@@ -88,9 +88,9 @@ constexpr typename P::T nonceoffsetgen()
8888{
8989 typename P::T offset = 0 ;
9090 for (int i = 1 ; i <= P::lₐ; i++)
91- offset += P::Bg / 2 *
91+ offset += P::Bgₐ / 2 *
9292 (1ULL << (std::numeric_limits<typename P::T>::digits -
93- i * P::Bgbit ));
93+ i * P::Bgₐbit ));
9494 return offset;
9595}
9696
@@ -100,17 +100,17 @@ inline void NonceDecomposition(DecomposedNoncePolynomial<P> &decpoly,
100100{
101101 constexpr typename P::T offset = nonceoffsetgen<P>();
102102 constexpr typename P::T roundoffset =
103- 1ULL << (std::numeric_limits<typename P::T>::digits - P::lₐ * P::Bgbit -
103+ 1ULL << (std::numeric_limits<typename P::T>::digits - P::lₐ * P::Bgₐbit -
104104 1 );
105105 constexpr typename P::T mask =
106- static_cast <typename P::T>((1ULL << P::Bgbit ) - 1 );
107- constexpr typename P::T halfBg = (1ULL << (P::Bgbit - 1 ));
106+ static_cast <typename P::T>((1ULL << P::Bgₐbit ) - 1 );
107+ constexpr typename P::T halfBg = (1ULL << (P::Bgₐbit - 1 ));
108108
109109 for (int i = 0 ; i < P::n; i++) {
110110 for (int l = 0 ; l < P::lₐ; l++)
111111 decpoly[l][i] = (((poly[i] + offset + roundoffset) >>
112112 (std::numeric_limits<typename P::T>::digits -
113- (l + 1 ) * P::Bgbit )) &
113+ (l + 1 ) * P::Bgₐbit )) &
114114 mask) -
115115 halfBg;
116116 }
@@ -422,27 +422,38 @@ TRGSWNTT<P> TRGSW2NTT(const TRGSW<P> &trgsw)
422422}
423423
424424template <class P >
425- constexpr std::array<typename P::T, P::lₐ > hgen ()
425+ constexpr std::array<typename P::T, P::l > hgen ()
426426{
427- // If the parameter is selected by resoble way, this is reasonable assumption
428- static_assert (
429- P::l <= P::lₐ,
430- " Since lₐ is more noise sensitive, lₐ should be larger than or equal to l"
431- std::array<typename P::T, P::lₐ> h{};
427+ std::array<typename P::T, P::l> h{};
432428433429 for (int i = 0 ; i < P::lₐ; i++)
434430 h[i] = (P::q + (1ULL << ((i + 1 ) * P::Bgbit - 1 ))) >>
435431 ((i + 1 ) * P::Bgbit);
436432 else
437- for (int i = 0 ; i < P::lₐ ; i++)
433+ for (int i = 0 ; i < P::l ; i++)
438434 h[i] = 1ULL << (std::numeric_limits<typename P::T>::digits -
439435 (i + 1 ) * P::Bgbit);
440436 return h;
441437}
442438
439+ template <class P >
440+ constexpr std::array<typename P::T, P::lₐ> noncehgen ()
441+ {
442+ std::array<typename P::T, P::lₐ> h{};
443+ 444+ for (int i = 0 ; i < P::lₐ; i++)
445+ h[i] = (P::q + (1ULL << ((i + 1 ) * P::Bgₐbit - 1 ))) >>
446+ ((i + 1 ) * P::Bgₐbit);
447+ else
448+ for (int i = 0 ; i < P::lₐ; i++)
449+ h[i] = 1ULL << (std::numeric_limits<typename P::T>::digits -
450+ (i + 1 ) * P::Bgₐbit);
451+ return h;
452+ }
453+
443454template <class P >
444455inline void halftrgswhadd (HalfTRGSW<P>& halftrgsw,
const Polynomial<P> &p){
445- constexpr std::array<
typename P::T, P::
lₐ > h = hgen<P>();
456+ constexpr std::array<
typename P::T, P::
l > h = hgen<P>();
446457 for (int i = 0 ; i < P::l; i++) {
447458 for (int j = 0 ; j < P::n; j++) {
448459 halftrgsw[i][P::k][j] +=
@@ -453,15 +464,16 @@ inline void halftrgswhadd(HalfTRGSW<P>& halftrgsw, const Polynomial<P> &p){
453464
454465template <class P >
455466inline void trgswhadd (TRGSW<P>& trgsw,
const Polynomial<P> &p){
456- constexpr std::array<
typename P::T, P::lₐ>
h =
hgen <P>();
467+ constexpr std::array<
typename P::T, P::lₐ>
nonceh =
noncehgen <P>();
457468 for (int i = 0 ; i < P::lₐ; i++) {
458469 for (int k = 0 ; k < P::k; k++) {
459470 for (int j = 0 ; j < P::n; j++) {
460471 trgsw[i + k * P::lₐ][k][j] +=
461- static_cast <typename P::T>(p[j]) * h [i];
472+ static_cast <typename P::T>(p[j]) * nonceh [i];
462473 }
463474 }
464475 }
476+ constexpr std::array<
typename P::T, P::l> h = hgen<P>();
465477 for (int i = 0 ; i < P::l; i++) {
466478 for (int j = 0 ; j < P::n; j++) {
467479 trgsw[i + P::k * P::lₐ][P::k][j] +=
@@ -472,11 +484,12 @@ inline void trgswhadd(TRGSW<P>& trgsw, const Polynomial<P> &p){
472484
473485template <class P >
474486inline void trgswhoneadd (TRGSW<P>& trgsw){
475- constexpr std::array<
typename P::T, P::lₐ>
h =
hgen <P>();
487+ constexpr std::array<
typename P::T, P::lₐ>
nonceh =
noncehgen <P>();
476488 for (int i = 0 ; i < P::lₐ; i++)
477489 for (int k = 0 ; k < P::k; k++)
478- trgsw[i + k * P::lₐ][k][0 ] += h [i];
490+ trgsw[i + k * P::lₐ][k][0 ] += nonceh [i];
479491
492+ constexpr std::array<
typename P::T, P::l> h = hgen<P>();
480493 for (int i = 0 ; i < P::l; i++)
481494 trgsw[i + P::k * P::lₐ][P::k][0 ] += h[i];
482495}
@@ -515,7 +528,7 @@ template <class P>
515528HalfTRGSW<P>
halftrgswSymEncrypt (
const Polynomial<P> &p,
const double α,
516529517530{
518- constexpr std::array<
typename P::T, P::
lₐ > h = hgen<P>();
531+ constexpr std::array<
typename P::T, P::
l > h = hgen<P>();
519532
520533 HalfTRGSW<P> halftrgsw;
521534 for (TRLWE<P> &trlwe : halftrgsw) trlwe = trlweSymEncryptZero<P>(α, key);
@@ -529,7 +542,7 @@ template <class P>
529542HalfTRGSW<P>
halftrgswSymEncrypt (
const Polynomial<P> &p,
const uint η,
530543531544{
532- constexpr std::array<
typename P::T, P::
lₐ > h = hgen<P>();
545+ constexpr std::array<
typename P::T, P::
l > h = hgen<P>();
533546
534547 HalfTRGSW<P> halftrgsw;
535548 for (TRLWE<P> &trlwe : halftrgsw) trlwe = trlweSymEncryptZero<P>(η, key);
0 commit comments