Declerations of a BGV-type cipehrtext and key-switching matrices. More...
Go to the source code of this file.
Classes | |
class | SKHandle |
A handle, describing the secret-key element that "matches" a part, of the form s^r(X^t). More... | |
class | CtxtPart |
One entry in a ciphertext vector. More... | |
class | Ctxt |
A Ctxt object holds a single cipehrtext. More... | |
Functions | |
ostream & | operator<< (ostream &s, const SKHandle &handle) |
istream & | operator>> (istream &s, CtxtPart &p) |
ostream & | operator<< (ostream &s, const CtxtPart &p) |
IndexSet | baseSetOf (const Ctxt &c) |
void | CheckCtxt (const Ctxt &c, const char *label) |
Declerations of a BGV-type cipehrtext and key-switching matrices.
A ciphertext is a vector of "ciphertext parts", each part consists of a polynomial (element of polynomial ring R_Q) and a "handle" describing the secret-key polynomial that this part multiplies during decryption. For example:
This type of representation lets you in principle add ciphertexts that are defined with respect to different keys:
Similarly, in principle you can also multiply arbitrary cipehrtexts, even ones that are defined with respect to different keys, and the result will be defined with respect to the tensor product of the two keys.
The current implementation is more restrictive, however. It requires that a ciphertext has one part wrt 1, that for every r>=1 there is at most one part wrt to s^r(X^t) (for some t), and that the r's are consecutive. For example you cannot have parts wrt (1,s,s^3) without having a part wrt s^2.
It follows that you can only add/multiply ciphertexts if one of the two lists of handles is a prefix of the other. For example, one can add a ciphertext wrt (1,s(X^2)) to another wrt (1,s(X^2),s^2(X^2)), but not to another ciphertext wrt (1,s).