Add Double Decomposition (bivariate representation) infrastructure

nindanaoto · claude · nindanaoto · commit 5ddc7d8e6294 · 2025-12-31T06:26:39.000Z
Implement foundational support for the Double Decomposition technique from "Revisiting Key Decomposition Techniques for FHE" (ePrint 2023/771). Changes: - Add auxiliary decomposition parameters (l̅, l̅ₐ, B̅gbit, B̅gₐbit) to all parameter structs with trivial default values (l̅=1, B̅g=2^digits) - Update TRGSW type definitions to use k*lₐ*l̅ₐ + l*l̅ row structure - Add h̅gen() and nonceh̅gen() for auxiliary h value generation - Modify trgswhadd, halftrgswhadd, trgswhoneadd for double decomposition - Update ApplyFFT2trgsw, ApplyNTT2trgsw, ApplyRAINTT2trgsw loop bounds With trivial values, behavior is unchanged (h̅[0]=1, sizes identical). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
diff --git a/include/params.hpp b/include/params.hpp
@@ -138,17 +138,17 @@ template <class P>
 using TRLWERAINTT = std::array<PolynomialRAINTT<P>, P::k + 1>;
 
 template <class P>
-using TRGSW = std::array<TRLWE<P>, P::k * P::lₐ + P::l>;
+using TRGSW = std::array<TRLWE<P>, P::k * P::lₐ * P::l̅ₐ + P::l * P::l̅>;
 template <class P>
-using HalfTRGSW = std::array<TRLWE<P>, P::l>;
+using HalfTRGSW = std::array<TRLWE<P>, P::l * P::l̅>;
 template <class P>
-using TRGSWFFT = aligned_array<TRLWEInFD<P>, P::k * P::lₐ + P::l>;
+using TRGSWFFT = aligned_array<TRLWEInFD<P>, P::k * P::lₐ * P::l̅ₐ + P::l * P::l̅>;
 template <class P>
-using HalfTRGSWFFT = aligned_array<TRLWEInFD<P>, P::l>;
+using HalfTRGSWFFT = aligned_array<TRLWEInFD<P>, P::l * P::l̅>;
 template <class P>
-using TRGSWNTT = std::array<TRLWENTT<P>, P::k * P::lₐ + P::l>;
+using TRGSWNTT = std::array<TRLWENTT<P>, P::k * P::lₐ * P::l̅ₐ + P::l * P::l̅>;
 template <class P>
-using TRGSWRAINTT = std::array<TRLWERAINTT<P>, P::k * P::lₐ + P::l>;
+using TRGSWRAINTT = std::array<TRLWERAINTT<P>, P::k * P::lₐ * P::l̅ₐ + P::l * P::l̅>;
 
 #ifdef USE_KEY_BUNDLE
 template <class P>
diff --git a/include/params/128bit.hpp b/include/params/128bit.hpp
@@ -62,6 +62,13 @@ struct lvl1param {
     static constexpr double Δ =
         static_cast<double>(1ULL << std::numeric_limits<T>::digits) /
         plain_modulus;
+    // Double Decomposition (bivariate representation) parameters
+    // For now, set to trivial values (no actual second decomposition)
+    static constexpr std::uint32_t l̅ = 1;  // auxiliary decomposition levels
+    static constexpr std::uint32_t l̅ₐ = l̅;
+    static constexpr std::uint32_t B̅gbit =
+        std::numeric_limits<T>::digits;  // full coefficient width
+    static constexpr std::uint32_t B̅gₐbit = B̅gbit;
 };
 
 struct AHlvl1param {
@@ -83,6 +90,11 @@ struct AHlvl1param {
     static constexpr std::make_signed_t<T> μ = baseP::μ;
     static constexpr uint32_t plain_modulus = baseP::plain_modulus;
     static constexpr double Δ = baseP::Δ;
+    // Double Decomposition parameters inherited from baseP
+    static constexpr std::uint32_t l̅ = baseP::l̅;
+    static constexpr std::uint32_t l̅ₐ = baseP::l̅ₐ;
+    static constexpr std::uint32_t B̅gbit = baseP::B̅gbit;
+    static constexpr std::uint32_t B̅gₐbit = baseP::B̅gₐbit;
 };
 
 struct lvl2param {
@@ -106,6 +118,13 @@ struct lvl2param {
     static constexpr uint32_t plain_modulus = 8;
     static constexpr double Δ =
         static_cast<double>(1ULL << (std::numeric_limits<T>::digits - 4));
+    // Double Decomposition (bivariate representation) parameters
+    // For now, set to trivial values (no actual second decomposition)
+    static constexpr std::uint32_t l̅ = 1;  // auxiliary decomposition levels
+    static constexpr std::uint32_t l̅ₐ = l̅;
+    static constexpr std::uint32_t B̅gbit =
+        std::numeric_limits<T>::digits;  // full coefficient width
+    static constexpr std::uint32_t B̅gₐbit = B̅gbit;
 };
 
 struct AHlvl2param {
@@ -127,6 +146,11 @@ struct AHlvl2param {
     static constexpr std::make_signed_t<T> μ = baseP::μ;
     static constexpr uint32_t plain_modulus = baseP::plain_modulus;
     static constexpr double Δ = baseP::Δ;
+    // Double Decomposition parameters inherited from baseP
+    static constexpr std::uint32_t l̅ = baseP::l̅;
+    static constexpr std::uint32_t l̅ₐ = baseP::l̅ₐ;
+    static constexpr std::uint32_t B̅gbit = baseP::B̅gbit;
+    static constexpr std::uint32_t B̅gₐbit = baseP::B̅gₐbit;
 };
 
 struct lvl3param {
@@ -150,6 +174,13 @@ struct lvl3param {
     static constexpr uint32_t plain_modulusbit = 31;
     static constexpr uint64_t plain_modulus = 1ULL << plain_modulusbit;
     static constexpr double Δ = 1ULL << (64 - plain_modulusbit - 1);
+    // Double Decomposition (bivariate representation) parameters
+    // For now, set to trivial values (no actual second decomposition)
+    static constexpr std::uint32_t l̅ = 1;  // auxiliary decomposition levels
+    static constexpr std::uint32_t l̅ₐ = l̅;
+    static constexpr std::uint32_t B̅gbit =
+        std::numeric_limits<T>::digits;  // full coefficient width
+    static constexpr std::uint32_t B̅gₐbit = B̅gbit;
 };
 
 // Key Switching parameters
diff --git a/include/params/CGGI16.hpp b/include/params/CGGI16.hpp
@@ -59,6 +59,13 @@ struct lvl1param {
     static constexpr double Δ =
         static_cast<double>(1ULL << std::numeric_limits<T>::digits) /
         plain_modulus;
+    // Double Decomposition (bivariate representation) parameters
+    // For now, set to trivial values (no actual second decomposition)
+    static constexpr std::uint32_t l̅ = 1;  // auxiliary decomposition levels
+    static constexpr std::uint32_t l̅ₐ = l̅;
+    static constexpr std::uint32_t B̅gbit =
+        std::numeric_limits<T>::digits;  // full coefficient width
+    static constexpr std::uint32_t B̅gₐbit = B̅gbit;
 };
 
 struct lvl2param {
@@ -80,6 +87,13 @@ struct lvl2param {
     static constexpr T μ = 1ULL << 61;
     static constexpr uint32_t plain_modulus = 8;
     static constexpr double Δ = μ;
+    // Double Decomposition (bivariate representation) parameters
+    // For now, set to trivial values (no actual second decomposition)
+    static constexpr std::uint32_t l̅ = 1;  // auxiliary decomposition levels
+    static constexpr std::uint32_t l̅ₐ = l̅;
+    static constexpr std::uint32_t B̅gbit =
+        std::numeric_limits<T>::digits;  // full coefficient width
+    static constexpr std::uint32_t B̅gₐbit = B̅gbit;
 };
 
 // Dummy
@@ -104,6 +118,13 @@ struct lvl3param {
     static constexpr uint32_t plain_modulusbit = 31;
     static constexpr uint64_t plain_modulus = 1ULL << plain_modulusbit;
     static constexpr double Δ = 1ULL << (64 - plain_modulusbit - 1);
+    // Double Decomposition (bivariate representation) parameters
+    // For now, set to trivial values (no actual second decomposition)
+    static constexpr std::uint32_t l̅ = 1;  // auxiliary decomposition levels
+    static constexpr std::uint32_t l̅ₐ = l̅;
+    static constexpr std::uint32_t B̅gbit =
+        std::numeric_limits<T>::digits;  // full coefficient width
+    static constexpr std::uint32_t B̅gₐbit = B̅gbit;
 };
 
 struct lvl10param {
diff --git a/include/params/CGGI19.hpp b/include/params/CGGI19.hpp
@@ -59,6 +59,13 @@ struct lvl1param {
     static constexpr double Δ =
         static_cast<double>(1ULL << std::numeric_limits<T>::digits) /
         plain_modulus;
+    // Double Decomposition (bivariate representation) parameters
+    // For now, set to trivial values (no actual second decomposition)
+    static constexpr std::uint32_t l̅ = 1;  // auxiliary decomposition levels
+    static constexpr std::uint32_t l̅ₐ = l̅;
+    static constexpr std::uint32_t B̅gbit =
+        std::numeric_limits<T>::digits;  // full coefficient width
+    static constexpr std::uint32_t B̅gₐbit = B̅gbit;
 };
 
 struct lvl2param {
@@ -78,6 +85,13 @@ struct lvl2param {
     static constexpr T μ = 1ULL << 61;
     static constexpr uint32_t plain_modulus = 8;
     static constexpr double Δ = μ;
+    // Double Decomposition (bivariate representation) parameters
+    // For now, set to trivial values (no actual second decomposition)
+    static constexpr std::uint32_t l̅ = 1;  // auxiliary decomposition levels
+    static constexpr std::uint32_t l̅ₐ = l̅;
+    static constexpr std::uint32_t B̅gbit =
+        std::numeric_limits<T>::digits;  // full coefficient width
+    static constexpr std::uint32_t B̅gₐbit = B̅gbit;
 };
 
 // Dummy
@@ -102,6 +116,13 @@ struct lvl3param {
     static constexpr uint32_t plain_modulusbit = 31;
     static constexpr uint64_t plain_modulus = 1ULL << plain_modulusbit;
     static constexpr double Δ = 1ULL << (64 - plain_modulusbit - 1);
+    // Double Decomposition (bivariate representation) parameters
+    // For now, set to trivial values (no actual second decomposition)
+    static constexpr std::uint32_t l̅ = 1;  // auxiliary decomposition levels
+    static constexpr std::uint32_t l̅ₐ = l̅;
+    static constexpr std::uint32_t B̅gbit =
+        std::numeric_limits<T>::digits;  // full coefficient width
+    static constexpr std::uint32_t B̅gₐbit = B̅gbit;
 };
 
 // Dummy
diff --git a/include/trgsw.hpp b/include/trgsw.hpp
@@ -353,7 +353,7 @@ template <class P>
 TRGSWFFT<P> ApplyFFT2trgsw(const TRGSW<P> &trgsw)
 {
     alignas(64) TRGSWFFT<P> trgswfft;
-    for (int i = 0; i < P::k * P::lₐ + P::l; i++)
+    for (int i = 0; i < P::k * P::lₐ * P::l̅ₐ + P::l * P::l̅; i++)
         for (int j = 0; j < (P::k + 1); j++)
             TwistIFFT<P>(trgswfft[i][j], trgsw[i][j]);
     return trgswfft;
@@ -362,7 +362,7 @@ TRGSWFFT<P> ApplyFFT2trgsw(const TRGSW<P> &trgsw)
 template <class P>
 void ApplyFFT2trgsw(TRGSWFFT<P> &trgswfft, const TRGSW<P> &trgsw)
 {
-    for (int i = 0; i < P::k * P::lₐ + P::l; i++)
+    for (int i = 0; i < P::k * P::lₐ * P::l̅ₐ + P::l * P::l̅; i++)
         for (int j = 0; j < (P::k + 1); j++)
             TwistIFFT<P>(trgswfft[i][j], trgsw[i][j]);
 }
@@ -371,7 +371,7 @@ template <class P>
 HalfTRGSWFFT<P> ApplyFFT2halftrgsw(const HalfTRGSW<P> &trgsw)
 {
     alignas(64) HalfTRGSWFFT<P> halftrgswfft;
-    for (int i = 0; i < P::l; i++)
+    for (int i = 0; i < P::l * P::l̅; i++)
         for (int j = 0; j < (P::k + 1); j++)
             TwistIFFT<P>(halftrgswfft[i][j], trgsw[i][j]);
     return halftrgswfft;
@@ -381,7 +381,7 @@ template <class P>
 TRGSWNTT<P> ApplyNTT2trgsw(const TRGSW<P> &trgsw)
 {
     TRGSWNTT<P> trgswntt;
-    for (int i = 0; i < P::k * P::lₐ + P::l; i++)
+    for (int i = 0; i < P::k * P::lₐ * P::l̅ₐ + P::l * P::l̅; i++)
         for (int j = 0; j < P::k + 1; j++)
             TwistINTT<P>(trgswntt[i][j], trgsw[i][j]);
     return trgswntt;
@@ -392,7 +392,7 @@ TRGSWRAINTT<P> ApplyRAINTT2trgsw(const TRGSW<P> &trgsw)
 {
     constexpr uint8_t remainder = ((P::nbit - 1) % 3) + 1;
     TRGSWRAINTT<P> trgswntt;
-    for (int i = 0; i < P::k * P::lₐ + P::l; i++)
+    for (int i = 0; i < P::k * P::lₐ * P::l̅ₐ + P::l * P::l̅; i++)
         for (int j = 0; j < P::k + 1; j++) {
             raintt::TwistINTT<typename P::T, P::nbit, true>(
                 trgswntt[i][j], trgsw[i][j], (*raintttable)[1],
@@ -412,7 +412,7 @@ template <class P>
 TRGSWNTT<P> TRGSW2NTT(const TRGSW<P> &trgsw)
 {
     TRGSWNTT<P> trgswntt;
-    for (int i = 0; i < P::k * P::lₐ + P::l; i++)
+    for (int i = 0; i < P::k * P::lₐ * P::l̅ₐ + P::l * P::l̅; i++)
         for (int j = 0; j < P::k + 1; j++) {
             PolynomialNTT<P> temp;
             TwistINTT<P>(temp, trgsw[i][j]);
@@ -452,13 +452,38 @@ constexpr std::array<typename P::T, P::lₐ> noncehgen()
     return h;
 }
 
+// Auxiliary h generation for Double Decomposition (bivariate representation)
+template <class P>
+constexpr std::array<typename P::T, P::l̅> h̅gen()
+{
+    std::array<typename P::T, P::l̅> h̅{};
+    for (int i = 0; i < P::l̅; i++)
+        h̅[i] = 1ULL << (std::numeric_limits<typename P::T>::digits -
+                        (i + 1) * P::B̅gbit);
+    return h̅;
+}
+
+template <class P>
+constexpr std::array<typename P::T, P::l̅ₐ> nonceh̅gen()
+{
+    std::array<typename P::T, P::l̅ₐ> h̅{};
+    for (int i = 0; i < P::l̅ₐ; i++)
+        h̅[i] = 1ULL << (std::numeric_limits<typename P::T>::digits -
+                        (i + 1) * P::B̅gₐbit);
+    return h̅;
+}
+
 template <class P>
 inline void halftrgswhadd(HalfTRGSW<P> &halftrgsw, const Polynomial<P> &p)
 {
     constexpr std::array<typename P::T, P::l> h = hgen<P>();
+    constexpr std::array<typename P::T, P::l̅> h̅ = h̅gen<P>();
     for (int i = 0; i < P::l; i++) {
-        for (int j = 0; j < P::n; j++) {
-            halftrgsw[i][P::k][j] += static_cast<typename P::T>(p[j]) * h[i];
+        for (int ī = 0; ī < P::l̅; ī++) {
+            for (int j = 0; j < P::n; j++) {
+                halftrgsw[i * P::l̅ + ī][P::k][j] +=
+                    static_cast<typename P::T>(p[j]) * h[i] * h̅[ī];
+            }
         }
     }
 }
@@ -467,19 +492,26 @@ template <class P>
 inline void trgswhadd(TRGSW<P> &trgsw, const Polynomial<P> &p)
 {
     constexpr std::array<typename P::T, P::lₐ> nonceh = noncehgen<P>();
+    constexpr std::array<typename P::T, P::l̅ₐ> nonceh̅ = nonceh̅gen<P>();
     for (int i = 0; i < P::lₐ; i++) {
-        for (int k = 0; k < P::k; k++) {
-            for (int j = 0; j < P::n; j++) {
-                trgsw[i + k * P::lₐ][k][j] +=
-                    static_cast<typename P::T>(p[j]) * nonceh[i];
+        for (int ī = 0; ī < P::l̅ₐ; ī++) {
+            for (int k = 0; k < P::k; k++) {
+                for (int j = 0; j < P::n; j++) {
+                    trgsw[(i * P::l̅ₐ + ī) + k * P::lₐ * P::l̅ₐ][k][j] +=
+                        static_cast<typename P::T>(p[j]) * nonceh[i] *
+                        nonceh̅[ī];
+                }
             }
         }
     }
     constexpr std::array<typename P::T, P::l> h = hgen<P>();
+    constexpr std::array<typename P::T, P::l̅> h̅ = h̅gen<P>();
     for (int i = 0; i < P::l; i++) {
-        for (int j = 0; j < P::n; j++) {
-            trgsw[i + P::k * P::lₐ][P::k][j] +=
-                static_cast<typename P::T>(p[j]) * h[i];
+        for (int ī = 0; ī < P::l̅; ī++) {
+            for (int j = 0; j < P::n; j++) {
+                trgsw[(i * P::l̅ + ī) + P::k * P::lₐ * P::l̅ₐ][P::k][j] +=
+                    static_cast<typename P::T>(p[j]) * h[i] * h̅[ī];
+            }
         }
     }
 }
@@ -488,11 +520,19 @@ template <class P>
 inline void trgswhoneadd(TRGSW<P> &trgsw)
 {
     constexpr std::array<typename P::T, P::lₐ> nonceh = noncehgen<P>();
+    constexpr std::array<typename P::T, P::l̅ₐ> nonceh̅ = nonceh̅gen<P>();
     for (int i = 0; i < P::lₐ; i++)
-        for (int k = 0; k < P::k; k++) trgsw[i + k * P::lₐ][k][0] += nonceh[i];
+        for (int ī = 0; ī < P::l̅ₐ; ī++)
+            for (int k = 0; k < P::k; k++)
+                trgsw[(i * P::l̅ₐ + ī) + k * P::lₐ * P::l̅ₐ][k][0] +=
+                    nonceh[i] * nonceh̅[ī];
 
     constexpr std::array<typename P::T, P::l> h = hgen<P>();
-    for (int i = 0; i < P::l; i++) trgsw[i + P::k * P::lₐ][P::k][0] += h[i];
+    constexpr std::array<typename P::T, P::l̅> h̅ = h̅gen<P>();
+    for (int i = 0; i < P::l; i++)
+        for (int ī = 0; ī < P::l̅; ī++)
+            trgsw[(i * P::l̅ + ī) + P::k * P::lₐ * P::l̅ₐ][P::k][0] +=
+                h[i] * h̅[ī];
 }
 
 template <class P>
@@ -525,24 +565,16 @@ template <class P>
 void halftrgswSymEncrypt(HalfTRGSW<P> &halftrgsw, const Polynomial<P> &p,
                          const double α, const Key<P> &key)
 {
-    constexpr std::array<typename P::T, P::l> h = hgen<P>();
-
     for (TRLWE<P> &trlwe : halftrgsw) trlweSymEncryptZero<P>(trlwe, α, key);
-    for (int i = 0; i < P::l; i++)
-        for (int j = 0; j < P::n; j++)
-            halftrgsw[i][P::k][j] += static_cast<typename P::T>(p[j]) * h[i];
+    halftrgswhadd<P>(halftrgsw, p);
 }
 
 template <class P>
 void halftrgswSymEncrypt(HalfTRGSW<P> &halftrgsw, const Polynomial<P> &p,
                          const uint η, const Key<P> &key)
 {
-    constexpr std::array<typename P::T, P::l> h = hgen<P>();
-
     for (TRLWE<P> &trlwe : halftrgsw) trlweSymEncryptZero<P>(trlwe, η, key);
-    for (int i = 0; i < P::l; i++)
-        for (int j = 0; j < P::n; j++)
-            halftrgsw[i][P::k][j] += static_cast<typename P::T>(p[j]) * h[i];
+    halftrgswhadd<P>(halftrgsw, p);
 }
 
 template <class P>
