)(encrypted.size()))
    print("Noise budget after squaring: " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    # It does not matter that the size has grown -- decryption works as usual.
    # Observe from the print-out that the coefficients in the plaintext have
    # grown quite large. One more squaring would cause some of them to wrap
    # around plain_modulus (0x400), and as a result we would no longer obtain
    # the expected result as an integer-coefficient polynomial. We can fix this
    # problem to some extent by increasing plain_modulus. This would make sense,
    # since we still have plenty of noise budget left.
    plain2 = Plaintext()
    decryptor.decrypt(encrypted, plain2)
    print("Fourth power: " + plain2.to_string())

    # The problem here is that homomorphic operations on large ciphertexts are
    # computationally much more costly than on small ciphertexts. Specifically,
    # homomorphic multiplication on input ciphertexts of size M and N will require
    # O(M*N) polynomial multiplications to be performed, and an addition will
    # require O(M+N) additions. Relinearization reduces the size of the ciphertexts
    # after multiplication back to the initial size (2). Thus, relinearizing one
    # or both inputs before the next multiplication, or e.g. before serializing the
    # ciphertexts, can have a huge positive impact on performance.

    # Another problem is that the noise budget consumption in multiplication is
    # bigger when the input ciphertexts sizes are bigger. In a complicated
    # computation the contribution of the sizes to the noise budget consumption
    # can actually become the dominant term. We will point this out again below
    # once we get to our example.

    # Relinearization itself has both a computational cost and a noise budget cost.
    # These both depend on a parameter called `decomposition bit count', which can
    # be any integer at least 1 [dbc_min()] and at most 60 [dbc_max()]. A large
    # decomposition bit count makes relinearization fast, but consumes more noise
    # budget. A small decomposition bit count can make relinearization slower, but
    # might not change the noise budget by any observable amount.

    # Relinearization requires a special type of key called `evaluation keys'.
    # These can be created by the KeyGenerator for any decomposition bit count.
    # To relinearize a ciphertext of size M >= 2 back to size 2, we actually need
    # M-2 evaluation keys. Attempting to relinearize a too large ciphertext with
    # too few evaluation keys will result in an exception being thrown.

    # We repeat our computation, but this time relinearize after both squarings.
    # Since our ciphertext never grows past size 3 (we relinearize after every
    # multiplication), it suffices to generate only one evaluation key.

    # First, we need to create evaluation keys. We use a decomposition bit count
    # of 16 here, which can be thought of as quite small.
    ev_keys16 = EvaluationKeys()

    # This function generates one single evaluation key. Another overload takes
    # the number of keys to be generated as an argument, but one is all we need
    # in this example (see above).
    keygen.generate_evaluation_keys(16, ev_keys16)

    print("")
    print("Encrypting " + plain1.to_string() + ": ")
    encryptor.encrypt(plain1, encrypted)
    print("Done")
    print("Size of a fresh encryption: " + (str)(encrypted.size()))
    print("Noise budget in fresh encryption: " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    evaluator.square(encrypted)
    print("Size after squaring: " + (str)(encrypted.size()))
    print("Noise budget after squaring: " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    evaluator.relinearize(encrypted, ev_keys16)
    print("Size after relinearization: " + (str)(encrypted.size()))
    print("Noise budget after relinearizing (dbs = " +
          (str)(ev_keys16.decomposition_bit_count()) + "): " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    evaluator.square(encrypted)
    print("Size after second squaring: " + (str)(encrypted.size()) + " bits")
    print("Noise budget after second squaring: " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    evaluator.relinearize(encrypted, ev_keys16)
    print("Size after relinearization: " + (str)(encrypted.size()))
    print("Noise budget after relinearizing (dbs = " +
          (str)(ev_keys16.decomposition_bit_count()) + "): " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    decryptor.decrypt(encrypted, plain2)
    print("Fourth power: " + plain2.to_string())

    # Of course the result is still the same, but this time we actually
    # used less of our noise budget. This is not surprising for two reasons:

    #     - We used a very small decomposition bit count, which is why
    #       relinearization itself did not consume the noise budget by any
    #       observable amount;
    #     - Since our ciphertext sizes remain small throughout the two
    #       squarings, the noise budget consumption rate in multiplication
    #       remains as small as possible. Recall from above that operations
    #       on larger ciphertexts actually cause more noise growth.

    # To make matters even more clear, we repeat the computation a third time,
    # now using the largest possible decomposition bit count (60). We are not
    # measuring the time here, but relinearization with these evaluation keys
    # is significantly faster than with ev_keys16.
    ev_keys60 = EvaluationKeys()
    keygen.generate_evaluation_keys(seal.dbc_max(), ev_keys60)

    print("")
    print("Encrypting " + plain1.to_string() + ": ")
    encryptor.encrypt(plain1, encrypted)
    print("Done")
    print("Size of a fresh encryption: " + (str)(encrypted.size()))
    print("Noise budget in fresh encryption: " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    evaluator.square(encrypted)
    print("Size after squaring: " + (str)(encrypted.size()))
    print("Noise budget after squaring: " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")
    evaluator.relinearize(encrypted, ev_keys60)
    print("Size after relinearization: " + (str)(encrypted.size()))
    print("Noise budget after relinearizing (dbc = " +
          (str)(ev_keys60.decomposition_bit_count()) + "): " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    evaluator.square(encrypted)
    print("Size after second squaring: " + (str)(encrypted.size()))
    print("Noise budget after second squaring: " +
          (str)(decryptor.invariant_noise_budget) + " bits")
    evaluator.relinearize(encrypted, ev_keys60)
    print("Size after relinearization: " + (str)(encrypted.size()))
    print("Noise budget after relinearizing (dbc = " +
          (str)(ev_keys60.decomposition_bit_count()) + "): " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    decryptor.decrypt(encrypted, plain2)
    print("Fourth power: " + plain2.to_string())

    # Observe from the print-out that we have now used significantly more of our
    # noise budget than in the two previous runs. This is again not surprising,
    # since the first relinearization chops off a huge part of the noise budget.

    # However, note that the second relinearization does not change the noise
    # budget by any observable amount. This is very important to understand when
    # optimal performance is desired: relinearization always drops the noise
    # budget from the maximum (freshly encrypted ciphertext) down to a fixed
    # amount depending on the encryption parameters and the decomposition bit
    # count. On the other hand, homomorphic multiplication always consumes the
    # noise budget from its current level. This is why the second relinearization
    # does not change the noise budget anymore: it is already consumed past the
    # fixed amount determinted by the decomposition bit count and the encryption
    # parameters.

    # We now perform a third squaring and observe an even further compounded
    # decrease in the noise budget. Again, relinearization does not consume the
    # noise budget at this point by any observable amount, even with the largest
    # possible decomposition bit count.
    evaluator.square(encrypted)
    print("Size after third squaring " + (str)(encrypted.size()))
    print("Noise budget after third squaring: " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")
    evaluator.relinearize(encrypted, ev_keys60)
    print("Size after relinearization: " + (str)(encrypted.size()))
    print("Noise budget after relinearizing (dbc = " +
          (str)(ev_keys60.decomposition_bit_count()) + "): " +
          (str)(decryptor.invariant_noise_budget(encrypted)) + " bits")

    decryptor.decrypt(encrypted, plain2)
    print("Eighth power: " + plain2.to_string())
示例#9
0
def example_basics_i():
    print_example_banner("Example: Basics I")

    # In this example we demonstrate setting up encryption parameters and other
    # relevant objects for performing simple computations on encrypted integers.

    # SEAL uses the Fan-Vercauteren (FV) homomorphic encryption scheme. We refer to
    # https://eprint.iacr.org/2012/144 for full details on how the FV scheme works.
    # For better performance, SEAL implements the "FullRNS" optimization of FV, as
    # described in https://eprint.iacr.org/2016/510.

    # The first task is to set up an instance of the EncryptionParameters class.
    # It is critical to understand how these different parameters behave, how they
    # affect the encryption scheme, performance, and the security level. There are
    # three encryption parameters that are necessary to set:

    #     - poly_modulus (polynomial modulus);
    #     - coeff_modulus ([ciphertext] coefficient modulus);
    #     - plain_modulus (plaintext modulus).

    # A fourth parameter -- noise_standard_deviation -- has a default value of 3.19
    # and should not be necessary to modify unless the user has a specific reason
    # to and knows what they are doing.

    # The encryption scheme implemented in SEAL cannot perform arbitrary computations
    # on encrypted data. Instead, each ciphertext has a specific quantity called the
    # `invariant noise budget' -- or `noise budget' for short -- measured in bits.
    # The noise budget of a freshly encrypted ciphertext (initial noise budget) is
    # determined by the encryption parameters. Homomorphic operations consume the
    # noise budget at a rate also determined by the encryption parameters. In SEAL
    # the two basic homomorphic operations are additions and multiplications, of
    # which additions can generally be thought of as being nearly free in terms of
    # noise budget consumption compared to multiplications. Since noise budget
    # consumption is compounding in sequential multiplications, the most significant
    # factor in choosing appropriate encryption parameters is the multiplicative
    # depth of the arithmetic circuit that needs to be evaluated. Once the noise
    # budget in a ciphertext reaches zero, it becomes too corrupted to be decrypted.
    # Thus, it is essential to choose the parameters to be large enough to support
    # the desired computation; otherwise the result is impossible to make sense of
    # even with the secret key.
    parms = EncryptionParameters()

    # We first set the polynomial modulus. This must be a power-of-2 cyclotomic
    # polynomial, i.e. a polynomial of the form "1x^(power-of-2) + 1". The polynomial
    # modulus should be thought of mainly affecting the security level of the scheme;
    # larger polynomial modulus makes the scheme more secure. At the same time, it
    # makes ciphertext sizes larger, and consequently all operations slower.
    # Recommended degrees for poly_modulus are 1024, 2048, 4096, 8192, 16384, 32768,
    # but it is also possible to go beyond this. Since we perform only a very small
    # computation in this example, it suffices to use a very small polynomial modulus
    parms.set_poly_modulus("1x^2048 + 1")

    # Next we choose the [ciphertext] coefficient modulus (coeff_modulus). The size
    # of the coefficient modulus should be thought of as the most significant factor
    # in determining the noise budget in a freshly encrypted ciphertext: bigger means
    # more noise budget. Unfortunately, a larger coefficient modulus also lowers the
    # security level of the scheme. Thus, if a large noise budget is required for
    # complicated computations, a large coefficient modulus needs to be used, and the
    # reduction in the security level must be countered by simultaneously increasing
    # the polynomial modulus.

    # To make parameter selection easier for the user, we have constructed sets of
    # largest allowed coefficient moduli for 128-bit and 192-bit security levels
    # for different choices of the polynomial modulus. These recommended parameters
    # follow the Security white paper at http://HomomorphicEncryption.org. However,
    # due to the complexity of this topic, we highly recommend the user to directly
    # consult an expert in homomorphic encryption and RLWE-based encryption schemes
    # to determine the security of their parameter choices.

    # Our recommended values for the coefficient modulus can be easily accessed
    # through the functions

    #     coeff_modulus_128bit(int)
    #     coeff_modulus_192bit(int)

    # for 128-bit and 192-bit security levels. The integer parameter is the degree
    # of the polynomial modulus.

    # In SEAL the coefficient modulus is a positive composite number -- a product
    # of distinct primes of size up to 60 bits. When we talk about the size of the
    # coefficient modulus we mean the bit length of the product of the small primes.
    # The small primes are represented by instances of the SmallModulus class; for
    # example coeff_modulus_128bit(int) returns a vector of SmallModulus instances.

    # It is possible for the user to select their own small primes. Since SEAL uses
    # the Number Theoretic Transform (NTT) for polynomial multiplications modulo the
    # factors of the coefficient modulus, the factors need to be prime numbers
    # congruent to 1 modulo 2*degree(poly_modulus). We have generated a list of such
    # prime numbers of various sizes, that the user can easily access through the
    # functions

    #     small_mods_60bit(int)
    #     small_mods_50bit(int)
    #     small_mods_40bit(int)
    #     small_mods_30bit(int)

    # each of which gives access to an array of primes of the denoted size. These
    # primes are located in the source file util/globals.cpp.

    # Performance is mainly affected by the size of the polynomial modulus, and the
    # number of prime factors in the coefficient modulus. Thus, it is important to
    # use as few factors in the coefficient modulus as possible.

    # In this example we use the default coefficient modulus for a 128-bit security
    # level. Concretely, this coefficient modulus consists of only one 56-bit prime
    # factor: 0xfffffffff00001.
    parms.set_coeff_modulus(seal.coeff_modulus_128(2048))

    # The plaintext modulus can be any positive integer, even though here we take
    # it to be a power of two. In fact, in many cases one might instead want it to
    # be a prime number; we will see this in example_batching(). The plaintext
    # modulus determines the size of the plaintext data type, but it also affects
    # the noise budget in a freshly encrypted ciphertext, and the consumption of
    # the noise budget in homomorphic multiplication. Thus, it is essential to try
    # to keep the plaintext data type as small as possible for good performance.
    # The noise budget in a freshly encrypted ciphertext is

    #     ~ log2(coeff_modulus/plain_modulus) (bits)

    # and the noise budget consumption in a homomorphic multiplication is of the
    # form log2(plain_modulus) + (other terms).
    parms.set_plain_modulus(1 << 8)

    # Now that all parameters are set, we are ready to construct a SEALContext
    # object. This is a heavy class that checks the validity and properties of
    # the parameters we just set, and performs and stores several important
    # pre-computations.
    context = SEALContext(parms)

    # Print the parameters that we have chosen
    print_parameters(context)

    # Plaintexts in the FV scheme are polynomials with coefficients integers modulo
    # plain_modulus. To encrypt for example integers instead, one can use an
    # `encoding scheme' to represent the integers as such polynomials. SEAL comes
    # with a few basic encoders:

    # [IntegerEncoder]
    # Given an integer base b, encodes integers as plaintext polynomials as follows.
    # First, a base-b expansion of the integer is computed. This expansion uses
    # a `balanced' set of representatives of integers modulo b as the coefficients.
    # Namely, when b is odd the coefficients are integers between -(b-1)/2 and
    # (b-1)/2. When b is even, the integers are between -b/2 and (b-1)/2, except
    # when b is two and the usual binary expansion is used (coefficients 0 and 1).
    # Decoding amounts to evaluating the polynomial at x=b. For example, if b=2,
    # the integer

    #     26 = 2^4 + 2^3 + 2^1

    # is encoded as the polynomial 1x^4 + 1x^3 + 1x^1. When b=3,

    #     26 = 3^3 - 3^0

    # is encoded as the polynomial 1x^3 - 1. In memory polynomial coefficients are
    # always stored as unsigned integers by storing their smallest non-negative
    # representatives modulo plain_modulus. To create a base-b integer encoder,
    # use the constructor IntegerEncoder(plain_modulus, b). If no b is given, b=2
    # is used.

    # [FractionalEncoder]
    # The FractionalEncoder encodes fixed-precision rational numbers as follows.
    # It expands the number in a given base b, possibly truncating an infinite
    # fractional part to finite precision, e.g.

    #     26.75 = 2^4 + 2^3 + 2^1 + 2^(-1) + 2^(-2)

    # when b=2. For the sake of the example, suppose poly_modulus is 1x^1024 + 1.
    # It then represents the integer part of the number in the same way as in
    # IntegerEncoder (with b=2 here), and moves the fractional part instead to the
    # highest degree part of the polynomial, but with signs of the coefficients
    # changed. In this example we would represent 26.75 as the polynomial

    #     -1x^1023 - 1x^1022 + 1x^4 + 1x^3 + 1x^1.

    # In memory the negative coefficients of the polynomial will be represented as
    # their negatives modulo plain_modulus.

    # [PolyCRTBuilder]
    # If plain_modulus is a prime congruent to 1 modulo 2*degree(poly_modulus), the
    # plaintext elements can be viewed as 2-by-(degree(poly_modulus) / 2) matrices
    # with elements integers modulo plain_modulus. When a desired computation can be
    # vectorized, using PolyCRTBuilder can result in massive performance improvements
    # over naively encrypting and operating on each input number separately. Thus,
    # in more complicated computations this is likely to be by far the most important
    # and useful encoder. In example_batching() we show how to use and operate on
    # encrypted matrix plaintexts.

    # For performance reasons, in homomorphic encryption one typically wants to keep
    # the plaintext data types as small as possible, which can make it challenging to
    # prevent data type overflow in more complicated computations, especially when
    # operating on rational numbers that have been scaled to integers. When using
    # PolyCRTBuilder estimating whether an overflow occurs is a fairly standard task,
    # as the matrix slots are integers modulo plain_modulus, and each slot is operated
    # on independently of the others. When using IntegerEncoder or FractionalEncoder
    # it is substantially more difficult to estimate when an overflow occurs in the
    # plaintext, and choosing the plaintext modulus very carefully to be large enough
    # is critical to avoid unexpected results. Specifically, one needs to estimate how
    # large the largest coefficient in  the polynomial view of all of the plaintext
    # elements becomes, and choose the plaintext modulus to be larger than this value.
    # SEAL comes with an automatic parameter selection tool that can help with this
    # task, as is demonstrated in example_parameter_selection().

    # Here we choose to create an IntegerEncoder with base b=2.
    encoder = IntegerEncoder(context.plain_modulus())

    # We are now ready to generate the secret and public keys. For this purpose we need
    # an instance of the KeyGenerator class. Constructing a KeyGenerator automatically
    # generates the public and secret key, which can then be read to local variables.
    # To create a fresh pair of keys one can call KeyGenerator::generate() at any time.
    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()

    # To be able to encrypt, we need to construct an instance of Encryptor. Note that
    # the Encryptor only requires the public key.
    encryptor = Encryptor(context, public_key)

    # Computations on the ciphertexts are performed with the Evaluator class.
    evaluator = Evaluator(context)

    # We will of course want to decrypt our results to verify that everything worked,
    # so we need to also construct an instance of Decryptor. Note that the Decryptor
    # requires the secret key.
    decryptor = Decryptor(context, secret_key)

    # We start by encoding two integers as plaintext polynomials.
    value1 = 5
    plain1 = encoder.encode(value1)
    print("Encoded " + (str)(value1) + " as polynomial " + plain1.to_string() +
          " (plain1)")

    value2 = -7
    plain2 = encoder.encode(value2)
    print("Encoded " + (str)(value2) + " as polynomial " + plain2.to_string() +
          " (plain2)")

    # Encrypting the values is easy.
    encrypted1 = Ciphertext()
    encrypted2 = Ciphertext()
    print("Encrypting plain1: ")
    encryptor.encrypt(plain1, encrypted1)
    print("Done (encrypted1)")

    print("Encrypting plain2: ")
    encryptor.encrypt(plain2, encrypted2)
    print("Done (encrypted2)")

    # To illustrate the concept of noise budget, we print the budgets in the fresh
    # encryptions.
    print("Noise budget in encrypted1: " +
          (str)(decryptor.invariant_noise_budget(encrypted1)) + " bits")
    print("Noise budget in encrypted2: " +
          (str)(decryptor.invariant_noise_budget(encrypted2)) + " bits")

    # As a simple example, we compute (-encrypted1 + encrypted2) * encrypted2.

    # Negation is a unary operation.
    evaluator.negate(encrypted1)

    # Negation does not consume any noise budget.
    print("Noise budget in -encrypted1: " +
          (str)(decryptor.invariant_noise_budget(encrypted1)) + " bits")

    # Addition can be done in-place (overwriting the first argument with the result,
    # or alternatively a three-argument overload with a separate destination variable
    # can be used. The in-place variants are always more efficient. Here we overwrite
    # encrypted1 with the sum.
    evaluator.add(encrypted1, encrypted2)

    # It is instructive to think that addition sets the noise budget to the minimum
    # of the input noise budgets. In this case both inputs had roughly the same
    # budget going on, and the output (in encrypted1) has just slightly lower budget.
    # Depending on probabilistic effects, the noise growth consumption may or may
    # not be visible when measured in whole bits.
    print("Noise budget in -encrypted1 + encrypted2: " +
          (str)(decryptor.invariant_noise_budget(encrypted1)) + " bits")

    # Finally multiply with encrypted2. Again, we use the in-place version of the
    # function, overwriting encrypted1 with the product.
    evaluator.multiply(encrypted1, encrypted2)

    # Multiplication consumes a lot of noise budget. This is clearly seen in the
    # print-out. The user can change the plain_modulus to see its effect on the
    # rate of noise budget consumption.
    print("Noise budget in (-encrypted1 + encrypted2) * encrypted2: " +
          (str)(decryptor.invariant_noise_budget(encrypted1)) + " bits")

    # Now we decrypt and decode our result.
    plain_result = Plaintext()
    print("Decrypting result: ")
    decryptor.decrypt(encrypted1, plain_result)
    print("Done")

    # Print the result plaintext polynomial.
    print("Plaintext polynomial: " + plain_result.to_string())

    # Decode to obtain an integer result.
    print("Decoded integer: " + (str)(encoder.decode_int32(plain_result)))
示例#10
0
def example_ckks_basics():
    print("Example: CKKS Basics");

    #In this example we demonstrate evaluating a polynomial function
    #
    #    PI*x^3 + 0.4*x + 1
    #
    #on encrypted floating-point input data x for a set of 4096 equidistant points
    #in the interval [0, 1]. This example demonstrates many of the main features
    #of the CKKS scheme, but also the challenges in using it.
    #
    # We start by setting up the CKKS scheme.

    parms = EncryptionParameters(scheme_type.CKKS)

    #We saw in `2_encoders.cpp' that multiplication in CKKS causes scales
    #in ciphertexts to grow. The scale of any ciphertext must not get too close
    #to the total size of coeff_modulus, or else the ciphertext simply runs out of
    #room to store the scaled-up plaintext. The CKKS scheme provides a `rescale'
    #functionality that can reduce the scale, and stabilize the scale expansion.
    #
    #Rescaling is a kind of modulus switch operation (recall `3_levels.cpp').
    #As modulus switching, it removes the last of the primes from coeff_modulus,
    #but as a side-effect it scales down the ciphertext by the removed prime.
    #Usually we want to have perfect control over how the scales are changed,
    #which is why for the CKKS scheme it is more common to use carefully selected
    #primes for the coeff_modulus.
    #
    #More precisely, suppose that the scale in a CKKS ciphertext is S, and the
    #last prime in the current coeff_modulus (for the ciphertext) is P. Rescaling
    #to the next level changes the scale to S/P, and removes the prime P from the
    #coeff_modulus, as usual in modulus switching. The number of primes limits
    #how many rescalings can be done, and thus limits the multiplicative depth of
    #the computation.
    #
    #It is possible to choose the initial scale freely. One good strategy can be
    #to is to set the initial scale S and primes P_i in the coeff_modulus to be
    #very close to each other. If ciphertexts have scale S before multiplication,
    #they have scale S^2 after multiplication, and S^2/P_i after rescaling. If all
    #P_i are close to S, then S^2/P_i is close to S again. This way we stabilize the
    #scales to be close to S throughout the computation. Generally, for a circuit
    #of depth D, we need to rescale D times, i.e., we need to be able to remove D
    #primes from the coefficient modulus. Once we have only one prime left in the
    #coeff_modulus, the remaining prime must be larger than S by a few bits to
    #preserve the pre-decimal-point value of the plaintext.
    #
    #Therefore, a generally good strategy is to choose parameters for the CKKS
    #scheme as follows: 
    #
    #    (1) Choose a 60-bit prime as the first prime in coeff_modulus. This will
    #        give the highest precision when decrypting;
    #    (2) Choose another 60-bit prime as the last element of coeff_modulus, as
    #        this will be used as the special prime and should be as large as the
    #        largest of the other primes;
    #    (3) Choose the intermediate primes to be close to each other.
    #
    #We use CoeffModulus::Create to generate primes of the appropriate size. Note
    #that our coeff_modulus is 200 bits total, which is below the bound for our
    #poly_modulus_degree: CoeffModulus::MaxBitCount(8192) returns 218.

    poly_modulus_degree = 8192
    parms.set_poly_modulus_degree(poly_modulus_degree)
    parms.set_coeff_modulus(CoeffModulus.Create(
        poly_modulus_degree, IntVector([60, 40, 40, 60])))

    #We choose the initial scale to be 2^40. At the last level, this leaves us
    #60-40=20 bits of precision before the decimal point, and enough (roughly
    #10-20 bits) of precision after the decimal point. Since our intermediate
    #primes are 40 bits (in fact, they are very close to 2^40), we can achieve
    #scale stabilization as described above.

    scale = 2.0**40

    context = SEALContext.Create(parms)
    print_parameters(context)

    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()
    relin_keys = keygen.relin_keys()
    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    encoder = CKKSEncoder(context)
    slot_count = encoder.slot_count()
    print("Number of slots: {}".format(slot_count))

    step_size = 1.0 / (slot_count - 1)
    input = DoubleVector(list(map(lambda x: x*step_size, range(0, slot_count))))

    print("Input vector: ")
    print_vector(input)

    print("Evaluating polynomial PI*x^3 + 0.4x + 1 ...")

    #We create plaintexts for PI, 0.4, and 1 using an overload of CKKSEncoder::encode
    #that encodes the given floating-point value to every slot in the vector.

    plain_coeff3 = Plaintext()
    plain_coeff1 = Plaintext()
    plain_coeff0 = Plaintext()
    encoder.encode(3.14159265, scale, plain_coeff3)
    encoder.encode(0.4, scale, plain_coeff1)
    encoder.encode(1.0, scale, plain_coeff0)

    x_plain = Plaintext()
    print("Encode input vectors.")
    encoder.encode(input, scale, x_plain)
    x1_encrypted = Ciphertext() 
    encryptor.encrypt(x_plain, x1_encrypted)

    #To compute x^3 we first compute x^2 and relinearize. However, the scale has
    #now grown to 2^80.

    x3_encrypted = Ciphertext() 
    print("Compute x^2 and relinearize:")
    evaluator.square(x1_encrypted, x3_encrypted)
    evaluator.relinearize_inplace(x3_encrypted, relin_keys)
    print("    + Scale of x^2 before rescale: {} bits".format(log2(x3_encrypted.scale())))

    #Now rescale; in addition to a modulus switch, the scale is reduced down by
    #a factor equal to the prime that was switched away (40-bit prime). Hence, the
    #new scale should be close to 2^40. Note, however, that the scale is not equal
    #to 2^40: this is because the 40-bit prime is only close to 2^40.
    print("Rescale x^2.")
    evaluator.rescale_to_next_inplace(x3_encrypted)
    print("    + Scale of x^2 after rescale: {} bits".format(log2(x3_encrypted.scale())))

    #Now x3_encrypted is at a different level than x1_encrypted, which prevents us
    #from multiplying them to compute x^3. We could simply switch x1_encrypted to
    #the next parameters in the modulus switching chain. However, since we still
    #need to multiply the x^3 term with PI (plain_coeff3), we instead compute PI*x
    #first and multiply that with x^2 to obtain PI*x^3. To this end, we compute
    #PI*x and rescale it back from scale 2^80 to something close to 2^40.

    print("Compute and rescale PI*x.")
    x1_encrypted_coeff3 = Ciphertext() 
    evaluator.multiply_plain(x1_encrypted, plain_coeff3, x1_encrypted_coeff3)
    print("    + Scale of PI*x before rescale: {} bits".format(log2(x1_encrypted_coeff3.scale())))
    evaluator.rescale_to_next_inplace(x1_encrypted_coeff3)
    print("    + Scale of PI*x after rescale: {} bits".format(log2(x1_encrypted_coeff3.scale())))

    #Since x3_encrypted and x1_encrypted_coeff3 have the same exact scale and use
    #the same encryption parameters, we can multiply them together. We write the
    #result to x3_encrypted, relinearize, and rescale. Note that again the scale
    #is something close to 2^40, but not exactly 2^40 due to yet another scaling
    #by a prime. We are down to the last level in the modulus switching chain.

    print("Compute, relinearize, and rescale (PI*x)*x^2.")
    evaluator.multiply_inplace(x3_encrypted, x1_encrypted_coeff3)
    evaluator.relinearize_inplace(x3_encrypted, relin_keys)
    print("    + Scale of PI*x^3 before rescale: {} bits".format(log2(x3_encrypted.scale())))

    evaluator.rescale_to_next_inplace(x3_encrypted)
    print("    + Scale of PI*x^3 after rescale: {} bits".format(log2(x3_encrypted.scale())))

    #Next we compute the degree one term. All this requires is one multiply_plain
    #with plain_coeff1. We overwrite x1_encrypted with the result.

    print("Compute and rescale 0.4*x.")
    evaluator.multiply_plain_inplace(x1_encrypted, plain_coeff1)
    print("    + Scale of 0.4*x before rescale: {} bits".format(log2(x1_encrypted.scale())))
    evaluator.rescale_to_next_inplace(x1_encrypted)
    print("    + Scale of 0.4*x after rescale: {} bits".format(log2(x1_encrypted.scale())))

    #Now we would hope to compute the sum of all three terms. However, there is
    #a serious problem: the encryption parameters used by all three terms are
    #different due to modulus switching from rescaling.
    #
    #Encrypted addition and subtraction require that the scales of the inputs are
    #the same, and also that the encryption parameters (parms_id) match. If there
    #is a mismatch, Evaluator will throw an exception.

    print("Parameters used by all three terms are different.")
    print("    + Modulus chain index for x3_encrypted: {}".format(
        context.get_context_data(x3_encrypted.parms_id()).chain_index()))
    print("    + Modulus chain index for x1_encrypted: {}".format(
        context.get_context_data(x1_encrypted.parms_id()).chain_index()))
    print("    + Modulus chain index for plain_coeff0: {}".format(
        context.get_context_data(plain_coeff0.parms_id()).chain_index()))

    #Let us carefully consider what the scales are at this point. We denote the
    #primes in coeff_modulus as P_0, P_1, P_2, P_3, in this order. P_3 is used as
    #the special modulus and is not involved in rescalings. After the computations
    #above the scales in ciphertexts are:
    #
    #    - Product x^2 has scale 2^80 and is at level 2;
    #    - Product PI*x has scale 2^80 and is at level 2;
    #    - We rescaled both down to scale 2^80/P_2 and level 1;
    #    - Product PI*x^3 has scale (2^80/P_2)^2;
    #    - We rescaled it down to scale (2^80/P_2)^2/P_1 and level 0;
    #    - Product 0.4*x has scale 2^80;
    #    - We rescaled it down to scale 2^80/P_2 and level 1;
    #    - The contant term 1 has scale 2^40 and is at level 2.
    #
    #Although the scales of all three terms are approximately 2^40, their exact
    #values are different, hence they cannot be added together.

    print("The exact scales of all three terms are different:")
    print("    + Exact scale in PI*x^3: {0:0.10f}".format(x3_encrypted.scale()))
    print("    + Exact scale in  0.4*x: {0:0.10f}".format(x1_encrypted.scale()))
    print("    + Exact scale in      1: {0:0.10f}".format(plain_coeff0.scale()))

    #There are many ways to fix this problem. Since P_2 and P_1 are really close
    #to 2^40, we can simply "lie" to Microsoft SEAL and set the scales to be the
    #same. For example, changing the scale of PI*x^3 to 2^40 simply means that we
    #scale the value of PI*x^3 by 2^120/(P_2^2*P_1), which is very close to 1.
    #This should not result in any noticeable error.
    #
    #Another option would be to encode 1 with scale 2^80/P_2, do a multiply_plain
    #with 0.4*x, and finally rescale. In this case we would need to additionally
    #make sure to encode 1 with appropriate encryption parameters (parms_id).
    #
    #In this example we will use the first (simplest) approach and simply change
    #the scale of PI*x^3 and 0.4*x to 2^40.
    print("Normalize scales to 2^40.")
    x3_encrypted.set_scale(2.0**40)
    x1_encrypted.set_scale(2.0**40)

    #We still have a problem with mismatching encryption parameters. This is easy
    #to fix by using traditional modulus switching (no rescaling). CKKS supports
    #modulus switching just like the BFV scheme, allowing us to switch away parts
    #of the coefficient modulus when it is simply not needed.

    print("Normalize encryption parameters to the lowest level.")
    last_parms_id = x3_encrypted.parms_id()
    evaluator.mod_switch_to_inplace(x1_encrypted, last_parms_id)
    evaluator.mod_switch_to_inplace(plain_coeff0, last_parms_id)

    #All three ciphertexts are now compatible and can be added.

    print("Compute PI*x^3 + 0.4*x + 1.")
    encrypted_result = Ciphertext()
    evaluator.add(x3_encrypted, x1_encrypted, encrypted_result)
    evaluator.add_plain_inplace(encrypted_result, plain_coeff0)

    #First print the true result.

    plain_result = Plaintext() 
    print("Decrypt and decode PI*x^3 + 0.4x + 1.")
    print("    + Expected result:")
    true_result = DoubleVector(list(map(lambda x: (3.14159265 * x * x + 0.4)* x + 1, input)))
    print_vector(true_result)

    #Decrypt, decode, and print the result.
    decryptor.decrypt(encrypted_result, plain_result)
    result = DoubleVector()
    encoder.decode(plain_result, result)
    print("    + Computed result ...... Correct.")
    print_vector(result)
示例#11
0
# As a simple example, we compute (-encrypted1 + encrypted2) * encrypted2.

# Negation is a unary operation.
evaluator.negate(encrypted1)

# Negation does not consume any noise budget.
print("Noise budget in -encrypted1: " +
      (str)(decryptor.invariant_noise_budget(encrypted1)) + " bits")

evaluator.add(encrypted1, encrypted2)

print("Noise budget in -encrypted1 + encrypted2: " +
      (str)(decryptor.invariant_noise_budget(encrypted1)) + " bits")

#evaluator.multiply(encrypted1, encrypted2)

#print("Noise budget in (-encrypted1 + encrypted2) * encrypted2: " + (str)(decryptor.invariant_noise_budget(encrypted1)) + " bits")

# Now we decrypt and decode our result.
plain_result = Plaintext()
print("Decrypting result: ")
decryptor.decrypt(encrypted1, plain_result)
print("Done")

# Print the result plaintext polynomial.
print("Plaintext polynomial: " + plain_result.to_string())

# Decode to obtain an integer result.
print("Decoded integer: " + (str)(encoder.decode_int32(plain_result)))
示例#12
0
def dot_product():
    print("Example: Weighted Average")

    # In this example we demonstrate the FractionalEncoder, and use it to compute
    # a weighted average of 10 encrypted rational numbers. In this computation we
    # perform homomorphic multiplications of ciphertexts by plaintexts, which is
    # much faster than regular multiplications of ciphertexts by ciphertexts.
    # Moreover, such `plain multiplications' never increase the ciphertext size,
    # which is why we have no need for evaluation keys in this example.

    # We start by creating encryption parameters, setting up the SEALContext, keys,
    # and other relevant objects. Since our computation has multiplicative depth of
    # only two, it suffices to use a small poly_modulus.
    parms = EncryptionParameters()
    parms.set_poly_modulus("1x^2048 + 1")
    parms.set_coeff_modulus(seal.coeff_modulus_128(2048))
    parms.set_plain_modulus(1 << 8)

    context = SEALContext(parms)
    print_parameters(context)

    keygen = KeyGenerator(context)
    keygen2 = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()

    secret_key2 = keygen.secret_key()

    # We also set up an Encryptor, Evaluator, and Decryptor here.
    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key2)

    # Create a vector of 10 rational numbers (as doubles).
    # rational_numbers = [3.1, 4.159, 2.65, 3.5897, 9.3, 2.3, 8.46, 2.64, 3.383, 2.795]
    rational_numbers = np.random.rand(10)

    # Create a vector of weights.
    # coefficients = [0.1, 0.05, 0.05, 0.2, 0.05, 0.3, 0.1, 0.025, 0.075, 0.05]
    coefficients = np.random.rand(10)

    my_result = np.dot(rational_numbers, coefficients)

    # We need a FractionalEncoder to encode the rational numbers into plaintext
    # polynomials. In this case we decide to reserve 64 coefficients of the
    # polynomial for the integral part (low-degree terms) and expand the fractional
    # part to 32 digits of precision (in base 3) (high-degree terms). These numbers
    # can be changed according to the precision that is needed; note that these
    # choices leave a lot of unused space in the 2048-coefficient polynomials.
    encoder = FractionalEncoder(context.plain_modulus(), context.poly_modulus(), 64, 32, 3)

    # We create a vector of ciphertexts for encrypting the rational numbers.
    encrypted_rationals = []
    rational_numbers_string = "Encoding and encrypting: "
    for i in range(10):
        # We create our Ciphertext objects into the vector by passing the
        # encryption parameters as an argument to the constructor. This ensures
        # that enough memory is allocated for a size 2 ciphertext. In this example
        # our ciphertexts never grow in size (plain multiplication does not cause
        # ciphertext growth), so we can expect the ciphertexts to remain in the same
        # location in memory throughout the computation. In more complicated examples
        # one might want to call a constructor that reserves enough memory for the
        # ciphertext to grow to a specified size to avoid costly memory moves when
        # multiplications and relinearizations are performed.
        encrypted_rationals.append(Ciphertext(parms))
        encryptor.encrypt(encoder.encode(rational_numbers[i]), encrypted_rationals[i])
        rational_numbers_string += (str)(rational_numbers[i])[:6]
        if i < 9: rational_numbers_string += ", "
    print(rational_numbers_string)

    # Next we encode the coefficients. There is no reason to encrypt these since they
    # are not private data.
    encoded_coefficients = []
    encoded_coefficients_string = "Encoding plaintext coefficients: "


    encrypted_coefficients =[]

    for i in range(10):
        encoded_coefficients.append(encoder.encode(coefficients[i]))
        encrypted_coefficients.append(Ciphertext(parms))
        encryptor.encrypt(encoded_coefficients[i], encrypted_coefficients[i])
        encoded_coefficients_string += (str)(coefficients[i])[:6]
        if i < 9: encoded_coefficients_string += ", "
    print(encoded_coefficients_string)

    # We also need to encode 0.1. Multiplication by this plaintext will have the
    # effect of dividing by 10. Note that in SEAL it is impossible to divide
    # ciphertext by another ciphertext, but in this way division by a plaintext is
    # possible.
    div_by_ten = encoder.encode(0.1)

    # Now compute each multiplication.

    prod_result = [Ciphertext() for i in range(10)]
    prod_result2 = [Ciphertext() for i in range(10)]

    print("Computing products: ")
    for i in range(10):
        # Note how we use plain multiplication instead of usual multiplication. The
        # result overwrites the first argument in the function call.
        evaluator.multiply_plain(encrypted_rationals[i], encoded_coefficients[i], prod_result[i])
        evaluator.multiply(encrypted_rationals[i], encrypted_coefficients[i], prod_result2[i])
    print("Done")

    # To obtain the linear sum we need to still compute the sum of the ciphertexts
    # in encrypted_rationals. There is an easy way to add together a vector of
    # Ciphertexts.

    encrypted_result = Ciphertext()
    encrypted_result2 = Ciphertext()

    print("Adding up all 10 ciphertexts: ")
    evaluator.add_many(prod_result, encrypted_result)
    evaluator.add_many(prod_result2, encrypted_result2)

    print("Done")

    # Perform division by 10 by plain multiplication with div_by_ten.
    # print("Dividing by 10: ")
    # evaluator.multiply_plain(encrypted_result, div_by_ten)
    # print("Done")

    # How much noise budget do we have left?
    print("Noise budget in result: " + (str)(decryptor.invariant_noise_budget(encrypted_result)) + " bits")

    # Decrypt, decode, and print result.
    plain_result = Plaintext()
    plain_result2 = Plaintext()
    print("Decrypting result: ")
    decryptor.decrypt(encrypted_result, plain_result)
    decryptor.decrypt(encrypted_result2, plain_result2)
    print("Done")

    result = encoder.decode(plain_result)
    print("Weighted average: " + (str)(result)[:8])

    result2 = encoder.decode(plain_result2)
    print("Weighted average: " + (str)(result2)[:8])

    print('\n\n', my_result)
示例#13
0
def example_batch_encoder():
    print("Example: Encoders / Batch Encoder")

    #[BatchEncoder] (For BFV scheme only)
    #
    #Let N denote the poly_modulus_degree and T denote the plain_modulus. Batching
    #allows the BFV plaintext polynomials to be viewed as 2-by-(N/2) matrices, with
    #each element an integer modulo T. In the matrix view, encrypted operations act
    #element-wise on encrypted matrices, allowing the user to obtain speeds-ups of
    #several orders of magnitude in fully vectorizable computations. Thus, in all
    #but the simplest computations, batching should be the preferred method to use
    #with BFV, and when used properly will result in implementations outperforming
    #anything done with the IntegerEncoder.

    parms = EncryptionParameters(scheme_type.BFV)
    poly_modulus_degree = 8192
    parms.set_poly_modulus_degree(poly_modulus_degree)
    parms.set_coeff_modulus(CoeffModulus.BFVDefault(poly_modulus_degree))

    #To enable batching, we need to set the plain_modulus to be a prime number
    #congruent to 1 modulo 2*poly_modulus_degree. Microsoft SEAL provides a helper
    #method for finding such a prime. In this example we create a 20-bit prime
    #that supports batching.
    parms.set_plain_modulus(PlainModulus.Batching(poly_modulus_degree, 20))
    context = SEALContext.Create(parms)
    print_parameters(context)

    #We can verify that batching is indeed enabled by looking at the encryption
    #parameter qualifiers created by SEALContext.
    ##HERE
    qualifiers = context.qualifiers()
    print("Batching enabled: {}".format(qualifiers.using_batching))

    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()
    relin_keys = keygen.relin_keys()
    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    #Batching is done through an instance of the BatchEncoder class.
    batch_encoder = BatchEncoder(context)

    #The total number of batching `slots' equals the poly_modulus_degree, N, and
    #these slots are organized into 2-by-(N/2) matrices that can be encrypted and
    #computed on. Each slot contains an integer modulo plain_modulus.
    slot_count = batch_encoder.slot_count()
    row_size = int(slot_count / 2)
    print("Plaintext matrix row size: {}".format(row_size))

    #The matrix plaintext is simply given to BatchEncoder as a flattened vector
    #of numbers. The first `row_size' many numbers form the first row, and the
    #rest form the second row. Here we create the following matrix:
    #
    #    [ 0,  1,  2,  3,  0,  0, ...,  0 ]
    #    [ 4,  5,  6,  7,  0,  0, ...,  0 ]

    pod_matrix = Int64Vector([0] * slot_count)
    pod_matrix[0] = 0
    pod_matrix[1] = 1
    pod_matrix[2] = 2
    pod_matrix[3] = 3
    pod_matrix[row_size] = 4
    pod_matrix[row_size + 1] = 5
    pod_matrix[row_size + 2] = 6
    pod_matrix[row_size + 3] = 7

    print("Input plaintext matrix:")
    print_matrix(pod_matrix, row_size)

    #First we use BatchEncoder to encode the matrix into a plaintext polynomial.
    plain_matrix = Plaintext()
    print("Encode plaintext matrix:")
    batch_encoder.encode(pod_matrix, plain_matrix)

    #We can instantly decode to verify correctness of the encoding. Note that no
    #encryption or decryption has yet taken place.
    print("    + Decode plaintext matrix ...... Correct.")
    pod_result = Int64Vector([0] * slot_count)
    batch_encoder.decode(plain_matrix, pod_result)
    print_matrix(pod_result, row_size)

    #Next we encrypt the encoded plaintext.
    encrypted_matrix = Ciphertext()
    print("Encrypt plain_matrix to encrypted_matrix.")
    encryptor.encrypt(plain_matrix, encrypted_matrix)
    print("    + Noise budget in encrypted_matrix: {} bits".format(
        decryptor.invariant_noise_budget(encrypted_matrix)))

    #Operating on the ciphertext results in homomorphic operations being performed
    #simultaneously in all 8192 slots (matrix elements). To illustrate this, we
    #form another plaintext matrix
    #
    #    [ 1,  2,  1,  2,  1,  2, ..., 2 ]
    #    [ 1,  2,  1,  2,  1,  2, ..., 2 ]
    #
    #and encode it into a plaintext.

    pod_matrix2 = UInt64Vector([1, 2] * row_size)
    plain_matrix2 = Plaintext()
    batch_encoder.encode(pod_matrix2, plain_matrix2)
    print("Second input plaintext matrix:")
    print_matrix(pod_matrix2, row_size)

    #We now add the second (plaintext) matrix to the encrypted matrix, and square
    #the sum.
    print("Sum, square, and relinearize.")
    evaluator.add_plain_inplace(encrypted_matrix, plain_matrix2)
    evaluator.square_inplace(encrypted_matrix)
    evaluator.relinearize_inplace(encrypted_matrix, relin_keys)

    #How much noise budget do we have left?
    print("    + Noise budget in result: {} bits".format(
        decryptor.invariant_noise_budget(encrypted_matrix)))

    #We decrypt and decompose the plaintext to recover the result as a matrix.
    plain_result = Plaintext()
    print("Decrypt and decode result.")
    decryptor.decrypt(encrypted_matrix, plain_result)
    batch_encoder.decode(plain_result, pod_result)
    print("    + Result plaintext matrix ...... Correct.")
    print_matrix(pod_result, row_size)
示例#14
0
def test1():

    #TODO make the function taking dir name, iterating through all the descriptors, encrypting
    #TODO add progress bar - the videos are decrypted
    #TODO make a function taking a query and passing it to the sklearn function KNN with custom similarity funtion
    #TODO add progress bar - the search is performed (calculate distance between encrypted vectors)
    #TODO return results
    #TODO Vlad Display. The results are true. The same as we would compute similarity between ncrypted vectors.
    # In the same time we did not have to decrypt vectors stored in 3rd parity service to perform a search.
    #TODO get the metrics
    #TODO how to opimize

    a = np.ones((1, DESC_SIZE))
    b = np.ones((1, DESC_SIZE))
    for i in range(a.shape[1]):
        a[0, i] = random.uniform(0.0, 1.0)
        b[0, i] = random.uniform(0.0, 1.0)

    print("Descriptors for images a and b are: ")
    print("a ", a)
    print("b ", b)

    context, params = config()
    public_key, secret_key = keygen(context)

    frac_encoder = FractionalEncoder(context.plain_modulus(),
                                     context.poly_modulus(), 64, 32, 3)
    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    e1 = encrypt_vec(params, encryptor, frac_encoder, a)
    e3 = encrypt_vec(params, encryptor, frac_encoder, b)

    print("Calculate distance between plain a and b:")
    sim = euclidean_dist(a, b)
    print("Similarity between a and b: {}".format(sim))

    print("Calculating distance between encrypted a and b:")
    time_start = time.time()
    enc_res = euclidean_dist_enc(evaluator, e1, e3)
    time_end = time.time()
    print("Done. Time: {} miliseconds".format(
        (str)(1000 * (time_end - time_start))))

    plain_result = Plaintext()
    print("Decrypting result: ")
    time_start = time.time()
    decryptor.decrypt(enc_res, plain_result)
    res = frac_encoder.encode(plain_result)
    time_end = time.time()
    print("Done. Time: {} miliseconds".format(
        (str)(1000 * (time_end - time_start))))
    print(
        "........................................................................"
    )
    print("Noise budget {} bits".format(
        decryptor.invariant_noise_budget(enc_res)))
    print("Decrypted result {}, original result {}".format(res, sim))

    print("Calculate distance between plain a and a:")
    sim = euclidean_dist(a, a.copy())
    print("Similarity between a and b: {}".format(sim))

    print("Calculating distance between encrypted a and a:")
    time_start = time.time()
    enc_res = euclidean_dist_enc(evaluator, e1, e1)
    time_end = time.time()
    print("Done. Time: {} miliseconds".format(
        (str)(1000 * (time_end - time_start))))

    plain_result = Plaintext()
    print("Decrypting result: ")
    time_start = time.time()
    decryptor.decrypt(enc_res, plain_result)
    res = frac_encoder.encode(plain_result)
    time_end = time.time()
    print("Done. Time: {} miliseconds".format(
        (str)(1000 * (time_end - time_start))))
    print(
        "........................................................................."
    )
    print("Noise budget {} bits".format(
        decryptor.invariant_noise_budget(enc_res)))
    print("Decrypted result {}, original result {}".format(res, sim))
示例#15
0
class Client(Participant):
    def __init__(self):
        super().__init__()
        self._public_key = None
        self._secret_key = None
        self._encryptor = None
        self._decryptor = None
        self.set_parms_from_dict()  # instantiate with default parameters

    def get_parms(self):
        return self._parms

    def set_parms(self, parms: EncryptionParameters, print_parms=False):
        super().set_parms(parms, print_parms)
        keygen = KeyGenerator(self._context)
        self.public_key = keygen.public_key()
        self.secret_key = keygen.secret_key()
        self._encryptor = Encryptor(self._context, self._public_key)
        self._decryptor = Decryptor(self._context, self._secret_key)

    # noinspection PyArgumentList
    def set_parms_from_dict(self, **parms_dict):
        default_parms_dict = {"poly": 4096, "coeff": 4096, "plain": (1 << 8)}
        if parms_dict:
            for key, value in parms_dict.items():
                assert key in parms_dict, "Accepted parameters are poly, coeff, plain, and print_parms"
                default_parms_dict[key] = parms_dict[key]
        self._parms.set_poly_modulus_degree(default_parms_dict['poly'])
        self._parms.set_coeff_modulus(
            CoeffModulus.BFVDefault(default_parms_dict['coeff']))
        self._parms.set_plain_modulus(default_parms_dict['plain'])
        self.set_parms(self._parms)

    @property
    def public_key(self):
        return self._public_key

    @public_key.setter
    def public_key(self, pk: PublicKey):
        self._public_key = pk

    @property
    def secret_key(self):
        return self._secret_key

    @secret_key.setter
    def secret_key(self, sk: SecretKey):
        self._secret_key = sk

    def enc(self, arr):
        n = len(arr)
        cipher_arr = np.empty(n, Ciphertext)
        for i in range(n):
            c = Ciphertext()
            self._encryptor.encrypt(self._encoder.encode(arr[i]), c)
            cipher_arr[i] = c
        return cipher_arr

    def dec(self, cipher_arr):
        n = len(cipher_arr)
        arr = np.empty(n, int)
        for i in range(n):
            p = Plaintext()
            self._decryptor.decrypt(cipher_arr[i], p)
            arr[i] = self._encoder.decode_int64(p)
        return arr

    def masking(self, arr):
        assert isinstance(arr, np.ndarray), "Only numpy arrays are accepted"
        return np.sign(arr)
示例#16
0
def example_levels():
    print("Example: Levels")

    #In this examples we describe the concept of `levels' in BFV and CKKS and the
    #related objects that represent them in Microsoft SEAL.
    #
    #In Microsoft SEAL a set of encryption parameters (excluding the random number
    #generator) is identified uniquely by a 256-bit hash of the parameters. This
    #hash is called the `parms_id' and can be easily accessed and printed at any
    #time. The hash will change as soon as any of the parameters is changed.
    #
    #When a SEALContext is created from a given EncryptionParameters instance,
    #Microsoft SEAL automatically creates a so-called `modulus switching chain',
    #which is a chain of other encryption parameters derived from the original set.
    #The parameters in the modulus switching chain are the same as the original
    #parameters with the exception that size of the coefficient modulus is
    #decreasing going down the chain. More precisely, each parameter set in the
    #chain attempts to remove the last coefficient modulus prime from the
    #previous set; this continues until the parameter set is no longer valid
    #(e.g., plain_modulus is larger than the remaining coeff_modulus). It is easy
    #to walk through the chain and access all the parameter sets. Additionally,
    #each parameter set in the chain has a `chain index' that indicates its
    #position in the chain so that the last set has index 0. We say that a set
    #of encryption parameters, or an object carrying those encryption parameters,
    #is at a higher level in the chain than another set of parameters if its the
    #chain index is bigger, i.e., it is earlier in the chain.
    #
    #Each set of parameters in the chain involves unique pre-computations performed
    #when the SEALContext is created, and stored in a SEALContext::ContextData
    #object. The chain is basically a linked list of SEALContext::ContextData
    #objects, and can easily be accessed through the SEALContext at any time. Each
    #node can be identified by the parms_id of its specific encryption parameters
    #(poly_modulus_degree remains the same but coeff_modulus varies).

    parms = EncryptionParameters(scheme_type.BFV)

    poly_modulus_degree = 8192
    parms.set_poly_modulus_degree(poly_modulus_degree)

    #In this example we use a custom coeff_modulus, consisting of 5 primes of
    #sizes 50, 30, 30, 50, and 50 bits. Note that this is still OK according to
    #the explanation in `1_bfv_basics.cpp'. Indeed,
    #
    #    CoeffModulus::MaxBitCount(poly_modulus_degree)
    #
    #returns 218 (greater than 50+30+30+50+50=210).
    #
    #Due to the modulus switching chain, the order of the 5 primes is significant.
    #The last prime has a special meaning and we call it the `special prime'. Thus,
    #the first parameter set in the modulus switching chain is the only one that
    #involves the special prime. All key objects, such as SecretKey, are created
    #at this highest level. All data objects, such as Ciphertext, can be only at
    #lower levels. The special prime should be as large as the largest of the
    #other primes in the coeff_modulus, although this is not a strict requirement.
    #
    #          special prime +---------+
    #                                  |
    #                                  v
    #coeff_modulus: { 50, 30, 30, 50, 50 }  +---+  Level 4 (all keys; `key level')
    #                                           |
    #                                           |
    #    coeff_modulus: { 50, 30, 30, 50 }  +---+  Level 3 (highest `data level')
    #                                           |
    #                                           |
    #        coeff_modulus: { 50, 30, 30 }  +---+  Level 2
    #                                           |
    #                                           |
    #            coeff_modulus: { 50, 30 }  +---+  Level 1
    #                                           |
    #                                           |
    #                coeff_modulus: { 50 }  +---+  Level 0 (lowest level)

    parms.set_coeff_modulus(
        CoeffModulus.Create(poly_modulus_degree,
                            IntVector([50, 30, 30, 50, 50])))

    #In this example the plain_modulus does not play much of a role; we choose
    #some reasonable value.

    parms.set_plain_modulus(PlainModulus.Batching(poly_modulus_degree, 20))

    context = SEALContext.Create(parms)
    print_parameters(context)

    #There are convenience method for accessing the SEALContext::ContextData for
    #some of the most important levels:
    #
    #    SEALContext::key_context_data(): access to key level ContextData
    #    SEALContext::first_context_data(): access to highest data level ContextData
    #    SEALContext::last_context_data(): access to lowest level ContextData
    #
    #We iterate over the chain and print the parms_id for each set of parameters.

    print("Print the modulus switching chain.")

    #First print the key level parameter information.

    context_data = context.key_context_data()
    print("----> Level (chain index): {} ...... key_context_data()".format(
        context_data.chain_index()))
    print("      parms_id: {}".format(list2hex(context_data.parms_id())))
    print("coeff_modulus primes:", end=' ')
    for prime in context_data.parms().coeff_modulus():
        print(hex(prime.value()), end=' ')
    print("")
    print("\\")
    print(" \\-->")

    #Next iterate over the remaining (data) levels.

    context_data = context.first_context_data()
    while (context_data):
        print(" Level (chain index): {} ".format(context_data.chain_index()),
              end='')
        if context_data.parms_id() == context.first_parms_id():
            print(" ...... first_context_data()")
        elif context_data.parms_id() == context.last_parms_id():
            print(" ...... last_context_data()")
        else:
            print("")
        print("      parms_id: {}".format(list2hex(context_data.parms_id())))
        print("coeff_modulus primes:", end=' ')
        for prime in context_data.parms().coeff_modulus():
            print(hex(prime.value()), end=' ')
        print("")
        print("\\")
        print(" \\-->")

        #Step forward in the chain.
        context_data = context_data.next_context_data()

    print(" End of chain reached")

    #We create some keys and check that indeed they appear at the highest level.

    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()
    relin_keys = keygen.relin_keys()
    galois_keys = keygen.galois_keys()
    print("Print the parameter IDs of generated elements.")
    print("    + public_key:  {}".format(list2hex(public_key.parms_id())))
    print("    + secret_key:  {}".format(list2hex(secret_key.parms_id())))
    print("    + relin_keys:  {}".format(list2hex(relin_keys.parms_id())))
    print("    + galois_keys: {}".format(list2hex(galois_keys.parms_id())))

    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    #In the BFV scheme plaintexts do not carry a parms_id, but ciphertexts do. Note
    #how the freshly encrypted ciphertext is at the highest data level.

    plain = Plaintext("1x^3 + 2x^2 + 3x^1 + 4")
    encrypted = Ciphertext()
    encryptor.encrypt(plain, encrypted)
    print("    + plain:       {} (not set in BFV)".format(
        list2hex(plain.parms_id())))
    print("    + encrypted:   {}".format(list2hex(encrypted.parms_id())))

    #`Modulus switching' is a technique of changing the ciphertext parameters down
    #in the chain. The function Evaluator::mod_switch_to_next always switches to
    #the next level down the chain, whereas Evaluator::mod_switch_to switches to
    #a parameter set down the chain corresponding to a given parms_id. However, it
    #is impossible to switch up in the chain.

    print("Perform modulus switching on encrypted and print.")
    context_data = context.first_context_data()
    print("---->")

    while (context_data.next_context_data()):
        print(" Level (chain index): {} ".format(context_data.chain_index()))
        print("      parms_id of encrypted: {}".format(
            list2hex(encrypted.parms_id())))
        print("      Noise budget at this level: {} bits".format(
            decryptor.invariant_noise_budget(encrypted)))
        print("\\")
        print(" \\-->")
        evaluator.mod_switch_to_next_inplace(encrypted)
        context_data = context_data.next_context_data()

    print(" Level (chain index): {}".format(context_data.chain_index()))
    print("      parms_id of encrypted: {}".format(encrypted.parms_id()))
    print("      Noise budget at this level: {} bits".format(
        decryptor.invariant_noise_budget(encrypted)))
    print("\\")
    print(" \\-->")
    print(" End of chain reached")

    #At this point it is hard to see any benefit in doing this: we lost a huge
    #amount of noise budget (i.e., computational power) at each switch and seemed
    #to get nothing in return. Decryption still works.

    print("Decrypt still works after modulus switching.")
    decryptor.decrypt(encrypted, plain)
    print("    + Decryption of encrypted: {} ...... Correct.".format(
        plain.to_string()))

    #However, there is a hidden benefit: the size of the ciphertext depends
    #linearly on the number of primes in the coefficient modulus. Thus, if there
    #is no need or intention to perform any further computations on a given
    #ciphertext, we might as well switch it down to the smallest (last) set of
    #parameters in the chain before sending it back to the secret key holder for
    #decryption.
    #
    #Also the lost noise budget is actually not an issue at all, if we do things
    #right, as we will see below.
    #
    #First we recreate the original ciphertext and perform some computations.

    print("Computation is more efficient with modulus switching.")
    print("Compute the 8th power.")
    encryptor.encrypt(plain, encrypted)
    print("    + Noise budget fresh:                   {} bits".format(
        decryptor.invariant_noise_budget(encrypted)))
    evaluator.square_inplace(encrypted)
    evaluator.relinearize_inplace(encrypted, relin_keys)
    print("    + Noise budget of the 2nd power:         {} bits".format(
        decryptor.invariant_noise_budget(encrypted)))
    evaluator.square_inplace(encrypted)
    evaluator.relinearize_inplace(encrypted, relin_keys)
    print("    + Noise budget of the 4th power:         {} bits".format(
        decryptor.invariant_noise_budget(encrypted)))

    #Surprisingly, in this case modulus switching has no effect at all on the
    #noise budget.

    evaluator.mod_switch_to_next_inplace(encrypted)
    print("    + Noise budget after modulus switching:  {} bits".format(
        decryptor.invariant_noise_budget(encrypted)))

    #This means that there is no harm at all in dropping some of the coefficient
    #modulus after doing enough computations. In some cases one might want to
    #switch to a lower level slightly earlier, actually sacrificing some of the
    #noise budget in the process, to gain computational performance from having
    #smaller parameters. We see from the print-out that the next modulus switch
    #should be done ideally when the noise budget is down to around 25 bits.

    evaluator.square_inplace(encrypted)
    evaluator.relinearize_inplace(encrypted, relin_keys)
    print("    + Noise budget of the 8th power:         {} bits".format(
        decryptor.invariant_noise_budget(encrypted)))
    evaluator.mod_switch_to_next_inplace(encrypted)
    print("    + Noise budget after modulus switching:  {} bits".format(
        decryptor.invariant_noise_budget(encrypted)))

    #At this point the ciphertext still decrypts correctly, has very small size,
    #and the computation was as efficient as possible. Note that the decryptor
    #can be used to decrypt a ciphertext at any level in the modulus switching
    #chain.

    decryptor.decrypt(encrypted, plain)
    print("    + Decryption of the 8th power (hexadecimal) ...... Correct.")
    print("    {}".format(plain.to_string()))

    #In BFV modulus switching is not necessary and in some cases the user might
    #not want to create the modulus switching chain, except for the highest two
    #levels. This can be done by passing a bool `false' to SEALContext::Create.

    context = SEALContext.Create(parms, False)

    #We can check that indeed the modulus switching chain has been created only
    #for the highest two levels (key level and highest data level). The following
    #loop should execute only once.

    print("Optionally disable modulus switching chain expansion.")
    print("Print the modulus switching chain.")
    print("---->")

    context_data = context.key_context_data()
    while (context_data):
        print(" Level (chain index): {}".format(context_data.chain_index()))
        print("      parms_id: {}".format(list2hex(context_data.parms_id())))
        print("coeff_modulus primes:", end=' ')
        for prime in context_data.parms().coeff_modulus():
            print(hex(prime.value()), end=' ')
        print("")
        print("\\")
        print(" \\-->")
        context_data = context_data.next_context_data()

    print(" End of chain reached")
# Adding the matrices multiplie by their coefficients
for i in range(len(matrixPower_vector) - 1):
    for j in range(len(c)):
        if (i + j == n - 1):
            mult(c[j], matrixPower_vector[i])
            for t in range(n):
                for s in range(n):
                    evaluator.add(A_inv[t][s], matrixPower_vector[i][t][s])

# decrypted inverse matrix
A_i_dec = []
for x in A_inv:
    a_i = []
    for y in x:
        p = Plaintext()
        decryptor.decrypt(y, p)
        a_i.append(encoderF.decode(p))
    A_i_dec.append(a_i)

decryptor.decrypt(c[n], p)
# nth coefficient of characteristic equation of th
determin = encoderF.decode(p)

print("negative of co-factor matrix: ", A_i_dec)
A_i_dec = [[(-1 / determin) * elem for elem in row] for row in A_i_dec]
print("\nThe inverse matrix:\n", np.asarray(A_i_dec))
print('Time cost: {} seconds'.format(time.time() - t1))

t2 = time.time()
np_A_inv = np.linalg.inv(np.asarray(plain_A))
print('Inverse computed by numpy: \n{}'.format(np_A_inv))
for i in range(len(A)):
	A_plain.append(encoder.encode(A[i]))
	A_cipherObject.append(Ciphertext())
	encryptor.encrypt(A_plain[i],A_cipherObject[i])
	print("Noise budget of "+ str(i)+" "+str((decryptor.invariant_noise_budget(A_cipherObject[i]))) + " bits")

A_cipherObject=chunk(A_cipherObject)
C=A_cipherObject
#shallow copy

# partial pivoting
for i in range(3,-1,-1):
	evaluator.negate(C[i][0])
	evaluator.add(C[i][0], C[i+1][0])
	plain_result = Plaintext()
	decryptor.decrypt(C[i][0], plain_result)
	if (int(encoder.decode_int32(plain_result))>0):
		for j in range(8):
# add code to combine appended matrix and normal matrix together

D=A_cipherObject
#shallow copy

# reducing to diagnol matrix
for i in range(4):
	for j in range (8):
		if (j!=i):
			plain_result = Plaintext()
			X=D[i][i]
			decryptor.decrypt(X, plain_result)
			E=1/int(encoder.decode_int32(plain_result))
示例#19
0
def example_integer_encoder():
    print("Example: Encoders / Integer Encoder")
    #[IntegerEncoder] (For BFV scheme only)
    #
    #The IntegerEncoder encodes integers to BFV plaintext polynomials as follows.
    #First, a binary expansion of the integer is computed. Next, a polynomial is
    #created with the bits as coefficients. For example, the integer
    #
    #    26 = 2^4 + 2^3 + 2^1
    #
    #is encoded as the polynomial 1x^4 + 1x^3 + 1x^1. Conversely, plaintext
    #polynomials are decoded by evaluating them at x=2. For negative numbers the
    #IntegerEncoder simply stores all coefficients as either 0 or -1, where -1 is
    #represented by the unsigned integer plain_modulus - 1 in memory.
    #
    #Since encrypted computations operate on the polynomials rather than on the
    #encoded integers themselves, the polynomial coefficients will grow in the
    #course of such computations. For example, computing the sum of the encrypted
    #encoded integer 26 with itself will result in an encrypted polynomial with
    #larger coefficients: 2x^4 + 2x^3 + 2x^1. Squaring the encrypted encoded
    #integer 26 results also in increased coefficients due to cross-terms, namely,
    #
    #    (2x^4 + 2x^3 + 2x^1)^2 = 1x^8 + 2x^7 + 1x^6 + 2x^5 + 2x^4 + 1x^2;
    #
    #further computations will quickly increase the coefficients much more.
    #Decoding will still work correctly in this case (evaluating the polynomial
    #at x=2), but since the coefficients of plaintext polynomials are really
    #integers modulo plain_modulus, implicit reduction modulo plain_modulus may
    #yield unexpected results. For example, adding 1x^4 + 1x^3 + 1x^1 to itself
    #plain_modulus many times will result in the constant polynomial 0, which is
    #clearly not equal to 26 * plain_modulus. It can be difficult to predict when
    #such overflow will take place especially when computing several sequential
    #multiplications.
    #
    #The IntegerEncoder is easy to understand and use for simple computations,
    #and can be a good tool to experiment with for users new to Microsoft SEAL.
    #However, advanced users will probably prefer more efficient approaches,
    #such as the BatchEncoder or the CKKSEncoder.

    parms = EncryptionParameters(scheme_type.BFV)
    poly_modulus_degree = 4096
    parms.set_poly_modulus_degree(poly_modulus_degree)
    parms.set_coeff_modulus(CoeffModulus.BFVDefault(poly_modulus_degree))

    #There is no hidden logic behind our choice of the plain_modulus. The only
    #thing that matters is that the plaintext polynomial coefficients will not
    #exceed this value at any point during our computation; otherwise the result
    #will be incorrect.

    parms.set_plain_modulus(512)
    context = SEALContext.Create(parms)
    print_parameters(context)

    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()
    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    #We create an IntegerEncoder.
    encoder = IntegerEncoder(context)

    #First, we encode two integers as plaintext polynomials. Note that encoding
    #is not encryption: at this point nothing is encrypted.
    value1 = 5
    plain1 = encoder.encode(value1)
    print("Encode {} as polynomial {} (plain1), ".format(
        value1, plain1.to_string()))

    value2 = -7
    plain2 = encoder.encode(value2)
    print("    encode {} as polynomial {} (plain2)".format(
        value2, plain2.to_string()))

    #Now we can encrypt the plaintext polynomials.
    encrypted1 = Ciphertext()
    encrypted2 = Ciphertext()
    print("Encrypt plain1 to encrypted1 and plain2 to encrypted2.")
    encryptor.encrypt(plain1, encrypted1)
    encryptor.encrypt(plain2, encrypted2)
    print("    + Noise budget in encrypted1: {} bits".format(
        decryptor.invariant_noise_budget(encrypted1)))
    print("    + Noise budget in encrypted2: {} bits".format(
        decryptor.invariant_noise_budget(encrypted2)))

    #As a simple example, we compute (-encrypted1 + encrypted2) * encrypted2.
    encryptor.encrypt(plain2, encrypted2)
    encrypted_result = Ciphertext()
    print(
        "Compute encrypted_result = (-encrypted1 + encrypted2) * encrypted2.")
    evaluator.negate(encrypted1, encrypted_result)
    evaluator.add_inplace(encrypted_result, encrypted2)
    evaluator.multiply_inplace(encrypted_result, encrypted2)
    print("    + Noise budget in encrypted_result: {} bits".format(
        decryptor.invariant_noise_budget(encrypted_result)))
    plain_result = Plaintext()
    print("Decrypt encrypted_result to plain_result.")
    decryptor.decrypt(encrypted_result, plain_result)

    #Print the result plaintext polynomial. The coefficients are not even close
    #to exceeding our plain_modulus, 512.
    print("    + Plaintext polynomial: {}".format(plain_result.to_string()))

    #Decode to obtain an integer result.
    print("Decode plain_result.")
    print("    + Decoded integer: {} ...... Correct.".format(
        encoder.decode_int32(plain_result)))
示例#20
0
def example_ckks_encoder():
    print("Example: Encoders / CKKS Encoder")

    #[CKKSEncoder] (For CKKS scheme only)
    #
    #In this example we demonstrate the Cheon-Kim-Kim-Song (CKKS) scheme for
    #computing on encrypted real or complex numbers. We start by creating
    #encryption parameters for the CKKS scheme. There are two important
    #differences compared to the BFV scheme:
    #
    #    (1) CKKS does not use the plain_modulus encryption parameter;
    #    (2) Selecting the coeff_modulus in a specific way can be very important
    #        when using the CKKS scheme. We will explain this further in the file
    #        `ckks_basics.cpp'. In this example we use CoeffModulus::Create to
    #        generate 5 40-bit prime numbers.

    parms = EncryptionParameters(scheme_type.CKKS)

    poly_modulus_degree = 8192
    parms.set_poly_modulus_degree(poly_modulus_degree)
    parms.set_coeff_modulus(
        CoeffModulus.Create(poly_modulus_degree,
                            IntVector([40, 40, 40, 40, 40])))

    #We create the SEALContext as usual and print the parameters.
    context = SEALContext.Create(parms)
    print_parameters(context)

    #Keys are created the same way as for the BFV scheme.
    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()
    relin_keys = keygen.relin_keys()

    #We also set up an Encryptor, Evaluator, and Decryptor as usual.
    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    #To create CKKS plaintexts we need a special encoder: there is no other way
    #to create them. The IntegerEncoder and BatchEncoder cannot be used with the
    #CKKS scheme. The CKKSEncoder encodes vectors of real or complex numbers into
    #Plaintext objects, which can subsequently be encrypted. At a high level this
    #looks a lot like what BatchEncoder does for the BFV scheme, but the theory
    #behind it is completely different.

    encoder = CKKSEncoder(context)

    #In CKKS the number of slots is poly_modulus_degree / 2 and each slot encodes
    #one real or complex number. This should be contrasted with BatchEncoder in
    #the BFV scheme, where the number of slots is equal to poly_modulus_degree
    #and they are arranged into a matrix with two rows.

    slot_count = encoder.slot_count()
    print("Number of slots: {}".format(slot_count))

    #We create a small vector to encode; the CKKSEncoder will implicitly pad it
    #with zeros to full size (poly_modulus_degree / 2) when encoding.

    input = DoubleVector([0.0, 1.1, 2.2, 3.3])
    print("Input vector: ")
    print_vector(input)

    #Now we encode it with CKKSEncoder. The floating-point coefficients of `input'
    #will be scaled up by the parameter `scale'. This is necessary since even in
    #the CKKS scheme the plaintext elements are fundamentally polynomials with
    #integer coefficients. It is instructive to think of the scale as determining
    #the bit-precision of the encoding; naturally it will affect the precision of
    #the result.
    #
    #In CKKS the message is stored modulo coeff_modulus (in BFV it is stored modulo
    #plain_modulus), so the scaled message must not get too close to the total size
    #of coeff_modulus. In this case our coeff_modulus is quite large (200 bits) so
    #we have little to worry about in this regard. For this simple example a 30-bit
    #scale is more than enough.

    plain = Plaintext()
    scale = 2.0**30
    print("Encode input vector.")
    encoder.encode(input, scale, plain)

    #We can instantly decode to check the correctness of encoding.
    output = DoubleVector()
    print("    + Decode input vector ...... Correct.")
    encoder.decode(plain, output)
    print_vector(output)

    #The vector is encrypted the same was as in BFV.
    encrypted = Ciphertext()
    print("Encrypt input vector, square, and relinearize.")
    encryptor.encrypt(plain, encrypted)

    #Basic operations on the ciphertexts are still easy to do. Here we square the
    #ciphertext, decrypt, decode, and print the result. We note also that decoding
    #returns a vector of full size (poly_modulus_degree / 2); this is because of
    #the implicit zero-padding mentioned above.

    evaluator.square_inplace(encrypted)
    evaluator.relinearize_inplace(encrypted, relin_keys)

    #We notice that the scale in the result has increased. In fact, it is now the
    #square of the original scale: 2^60.

    print("    + Scale in squared input: {} ( {} bits)".format(
        encrypted.scale(), log2(encrypted.scale())))

    print("Decrypt and decode.")
    decryptor.decrypt(encrypted, plain)
    encoder.decode(plain, output)
    print("    + Result vector ...... Correct.")
    print_vector(output)
示例#21
0
class SealOps:
    @classmethod
    def with_env(cls):
        parms = EncryptionParameters(scheme_type.CKKS)
        parms.set_poly_modulus_degree(POLY_MODULUS_DEGREE)
        parms.set_coeff_modulus(
            CoeffModulus.Create(POLY_MODULUS_DEGREE, PRIME_SIZE_LIST))

        context = SEALContext.Create(parms)

        keygen = KeyGenerator(context)
        public_key = keygen.public_key()
        secret_key = keygen.secret_key()
        relin_keys = keygen.relin_keys()
        galois_keys = keygen.galois_keys()

        return cls(context=context,
                   public_key=public_key,
                   secret_key=secret_key,
                   relin_keys=relin_keys,
                   galois_keys=galois_keys,
                   poly_modulus_degree=POLY_MODULUS_DEGREE,
                   scale=SCALE)

    def __init__(self,
                 context: SEALContext,
                 scale: float,
                 poly_modulus_degree: int,
                 public_key: PublicKey = None,
                 secret_key: SecretKey = None,
                 relin_keys: RelinKeys = None,
                 galois_keys: GaloisKeys = None):
        self.scale = scale
        self.context = context
        self.encoder = CKKSEncoder(context)
        self.evaluator = Evaluator(context)
        self.encryptor = Encryptor(context, public_key)
        self.decryptor = Decryptor(context, secret_key)
        self.relin_keys = relin_keys
        self.galois_keys = galois_keys
        self.poly_modulus_degree_log = np.log2(poly_modulus_degree)

    def encrypt(self, matrix: np.array):
        matrix = Matrix.from_numpy_array(array=matrix)
        cipher_matrix = CipherMatrix(rows=matrix.rows, cols=matrix.cols)

        for i in range(matrix.rows):
            encoded_row = Plaintext()
            self.encoder.encode(matrix[i], self.scale, encoded_row)
            self.encryptor.encrypt(encoded_row, cipher_matrix[i])

        return cipher_matrix

    def decrypt(self, cipher_matrix: CipherMatrix) -> Matrix:
        matrix = Matrix(rows=cipher_matrix.rows, cols=cipher_matrix.cols)

        for i in range(matrix.rows):
            row = Vector()
            encoded_row = Plaintext()
            self.decryptor.decrypt(cipher_matrix[i], encoded_row)
            self.encoder.decode(encoded_row, row)
            matrix[i] = row

        return matrix

    def add(self, matrix_a: CipherMatrix,
            matrix_b: CipherMatrix) -> CipherMatrix:
        self.validate_same_dimension(matrix_a, matrix_b)

        result_matrix = CipherMatrix(rows=matrix_a.rows, cols=matrix_a.cols)
        for i in range(matrix_a.rows):
            a_tag, b_tag = self.get_matched_scale_vectors(
                matrix_a[i], matrix_b[i])
            self.evaluator.add(a_tag, b_tag, result_matrix[i])

        return result_matrix

    def add_plain(self, matrix_a: CipherMatrix,
                  matrix_b: np.array) -> CipherMatrix:
        matrix_b = Matrix.from_numpy_array(matrix_b)
        self.validate_same_dimension(matrix_a, matrix_b)

        result_matrix = CipherMatrix(rows=matrix_a.rows, cols=matrix_a.cols)

        for i in range(matrix_a.rows):
            row = matrix_b[i]
            encoded_row = Plaintext()
            self.encoder.encode(row, self.scale, encoded_row)
            self.evaluator.mod_switch_to_inplace(encoded_row,
                                                 matrix_a[i].parms_id())
            self.evaluator.add_plain(matrix_a[i], encoded_row,
                                     result_matrix[i])

        return result_matrix

    def multiply_plain(self, matrix_a: CipherMatrix,
                       matrix_b: np.array) -> CipherMatrix:
        matrix_b = Matrix.from_numpy_array(matrix_b)
        self.validate_same_dimension(matrix_a, matrix_b)

        result_matrix = CipherMatrix(rows=matrix_a.rows, cols=matrix_a.cols)

        for i in range(matrix_a.rows):
            row = matrix_b[i]
            encoded_row = Plaintext()
            self.encoder.encode(row, self.scale, encoded_row)
            self.evaluator.mod_switch_to_inplace(encoded_row,
                                                 matrix_a[i].parms_id())
            self.evaluator.multiply_plain(matrix_a[i], encoded_row,
                                          result_matrix[i])

        return result_matrix

    def dot_vector(self, a: Ciphertext, b: Ciphertext) -> Ciphertext:
        result = Ciphertext()

        self.evaluator.multiply(a, b, result)
        self.evaluator.relinearize_inplace(result, self.relin_keys)
        self.vector_sum_inplace(result)
        self.get_vector_first_element(result)
        self.evaluator.rescale_to_next_inplace(result)

        return result

    def dot_vector_with_plain(self, a: Ciphertext,
                              b: DoubleVector) -> Ciphertext:
        result = Ciphertext()

        b_plain = Plaintext()
        self.encoder.encode(b, self.scale, b_plain)

        self.evaluator.multiply_plain(a, b_plain, result)
        self.vector_sum_inplace(result)
        self.get_vector_first_element(result)

        self.evaluator.rescale_to_next_inplace(result)

        return result

    def get_vector_range(self, vector_a: Ciphertext, i: int,
                         j: int) -> Ciphertext:
        cipher_range = Ciphertext()

        one_and_zeros = DoubleVector([0.0 if x < i else 1.0 for x in range(j)])
        plain = Plaintext()
        self.encoder.encode(one_and_zeros, self.scale, plain)
        self.evaluator.mod_switch_to_inplace(plain, vector_a.parms_id())
        self.evaluator.multiply_plain(vector_a, plain, cipher_range)

        return cipher_range

    def dot_matrix_with_matrix_transpose(self, matrix_a: CipherMatrix,
                                         matrix_b: CipherMatrix):
        result_matrix = CipherMatrix(rows=matrix_a.rows, cols=matrix_a.cols)

        rows_a = matrix_a.rows
        cols_b = matrix_b.rows

        for i in range(rows_a):
            vector_dot_products = []
            zeros = Plaintext()

            for j in range(cols_b):
                vector_dot_products += [
                    self.dot_vector(matrix_a[i], matrix_b[j])
                ]

                if j == 0:
                    zero = DoubleVector()
                    self.encoder.encode(zero, vector_dot_products[j].scale(),
                                        zeros)
                    self.evaluator.mod_switch_to_inplace(
                        zeros, vector_dot_products[j].parms_id())
                    self.evaluator.add_plain(vector_dot_products[j], zeros,
                                             result_matrix[i])
                else:
                    self.evaluator.rotate_vector_inplace(
                        vector_dot_products[j], -j, self.galois_keys)
                    self.evaluator.add_inplace(result_matrix[i],
                                               vector_dot_products[j])

        for vec in result_matrix:
            self.evaluator.relinearize_inplace(vec, self.relin_keys)
            self.evaluator.rescale_to_next_inplace(vec)

        return result_matrix

    def dot_matrix_with_plain_matrix_transpose(self, matrix_a: CipherMatrix,
                                               matrix_b: np.array):
        matrix_b = Matrix.from_numpy_array(matrix_b)
        result_matrix = CipherMatrix(rows=matrix_a.rows, cols=matrix_a.cols)

        rows_a = matrix_a.rows
        cols_b = matrix_b.rows

        for i in range(rows_a):
            vector_dot_products = []
            zeros = Plaintext()

            for j in range(cols_b):
                vector_dot_products += [
                    self.dot_vector_with_plain(matrix_a[i], matrix_b[j])
                ]

                if j == 0:
                    zero = DoubleVector()
                    self.encoder.encode(zero, vector_dot_products[j].scale(),
                                        zeros)
                    self.evaluator.mod_switch_to_inplace(
                        zeros, vector_dot_products[j].parms_id())
                    self.evaluator.add_plain(vector_dot_products[j], zeros,
                                             result_matrix[i])
                else:
                    self.evaluator.rotate_vector_inplace(
                        vector_dot_products[j], -j, self.galois_keys)
                    self.evaluator.add_inplace(result_matrix[i],
                                               vector_dot_products[j])

        for vec in result_matrix:
            self.evaluator.relinearize_inplace(vec, self.relin_keys)
            self.evaluator.rescale_to_next_inplace(vec)

        return result_matrix

    @staticmethod
    def validate_same_dimension(matrix_a, matrix_b):
        if matrix_a.rows != matrix_b.rows or matrix_a.cols != matrix_b.cols:
            raise ArithmeticError("Matrices aren't of the same dimension")

    def vector_sum_inplace(self, cipher: Ciphertext):
        rotated = Ciphertext()

        for i in range(int(self.poly_modulus_degree_log - 1)):
            self.evaluator.rotate_vector(cipher, pow(2, i), self.galois_keys,
                                         rotated)
            self.evaluator.add_inplace(cipher, rotated)

    def get_vector_first_element(self, cipher: Ciphertext):
        one_and_zeros = DoubleVector([1.0])
        plain = Plaintext()
        self.encoder.encode(one_and_zeros, self.scale, plain)
        self.evaluator.multiply_plain_inplace(cipher, plain)

    def get_matched_scale_vectors(self, a: Ciphertext,
                                  b: Ciphertext) -> (Ciphertext, Ciphertext):
        a_tag = Ciphertext(a)
        b_tag = Ciphertext(b)

        a_index = self.context.get_context_data(a.parms_id()).chain_index()
        b_index = self.context.get_context_data(b.parms_id()).chain_index()

        # Changing the mod if required, else just setting the scale
        if a_index < b_index:
            self.evaluator.mod_switch_to_inplace(b_tag, a.parms_id())

        elif a_index > b_index:
            self.evaluator.mod_switch_to_inplace(a_tag, b.parms_id())

        a_tag.set_scale(self.scale)
        b_tag.set_scale(self.scale)

        return a_tag, b_tag
示例#22
0
class CipherMatrix:
    """

    """
    def __init__(self, matrix=None):
        """

        :param matrix: numpy.ndarray to be encrypted.
        """

        self.parms = EncryptionParameters()
        self.parms.set_poly_modulus("1x^2048 + 1")
        self.parms.set_coeff_modulus(seal.coeff_modulus_128(2048))
        self.parms.set_plain_modulus(1 << 8)

        self.context = SEALContext(self.parms)

        # self.encoder = IntegerEncoder(self.context.plain_modulus())
        self.encoder = FractionalEncoder(self.context.plain_modulus(),
                                         self.context.poly_modulus(), 64, 32,
                                         3)

        self.keygen = KeyGenerator(self.context)
        self.public_key = self.keygen.public_key()
        self.secret_key = self.keygen.secret_key()

        self.encryptor = Encryptor(self.context, self.public_key)
        self.decryptor = Decryptor(self.context, self.secret_key)

        self.evaluator = Evaluator(self.context)

        self._saved = False
        self._encrypted = False
        self._id = '{0:04d}'.format(np.random.randint(1000))

        if matrix is not None:
            assert len(
                matrix.shape) == 2, "Only 2D numpy matrices accepted currently"
            self.matrix = np.copy(matrix)
            self.encrypted_matrix = np.empty(self.matrix.shape, dtype=object)
            for i in range(self.matrix.shape[0]):
                for j in range(self.matrix.shape[1]):
                    self.encrypted_matrix[i, j] = Ciphertext()

        else:
            self.matrix = None
            self.encrypted_matrix = None

        print(self._id, "Created")

    def __repr__(self):
        """

        :return:
        """
        print("Encrypted:", self._encrypted)
        if not self._encrypted:
            print(self.matrix)
            return ""

        else:
            return '[]'

    def __str__(self):
        """

        :return:
        """
        print("| Encryption parameters:")
        print("| poly_modulus: " + self.context.poly_modulus().to_string())

        # Print the size of the true (product) coefficient modulus
        print("| coeff_modulus_size: " + (
            str)(self.context.total_coeff_modulus().significant_bit_count()) +
              " bits")

        print("| plain_modulus: " +
              (str)(self.context.plain_modulus().value()))
        print("| noise_standard_deviation: " +
              (str)(self.context.noise_standard_deviation()))

        if self.matrix is not None:
            print(self.matrix.shape)

        return str(type(self))

    def __add__(self, other):
        """

        :param other:
        :return:
        """
        assert isinstance(
            other, CipherMatrix), "Can only be added with a CipherMatrix"

        A_enc = self._encrypted
        B_enc = other._encrypted

        if A_enc:
            A = self.encrypted_matrix
        else:
            A = self.matrix

        if B_enc:
            B = other.encrypted_matrix
        else:
            B = other.matrix

        assert A.shape == B.shape, "Dimension mismatch, Matrices must be of same shape. Got {} and {}".format(
            A.shape, B.shape)

        shape = A.shape

        result = CipherMatrix(np.zeros(shape, dtype=np.int32))
        result._update_cryptors(self.get_keygen())

        if A_enc:
            if B_enc:

                res_mat = result.encrypted_matrix
                for i in range(shape[0]):
                    for j in range(shape[1]):
                        self.evaluator.add(A[i, j], B[i, j], res_mat[i, j])

                result._encrypted = True

            else:
                res_mat = result.encrypted_matrix
                for i in range(shape[0]):
                    for j in range(shape[1]):
                        self.evaluator.add_plain(A[i, j],
                                                 self.encoder.encode(B[i, j]),
                                                 res_mat[i, j])

                result._encrypted = True

        else:
            if B_enc:

                res_mat = result.encrypted_matrix
                for i in range(shape[0]):
                    for j in range(shape[1]):
                        self.evaluator.add_plain(B[i, j],
                                                 self.encoder.encode(A[i, j]),
                                                 res_mat[i, j])

                result._encrypted = True

            else:

                result.matrix = A + B
                result._encrypted = False

        return result

    def __sub__(self, other):
        """

        :param other:
        :return:
        """
        assert isinstance(other, CipherMatrix)
        if other._encrypted:
            shape = other.encrypted_matrix.shape

            for i in range(shape[0]):
                for j in range(shape[1]):
                    self.evaluator.negate(other.encrypted_matrix[i, j])

        else:
            other.matrix = -1 * other.matrix

        return self + other

    def __mul__(self, other):
        """

        :param other:
        :return:
        """

        assert isinstance(
            other, CipherMatrix), "Can only be multiplied with a CipherMatrix"

        # print("LHS", self._id, "RHS", other._id)
        A_enc = self._encrypted
        B_enc = other._encrypted

        if A_enc:
            A = self.encrypted_matrix
        else:
            A = self.matrix

        if B_enc:
            B = other.encrypted_matrix
        else:
            B = other.matrix

        Ashape = A.shape
        Bshape = B.shape

        assert Ashape[1] == Bshape[0], "Dimensionality mismatch"
        result_shape = [Ashape[0], Bshape[1]]

        result = CipherMatrix(np.zeros(shape=result_shape))

        if A_enc:
            if B_enc:

                for i in range(Ashape[0]):
                    for j in range(Bshape[1]):

                        result_array = []
                        for k in range(Ashape[1]):

                            res = Ciphertext()
                            self.evaluator.multiply(A[i, k], B[k, j], res)

                            result_array.append(res)

                        self.evaluator.add_many(result_array,
                                                result.encrypted_matrix[i, j])

                result._encrypted = True

            else:

                for i in range(Ashape[0]):
                    for j in range(Bshape[1]):

                        result_array = []
                        for k in range(Ashape[1]):
                            res = Ciphertext()
                            self.evaluator.multiply_plain(
                                A[i, k], self.encoder.encode(B[k, j]), res)

                            result_array.append(res)

                        self.evaluator.add_many(result_array,
                                                result.encrypted_matrix[i, j])

                result._encrypted = True

        else:
            if B_enc:

                for i in range(Ashape[0]):
                    for j in range(Bshape[1]):

                        result_array = []
                        for k in range(Ashape[1]):
                            res = Ciphertext()
                            self.evaluator.multiply_plain(
                                B[i, k], self.encoder.encode(A[k, j]), res)

                            result_array.append(res)

                        self.evaluator.add_many(result_array,
                                                result.encrypted_matrix[i, j])

                result._encrypted = True

            else:

                result.matrix = np.matmul(A, B)
                result._encrypted = False

        return result

    def save(self, path):
        """

        :param path:
        :return:
        """

        save_dir = os.path.join(path, self._id)

        if self._saved:
            print("CipherMatrix already saved")

        else:
            assert not os.path.isdir(save_dir), "Directory already exists"
            os.mkdir(save_dir)

        if not self._encrypted:
            self.encrypt()

        shape = self.encrypted_matrix.shape

        for i in range(shape[0]):
            for j in range(shape[1]):

                element_name = str(i) + '-' + str(j) + '.ahem'
                self.encrypted_matrix[i, j].save(
                    os.path.join(save_dir, element_name))

        self.secret_key.save("/keys/" + "." + self._id + '.wheskey')

        self._saved = True
        return save_dir

    def load(self, path, load_secret_key=False):
        """

        :param path:
        :param load_secret_key:
        :return:
        """

        self._id = path.split('/')[-1]
        print("Loading Matrix:", self._id)

        file_list = os.listdir(path)
        index_list = [[file.split('.')[0].split('-'), file]
                      for file in file_list]

        M = int(max([int(ind[0][0]) for ind in index_list])) + 1
        N = int(max([int(ind[0][1]) for ind in index_list])) + 1
        del self.encrypted_matrix
        self.encrypted_matrix = np.empty([M, N], dtype=object)

        for index in index_list:
            i = int(index[0][0])
            j = int(index[0][1])

            self.encrypted_matrix[i, j] = Ciphertext()
            self.encrypted_matrix[i, j].load(os.path.join(path, index[1]))

        if load_secret_key:
            self.secret_key.load("/keys/" + "." + self._id + '.wheskey')

        self.matrix = np.empty(self.encrypted_matrix.shape)
        self._encrypted = True

    def encrypt(self, matrix=None, keygen=None):
        """

        :param matrix:
        :return:
        """

        assert not self._encrypted, "Matrix already encrypted"

        if matrix is not None:
            assert self.matrix is None, "matrix already exists"
            self.matrix = np.copy(matrix)

        shape = self.matrix.shape

        self.encrypted_matrix = np.empty(shape, dtype=object)

        if keygen is not None:
            self._update_cryptors(keygen)

        for i in range(shape[0]):
            for j in range(shape[1]):
                val = self.encoder.encode(self.matrix[i, j])
                self.encrypted_matrix[i, j] = Ciphertext()
                self.encryptor.encrypt(val, self.encrypted_matrix[i, j])

        self._encrypted = True

    def decrypt(self, encrypted_matrix=None, keygen=None):
        """

        :return:
        """

        if encrypted_matrix is not None:
            self.encrypted_matrix = encrypted_matrix

        assert self._encrypted, "No encrypted matrix"

        del self.matrix
        shape = self.encrypted_matrix.shape

        self.matrix = np.empty(shape)

        if keygen is not None:
            self._update_cryptors(keygen)

        for i in range(shape[0]):
            for j in range(shape[1]):
                plain_text = Plaintext()
                self.decryptor.decrypt(self.encrypted_matrix[i, j], plain_text)
                self.matrix[i, j] = self.encoder.decode(plain_text)

        self._encrypted = False
        return np.copy(self.matrix)

    def get_keygen(self):
        """

        :return:
        """
        return self.keygen

    def _update_cryptors(self, keygen):
        """

        :param keygen:
        :return:
        """

        self.keygen = keygen
        self.public_key = keygen.public_key()
        self.secret_key = keygen.secret_key()

        self.encryptor = Encryptor(self.context, self.public_key)
        self.decryptor = Decryptor(self.context, self.secret_key)

        return
示例#23
0
def pickle_ciphertext():
    parms = EncryptionParameters()

    parms.set_poly_modulus("1x^2048 + 1")

    parms.set_coeff_modulus(seal.coeff_modulus_128(2048))

    parms.set_plain_modulus(1 << 8)

    context = SEALContext(parms)

    # Print the parameters that we have chosen
    print_parameters(context);

    encoder = IntegerEncoder(context.plain_modulus())


    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()

    # To be able to encrypt, we need to construct an instance of Encryptor. Note that
    # the Encryptor only requires the public key.
    encryptor = Encryptor(context, public_key)

    # Computations on the ciphertexts are performed with the Evaluator class.
    evaluator = Evaluator(context)

    # We will of course want to decrypt our results to verify that everything worked,
    # so we need to also construct an instance of Decryptor. Note that the Decryptor
    # requires the secret key.
    decryptor = Decryptor(context, secret_key)

    # We start by encoding two integers as plaintext polynomials.
    value1 = 5;
    plain1 = encoder.encode(value1);
    print("Encoded " + (str)(value1) + " as polynomial " + plain1.to_string() + " (plain1)")

    value2 = -7;
    plain2 = encoder.encode(value2);
    print("Encoded " + (str)(value2) + " as polynomial " + plain2.to_string() + " (plain2)")

    # Encrypting the values is easy.
    encrypted1 = Ciphertext()
    encrypted2 = Ciphertext()
    print("Encrypting plain1: ", encrypted1)
    encryptor.encrypt(plain1, encrypted1)
    print("Done (encrypted1)", encrypted1)

    print("Encrypting plain2: ")
    encryptor.encrypt(plain2, encrypted2)
    print("Done (encrypted2)")






    # output = open('ciphertest.pkl', 'wb')
    # dill.dumps(encrypted_save, output)
    # output.close()
    # encrypted1 = dill.load(open('ciphertest.pkl', 'rb'))


    output = open('session.pkl', 'wb')
    dill.dump_session('session.pkl')

    del encrypted1
    sill.load_session('session.pkl')







    # To illustrate the concept of noise budget, we print the budgets in the fresh
    # encryptions.
    print("Noise budget in encrypted1: " + (str)(decryptor.invariant_noise_budget(encrypted1)) + " bits")
    print("Noise budget in encrypted2: " + (str)(decryptor.invariant_noise_budget(encrypted2)) + " bits")

    # As a simple example, we compute (-encrypted1 + encrypted2) * encrypted2.

    # Negation is a unary operation.
    evaluator.negate(encrypted1)

    # Negation does not consume any noise budget.
    print("Noise budget in -encrypted1: " + (str)(decryptor.invariant_noise_budget(encrypted1)) + " bits")

    # Addition can be done in-place (overwriting the first argument with the result,
    # or alternatively a three-argument overload with a separate destination variable
    # can be used. The in-place variants are always more efficient. Here we overwrite
    # encrypted1 with the sum.
    evaluator.add(encrypted1, encrypted2)

    # It is instructive to think that addition sets the noise budget to the minimum
    # of the input noise budgets. In this case both inputs had roughly the same
    # budget going on, and the output (in encrypted1) has just slightly lower budget.
    # Depending on probabilistic effects, the noise growth consumption may or may
    # not be visible when measured in whole bits.
    print("Noise budget in -encrypted1 + encrypted2: " + (str)(decryptor.invariant_noise_budget(encrypted1)) + " bits")

    # Finally multiply with encrypted2. Again, we use the in-place version of the
    # function, overwriting encrypted1 with the product.
    evaluator.multiply(encrypted1, encrypted2)

    # Multiplication consumes a lot of noise budget. This is clearly seen in the
    # print-out. The user can change the plain_modulus to see its effect on the
    # rate of noise budget consumption.
    print("Noise budget in (-encrypted1 + encrypted2) * encrypted2: " + (str)(
        decryptor.invariant_noise_budget(encrypted1)) + " bits")

    # Now we decrypt and decode our result.
    plain_result = Plaintext()
    print("Decrypting result: ")
    decryptor.decrypt(encrypted1, plain_result)
    print("Done")

    # Print the result plaintext polynomial.
    print("Plaintext polynomial: " + plain_result.to_string())

    # Decode to obtain an integer result.
    print("Decoded integer: " + (str)(encoder.decode_int32(plain_result)))
示例#24
0
def example_bfv_basics():
    print("Example: BFV Basics")
    #In this example, we demonstrate performing simple computations (a polynomial
    #evaluation) on encrypted integers using the BFV encryption scheme.
    #
    #The first task is to set up an instance of the EncryptionParameters class.
    #It is critical to understand how the different parameters behave, how they
    #affect the encryption scheme, performance, and the security level. There are
    #three encryption parameters that are necessary to set:
    #
    #    - poly_modulus_degree (degree of polynomial modulus);
    #    - coeff_modulus ([ciphertext] coefficient modulus);
    #    - plain_modulus (plaintext modulus; only for the BFV scheme).
    #
    #The BFV scheme cannot perform arbitrary computations on encrypted data.
    #Instead, each ciphertext has a specific quantity called the `invariant noise
    #budget' -- or `noise budget' for short -- measured in bits. The noise budget
    #in a freshly encrypted ciphertext (initial noise budget) is determined by
    #the encryption parameters. Homomorphic operations consume the noise budget
    #at a rate also determined by the encryption parameters. In BFV the two basic
    #operations allowed on encrypted data are additions and multiplications, of
    #which additions can generally be thought of as being nearly free in terms of
    #noise budget consumption compared to multiplications. Since noise budget
    #consumption compounds in sequential multiplications, the most significant
    #factor in choosing appropriate encryption parameters is the multiplicative
    #depth of the arithmetic circuit that the user wants to evaluate on encrypted
    #data. Once the noise budget of a ciphertext reaches zero it becomes too
    #corrupted to be decrypted. Thus, it is essential to choose the parameters to
    #be large enough to support the desired computation; otherwise the result is
    #impossible to make sense of even with the secret key.
    parms = EncryptionParameters(scheme_type.BFV)

    #The first parameter we set is the degree of the `polynomial modulus'. This
    #must be a positive power of 2, representing the degree of a power-of-two
    #cyclotomic polynomial; it is not necessary to understand what this means.
    #
    #Larger poly_modulus_degree makes ciphertext sizes larger and all operations
    #slower, but enables more complicated encrypted computations. Recommended
    #values are 1024, 2048, 4096, 8192, 16384, 32768, but it is also possible
    #to go beyond this range.
    #
    #In this example we use a relatively small polynomial modulus. Anything
    #smaller than this will enable only very restricted encrypted computations.

    poly_modulus_degree = 4096
    parms.set_poly_modulus_degree(poly_modulus_degree)

    #Next we set the [ciphertext] `coefficient modulus' (coeff_modulus). This
    #parameter is a large integer, which is a product of distinct prime numbers,
    #each up to 60 bits in size. It is represented as a vector of these prime
    #numbers, each represented by an instance of the SmallModulus class. The
    #bit-length of coeff_modulus means the sum of the bit-lengths of its prime
    #factors.
    #
    #A larger coeff_modulus implies a larger noise budget, hence more encrypted
    #computation capabilities. However, an upper bound for the total bit-length
    #of the coeff_modulus is determined by the poly_modulus_degree, as follows:
    #
    #    +----------------------------------------------------+
    #    | poly_modulus_degree | max coeff_modulus bit-length |
    #    +---------------------+------------------------------+
    #    | 1024                | 27                           |
    #    | 2048                | 54                           |
    #    | 4096                | 109                          |
    #    | 8192                | 218                          |
    #    | 16384               | 438                          |
    #    | 32768               | 881                          |
    #    +---------------------+------------------------------+
    #
    #These numbers can also be found in native/src/seal/util/hestdparms.h encoded
    #in the function SEAL_HE_STD_PARMS_128_TC, and can also be obtained from the
    #function
    #
    #    CoeffModulus::MaxBitCount(poly_modulus_degree).
    #
    #For example, if poly_modulus_degree is 4096, the coeff_modulus could consist
    #of three 36-bit primes (108 bits).
    #
    #Microsoft SEAL comes with helper functions for selecting the coeff_modulus.
    #For new users the easiest way is to simply use
    #
    #    CoeffModulus::BFVDefault(poly_modulus_degree),
    #
    #which returns std::vector<SmallModulus> consisting of a generally good choice
    #for the given poly_modulus_degree.
    parms.set_coeff_modulus(CoeffModulus.BFVDefault(poly_modulus_degree))

    #The plaintext modulus can be any positive integer, even though here we take
    #it to be a power of two. In fact, in many cases one might instead want it
    #to be a prime number; we will see this in later examples. The plaintext
    #modulus determines the size of the plaintext data type and the consumption
    #of noise budget in multiplications. Thus, it is essential to try to keep the
    #plaintext data type as small as possible for best performance. The noise
    #budget in a freshly encrypted ciphertext is
    #
    #    ~ log2(coeff_modulus/plain_modulus) (bits)
    #
    #and the noise budget consumption in a homomorphic multiplication is of the
    #form log2(plain_modulus) + (other terms).
    #
    #The plaintext modulus is specific to the BFV scheme, and cannot be set when
    #using the CKKS scheme.

    parms.set_plain_modulus(1024)

    #Now that all parameters are set, we are ready to construct a SEALContext
    #object. This is a heavy class that checks the validity and properties of the
    #parameters we just set.
    context = SEALContext.Create(parms)

    #Print the parameters that we have chosen.
    print("Set encryption parameters and print")
    print_parameters(context)
    print("~~~~~~ A naive way to calculate 4(x^2+1)(x+1)^2. ~~~~~~")

    #The encryption schemes in Microsoft SEAL are public key encryption schemes.
    #For users unfamiliar with this terminology, a public key encryption scheme
    #has a separate public key for encrypting data, and a separate secret key for
    #decrypting data. This way multiple parties can encrypt data using the same
    #shared public key, but only the proper recipient of the data can decrypt it
    #with the secret key.
    #
    #We are now ready to generate the secret and public keys. For this purpose
    #we need an instance of the KeyGenerator class. Constructing a KeyGenerator
    #automatically generates the public and secret key, which can immediately be
    #read to local variables.

    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()

    #To be able to encrypt we need to construct an instance of Encryptor. Note
    #that the Encryptor only requires the public key, as expected.
    encryptor = Encryptor(context, public_key)

    #Computations on the ciphertexts are performed with the Evaluator class. In
    #a real use-case the Evaluator would not be constructed by the same party
    #that holds the secret key.
    evaluator = Evaluator(context)

    #We will of course want to decrypt our results to verify that everything worked,
    #so we need to also construct an instance of Decryptor. Note that the Decryptor
    #requires the secret key.
    decryptor = Decryptor(context, secret_key)

    #As an example, we evaluate the degree 4 polynomial
    #
    #    4x^4 + 8x^3 + 8x^2 + 8x + 4
    #
    #over an encrypted x = 6. The coefficients of the polynomial can be considered
    #as plaintext inputs, as we will see below. The computation is done modulo the
    #plain_modulus 1024.
    #
    #While this examples is simple and easy to understand, it does not have much
    #practical value. In later examples we will demonstrate how to compute more
    #efficiently on encrypted integers and real or complex numbers.
    #
    #Plaintexts in the BFV scheme are polynomials of degree less than the degree
    #of the polynomial modulus, and coefficients integers modulo the plaintext
    #modulus. For readers with background in ring theory, the plaintext space is
    #the polynomial quotient ring Z_T[X]/(X^N + 1), where N is poly_modulus_degree
    #and T is plain_modulus.
    #
    #To get started, we create a plaintext containing the constant 6. For the
    #plaintext element we use a constructor that takes the desired polynomial as
    #a string with coefficients represented as hexadecimal numbers.
    x = 6
    x_plain = Plaintext(str(x))
    print("Express x = {} as a plaintext polynomial 0x{}.".format(
        x, x_plain.to_string()))

    #We then encrypt the plaintext, producing a ciphertext.
    x_encrypted = Ciphertext()
    print("Encrypt x_plain to x_encrypted.")
    encryptor.encrypt(x_plain, x_encrypted)

    #In Microsoft SEAL, a valid ciphertext consists of two or more polynomials
    #whose coefficients are integers modulo the product of the primes in the
    #coeff_modulus. The number of polynomials in a ciphertext is called its `size'
    #and is given by Ciphertext::size(). A freshly encrypted ciphertext always
    #has size 2.
    print("    + size of freshly encrypted x: {}".format(x_encrypted.size()))

    #There is plenty of noise budget left in this freshly encrypted ciphertext.
    print("    + noise budget in freshly encrypted x: {} bits".format(
        decryptor.invariant_noise_budget(x_encrypted)))

    #We decrypt the ciphertext and print the resulting plaintext in order to
    #demonstrate correctness of the encryption.

    x_decrypted = Plaintext()
    decryptor.decrypt(x_encrypted, x_decrypted)
    print("    + decryption of x_encrypted: 0x{} ...... Correct.".format(
        x_decrypted.to_string()))

    #When using Microsoft SEAL, it is typically advantageous to compute in a way
    #that minimizes the longest chain of sequential multiplications. In other
    #words, encrypted computations are best evaluated in a way that minimizes
    #the multiplicative depth of the computation, because the total noise budget
    #consumption is proportional to the multiplicative depth. For example, for
    #our example computation it is advantageous to factorize the polynomial as
    #
    #    4x^4 + 8x^3 + 8x^2 + 8x + 4 = 4(x + 1)^2 * (x^2 + 1)
    #
    #to obtain a simple depth 2 representation. Thus, we compute (x + 1)^2 and
    #(x^2 + 1) separately, before multiplying them, and multiplying by 4.
    #
    #First, we compute x^2 and add a plaintext "1". We can clearly see from the
    #print-out that multiplication has consumed a lot of noise budget. The user
    #can vary the plain_modulus parameter to see its effect on the rate of noise
    #budget consumption.

    print("Compute x_sq_plus_one (x^2+1).")
    x_sq_plus_one = Ciphertext()
    evaluator.square(x_encrypted, x_sq_plus_one)
    plain_one = Plaintext("1")
    evaluator.add_plain_inplace(x_sq_plus_one, plain_one)

    #Encrypted multiplication results in the output ciphertext growing in size.
    #More precisely, if the input ciphertexts have size M and N, then the output
    #ciphertext after homomorphic multiplication will have size M+N-1. In this
    #case we perform a squaring, and observe both size growth and noise budget
    #consumption.
    print("    + size of x_sq_plus_one: {}".format(x_sq_plus_one.size()))
    print("    + noise budget in x_sq_plus_one: {} bits".format(
        decryptor.invariant_noise_budget(x_sq_plus_one)))

    #Even though the size has grown, decryption works as usual as long as noise
    #budget has not reached 0.
    decrypted_result = Plaintext()
    decryptor.decrypt(x_sq_plus_one, decrypted_result)
    print("    + decryption of x_sq_plus_one: 0x{} ...... Correct.".format(
        decrypted_result.to_string()))

    #Next, we compute (x + 1)^2.
    print("Compute x_plus_one_sq ((x+1)^2).")
    x_plus_one_sq = Ciphertext()
    evaluator.add_plain(x_encrypted, plain_one, x_plus_one_sq)
    evaluator.square_inplace(x_plus_one_sq)
    print("    + size of x_plus_one_sq: {}".format(x_plus_one_sq.size()))
    print("    + noise budget in x_plus_one_sq: {} bits".format(
        decryptor.invariant_noise_budget(x_plus_one_sq)))
    decryptor.decrypt(x_plus_one_sq, decrypted_result)
    print("    + decryption of x_plus_one_sq: 0x{} ...... Correct.".format(
        decrypted_result.to_string()))

    #Finally, we multiply (x^2 + 1) * (x + 1)^2 * 4.
    print("Compute encrypted_result (4(x^2+1)(x+1)^2).")
    encrypted_result = Ciphertext()
    plain_four = Plaintext("4")
    evaluator.multiply_plain_inplace(x_sq_plus_one, plain_four)
    evaluator.multiply(x_sq_plus_one, x_plus_one_sq, encrypted_result)
    print("    + size of encrypted_result: {}".format(encrypted_result.size()))
    print("    + noise budget in encrypted_result: {} bits".format(
        decryptor.invariant_noise_budget(encrypted_result)))
    print("NOTE: Decryption can be incorrect if noise budget is zero.")
    print("~~~~~~ A better way to calculate 4(x^2+1)(x+1)^2. ~~~~~~")

    #Noise budget has reached 0, which means that decryption cannot be expected
    #to give the correct result. This is because both ciphertexts x_sq_plus_one
    #and x_plus_one_sq consist of 3 polynomials due to the previous squaring
    #operations, and homomorphic operations on large ciphertexts consume much more
    #noise budget than computations on small ciphertexts. Computing on smaller
    #ciphertexts is also computationally significantly cheaper.

    #`Relinearization' is an operation that reduces the size of a ciphertext after
    #multiplication back to the initial size, 2. Thus, relinearizing one or both
    #input ciphertexts before the next multiplication can have a huge positive
    #impact on both noise growth and performance, even though relinearization has
    #a significant computational cost itself. It is only possible to relinearize
    #size 3 ciphertexts down to size 2, so often the user would want to relinearize
    #after each multiplication to keep the ciphertext sizes at 2.

    #Relinearization requires special `relinearization keys', which can be thought
    #of as a kind of public key. Relinearization keys can easily be created with
    #the KeyGenerator.

    #Relinearization is used similarly in both the BFV and the CKKS schemes, but
    #in this example we continue using BFV. We repeat our computation from before,
    #but this time relinearize after every multiplication.

    #We use KeyGenerator::relin_keys() to create relinearization keys.
    print("Generate relinearization keys.")
    relin_keys = keygen.relin_keys()

    #We now repeat the computation relinearizing after each multiplication.
    print("Compute and relinearize x_squared (x^2),")
    print("then compute x_sq_plus_one (x^2+1)")
    x_squared = Ciphertext()
    evaluator.square(x_encrypted, x_squared)
    print("    + size of x_squared: {}".format(x_squared.size()))
    evaluator.relinearize_inplace(x_squared, relin_keys)
    print("    + size of x_squared (after relinearization): {}".format(
        x_squared.size()))
    evaluator.add_plain(x_squared, plain_one, x_sq_plus_one)
    print("    + noise budget in x_sq_plus_one: {} bits".format(
        decryptor.invariant_noise_budget(x_sq_plus_one)))
    decryptor.decrypt(x_sq_plus_one, decrypted_result)
    print("    + decryption of x_sq_plus_one: 0x{}  ...... Correct.".format(
        decrypted_result.to_string()))

    x_plus_one = Ciphertext()
    print("Compute x_plus_one (x+1),")
    print("then compute and relinearize x_plus_one_sq ((x+1)^2).")
    evaluator.add_plain(x_encrypted, plain_one, x_plus_one)
    evaluator.square(x_plus_one, x_plus_one_sq)
    print("    + size of x_plus_one_sq: {}".format(x_plus_one_sq.size()))
    evaluator.relinearize_inplace(x_plus_one_sq, relin_keys)
    print("    + noise budget in x_plus_one_sq: {} bits".format(
        decryptor.invariant_noise_budget(x_plus_one_sq)))
    decryptor.decrypt(x_plus_one_sq, decrypted_result)
    print("    + decryption of x_plus_one_sq: 0x{}  ...... Correct.".format(
        decrypted_result.to_string()))

    print("Compute and relinearize encrypted_result (4(x^2+1)(x+1)^2).")
    evaluator.multiply_plain_inplace(x_sq_plus_one, plain_four)
    evaluator.multiply(x_sq_plus_one, x_plus_one_sq, encrypted_result)
    print("    + size of encrypted_result: {}".format(encrypted_result.size()))
    evaluator.relinearize_inplace(encrypted_result, relin_keys)
    print("    + size of encrypted_result (after relinearization): {}".format(
        encrypted_result.size()))
    print("    + noise budget in encrypted_result: {} bits".format(
        decryptor.invariant_noise_budget(encrypted_result)))

    print("NOTE: Notice the increase in remaining noise budget.")

    #Relinearization clearly improved our noise consumption. We have still plenty
    #of noise budget left, so we can expect the correct answer when decrypting.
    print("Decrypt encrypted_result (4(x^2+1)(x+1)^2).")
    decryptor.decrypt(encrypted_result, decrypted_result)
    print("    + decryption of 4(x^2+1)(x+1)^2 = 0x{}  ...... Correct.".format(
        decrypted_result.to_string()))
示例#25
0
def example_batching():
    print_example_banner("Example: Batching with PolyCRTBuilder");

    parms = EncryptionParameters()
    parms.set_poly_modulus("1x^4096 + 1")
    parms.set_coeff_modulus(seal.coeff_modulus_128(4096))

    parms.set_plain_modulus(40961)

    context = SEALContext(parms)
    print_parameters(context)

    qualifiers = context.qualifiers()

    keygen = KeyGenerator(context)
    public_key = keygen.public_key()
    secret_key = keygen.secret_key()

    gal_keys = GaloisKeys()
    keygen.generate_galois_keys(30, gal_keys)

    #ev_keys = EvaluationKeys()
    #keygen.generate_evaluation_keys(30, ev_keys)

    encryptor = Encryptor(context, public_key)
    evaluator = Evaluator(context)
    decryptor = Decryptor(context, secret_key)

    crtbuilder = PolyCRTBuilder(context)

    slot_count = (int)(crtbuilder.slot_count())
    row_size = (int)(slot_count / 2)
    print("Plaintext matrix row size: " + (str)(row_size))

    def print_matrix(matrix):
        print("")
        print_size = 5

        current_line = "    ["
        for i in range(print_size):
            current_line += ((str)(matrix[i]) + ", ")
        current_line += ("..., ")
        for i in range(row_size - print_size, row_size):
            current_line += ((str)(matrix[i]))
            if i != row_size-1: current_line += ", "
            else: current_line += "]"
        print(current_line)

        current_line = "    ["
        for i in range(row_size, row_size + print_size):
            current_line += ((str)(matrix[i]) + ", ")
        current_line += ("..., ")
        for i in range(2*row_size - print_size, 2*row_size):
            current_line += ((str)(matrix[i]))
            if i != 2*row_size-1: current_line += ", "
            else: current_line += "]"
        print(current_line)
        print("")

    #     [ 0,  1,  2,  3,  0,  0, ...,  0 ]
    #     [ 4,  5,  6,  7,  0,  0, ...,  0 ]
    pod_matrix = [0]*slot_count
    pod_matrix[0] = 0
    pod_matrix[1] = 1
    pod_matrix[2] = 2
    pod_matrix[3] = 3
    pod_matrix[row_size] = 4
    pod_matrix[row_size + 1] = 5
    pod_matrix[row_size + 2] = 6
    pod_matrix[row_size + 3] = 7

    print("Input plaintext matrix:")
    print_matrix(pod_matrix)

    plain_matrix = Plaintext()
    crtbuilder.compose(pod_matrix, plain_matrix)

    encrypted_matrix = Ciphertext()
    print("Encrypting: ")
    encryptor.encrypt(plain_matrix, encrypted_matrix)
    print("Done")
    print("Noise budget in fresh encryption: " +
        (str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")

    pod_matrix2 = []
    for i in range(slot_count): pod_matrix2.append((i % 2) + 1)
    plain_matrix2 = Plaintext()
    crtbuilder.compose(pod_matrix2, plain_matrix2)
    print("Second input plaintext matrix:")
    print_matrix(pod_matrix2)

    print("Adding and squaring: ")
    evaluator.add_plain(encrypted_matrix, plain_matrix2)
    evaluator.square(encrypted_matrix)
    evaluator.relinearize(encrypted_matrix, ev_keys)
    print("Done")

    print("Noise budget in result: " + (str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")

    plain_result = Plaintext()
    print("Decrypting result: ")
    decryptor.decrypt(encrypted_matrix, plain_result)
    print("Done")

    crtbuilder.decompose(plain_result)
    pod_result = [plain_result.coeff_at(i) for i in range(plain_result.coeff_count())]

    print("Result plaintext matrix:")
    print_matrix(pod_result)

    encryptor.encrypt(plain_matrix, encrypted_matrix)
    print("Unrotated matrix: ")
    print_matrix(pod_matrix)
    print("Noise budget in fresh encryption: " +
        (str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")

    # Now rotate the rows to the left 3 steps, decrypt, decompose, and print.
    evaluator.rotate_rows(encrypted_matrix, 3, gal_keys)
    print("Rotated rows 3 steps left: ")
    decryptor.decrypt(encrypted_matrix, plain_result)
    crtbuilder.decompose(plain_result)
    pod_result = [plain_result.coeff_at(i) for i in range(plain_result.coeff_count())]
    print_matrix(pod_result)
    print("Noise budget after rotation" +
        (str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")

    # Rotate columns (swap rows), decrypt, decompose, and print.
    evaluator.rotate_columns(encrypted_matrix, gal_keys)
    print("Rotated columns: ")
    decryptor.decrypt(encrypted_matrix, plain_result)
    crtbuilder.decompose(plain_result)
    pod_result = [plain_result.coeff_at(i) for i in range(plain_result.coeff_count())]
    print_matrix(pod_result)
    print("Noise budget after rotation: " +
        (str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")

    # Rotate rows to the right 4 steps, decrypt, decompose, and print.
    evaluator.rotate_rows(encrypted_matrix, -4, gal_keys)
    print("Rotated rows 4 steps right: ")
    decryptor.decrypt(encrypted_matrix, plain_result)
    crtbuilder.decompose(plain_result)
    pod_result = [plain_result.coeff_at(i) for i in range(plain_result.coeff_count())]
    print_matrix(pod_result)
    print("Noise budget after rotation: " +
        (str)(decryptor.invariant_noise_budget(encrypted_matrix)) + " bits")
示例#26
0
class Encryption:
    '''
    Provides encryption / encoding methods to realize the homomorphic operations
    '''

    
    def __init__(self):

        # set parameters for encryption
        parms = EncryptionParameters()
        parms.set_poly_modulus("1x^2048 + 1")
        parms.set_coeff_modulus(seal.coeff_modulus_128(2048))
        parms.set_plain_modulus(1 << 8)
       
        self.context = SEALContext(parms)
        keygen = KeyGenerator(self.context)
        self.encoder = IntegerEncoder(self.context.plain_modulus())
      
        public_key = keygen.public_key()
        self.encryptor = Encryptor(self.context, public_key)
      
        secret_key = keygen.secret_key()
        self.decryptor = Decryptor(self.context, secret_key)
      
        
      
    def encrypt_live_neighbours_grid(self, live_neighbours_grid, dim):
        '''
        Encodes the live neighbor matrix by applying following rules. If the cell [i][j] has 2 neighbors with 0,
        3 neighbors with 2, and otherwise with -2. Afterwards encrypt it using PySEAL and store in a list

        :param live_neighbours_grid: live neighbor matrix as np array
        :param dim: dimension of the board
        :return: List of encoded and encrypted neighbors
        '''

        encrypted_live_neighbours_grid = []

        # Loop through every element of the board and encrypt it
        for i in range(dim):
           for j in range(dim):
               # transformation / encoding rules
               if(live_neighbours_grid[i][j] == 2):
                   value = 0
               elif(live_neighbours_grid[i][j] == 3):
                    value = 2
               elif(live_neighbours_grid[i][j] > 3 or live_neighbours_grid[i][j] < 2):
                    value = -2
                
               # element-wise homomorphic encryption
               encrypted = Ciphertext()
               plain = self.encoder.encode(value)
               self.encryptor.encrypt(plain, encrypted)
               encrypted_live_neighbours_grid.append(encrypted)
                
        return encrypted_live_neighbours_grid
    
    def encrypt_old_grid(self, old_grid, dim):
        '''
        Encrypts each element in the old board state using PySEAL and adds it to a list

        :param old_grid:
        :param dim:
        :return:
        '''
        
        encrypted_old_grid = []

        # Loop through every element of the board and encrypt it
        for i in range(dim):
            for j in range(dim):
                # element-wise homomorphic encryption
                encrypted = Ciphertext()
                value = old_grid[i][j]
                plain = self.encoder.encode(value)
                self.encryptor.encrypt(plain, encrypted)
                encrypted_old_grid.append(encrypted)
               
        return encrypted_old_grid
    
    def decrypt_new_grid(self, encrypted_new_grid, dim):
        '''
        Decrypts a homomorphic-encrypted grid by looping through every element,
        decrypt it and then applying the decoding rules to get the new board state

        :param encrypted_new_grid:
        :param dim:
        :return:
        '''

        new_grid = numpy.zeros(dim*dim, dtype='i').reshape(dim,dim)
        
        for i in range(dim):
          for j in range(dim):
              plain = Plaintext()
              
              encrypted = encrypted_new_grid[dim*i + j]
                  
              self.decryptor.decrypt(encrypted, plain)
              value = self.encoder.decode_int32(plain)
              
              # transformation / decoding rules
              if(value <= 0):
                  new_grid[i][j] = 0
              elif(value > 0):
                  new_grid[i][j] = 1
              
        return new_grid
keygen = KeyGenerator(context)
public_key = keygen.public_key()
secret_key = keygen.secret_key()
encryptor = Encryptor(context, public_key)
evaluator = Evaluator(context)
decryptor = Decryptor(context, secret_key)

value=7
plain1 = encoder.encode(value1)
print("Encoded " + (str)(value) + " as polynomial " + plain1.to_string() + " (plain1)")

encrypted _data= Ciphertext()
encryptor.encrypt(plain, encrypted_data)
print("Noise budget in encrypted1: " + (str)(decryptor.invariant_noise_budget(encrypted_data)) + " bits")

# operations that can be performed --->

# result stored in encrypted1 data
evaluator.negate(encrypted1_data)

# result stored in encrypted1 data, encrpyted1 is modified
evaluator.add(encrypted1_data, encrypted2_data)

# result stored in encrypted1 data, encrpyted1 is modified
evaluator.multiply(encrypted1_data, encrypted2_data)


plain_result = Plaintext()
decryptor.decrypt(encrypted_data, plain_result)
print("Plaintext polynomial: " + plain_result.to_string())
print("Decoded integer: " + (str)(encoder.decode_int32(plain_result)))
示例#28
0
class FHECryptoEngine(CryptoEngine):
    def __init__(self):
        CryptoEngine.__init__(self, defs.ENC_MODE_FHE)
        self.log_id = 'FHECryptoEngine'
        self.encrypt_params = None
        self.context = None
        self.encryptor = None
        self.evaluator = None
        self.decryptor = None

        return

    def load_keys(self):
        self.private_key = SecretKey()
        self.private_key.load(defs.FN_FHE_PRIVATE_KEY)

        self.public_key = PublicKey()
        self.public_key.load(defs.FN_FHE_PUBLIC_KEY)
        
        return True

    def generate_keys(self):
        if self.encrypt_params == None or \
           self.context == None:
            self.init_encrypt_params()

        keygen = KeyGenerator(self.context)

        # Generate the private key
        self.private_key = keygen.secret_key()
        self.private_key.save(defs.FN_FHE_PRIVATE_KEY)

        # Generate the public key
        self.public_key = keygen.public_key()
        self.public_key.save(defs.FN_FHE_PUBLIC_KEY)

        return True

    def init_encrypt_params(self):
        self.encrypt_params = EncryptionParameters()
        self.encrypt_params.set_poly_modulus("1x^2048 + 1")
        self.encrypt_params.set_coeff_modulus(seal.coeff_modulus_128(2048))
        self.encrypt_params.set_plain_modulus(1 << 8)

        self.context = SEALContext(self.encrypt_params)

        return

    def initialize(self, use_old_keys=False):
        # Initialize encryption params
        self.init_encrypt_params()

        # Check if the public & private key files exist
        if os.path.isfile(defs.FN_FHE_PUBLIC_KEY) and \
           os.path.isfile(defs.FN_FHE_PRIVATE_KEY) and \
           use_old_keys == True:

            self.log("Keys already exist. Reusing them instead.")
            if not self.load_keys():
                self.log("Failed to load keys")
                return False

        else:
            # If not, then attempt to generate new ones
            if not self.generate_keys():
                self.log("Failed to generate keys")
                return False

        # Setup the rest of the crypto engine
        self.encryptor = Encryptor(self.context, self.public_key)
        self.evaluator = Evaluator(self.context)
        self.decryptor = Decryptor(self.context, self.private_key)

        # Set the initialized flag
        self.initialized = True

        return True

    def encrypt(self, data):
        if not self.initialized:
            self.log("Not initialized")
            return False

        # Setup the encoder
        encoder = FractionalEncoder(self.context.plain_modulus(), self.context.poly_modulus(), 64, 32, 3)

        # Create the array of encrypted data objects
        encrypted_data = []
        for raw_data in data:
            encrypted_data.append(Ciphertext(self.encrypt_params))
            self.encryptor.encrypt( encoder.encode(raw_data), encrypted_data[-1] )

        # Pickle each Ciphertext, base64 encode it, and store it in the array
        for i in range(0, len(encrypted_data)):
            encrypted_data[i].save("fhe_enc.bin")
            encrypted_data[i] = base64.b64encode( pickle.dumps(encrypted_data[i]) )

        return encrypted_data

    def evaluate(self, encrypted_data, lower_idx=0, higher_idx=-1):
        result = Ciphertext()

        # Setup the encoder
        encoder = FractionalEncoder(self.context.plain_modulus(), self.context.poly_modulus(), 64, 32, 3)

        # Unpack the data first
        unpacked_data = []
        for d in encrypted_data[lower_idx:higher_idx]:
            unpacked_data.append(pickle.loads(base64.b64decode(d)))

        # Perform operations
        self.evaluator.add_many(unpacked_data, result)
        div = encoder.encode(1/len(unpacked_data))
        self.evaluator.multiply_plain(result, div)

        # Pack the result
        result = base64.b64encode( pickle.dumps(result) )

        return result

    def decrypt(self, raw_data):
        if not self.initialized:
            self.log("Not initialized")
            return False

        # Setup the encoder
        encoder = FractionalEncoder(self.context.plain_modulus(), self.context.poly_modulus(), 64, 32, 3)
        
        # Unpickle, base64 decode, and decrypt each ciphertext result
        decrypted_data = []
        for d in raw_data:
            encrypted_data = pickle.loads( base64.b64decode(d) )
            plain_data = Plaintext()
            self.decryptor.decrypt(encrypted_data, plain_data)
            decrypted_data.append( str(encoder.decode(plain_data)) )

        return decrypted_data