BGV 2

library(polynom)
library(HomomorphicEncryption)

Set some parameters.

d  =   4
n  =   2^d
p  =   (n/2)-1
t  =   p
q  = 868

Set a working seed for random numbers

set.seed(123)

Here we create the polynomial modulo.

pm = polynomial( coef=c(1, rep(0, n-1), 1 ) )
print(pm)
#> 1 + x^16

Create the secret key.

# generate a secret key
s = polynomial( sample.int(3, n, replace=TRUE)-2 )
print(s)
#> 1 + x + x^2 + x^4 + x^8 - x^9 - x^12 + x^14 - x^15

Create a (part of the public key)

# generate a
a = polynomial(sample.int(q, n, replace=TRUE))
print(a)
#> 91 + 348*x + 649*x^2 + 355*x^3 + 840*x^4 + 26*x^5 + 519*x^6 + 426*x^7 + 649*x^8  
#> + 766*x^9 + 211*x^10 + 590*x^11 + 593*x^12 + 555*x^13 + 373*x^14 + 844*x^15

Create the error term e to be used to generate the public key.

# generate the error
e = polynomial( coef=round(stats::rnorm(n, 0, n/3)) )
print(e)
#> -6 - x - 5*x^2 - 4*x^3 - 3*x^4 - 9*x^5 + 4*x^6 + x^7 - 6*x^8 + 7*x^9 + 2*x^10 -  
#> 2*x^11 + 5*x^12 + 5*x^13 + 4*x^14 + 4*x^15

Generate Part 1 of the Public Key.

pk1 = -(a*s + p*e)
pk1 = pk1 %% pm
pk1 = CoefMod(pk1, q)
print(pk1)
#> 577 + 764*x + 467*x^2 + 395*x^3 + 537*x^4 + 201*x^5 + 372*x^6 + 401*x^7 +  
#> 733*x^8 + 255*x^9 + 642*x^10 + 37*x^11 + 818*x^12 + 830*x^13 + 65*x^14 +  
#> 405*x^15

Generate Part 2 of the Public Key (which is actually just equal to a).

pk2 = a

Create a polynomial message

# create a message
m = polynomial( coef=c(2, 3, 4) )

Create polynomials for the encryption of the message. Since e1 and e2 are constructed the same way as e, we don’t print them, we just print u.

# polynomials for encryption
e1 = polynomial( coef=round(stats::rnorm(n, 0, n/3)) )
e2 = polynomial( coef=round(stats::rnorm(n, 0, n/3)) )
u  = polynomial( coef=sample.int(3, (n-1), replace=TRUE)-2 )
print(u)
#> x^3 - x^5 + x^9 + x^11 + x^13 - x^14

Generate Part 1 of the ciphertext version of the message.

ct1 = pk1*u + p*e1 + m
ct1 = ct1 %% pm
ct1 = CoefMod(ct1, q)
print(ct1)
#> 436 + 377*x + 95*x^2 + 818*x^3 + 820*x^4 + 695*x^5 + 61*x^6 + 620*x^7 + 86*x^8  
#> + 392*x^9 + 533*x^10 + 420*x^11 + 701*x^12 + 159*x^13 + 572*x^14 + 788*x^15

Generate Part 2 of the ciphertext version of the message.

ct2 = pk2*u + p*e2
ct2 = ct2 %% pm
ct2 = CoefMod(ct2, q)
print(ct2)
#> 745 + 352*x + 194*x^2 + 35*x^3 + 741*x^4 + 420*x^5 + 488*x^6 + 655*x^7 +  
#> 511*x^8 + 241*x^9 + 796*x^10 + 149*x^11 + 530*x^12 + 264*x^13 + 476*x^14 +  
#> 306*x^15

Decrypt

decrypt = (ct2 * s) + ct1
decrypt = decrypt %% pm
decrypt = CoefMod(decrypt, q)
decrypt = CoefMod(round(decrypt), p)
print(decrypt)
#> 2 + 3*x + 4*x^2