Homomorphic encryption using Palisade library

Question

To all homomorphic encryption experts out there:

I'm using the PALISADE library:

int plaintextModulus = 65537;
float sigma = 3.2;
SecurityLevel securityLevel = HEStd_128_classic;
uint32_t depth = 2;

//Instantiate the crypto context
CryptoContext<DCRTPoly> cc = CryptoContextFactory<DCRTPoly>::genCryptoContextBFVrns(
            plaintextModulus, securityLevel, sigma, 0, depth, 0, OPTIMIZED);

could you please explain (all) the parameters especially intrested in ptm, depth and sigma.

Secondly I am trying to make a Packed Plaintext with the cc above.

cc->MakePackedPlaintext(array);

What is the maximum size of the array? On my local machine (8GB RAM) when the array is larger than ~8000 int64 I get an free(): invalid next size (normal) error

Answer 1

Thank you for asking the question.

Plaintext modulus t (denoted as t here) is a critical parameter for BFV as all operations are performed mod t. In other words, when you choose t, you have to make sure that all computations do not wrap around, i.e., do not exceed t. Otherwise you will get an incorrect answer unless your goal is to compute something mod t.

sigma is the distribution parameter (used for the underlying Learning with Errors problem). You can just set to 3.2. No need to change it.

Depth is the multiplicative depth of the circuit you are trying to compute. It has nothing to with the size of vectors. Basically, if you have AxBxCxD, you have a depth 3 with a naive approach. BFV also supports more efficient binary tree evaluation, i.e., (AxB)x(CxD) - this option will reduce the depth to 2.

BFV is a scheme that supports packing. By default, the size of packed ciphertext is equal to the ring dimension (something like 8192 for the example you mentioned). This means you can pack up to 8192 integers in your case. To support larger arrays/vectors, you would need to break them into batches of 8192 each and encrypt each one separately.

Regarding your application, the CKKS scheme would probably be a much better option (I will respond on the application in more detail in the other thread).

Answer 2

You can determine the ring dimension (generated by the crypto context based on your parameter settings) by using cc->GetRingDimension() as shown in line 113 of https://gitlab.com/palisade/palisade-development/blob/master/src/pke/examples/simple-real-numbers.cpp

Answer 3

I have some experience with the SEAL library which also uses the BFV encryption scheme. The BFV scheme uses modular arithmetic and is able to encrypt integers (not real numbers).

For the parameters you're asking about:

• The Plaintext Modulus is an upper bound for the input integers. If this parameter is too low, it might cause your integers to overflow (depending on how large they are of course)
• The Sigma is the distribution parameter for Gaussian noise generation
• The Depth is the circuit depth which is the maximum number of multiplications on a path

Also for the Packed Plaintext, you should use vectors not arrays. Maybe that will fix your problem. If not, try lowering the size and make several vectors if necessary.