Sub-package for CKKS bootstrapping with improved parameters and new functionalities

[Pro7ech]

BFV

• Changed the plaintext scaling from floor(Q/T)*m to round((Q*m)/T) which reduces the initial noise.

CKKS

• Added sub-package ckks/advanced that provides homomorphic encoding, decoding and modular reduction.
• Added sub-package ckks/bootstrapping that provides bootstrapping for CKKS and is built using ckks and ckks/advanced packages.
• Type Poly now replaces ChebyshevInterpolation.
• Removed EvaluateCheby API (replaced by already existing EvaluatePoly).
• Added optimization of odd and even polynomials evaluation to EvaluatePoly.
• Fixed inconsistencies in EvaluatePoly internal scale management that was reducing the precision for some values of polynomial degrees.

RLWE

• GenSwitchingKey now accepts as input or output key a key of smaller dimension with different level (overlapping parameters). I can be used to generate a switching key that can re-encrypt a ciphertext from a smaller dimension secret-key to a larger dimension secret-key, and vice-versa.
• Added SwitchCiphertextRingDegreeNTT and SwitchCiphertextRingDegree to switch ciphertext ring degrees.
• Polynomials with modulus Q and P (e.g. keys) are now stored as rlwe.PolyQP. This change allows to easily operate on Q and P independently.
• Replaced old ring.RingQP by a new rlwe.RingQP that is a wrapper of ring.RingQ and ring.RingP and provides arithmetic for rlwe.PolyQP. This reduces memory footprint and increases code readability.

DRLWE

• Added drlwe.UniformSampler that can be used to sample uniform polynomials and vectors of polynomials for dbfv and dckks packages.

DBFV/DCKKS

• Allocating shares now also allocates the common reference polynomials, which can be populated using the drlwe.UniformSamplwer using the .Read(*) API.

Ring

• Added MapSmallDimensionToLargerDimensionNTT API which maps from Y = X^{N/n} to X in the NTT domain.
• FastBasisExtender can not extend the basis of polynomials of any level in base Q to polynomials of any level in base P.
• Added MFormVector API to switch a vector in the Montgomery domain.
• Changed RNS division Div[floor/round]BylastModulus[NTT] to Div[floor/round]BylastModulus[NTT]Lvl.
• RNS division API does not modify anymore the output polynomial's level.

Examples

• Added ckks/advanced/main.go example that showcases the ckks/advanced sub-package with a bridge between CKKS and FHEW ciphertexts using homomorphic decoding, ring dimension switching, homomorphic matrix multiplication and homomorphic modular reduction.

[jrtroncoso]

Made some minor changes