public void ExceptionsTest()
{
SEALContext context = GlobalContext.BFVContext;
KeyGenerator keygen = new KeyGenerator(context);
SecretKey secret = new SecretKey();
List <uint> elts = new List <uint> {
16385
};
List <uint> elts_null = null;
List <int> steps = new List <int> {
4096
};
List <int> steps_null = null;
Utilities.AssertThrows <ArgumentNullException>(() => keygen = new KeyGenerator(null));
Utilities.AssertThrows <ArgumentNullException>(() => keygen = new KeyGenerator(context, null));
Utilities.AssertThrows <ArgumentNullException>(() => keygen = new KeyGenerator(null, keygen.SecretKey));
Utilities.AssertThrows <ArgumentException>(() => keygen = new KeyGenerator(context, secret));
Utilities.AssertThrows <ArgumentNullException>(() => keygen.CreateGaloisKeys(elts_null));
Utilities.AssertThrows <ArgumentException>(() => keygen.CreateGaloisKeys(elts));
Utilities.AssertThrows <ArgumentNullException>(() => keygen.CreateGaloisKeys(steps_null));
Utilities.AssertThrows <ArgumentException>(() => keygen.CreateGaloisKeys(steps));
EncryptionParameters smallParms = new EncryptionParameters(SchemeType.CKKS);
smallParms.PolyModulusDegree = 128;
smallParms.CoeffModulus = CoeffModulus.Create(smallParms.PolyModulusDegree, new int[] { 60 });
context = new SEALContext(smallParms, true, SecLevelType.None);
keygen = new KeyGenerator(context);
Utilities.AssertThrows <InvalidOperationException>(() => keygen.CreateRelinKeys());
Utilities.AssertThrows <InvalidOperationException>(() => keygen.CreateGaloisKeys());
}
public void SeededKeyTest()
{
EncryptionParameters parms = new EncryptionParameters(SchemeType.BFV)
{
PolyModulusDegree = 128,
PlainModulus = new Modulus(1 << 6),
CoeffModulus = CoeffModulus.Create(128, new int[] { 40, 40, 40 })
};
SEALContext context = new SEALContext(parms,
expandModChain: false,
secLevel: SecLevelType.None);
KeyGenerator keygen = new KeyGenerator(context);
RelinKeys relinKeys = new RelinKeys();
using (MemoryStream stream = new MemoryStream())
{
keygen.CreateRelinKeys().Save(stream);
stream.Seek(0, SeekOrigin.Begin);
relinKeys.Load(context, stream);
}
keygen.CreatePublicKey(out PublicKey publicKey);
Encryptor encryptor = new Encryptor(context, publicKey);
Decryptor decryptor = new Decryptor(context, keygen.SecretKey);
Evaluator evaluator = new Evaluator(context);
Ciphertext encrypted1 = new Ciphertext(context);
Ciphertext encrypted2 = new Ciphertext(context);
Plaintext plain1 = new Plaintext();
Plaintext plain2 = new Plaintext();
plain1.Set(0);
encryptor.Encrypt(plain1, encrypted1);
evaluator.SquareInplace(encrypted1);
evaluator.RelinearizeInplace(encrypted1, relinKeys);
decryptor.Decrypt(encrypted1, plain2);
Assert.AreEqual(1ul, plain2.CoeffCount);
Assert.AreEqual(0ul, plain2[0]);
plain1.Set("1x^10 + 2");
encryptor.Encrypt(plain1, encrypted1);
evaluator.SquareInplace(encrypted1);
evaluator.RelinearizeInplace(encrypted1, relinKeys);
evaluator.SquareInplace(encrypted1);
evaluator.Relinearize(encrypted1, relinKeys, encrypted2);
decryptor.Decrypt(encrypted2, plain2);
// {1x^40 + 8x^30 + 18x^20 + 20x^10 + 10}
Assert.AreEqual(41ul, plain2.CoeffCount);
Assert.AreEqual(16ul, plain2[0]);
Assert.AreEqual(32ul, plain2[10]);
Assert.AreEqual(24ul, plain2[20]);
Assert.AreEqual(8ul, plain2[30]);
Assert.AreEqual(1ul, plain2[40]);
}
/*
* In this example we show how serialization works in Microsoft SEAL. Specifically,
* we present important concepts that enable the user to optimize the data size when
* communicating ciphertexts and keys for outsourced computation. Unlike the previous
* examples, we organize this one in a client-server style for maximal clarity. The
* server selects encryption parameters, the client generates keys, the server does
* the encrypted computation, and the client decrypts.
*/
private static void ExampleSerialization()
{
Utilities.PrintExampleBanner("Example: Serialization");
/*
* We require ZLIB or Zstandard support for this example to be available.
*/
if (!Serialization.IsSupportedComprMode(ComprModeType.ZLIB) &&
!Serialization.IsSupportedComprMode(ComprModeType.ZSTD))
{
Console.WriteLine("Neither ZLIB nor Zstandard support is enabled; this example is not available.");
Console.WriteLine();
return;
}
/*
* We start by briefly discussing the Serializable<T> generic class. This is
* a wrapper class that can wrap any serializable class, which include:
*
* - EncryptionParameters
* - Modulus
* - Plaintext and Ciphertext
* - SecretKey, PublicKey, RelinKeys, and GaloisKeys
*
* Serializable<T> provides minimal functionality needed to serialize the wrapped
* object by simply forwarding the calls to corresponding functions of the wrapped
* object of type T. The need for Serializable<T> comes from the fact that many
* Microsoft SEAL objects consist of two parts, one of which is pseudorandom data
* independent of the other part. Until the object is actually being used, the
* pseudorandom part can be instead stored as a seed. We will call objects with
* property `seedable'.
*
* For example, GaloisKeys can often be very large in size, but in reality half
* of the data is pseudorandom and can be stored as a seed. Since GaloisKeys are
* never used by the party that generates them, so it makes sense to expand the
* seed at the point deserialization. On the other hand, we cannot allow the user
* to accidentally try to use an unexpanded GaloisKeys object, which is prevented
* at by ensuring it is always wrapped in a Serializable<GaloisKeys> and can only
* be serialized.
*
* Only some Microsoft SEAL objects are seedable. Specifically, they are:
*
* - PublicKey, RelinKeys, and GaloisKeys
* - Ciphertext in secret-key mode (from Encryptor.EncryptSymmetric or
* Encryptor.EncryptZeroSymmetric)
*
* Importantly, ciphertexts in public-key mode are not seedable. Thus, it may
* be beneficial to use Microsoft SEAL in secret-key mode whenever the public
* key is not truly needed.
*
* There are a handful of functions that output Serializable<T> objects:
*
* - Encryptor.Encrypt (and variants) output Serializable<Ciphertext>
* - KeyGenerator.Create... output Serializable<T> for different key types
*
* Note that Encryptor.Encrypt is included in the above list, yet it produces
* ciphertexts in public-key mode that are not seedable. This is for the sake of
* consistency in the API for public-key and secret-key encryption. Functions
* that output Serializable<T> objects also have overloads that take a normal
* object of type T as a destination parameter, overwriting it. These overloads
* can be convenient for local testing where no serialization is needed and the
* object needs to be used at the point of construction. Such an object can no
* longer be transformed back to a seeded state.
*/
/*
* To simulate client-server interaction, we set up a shared C# stream. In real
* use-cases this can be a network stream, a filestream, or any shared resource.
*
* It is critical to note that all data serialized by Microsoft SEAL is in binary
* form, so it is not meaningful to print the data as ASCII characters. Encodings
* such as Base64 would increase the data size, which is already a bottleneck in
* homomorphic encryption. Hence, serialization into text is not supported or
* recommended.
*
* In this example we use a couple of shared MemoryStreams.
*/
using MemoryStream parmsStream = new MemoryStream();
using MemoryStream dataStream = new MemoryStream();
using MemoryStream skStream = new MemoryStream();
/*
* The server first determines the computation and sets encryption parameters
* accordingly.
*/
{
ulong polyModulusDegree = 8192;
using EncryptionParameters parms = new EncryptionParameters(SchemeType.CKKS);
parms.PolyModulusDegree = polyModulusDegree;
parms.CoeffModulus = CoeffModulus.Create(
polyModulusDegree, new int[] { 50, 30, 50 });
/*
* Serialization of the encryption parameters to our shared stream is very
* simple with the EncryptionParameters.Save function.
*/
long size = parms.Save(parmsStream);
/*
* Seek the parmsStream head back to beginning of the stream.
*/
parmsStream.Seek(0, SeekOrigin.Begin);
/*
* The return value of this function is the actual byte count of data written
* to the stream.
*/
Utilities.PrintLine();
Console.WriteLine($"EncryptionParameters: wrote {size} bytes");
/*
* Before moving on, we will take some time to discuss further options in
* serialization. These will become particularly important when the user
* needs to optimize communication and storage sizes.
*
* It is possible to enable or disable compression for serialization by
* providing EncryptionParameters.Save with the desired compression mode as
* in the following examples:
*
* long size = parms.Save(sharedStream, ComprModeType.None);
* long size = parms.Save(sharedStream, ComprModeType.ZLIB);
* long size = parms.Save(sharedStream, ComprModeType.ZSTD);
*
* If Microsoft SEAL is compiled with Zstandard or ZLIB support, the default
* is to use one of them. If available, Zstandard is preferred over ZLIB due
* to its speed.
*
* Compression can have a substantial impact on the serialized data size,
* because ciphertext and key data consists of many uniformly random integers
* modulo the CoeffModulus primes. Especially when using CKKS, the primes in
* CoeffModulus can be relatively small compared to the 64-bit words used to
* store the ciphertext and key data internally. Serialization writes full
* 64-bit words to the destination buffer or stream, possibly leaving in many
* zero bytes corresponding to the high-order bytes of the 64-bit words. One
* convenient way to get rid of these zeros is to apply a general-purpose
* compression algorithm on the encrypted data. The compression rate can be
* significant (up to 50-60%) when using CKKS with small primes.
*/
/*
* In many cases, when working with fixed size memory, it is necessary to know
* ahead of time an upper bound on the serialized data size to allocate enough
* memory. This information is returned by the EncryptionParameters.SaveSize
* function. This function accepts the desired compression mode, or uses the
* default option otherwise.
*
* In more detail, the output of EncryptionParameters.SaveSize is as follows:
*
* - Exact buffer size required for ComprModeType.None;
* - Upper bound on the size required for ComprModeType.ZLIB or
* ComprModeType.ZSTD.
*
* As we can see from the print-out, the sizes returned by these functions
* are significantly larger than the compressed size written into the shared
* stream in the beginning. This is normal: compression yielded a significant
* improvement in the data size, however, it is impossible to know ahead of
* time the exact size of the compressed data. If compression is not used,
* then the size is exactly determined by the encryption parameters.
*/
Utilities.PrintLine();
Console.Write("EncryptionParameters: data size upper bound (ComprModeType.None): ");
Console.WriteLine(parms.SaveSize(ComprModeType.None));
Console.Write(" ");
Console.Write("EncryptionParameters: data size upper bound (compression): ");
Console.WriteLine(parms.SaveSize(/* Serialization.ComprModeDefault */));
/*
* As an example, we now serialize the encryption parameters to a fixed
* size buffer.
*/
using MemoryStream buffer = new MemoryStream(new byte[parms.SaveSize()]);
parms.Save(buffer);
/*
* To illustrate deserialization, we load back the encryption parameters
* from our buffer into another instance of EncryptionParameters. First
* we need to seek our stream back to the beginning.
*/
buffer.Seek(0, SeekOrigin.Begin);
using EncryptionParameters parms2 = new EncryptionParameters();
parms2.Load(buffer);
/*
* We can check that the saved and loaded encryption parameters indeed match.
*/
Utilities.PrintLine();
Console.WriteLine($"EncryptionParameters: parms == parms2: {parms.Equals(parms2)}");
}
/*
* Client starts by loading the encryption parameters, sets up the SEALContext,
* and creates the required keys.
*/
{
using EncryptionParameters parms = new EncryptionParameters();
parms.Load(parmsStream);
/*
* Seek the parmsStream head back to beginning of the stream because we
* will use the same stream to read the parameters repeatedly.
*/
parmsStream.Seek(0, SeekOrigin.Begin);
using SEALContext context = new SEALContext(parms);
using KeyGenerator keygen = new KeyGenerator(context);
using SecretKey sk = keygen.SecretKey;
keygen.CreatePublicKey(out PublicKey pk);
/*
* We need to save the secret key so we can decrypt later.
*/
sk.Save(skStream);
skStream.Seek(0, SeekOrigin.Begin);
/*
* As in previous examples, in this example we will encrypt in public-key
* mode. If we want to send a public key over the network, we should instead
* have created it as a seeded object as follows:
*
* Serializable<PublicKey> pk = keygen.CreatePublicKey();
*
* In this example we will also use relinearization keys. These we will
* absolutely want to create as seeded objects to minimize communication
* cost, unlike in prior examples.
*/
using Serializable <RelinKeys> rlk = keygen.CreateRelinKeys();
/*
* To demonstrate the significant space saving from this method, we will
* create another set of relinearization keys, this time fully expanded.
*/
keygen.CreateRelinKeys(out RelinKeys rlkBig);
/*
* We serialize both relinearization keys to demonstrate the concrete size
* difference. If compressed serialization is used, the compression rate
* will be the same in both cases. We omit specifying the compression mode
* to use the default, as determined by the Microsoft SEAL build system.
*/
long sizeRlk = rlk.Save(dataStream);
long sizeRlkBig = rlkBig.Save(dataStream);
Utilities.PrintLine();
Console.WriteLine($"Serializable<RelinKeys>: wrote {sizeRlk} bytes");
Console.Write(" ");
Console.WriteLine($"RelinKeys: wrote {sizeRlkBig} bytes");
/*
* Seek back in dataStream to where rlk data ended, i.e., sizeRlkBig bytes
* backwards from current position.
*/
dataStream.Seek(-sizeRlkBig, SeekOrigin.Current);
/*
* Next set up the CKKSEncoder and Encryptor, and encrypt some numbers.
*/
double scale = Math.Pow(2.0, 30);
CKKSEncoder encoder = new CKKSEncoder(context);
using Plaintext plain1 = new Plaintext(),
plain2 = new Plaintext();
encoder.Encode(2.3, scale, plain1);
encoder.Encode(4.5, scale, plain2);
using Encryptor encryptor = new Encryptor(context, pk);
/*
* The client will not compute on ciphertexts that it creates, so it can
* just as well create Serializable<Ciphertext> objects. In fact, we do
* not even need to name those objects and instead immediately call
* Serializable<Ciphertext>.Save.
*/
long sizeEncrypted1 = encryptor.Encrypt(plain1).Save(dataStream);
/*
* As we discussed in the beginning of this example, ciphertexts can
* be created in a seeded state in secret-key mode, providing a huge
* reduction in the data size upon serialization. To do this, we need
* to provide the Encryptor with the secret key in its constructor, or
* at a later point with the Encryptor.SetSecretKey function, and use
* the Encryptor.EncryptSymmetric function to encrypt.
*/
encryptor.SetSecretKey(sk);
long sizeSymEncrypted2 = encryptor.EncryptSymmetric(plain2).Save(dataStream);
/*
* The size reduction is substantial.
*/
Utilities.PrintLine();
Console.WriteLine($"Serializable<Ciphertext> (public-key): wrote {sizeEncrypted1} bytes");
Console.Write(" ");
Console.Write($"Serializable<Ciphertext> (seeded secret-key): ");
Console.WriteLine($"wrote {sizeSymEncrypted2} bytes");
/*
* Seek to the beginning of dataStream.
*/
dataStream.Seek(0, SeekOrigin.Begin);
/*
* We have seen how creating seeded objects can result in huge space
* savings compared to creating unseeded objects. This is particularly
* important when creating Galois keys, which can be very large. We have
* seen how secret-key encryption can be used to achieve much smaller
* ciphertext sizes when the public-key functionality is not needed.
*
* We would also like to draw attention to the fact there we could easily
* serialize multiple Microsoft SEAL objects sequentially in a stream. Each
* object writes its own size into the stream, so deserialization knows
* exactly how many bytes to read. We will see this working below.
*/
}
/*
* The server can now compute on the encrypted data. We will recreate the
* SEALContext and set up an Evaluator here.
*/
{
using EncryptionParameters parms = new EncryptionParameters();
parms.Load(parmsStream);
parmsStream.Seek(0, SeekOrigin.Begin);
using SEALContext context = new SEALContext(parms);
using Evaluator evaluator = new Evaluator(context);
/*
* Next we need to load relinearization keys and the ciphertexts from our
* dataStream.
*/
using RelinKeys rlk = new RelinKeys();
using Ciphertext encrypted1 = new Ciphertext(),
encrypted2 = new Ciphertext();
/*
* Deserialization is as easy as serialization.
*/
rlk.Load(context, dataStream);
encrypted1.Load(context, dataStream);
encrypted2.Load(context, dataStream);
/*
* Compute the product, rescale, and relinearize.
*/
using Ciphertext encryptedProd = new Ciphertext();
evaluator.Multiply(encrypted1, encrypted2, encryptedProd);
evaluator.RelinearizeInplace(encryptedProd, rlk);
evaluator.RescaleToNextInplace(encryptedProd);
/*
* We use dataStream to communicate encryptedProd back to the client.
* There is no way to save the encryptedProd as a seeded object: only
* freshly encrypted secret-key ciphertexts can be seeded. Note how the
* size of the result ciphertext is smaller than the size of a fresh
* ciphertext because it is at a lower level due to the rescale operation.
*/
dataStream.Seek(0, SeekOrigin.Begin);
long sizeEncryptedProd = encryptedProd.Save(dataStream);
dataStream.Seek(0, SeekOrigin.Begin);
Utilities.PrintLine();
Console.Write($"Ciphertext (secret-key): ");
Console.WriteLine($"wrote {sizeEncryptedProd} bytes");
}
/*
* In the final step the client decrypts the result.
*/
{
using EncryptionParameters parms = new EncryptionParameters();
parms.Load(parmsStream);
parmsStream.Seek(0, SeekOrigin.Begin);
using SEALContext context = new SEALContext(parms);
/*
* Load back the secret key from skStream.
*/
using SecretKey sk = new SecretKey();
sk.Load(context, skStream);
using Decryptor decryptor = new Decryptor(context, sk);
using CKKSEncoder encoder = new CKKSEncoder(context);
using Ciphertext encryptedResult = new Ciphertext();
encryptedResult.Load(context, dataStream);
using Plaintext plainResult = new Plaintext();
decryptor.Decrypt(encryptedResult, plainResult);
List <double> result = new List <double>();
encoder.Decode(plainResult, result);
Utilities.PrintLine();
Console.WriteLine("Decrypt and decode PI * x ^ 3 + 0.4x + 1.");
Console.WriteLine(" + Expected result:");
List <double> trueResult = new List <double>((int)encoder.SlotCount);
for (ulong i = 0; i < encoder.SlotCount; i++)
{
trueResult.Add(2.3 * 4.5);
}
Utilities.PrintVector(trueResult, 3, 7);
Console.WriteLine(" + Computed result ...... Correct.");
Utilities.PrintVector(result, 3, 7);
}
/*
* Finally, we give a little bit more explanation of the structure of data
* serialized by Microsoft SEAL. Serialized data always starts with a 16-byte
* SEALHeader struct, as defined in dotnet/src/Serialization.cs, and is
* followed by the possibly compressed data for the object.
*
* A SEALHeader contains the following data:
*
* [offset 0] 2-byte magic number 0xA15E (Serialization.SEALMagic)
* [offset 2] 1-byte indicating the header size in bytes (always 16)
* [offset 3] 1-byte indicating the Microsoft SEAL major version number
* [offset 4] 1-byte indicating the Microsoft SEAL minor version number
* [offset 5] 1-byte indicating the compression mode type
* [offset 6] 2-byte reserved field (unused)
* [offset 8] 8-byte size in bytes of the serialized data, including the header
*
* Currently Microsoft SEAL supports only little-endian systems.
*
* As an example, we demonstrate the SEALHeader created by saving a plaintext.
* Note that the SEALHeader is never compressed, so there is no need to specify
* the compression mode.
*/
using Plaintext pt = new Plaintext("1x^2 + 3");
using MemoryStream stream = new MemoryStream();
long dataSize = pt.Save(stream);
/*
* Seek the stream head back to beginning of the stream.
*/
stream.Seek(0, SeekOrigin.Begin);
/*
* We can now load just the SEALHeader back from the stream as follows.
*/
Serialization.SEALHeader header = new Serialization.SEALHeader();
Serialization.LoadHeader(stream, header);
/*
* Now confirm that the size of data written to stream matches with what is
* indicated by the SEALHeader.
*/
Utilities.PrintLine();
Console.WriteLine($"Size written to stream: {dataSize} bytes");
Console.Write(" ");
Console.WriteLine($"Size indicated in SEALHeader: {header.Size} bytes");
Console.WriteLine();
}
