privacy-scaling-explorations · auryn-macmillan · Apr 27, 2024 · Apr 27, 2024 · Apr 27, 2024 · Apr 30, 2024
diff --git a/scripts/circuit_pk.py b/scripts/circuit_pk.py
diff --git a/scripts/circuit_sk.py b/scripts/circuit_sk.py
@@ -8,6 +8,10 @@
 from utils import assign_to_circuit, count_advice_cells_needed_for_poly_range_check, print_advice_cells_info
 import argparse
 import json
+import numpy as np
+
+
+
 
 def main(args): 
 
@@ -36,9 +40,9 @@ def main(args):
 
     ctis = bfv_crt.SecretKeyEncrypt(s, ais, e, m)
 
-    # Sanity check for valid decryption    
+    # Sanity check for valid decryption
     message_prime = bfv_crt.Decrypt(s, ctis)
-
+        
     assert m == message_prime
 
     # k1 = [QM]t namely the scaled message polynomial
@@ -287,10 +291,11 @@ def main(args):
 
         # sanity check. The coefficients of ai * s + e should be in the range $- (N \cdot \frac{q_i - 1}{2} + B), N \cdot \frac{q_i - 1}{2} + B]$
         bound = int((qis[i] - 1) / 2) * n + b
-        res = ais[i] * s + e
+        print(f" sk r2 bound = {bound}")
+        res = Polynomial(ais[i]) * s + e
         assert all(coeff >= -bound and coeff <= bound for coeff in res.coefficients)
 
-        # constraint. The coefficients of r2i should be in the range [-(qi-1)/2, (qi-1)/2]
+        # constraint. The coefficients of r`2i should be in the range [-(qi-1)/2, (qi-1)/2]
         r2i_bound = int((qis[i] - 1) / 2)
         r2_bounds.append(r2i_bound)
         assert all(coeff >= -r2i_bound and coeff <= r2i_bound for coeff in r2is[i].coefficients)
@@ -411,7 +416,7 @@ def main(args):
     # Construct the dynamic filename
     filename = f"sk_enc_{args.n}_{qis_len}x{qis_bitsize}_{args.t}.json"
 
-    output_path = os.path.join("src", "data", filename)
+    output_path = os.path.join("src", "data", "sk_enc_data",filename)
 
     with open(output_path, 'w') as f:
         json.dump(json_input, f)
@@ -427,12 +432,12 @@ def main(args):
         "ct0is": [["0" for _ in ct0i_in_p.coefficients] for ct0i_in_p in ct0is_in_p],
     }
 
-    output_path = os.path.join("src", "data", f"sk_enc_{args.n}_{qis_len}x{qis_bitsize}_{args.t}_zeroes.json")
+    output_path = os.path.join("src", "data","sk_enc_data", f"sk_enc_{args.n}_{qis_len}x{qis_bitsize}_{args.t}_zeroes.json")
 
     with open(output_path, 'w') as f:
         json.dump(json_input_zeroes, f)
 
-    output_path = os.path.join("src", "constants", f"sk_enc_constants_{args.n}_{qis_len}x{qis_bitsize}_{args.t}.rs")
+    output_path = os.path.join("src", "constants","sk_enc_constants", f"sk_enc_constants_{args.n}_{qis_len}x{qis_bitsize}_{args.t}.rs")
 
     with open(output_path, 'w') as f:
         f.write(f"/// `N` is the degree of the cyclotomic polynomial defining the ring `Rq = Zq[X]/(X^N + 1)`.\n")

diff --git a/scripts/utils.py b/scripts/utils.py
@@ -27,7 +27,7 @@ def count_advice_cells_needed_for_poly_range_check(poly: Polynomial, bound: int,
 
     count = 0
 
-    # 4 advice cells for each coefficient needed for the shift addition operation
+    # 4 advice cells for each coefficient needed for the shift addition operation``
     count += 4 * len(poly.coefficients)
 
     # further advice cells for range check inside `check_less_than_safe`

diff --git a/src/constants/mod.rs b/src/constants/mod.rs
@@ -1,6 +1,2 @@
-pub mod sk_enc_constants_1024_1x27_65537;
-pub mod sk_enc_constants_16384_8x54_65537;
-pub mod sk_enc_constants_2048_1x53_65537;
-pub mod sk_enc_constants_32768_15x59_65537;
-pub mod sk_enc_constants_4096_2x55_65537;
-pub mod sk_enc_constants_8192_4x55_65537;
+pub mod pk_enc_constants;
+pub mod sk_enc_constants;
diff --git a/src/constants/pk_enc_constants/mod.rs b/src/constants/pk_enc_constants/mod.rs
@@ -0,0 +1 @@
+pub mod pk_enc_constants_1024_15x60_65537;
diff --git a/src/constants/pk_enc_constants/pk_enc_constants_1024_15x60_65537.rs b/src/constants/pk_enc_constants/pk_enc_constants_1024_15x60_65537.rs
@@ -0,0 +1,108 @@
+/// `N` is the degree of the cyclotomic polynomial defining the ring `Rq = Zq[X]/(X^N + 1)`.
+pub const N: usize = 1024;
+///'The coefficients pf the polynomial 'pk0is` and 'pk1is' should exist in the interval '[-PK_BOUND, PK_BOUND]`.
+pub const PK_BOUND: [u64; 15] = [
+    576460752303292416,
+    576460752299360256,
+    576460752298508288,
+    576460752297984000,
+    576460752297820160,
+    576460752296706048,
+    576460752296411136,
+    576460752296214528,
+    576460752294969344,
+    576460752293265408,
+    576460752292773888,
+    576460752291823616,
+    576460752290938880,
+    576460752290709504,
+    576460752290447360,
+];
+///'The coefficients pf the polynomial 'pk1is` should exist in the interval '[-PK0_BOUND, PK0_BOUND]`.
+/// The coefficients of the polynomial `e` should exist in the interval `[-E_BOUND, E_BOUND]` where `E_BOUND` is the upper bound of the gaussian distribution with 𝜎 = 3.2
+pub const E_BOUND: u64 = 19;
+/// The coefficients of the polynomial `s` should exist in the interval `[-S_BOUND, S_BOUND]`.
+pub const U_BOUND: u64 = 1;
+/// The coefficients of the polynomials `r1is` should exist in the interval `[-R1_BOUND[i], R1_BOUND[i]]` where `R1_BOUND[i]` is equal to `(qi-1)/2`
+pub const R1_BOUNDS: [u64; 15] = [
+    32472, 21654, 32101, 32263, 14784, 16206, 30376, 18254, 9343, 14780, 9752, 27859, 2356, 17131,
+    17884,
+];
+/// The coefficients of the polynomials `r2is` should exist in the interval `[-R2_BOUND[i], R2_BOUND[i]]` where `R2_BOUND[i]` is equal to $\frac{(N+2) \cdot \frac{q_i - 1}{2} + B + \frac{t - 1}{2} \cdot |K_{0,i}|}{q_i}$
+pub const R2_BOUNDS: [u64; 15] = [
+    576460752303292416,
+    576460752299360256,
+    576460752298508288,
+    576460752297984000,
+    576460752297820160,
+    576460752296706048,
+    576460752296411136,
+    576460752296214528,
+    576460752294969344,
+    576460752293265408,
+    576460752292773888,
+    576460752291823616,
+    576460752290938880,
+    576460752290709504,
+    576460752290447360,
+];
+/// The coefficients of the polynomials `p1is` should exist in the interval `[-P1_BOUND[i], P1_BOUND[i]]` where `P1_BOUND[i]` is equal to (((qis[i] - 1) / 2) * (n + 2) + b ) / qis[i]
+pub const P1_BOUNDS: [u64; 15] = [
+    513, 513, 513, 513, 513, 513, 513, 513, 513, 513, 513, 513, 513, 513, 513,
+];
+/// The coefficients of the polynomials `p2is` should exist in the interval `[-P2_BOUND[i], P2_BOUND[i]]` where `P2_BOUND[i]` is equal to (qis[i] - 1) / 2  
+pub const P2_BOUNDS: [u64; 15] = [
+    576460752303292416,
+    576460752299360256,
+    576460752298508288,
+    576460752297984000,
+    576460752297820160,
+    576460752296706048,
+    576460752296411136,
+    576460752296214528,
+    576460752294969344,
+    576460752293265408,
+    576460752292773888,
+    576460752291823616,
+    576460752290938880,
+    576460752290709504,
+    576460752290447360,
+];
+/// The coefficients of `k1` should exist in the interval `[-K1_BOUND, K1_BOUND]` where `K1_BOUND` is equal to `(t-1)/2`
+pub const K1_BOUND: u64 = 32768;
+/// List of scalars `qis` such that `qis[i]` is the modulus of the i-th CRT basis of `q` (ciphertext space modulus)
+pub const QIS: [&str; 15] = [
+    "1152921504606584833",
+    "1152921504598720513",
+    "1152921504597016577",
+    "1152921504595968001",
+    "1152921504595640321",
+    "1152921504593412097",
+    "1152921504592822273",
+    "1152921504592429057",
+    "1152921504589938689",
+    "1152921504586530817",
+    "1152921504585547777",
+    "1152921504583647233",
+    "1152921504581877761",
+    "1152921504581419009",
+    "1152921504580894721",
+];
+/// List of scalars `k0is` such that `k0i[i]` is equal to the negative of the multiplicative inverses of t mod qi.
+pub const K0IS: [&str; 15] = [
+    "1124457781908666798",
+    "743839052427601194",
+    "1111422170948171465",
+    "1117121952253736973",
+    "502126104424574846",
+    "552157518114552474",
+    "1050730055179823439",
+    "624214012656257690",
+    "310690856959624444",
+    "501985369079705462",
+    "325081045565655086",
+    "962154749991507364",
+    "64878992155545191",
+    "584702565692244436",
+    "611213585534257079",
+];
diff --git a/src/constants/pk_enc_constants_1024_15x60_65537.rs b/src/constants/pk_enc_constants_1024_15x60_65537.rs
@@ -0,0 +1,18 @@
+/// `N` is the degree of the cyclotomic polynomial defining the ring `Rq = Zq[X]/(X^N + 1)`.
+pub const N: usize = 1024;
+///'The coefficients pf the polynomial 'pk0is` should exist in the interval '[-PK0_BOUND, PK0_BOUND]`.
+pub const PK0_BOUND:u64 = 590295810345418096640;
+/// The coefficients of the polynomial `e` should exist in the interval `[-E_BOUND, E_BOUND]` where `E_BOUND` is the upper bound of the gaussian distribution with 𝜎 = 3.2
+pub const E_BOUND: u64 = 19;
+/// The coefficients of the polynomial `s` should exist in the interval `[-S_BOUND, S_BOUND]`.
+pub const u_BOUND: u64 = 1;
+/// The coefficients of the polynomials `r1is` should exist in the interval `[-R1_BOUND[i], R1_BOUND[i]]` where `R1_BOUND[i]` is equal to `(qi-1)/2`
+pub const R1_BOUNDS: [u64; 15] = [32472, 21654, 32101, 32263, 14784, 16206, 30376, 18254, 9343, 14780, 9752, 27859, 2356, 17131, 17884];
+/// The coefficients of the polynomials `r2is` should exist in the interval `[-R2_BOUND[i], R2_BOUND[i]]` where `R2_BOUND[i]` is equal to $\frac{(N+2) \cdot \frac{q_i - 1}{2} + B + \frac{t - 1}{2} \cdot |K_{0,i}|}{q_i}$
+pub const R2_BOUNDS: [u64; 15] = [576460752303292416, 576460752299360256, 576460752298508288, 576460752297984000, 576460752297820160, 576460752296706048, 576460752296411136, 576460752296214528, 576460752294969344, 576460752293265408, 576460752292773888, 576460752291823616, 576460752290938880, 576460752290709504, 576460752290447360];
+/// The coefficients of `k1` should exist in the interval `[-K1_BOUND, K1_BOUND]` where `K1_BOUND` is equal to `(t-1)/2`
+pub const K1_BOUND: u64 = 32768;
+/// List of scalars `qis` such that `qis[i]` is the modulus of the i-th CRT basis of `q` (ciphertext space modulus)
+pub const QIS: [&str; 15] = ["1152921504606584833", "1152921504598720513", "1152921504597016577", "1152921504595968001", "1152921504595640321", "1152921504593412097", "1152921504592822273", "1152921504592429057", "1152921504589938689", "1152921504586530817", "1152921504585547777", "1152921504583647233", "1152921504581877761", "1152921504581419009", "1152921504580894721"];
+/// List of scalars `k0is` such that `k0i[i]` is equal to the negative of the multiplicative inverses of t mod qi.
+pub const K0IS: [&str; 15] = ["1124457781908666798", "743839052427601194", "1111422170948171465", "1117121952253736973", "502126104424574846", "552157518114552474", "1050730055179823439", "624214012656257690", "310690856959624444", "501985369079705462", "325081045565655086", "962154749991507364", "64878992155545191", "584702565692244436", "611213585534257079"];
diff --git a/src/constants/sk_enc_constants/mod.rs b/src/constants/sk_enc_constants/mod.rs
@@ -0,0 +1 @@
+pub mod sk_enc_constants_4096_2x55_65537;
diff --git a/...tants/sk_enc_constants_4096_2x55_65537.rs → ...tants/sk_enc_constants_4096_2x55_65537.rs b/...tants/sk_enc_constants_4096_2x55_65537.rs → ...tants/sk_enc_constants_4096_2x55_65537.rs
diff --git a/src/constants/sk_enc_constants_1024_15x60_65537.rs b/src/constants/sk_enc_constants_1024_15x60_65537.rs
@@ -0,0 +1,18 @@
+/// `N` is the degree of the cyclotomic polynomial defining the ring `Rq = Zq[X]/(X^N + 1)`.
+pub const N: usize = 1024;
+///'The coefficients pf the polynomial 'pk0is` should exist in the interval '[-PK0_BOUND, PK0_BOUND]`.
+pub const PK0_BOUND:u64 = 590295810345418096640;
+/// The coefficients of the polynomial `e` should exist in the interval `[-E_BOUND, E_BOUND]` where `E_BOUND` is the upper bound of the gaussian distribution with 𝜎 = 3.2
+pub const E_BOUND: u64 = 19;
+/// The coefficients of the polynomial `s` should exist in the interval `[-S_BOUND, S_BOUND]`.
+pub const u_BOUND: u64 = 1;
+/// The coefficients of the polynomials `r1is` should exist in the interval `[-R1_BOUND[i], R1_BOUND[i]]` where `R1_BOUND[i]` is equal to `(qi-1)/2`
+pub const R1_BOUNDS: [u64; 15] = [32472, 21654, 32101, 32263, 14784, 16206, 30376, 18254, 9343, 14780, 9752, 27859, 2356, 17131, 17884];
+/// The coefficients of the polynomials `r2is` should exist in the interval `[-R2_BOUND[i], R2_BOUND[i]]` where `R2_BOUND[i]` is equal to $\frac{(N+2) \cdot \frac{q_i - 1}{2} + B + \frac{t - 1}{2} \cdot |K_{0,i}|}{q_i}$
+pub const R2_BOUNDS: [u64; 15] = [576460752303292416, 576460752299360256, 576460752298508288, 576460752297984000, 576460752297820160, 576460752296706048, 576460752296411136, 576460752296214528, 576460752294969344, 576460752293265408, 576460752292773888, 576460752291823616, 576460752290938880, 576460752290709504, 576460752290447360];
+/// The coefficients of `k1` should exist in the interval `[-K1_BOUND, K1_BOUND]` where `K1_BOUND` is equal to `(t-1)/2`
+pub const K1_BOUND: u64 = 32768;
+/// List of scalars `qis` such that `qis[i]` is the modulus of the i-th CRT basis of `q` (ciphertext space modulus)
+pub const QIS: [&str; 15] = ["1152921504606584833", "1152921504598720513", "1152921504597016577", "1152921504595968001", "1152921504595640321", "1152921504593412097", "1152921504592822273", "1152921504592429057", "1152921504589938689", "1152921504586530817", "1152921504585547777", "1152921504583647233", "1152921504581877761", "1152921504581419009", "1152921504580894721"];
+/// List of scalars `k0is` such that `k0i[i]` is equal to the negative of the multiplicative inverses of t mod qi.
+pub const K0IS: [&str; 15] = ["1124457781908666798", "743839052427601194", "1111422170948171465", "1117121952253736973", "502126104424574846", "552157518114552474", "1050730055179823439", "624214012656257690", "310690856959624444", "501985369079705462", "325081045565655086", "962154749991507364", "64878992155545191", "584702565692244436", "611213585534257079"];
diff --git a/src/constants/sk_enc_constants_16384_8x54_65537.rs b/src/constants/sk_enc_constants_16384_8x54_65537.rs
diff --git a/src/constants/sk_enc_constants_2048_1x53_65537.rs b/src/constants/sk_enc_constants_2048_1x53_65537.rs
diff --git a/src/constants/sk_enc_constants_32768_15x59_65537.rs b/src/constants/sk_enc_constants_32768_15x59_65537.rs
diff --git a/...tants/sk_enc_constants_1024_1x27_65537.rs → ...tants/sk_enc_constants_4096_2x39_65537.rs b/...tants/sk_enc_constants_1024_1x27_65537.rs → ...tants/sk_enc_constants_4096_2x39_65537.rs
@@ -1,16 +1,16 @@
 /// `N` is the degree of the cyclotomic polynomial defining the ring `Rq = Zq[X]/(X^N + 1)`.
-pub const N: usize = 1024;
+pub const N: usize = 4096;
 /// The coefficients of the polynomial `e` should exist in the interval `[-E_BOUND, E_BOUND]` where `E_BOUND` is the upper bound of the gaussian distribution with 𝜎 = 3.2
 pub const E_BOUND: u64 = 19;
 /// The coefficients of the polynomial `s` should exist in the interval `[-S_BOUND, S_BOUND]`.
 pub const S_BOUND: u64 = 1;
 /// The coefficients of the polynomials `r1is` should exist in the interval `[-R1_BOUND[i], R1_BOUND[i]]` where `R1_BOUND[i]` is equal to `(qi-1)/2`
-pub const R1_BOUNDS: [u64; 1] = [1246];
+pub const R1_BOUNDS: [u64; 2] = [27209, 9723];
 /// The coefficients of the polynomials `r2is` should exist in the interval `[-R2_BOUND[i], R2_BOUND[i]]` where `R2_BOUND[i]` is equal to $\frac{(N+2) \cdot \frac{q_i - 1}{2} + B + \frac{t - 1}{2} \cdot |K_{0,i}|}{q_i}$
-pub const R2_BOUNDS: [u64; 1] = [41319090];
+pub const R2_BOUNDS: [u64; 2] = [180143985099, 180143985291];
 /// The coefficients of `k1` should exist in the interval `[-K1_BOUND, K1_BOUND]` where `K1_BOUND` is equal to `(t-1)/2`
 pub const K1_BOUND: u64 = 32768;
 /// List of scalars `qis` such that `qis[i]` is the modulus of the i-th CRT basis of `q` (ciphertext space modulus)
-pub const QIS: [&str; 1] = ["82638181"];
+pub const QIS: [&str; 2] = ["360287970199", "360287970583"];
 /// List of scalars `k0is` such that `k0i[i]` is equal to the negative of the multiplicative inverses of t mod qi.
-pub const K0IS: [&str; 1] = ["1849798"];
+pub const K0IS: [&str; 2] = ["276643899421", "84380732418"];