# DM-like blind rotation

For details, read follow papers

* <a href="https://eprint.iacr.org/2014/816"> FHEW: Bootstrapping Homomorphic Encryption in less than a second </a>
* <a href="https://eprint.iacr.org/2020/086"> Bootstrapping in FHEW-like Cryptosystems </a>

---

In [1]:
import numpy as np
from note_include.elem.Ring import Ring
from note_include.FHEW      import FHEW
from note_include.elem.RLWE import RLWE

np.set_printoptions(threshold=np.inf, linewidth=np.inf)

---

In [2]:
q    = 128
n    = 16
Q    = 128
N    = 64
B    = 256
B_ks = 256
std  = 0

We should define message in binary domain, $m \in \{0,1\}$.   
We can define encryption method as follows:

>$\textbf{Definition}$
>
>Let $m \in \{0,1\}$ is a message, $\vec{a}$ is a vector of random number $a_i \in \Z_q$, $\vec{s}$ is a secret values, and $e$ is a small noise value.   
>Then we can define encryption method as follows:
>
>\begin{align*}
>    \textsf{FHEW.enc}(m; \vec{s}) = (\vec{a}, b), \text{ where } b = \lang \vec{a}, \vec{s} \rang + m \cdot q/4 + e.
>\end{align*}
>
>The decryption method can be easily defined as follows:
>
>\begin{align*}
>    \textsf{FHEW.dec}((a,b); \vec{s}) = b - \lang \vec{a}, \vec{s} \rang = m \cdot q/4 + e \approx m \cdot q/4.
>\end{align*}

In [3]:
# fhew = FHEW(n, q, N, Q, std, B, B_ks)
# rlwe = RLWE(N, Q, std)
# s, s_ring = fhew.dm_keygen()


In [4]:
# snum = 0
# fnum = 0

# for i in range(1000):
#     m0  = np.random.randint(0, 2)
#     m1  = np.random.randint(0, 2)

#     ct0 = fhew.encrypt(m0, s)
#     ct1 = fhew.encrypt(m1, s)

#     ctxt_operand =  fhew.LWE_CC.add(ct0, ct1)
#     a, b = ctxt_operand

#     acc = fhew.acc_init(ctxt_operand, "AND")
#     # acc = nega_ACC_init(b, q, N)

#     operanded_a, operanded_b = ctxt_operand
#     acc_a, acc_b = acc

#     _, test_acc = acc

#     # [Test] set encryption with rlwe
#     tmp_acc = fhew.RLWE_CC.encrypt(test_acc, s_ring)

#     for i, _a in enumerate(operanded_a):
#         # print(i, " : ", "as : ", _a * s[i] % fhew.q)
#         if(_a == 0):continue
#         for j in range(fhew.d_g):
#             v = _a % fhew.B
#             _a = _a // fhew.B
#             # if v == 0 : continue
#             tmp_acc = fhew.RGSW_CC.mult_rlwe(tmp_acc, fhew.brk[i][v][j])

#     acc_decrypted = fhew.RLWE_CC.decrypt(tmp_acc, s_ring)
#     constant_term = (acc_decrypted.coeffs[0] + Q//8) % Q
#     # print((acc_decrypted.coeffs[0] + Q//8) % Q, " and message :: ", m0, " and ", m1 ," = ", m0 and m1)

#     if constant_term   == Q//4  and (m0 and m1) == 1:
#         snum += 1
#     elif constant_term == 0     and (m0 and m1) == 0:
#         snum += 1
#     else:
#         fnum += 1

# print("Success number : ", snum)
# print("Fail number    : ", fnum)

# # acc_decrypted = fhew.RLWE_CC.decrypt(tmp_acc, s_ring)



In [5]:
q    = 128
n    = 16
Q    = 128
N    = 64
B    = 256
B_ks = 256
std  = 0

fhew = FHEW(n, q, N, Q, std, B, B_ks)
rlwe = RLWE(N, Q, std)
s, s_ring = fhew.dm_keygen()

In [28]:
m0  = np.random.randint(0, 2)
m1  = np.random.randint(0, 2)

ct0 = fhew.encrypt(m0, s)
ct1 = fhew.encrypt(m1, s)

ct_and = fhew.evalBin(ct0, ct1, "AND")
pt_and = fhew.decrypt(ct_and, s)

print("Decrypted message : ", pt_and, " ||| plain message : ", m0, " and ", m1, " = ", m0 and m1)

Decrypted message :  1  ||| plain message :  1  and  1  =  1
