GPQHE initial released. GPQHE is a reference implementation of CKKS homomorphic encryption scheme. It is a free software under the terms of the GNU Lesser General Public License version 2.1, and its architecture is designed analog to HEAAN, NewHope and Crystal-Kyber. This is the reason for its name: “G” stands for LGPL series license, “PQ” stands for post-quantum, and “HE” stands for homomorphic encryption. Except using Libgcrypt for multi-precision integer management, GPQHE does not rely on any existing HE library. The architecture and design details of GPQHE are explained in Section 3.4 (the polynomial arithmetics), Chapter 4 (Leveled Homomorphic Encryption for Approximate Numbers) and Section 6.2.1 (Obtaining Primes for RNS and its Linked-list Management) in my thesis.
Architecture
| enc/dec | |||||
| RLWE CPAKEM | |||||
| sample | polynomial arithmetics | ||||
| zero center | hwt | discrete Gaussian | poly-mpi & poly-rns | ||
| rng | ntt | rns | |||
| Montgomery | Barrett | thread | |||
| Used for ... | Keys or Functions | |
|---|---|---|
| Advanced | linear transformation | gemv(A,ct,rk), sum(ct,rk), idx(ct,i,rk), nrm22(ct,rlk,rk,ck) |
| nonlinear functions | exp(ct,rlk), ln(ct,rlk), sigmoid(ct,rlk) | |
| Comparison | inv(ct,rlk,d), sqrt(ct,rlk,d), cmp(ct1,ct2,rlk,d,α) | |
| Primitives | addition | addpt(ct,pt), add(ct1,ct2), neg(ct) |
| subpt(ct,pt), sub(ct1,ct2) | ||
| level switch | rsℓ → ℓ′(ct), moddownℓ → ℓ′(ct) | |
| multiplication | multpt(ct,pt), mult(ct1,ct2,rlk) | |
| automorphism | rot(ct,r,rk), conj(ct,ck) | |
| Encryptor | encrypt/decrypt | ct = encpk/sk(pt,pk/sk), pt = dec(ct,sk) |
| Encoder | encode/decode | pt = ecd(z,Δ), z = dcd(pt,Δ) |
| KEM | public key, secret key | pk, sk = keypair(ctx) |
| evaluation keys | rlk = genswk(sk⋅sk,sk) | |
| rkr = genswk(τ5rmod2n(sk),sk), 0 ≤ r < ⋯nslots | ||
| ck = genswk(τ−1(sk),sk) |