Guide to HElib (#2)
Setting up the Context
HElib requires that you setup a context using the FHEcontext class to get things going. This stores all the parameters, etc needed for other tasks you will want to perform (key generation, encryption, decryption, homomorphic operations). I’ve been doing this in my code as follows:
#include long p=101; long r=1; long L=4; long c=2; long k=80; long s=0; long d=0; long w=64; long m = FindM(k, L, c, p, d, s, 0); FHEcontext context(m,p,r);
I explained the parameters in my last post so I won’t go into much detail. The FindM function is something new. I’m not going to go into the details of it (as I’m still trying to understand it all), but basically it will find a valid value for m given the specified values. In addition to setting up the context, we also need to build the modulus chain (this is what recent versions of BGV use to avoid bootstrapping). We also need a value G which is the monic polynomial used in constructing the ring BGV works in:
buildModChain(context, L, c); G = context.alMod.getFactorsOverZZ();
Once you have all this setup, generating public and private keys in HElib is pretty easy:
FHESecKey secretKey(context); const FHEPubKey& publicKey = secretKey; secretKey.GenSecKey(w);
The value w is the hamming weight to use in key generation (see appendix B of GHS12 for an explanation).
Encryption and Decryption
Now that we have the key pair established, we can encrypt and decrypt. HElib uses the EncryptedArray class for data movement, so make sure you #include <EncryptedArray.h>. Then create an encrypted array as:
EncryptedArray ea(context, G);
We then use a PlaintextArray to represent a plaintext. The documentation shows all the various ways this can be done. I’m going to show a simple (yet inefficient) way to encrypt a single value:
Ctxt c(publicKey); PlaintextArray p(ea); p.encode(5); ea.encrypt(c, publicKey, p);
This will encrypt the number 5 and store it in c. Decryption is very simple too:
PlaintextArray p_decrypted(ea); ea.decrypt(c, secretKey, p_decrypted);
The reason for using a PlaintextArray is that BGV supports what is being called SIMD (single-instruction, multiple-data) operations. To understand this, consider a simple example. Say we have 20 pairs of numbers (a1,b1) to (a20, b20) and we want to multiply each pair together to get c1…c20. Clearly this can be done by computing (a1*b1), (a2*b2), and so on. BGV, however, will allow us to store all a1…a20 in a single ciphertext (say a) and all b1…b20 in a single ciphertext (say b). Then we only need to compute c=a*b. When we decrypt c we can access c1…c20. Thus a single multiplication can actually multiply many values at once.
The ciphertext values are stored in instances of Ctxt. Take a look at that class’s documentation to see the supported operations. The most basic are overloads of operator+=, operator-=, and operator*=. Using those you can operate on the ciphertexts to compute functions. You should be able to do as many additions and subtractions as you want. If, however, you do too many multiplications on the same ciphertext value, the ciphertext becomes too noisy to decrypt. More on that in the next post.