# 04 - About $\textsf{RGSW}$
---

From <a href='https://eprint.iacr.org/2020/086'> Bootstrapping in FHEW-like Cryptosystems </a>

In [1]:
import numpy as np
from note_include.elem.Ring  import Ring
from note_include.elem.RLWE  import RLWE
from note_include.elem.RLWEp import RLWEp
from note_include.elem.RGSW  import RGSW
from note_include.utils.gadget_decomposition import gadget_decomposition, gadget_composition, format_ring_list

---
Parameters

In [2]:
# n   = 16
# q   = 7681
# B   = 4
# d   = int(np.ceil(np.log(q) / np.log(B)))
# std = 3.2

---
Encryption and Homomorphic mulplication ($\textsf{RLWE} \times \textsf{RGSW}$)

In [3]:
# rlwe  = RLWE (n, q, std)
# rlwep = RLWEp(n, q, std, B, d)
# rgsw  = RGSW (n, q, std, B, d)

# sk, pk          = rlwe.keygen()
# coeffs          = [i for i in range(n)]
# big_coeffs      = [30 for _ in range(n)]
# poly            = Ring(n, q, coeffs)
# poly_multiplier = Ring(n, q, big_coeffs)

# rgsw_ctxt = rgsw.encrypt(poly_multiplier, sk)
# rlwe_ctxt = rlwe.encrypt(poly, sk)
# ctxt_mult = rgsw.mult_rlwe(rlwe_ctxt, rgsw_ctxt)

# ptxt      = rlwe.decrypt(ctxt_mult, sk)

# print("Multiplier              : ", poly_multiplier)
# print("Message                 : ", poly)
# print("Ideal Result            : ", poly * poly_multiplier)
# # print("Plaintext(RLWEp)        : ", ptxt_rlwep)
# print("Plaintext(RLWE x RGSW)  : ", ptxt)

In [None]:
n   = 16
q   = 16
B   = 1024
std = 0
d   = int(np.ceil(np.log(q) / np.log(B)))

rlwe  = RLWE (n, q, std)
rlwep = RLWEp(n, q, std, B, d)
rgsw  = RGSW (n, q, std, B, d)

cnt = 0

# sk, pk          = rlwe.keygen()
# sk              = [int(np.round(np.random.rand())) for _ in range(n)]
# sk              = Ring(n, q, sk)
# coeffs          = [i for i in range(n)]
# monomial        = np.zeros(n)
# monomial[4]     = 1
# poly            = Ring(n, q, coeffs)
# monomial        = Ring(n, q, monomial)

# N = 1024 -> working.
# ssss1024 = [0, 1023, 0, 0, 6, 1023, 1022, 5, 1, 1023, 0, 1, 1020, 7, 1019, 6, 3, 0, 1023, 1019, 1020, 3, 1023, 0, 1023, 0, 1023, 2, 1, 2, 5, 6, 3, 3, 1020, 0, 1022, 1, 3, 5, 1023, 3, 1020, 1021, 0, 1015, 0, 1017, 1021, 4, 1021, 1020, 1022, 1019, 4, 1019, 7, 0, 4, 3, 1023, 1020, 1018, 1020, 1, 2, 1, 9, 1, 1023, 3, 1, 1022, 1022, 1023, 1020, 1021, 1023, 0, 1, 1, 1021, 1022, 1020, 0, 4, 1021, 1019, 3, 2, 0, 0, 1020, 2, 1021, 4, 0, 1, 0, 1021, 1022, 2, 6, 0, 2, 1021, 0, 5, 1023, 0, 1022, 1, 5, 1023, 1019, 2, 1022, 1020, 1, 3, 1020, 1023, 2, 1023, 8, 0, 1018, 1022, 1, 1020, 0, 2, 1022, 4, 2, 1022, 1022, 4, 1023, 2, 5, 2, 0, 4, 1020, 1023, 1020, 1, 1022, 1019, 0, 3, 6, 0, 1021, 3, 4, 3, 2, 1021, 2, 1021, 2, 1023, 4, 1021, 2, 1023, 0, 1020, 1022, 1, 1023, 1017, 1021, 1020, 1022, 1020, 2, 3, 5, 1, 1, 5, 3, 0, 1022, 1023, 4, 1023, 0, 2, 1021, 1023, 1023, 1, 0, 0, 1021, 2, 1021, 1022, 1021, 1, 3, 1023, 0, 2, 7, 0, 0, 1, 1023, 1018, 1, 1021, 9, 0, 1022, 1022, 1023, 1020, 4, 1020, 1023, 2, 0, 0, 1023, 0, 2, 1, 3, 3, 1021, 1018, 1023, 1021, 1, 4, 1, 1021, 1023, 1022, 1020, 2, 4, 2, 0, 5, 1022, 1, 0, 1021, 4, 1021, 1018, 1022, 0, 5, 1017, 1, 4, 6, 1021, 4, 0, 3, 1023, 3, 1021, 1020, 0, 1020, 0, 7, 1022, 4, 7, 1023, 1021, 1021, 1021, 3, 3, 1023, 4, 1021, 1016, 0, 5, 1, 6, 2, 5, 1023, 0, 1021, 2, 0, 1020, 1015, 0, 1, 1, 0, 1, 1, 1, 1023, 4, 2, 1022, 1022, 1022, 3, 1021, 1, 1020, 6, 11, 1, 1018, 4, 1, 0, 1023, 1021, 0, 1022, 4, 1022, 0, 0, 1, 4, 1021, 1023, 1020, 1015, 1019, 3, 0, 1016, 6, 1021, 4, 1, 1, 1021, 3, 3, 1022, 3, 1023, 0, 1022, 1021, 4, 5, 3, 1023, 0, 1, 5, 7, 3, 1017, 4, 0, 1023, 2, 1021, 1022, 1, 2, 0, 4, 2, 1016, 1020, 1023, 1, 0, 2, 1017, 1021, 1023, 1, 0, 6, 1, 3, 1021, 5, 1, 1022, 2, 1021, 1021, 1023, 6, 1, 1019, 2, 4, 0, 1, 1023, 1021, 1021, 1016, 1021, 1019, 2, 0, 1021, 1022, 3, 6, 0, 2, 2, 4, 2, 1019, 1020, 1021, 1019, 5, 4, 1019, 0, 1020, 1023, 6, 1022, 1, 1021, 2, 2, 1023, 5, 1021, 0, 1022, 2, 1021, 1018, 0, 1023, 1019, 2, 1, 1, 1019, 0, 1, 0, 1018, 1023, 4, 1, 1, 2, 1023, 4, 4, 1023, 1022, 3, 1022, 7, 1022, 1021, 1023, 5, 3, 1019, 1017, 1023, 2, 3, 1023, 4, 3, 1023, 0, 1018, 1020, 1, 4, 1022, 2, 2, 1018, 1020, 2, 1023, 1023, 0, 0, 1022, 1022, 1, 1020, 1023, 1, 1020, 1021, 3, 4, 0, 1, 0, 5, 1, 1019, 1016, 1020, 1018, 1, 7, 1, 0, 1017, 1019, 3, 1, 0, 4, 2, 3, 5, 1, 0, 0, 1020, 1020, 2, 1023, 0, 4, 3, 0, 3, 1, 0, 4, 1016, 1023, 1019, 0, 2, 2, 1023, 3, 1020, 1023, 3, 1, 0, 0, 1023, 3, 1, 1022, 1023, 0, 1023, 1023, 0, 0, 1020, 1020, 1, 1, 1020, 1021, 1, 1022, 1022, 1023, 3, 1020, 1021, 3, 1018, 0, 3, 6, 1023, 0, 2, 3, 4, 0, 1023, 1017, 2, 1022, 0, 3, 1022, 6, 0, 4, 2, 5, 1, 0, 0, 1020, 0, 1020, 1022, 3, 0, 5, 1023, 1022, 1022, 3, 1, 1019, 1023, 0, 1019, 5, 3, 2, 1, 1023, 1021, 1022, 3, 1, 2, 3, 5, 1019, 1, 0, 1020, 5, 1022, 1020, 2, 1021, 1022, 1021, 0, 2, 1021, 1023, 1022, 1023, 4, 4, 4, 5, 2, 0, 1, 1, 1018, 1023, 5, 0, 4, 5, 1021, 5, 2, 2, 1021, 2, 2, 1022, 5, 0, 2, 1, 3, 1023, 1, 1, 1021, 1021, 1, 1023, 0, 0, 2, 2, 1021, 1, 3, 3, 0, 7, 1020, 5, 5, 2, 1021, 2, 1021, 4, 1023, 1021, 1020, 1023, 3, 2, 1020, 1, 1, 3, 3, 1023, 4, 7, 1023, 3, 8, 2, 1016, 1023, 1021, 1023, 1022, 0, 2, 1, 0, 1017, 1, 1022, 1, 1022, 2, 1, 1022, 1, 1023, 5, 1021, 2, 1023, 5, 2, 3, 1, 1021, 1, 1, 3, 1, 2, 1022, 5, 1022, 1021, 1018, 1020, 2, 0, 1022, 1020, 1020, 0, 1017, 1018, 1021, 0, 3, 1023, 2, 4, 2, 1, 3, 6, 5, 0, 0, 1023, 1, 1021, 0, 1019, 4, 4, 1021, 1021, 0, 1, 5, 0, 2, 1, 4, 7, 5, 0, 0, 4, 1023, 2, 1021, 1, 2, 1022, 1019, 0, 1020, 2, 3, 2, 1, 4, 8, 1023, 1022, 1, 4, 7, 0, 4, 1020, 1, 1022, 4, 4, 1020, 3, 0, 1, 2, 1023, 1, 1021, 4, 4, 1023, 1, 1020, 1023, 5, 2, 3, 1023, 1, 1020, 0, 3, 1022, 1020, 3, 4, 0, 1, 1020, 2, 4, 1021, 1019, 0, 0, 1023, 1022, 1, 0, 3, 1023, 3, 2, 2, 8, 1020, 6, 0, 2, 0, 1021, 0, 1021, 1023, 1017, 1022, 1023, 1023, 1, 0, 1020, 1, 1020, 0, 1, 1, 1018, 2, 2, 5, 0, 1023, 1022, 1, 0, 1, 1, 1021, 1, 2, 1020, 5, 2, 1023, 4, 1023, 0, 0, 1020, 1023, 2, 1023, 1020, 1023, 1021, 1023, 1021, 4, 1021, 1021, 1, 1, 1, 1021, 2, 2, 1023, 5, 1019, 1023, 2, 0, 3, 4, 1021, 1021, 1, 1019, 2, 1, 3, 1017, 1022, 1, 1021, 0, 0, 1021, 1021, 4, 1, 1, 1023, 1019, 1022, 1022, 8, 1021, 0, 1020, 2, 1023, 1021, 2, 1019, 1021, 5, 0, 4, 1, 0, 3, 1022, 1020, 2, 0, 7, 4, 1022, 0, 1022, 1021, 6, 1023, 3, 1021, 1023, 2, 9, 5, 1021, 1022, 1021, 0, 1023, 2, 2, 3, 7, 1021, 1017, 1021, 1019, 1021, 2, 1022, 6, 1023, 5] 

ssss = [5, 0, 1022, 0, 3, 1023, 1023, 2, 0, 1, 1023, 1023, 1019, 3, 1019, 1022] # working sk
# nnnn = [0, 2, 1022, 1021, 1023, 5, 3, 1023, 1019, 1021, 2, 0, 0, 1, 1019, 3]    # Not working sk

# sk, pk          = rlwe.keygen()

for i in range(1000):
    # sk              = [int(np.round(np.random.rand())) for _ in range(n)]
    # sk              = Ring(n, q, sk)
    # sk              = Ring(n, q, ssss)
    sk, pk          = rlwe.keygen()

    coeffs          = [i for i in range(n)]
    # monomial        = [np.random.randint(0, q) for _ in range(n)]
    monomial        = [0 for _ in range(n)]
    monomial[3]     = 1
    poly            = Ring(n, q, coeffs)
    monomial        = Ring(n, q, monomial)

    rgsw_ctxt = rgsw.encrypt(monomial, sk)
    rlwe_ctxt = rlwe.encrypt(poly, sk)
    rlwe_ctxt2 = rlwe.encrypt(poly, sk)
    ctxt_mult = rgsw.mult_rlwe(rlwe_ctxt, rgsw_ctxt)
    ctxt_mult2 = rgsw.mult_rlwe(rlwe_ctxt2, rgsw_ctxt)
    ptxt      = rlwe.decrypt(ctxt_mult, sk)
    ptxt2      = rlwe.decrypt(ctxt_mult2, sk)
    ideal     = poly * monomial

    if ptxt.coeffs != ideal.coeffs :

        print("-- Find Edgecase !! --")

        print("Ideal Result            : ", ideal)
        print("Plaintext(RLWE x RGSW)  : ", ptxt)
        print("Plaintext(RLWE x RGSW)2 : ", ptxt2)
        print("Monomial                : ", monomial)
        print('secret key              : ', sk)
        print('secret key              : ', sk.coeffs)
        print('-1 * secret key         : ', -1 * sk)
        print('-1 * s * monomial       : ', -1 * sk * monomial)

        rlwep1, rlwep2 = rgsw_ctxt
        print("--- RLWEp_a : encryption of -sm ---")        
        print(format_ring_list(rlwep.decrypt(rlwep1, sk)))
        print("--- rlwep_a : Correctly encrypted? ---")
        for i in range(d):
            print( (B ** i) * -1 * sk * monomial )

        print("--- RLWEp_b : encryption of   m ---")        
        print(format_ring_list(rlwep.decrypt(rlwep2, sk)))
        print("--- rlwep_b : Correctly encrypted? ---")
        for i in range(d):
            print((B ** i) * monomial)

        print("--- --- --- --- Now simulate process --- --- --- ---")

        test_rlwe_ctxt   = rlwe.encrypt(poly, sk)
        test_rlwep_ctxt0 = rlwep.encrypt(-1 * sk * monomial, sk)
        test_rlwep_ctxt1 = rlwep.encrypt(monomial, sk)

        print("----- Check correctly encryption rlwep(-sm) :  -----")
        print(format_ring_list(rlwep.decrypt(test_rlwep_ctxt0, sk)))
        print("----- ----- -----")
        print("----- Check correctly encryption rlwep(m) :    -----")
        print(format_ring_list(rlwep.decrypt(test_rlwep_ctxt1, sk)))
        print("----- ----- -----")

        AA, BB           = test_rlwe_ctxt
        print("----- rlwe ciphertexts -----")
        print("AA      : ", AA)
        print("BB      : ", BB)
        print("decRLWE : ", rlwe.decrypt(test_rlwe_ctxt, sk))
        print("----- ----- -----")


        rrrr1 = rlwep.mult_poly(test_rlwep_ctxt0, AA)    
        rrrr2 = rlwep.mult_poly(test_rlwep_ctxt1, BB)

        print("----- Check correctly multiplicate rlwep(-sm) and rlwe_a, the result shoud be rlwep(-asm) :  -----")
        print("Ideal result   : ", -1 * sk * monomial * AA)
        print("Decrypt result : ", rlwe.decrypt(rrrr1, sk))
        print("----- ----- -----")

        print("----- Check correctly multiplicate rlwep(m) and rlwe_b(encryption of poly), the result shoud be rlwep(bm) :  -----")
        print("Ideal result   : ", BB * monomial)
        print("dec rrrr2      : ", rlwe.decrypt(rrrr2, sk))
        print("----- ----- -----")

        print("--- ---- ---- ---- Edgecase parameter --- --- --- ---")
        print("secret key : ", sk.coeffs)
        print("rlwe_aa    : ", AA.coeffs)
        print("monomial   : ", monomial.coeffs)
        print("----- ----- -----")

        rrrr3 = rlwe.add_ctxt_ctxt(rrrr1, rrrr2)
        print(rlwe.decrypt(rrrr3, sk))    



        # print("monomial                : ", monomial)
        # a,b = rlwe_ctxt
        # print("rlwe a                  : ", a)
        # print("rlwe b                  : ", b)
        # print("encryption?             : ", a * sk + poly)
        # print("decrypted rlwe          : ", rlwe.decrypt(rlwe_ctxt, sk))
        # cnt += 1
        break
    cnt += 1
    


print(cnt)

# print("Multiplier              : ", monomial)
# print("Message                 : ", poly)
# print("Ideal Result            : ", poly * monomial)
# print("Plaintext(RLWE x RGSW)  : ", ptxt)

1000


---
---
---

We should define message in binary domain, $m \in \{0,1\}$.   
We can define encryption method as follows:



In [None]:
q    = 128
n    = 16
Q    = 128
N    = 64
B    = 256
B_ks = 256
std  = 0

# fhew = FHEW(n, q, N, Q, std, B, B_ks)
# rlwe = RLWE(N, Q, std)
# s, s_ring = fhew.dm_keygen()


In [None]:
# snum = 0
# fnum = 0

# for i in range(1000):
#     m0  = np.random.randint(0, 2)
#     m1  = np.random.randint(0, 2)

#     ct0 = fhew.encrypt(m0, s)
#     ct1 = fhew.encrypt(m1, s)

#     ctxt_operand =  fhew.LWE_CC.add(ct0, ct1)
#     a, b = ctxt_operand

#     acc = fhew.acc_init(ctxt_operand, "AND")
#     # acc = nega_ACC_init(b, q, N)

#     operanded_a, operanded_b = ctxt_operand
#     acc_a, acc_b = acc

#     _, test_acc = acc

#     # [Test] set encryption with rlwe
#     tmp_acc = fhew.RLWE_CC.encrypt(test_acc, s_ring)

#     for i, _a in enumerate(operanded_a):
#         # print(i, " : ", "as : ", _a * s[i] % fhew.q)
#         if(_a == 0):continue
#         for j in range(fhew.d_g):
#             v = _a % fhew.B
#             _a = _a // fhew.B
#             # if v == 0 : continue
#             tmp_acc = fhew.RGSW_CC.mult_rlwe(tmp_acc, fhew.brk[i][v][j])

#     acc_decrypted = fhew.RLWE_CC.decrypt(tmp_acc, s_ring)
#     constant_term = (acc_decrypted.coeffs[0] + Q//8) % Q
#     # print((acc_decrypted.coeffs[0] + Q//8) % Q, " and message :: ", m0, " and ", m1 ," = ", m0 and m1)

#     if constant_term   == Q//4  and (m0 and m1) == 1:
#         snum += 1
#     elif constant_term == 0     and (m0 and m1) == 0:
#         snum += 1
#     else:
#         fnum += 1

# print("Success number : ", snum)
# print("Fail number    : ", fnum)

# # acc_decrypted = fhew.RLWE_CC.decrypt(tmp_acc, s_ring)



In [None]:
q    = 128
n    = 16
Q    = 128
N    = 64
B    = 256
B_ks = 256
std  = 0

fhew = FHEW(n, q, N, Q, std, B, B_ks)
rlwe = RLWE(N, Q, std)
s, s_ring = fhew.dm_keygen()

In [None]:
m0  = np.random.randint(0, 2)
m1  = np.random.randint(0, 2)

ct0 = fhew.encrypt(m0, s)
ct1 = fhew.encrypt(m1, s)

ct_and = fhew.evalBin(ct0, ct1, "AND")
pt_and = fhew.decrypt(ct_and, s)

print("Decrypted message : ", pt_and, " ||| plain message : ", m0, " and ", m1, " = ", m0 and m1)

Decrypted message :  0  ||| plain message :  0  and  1  =  0
