Paper 2024/153
Revisiting the Slot-to-Coefficient Transformation for BGV and BFV
, KU LeuvenAbstract
Numerous applications in homomorphic encryption require an operation that moves the slots of a ciphertext to the coefficients of a different ciphertext. For the BGV and BFV schemes, the only efficient algorithms to implement this slot-to-coefficient transformation were proposed in the setting of non-power-of-two cyclotomic rings. In this paper, we devise an FFT-like method to decompose the slot-to-coefficient transformation (and its inverse) for power-of-two cyclotomic rings. The proposed method can handle both fully and sparsely packed slots. Our algorithm brings down the computational complexity of the slot-to-coefficient transformation from a linear to a logarithmic number of FHE operations, which is shown via a detailed complexity analysis. The new procedures are implemented in Microsoft SEAL for BFV. The experiments report a speedup of up to $44\times$ when packing $2^{12}$ elements from $\operatorname{GF}(8191^8)$. We also study a fully packed bootstrapping operation that refreshes $2^{15}$ elements from $\operatorname{GF}(65537)$ and obtain an amortized speedup of $12\times$.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- A minor revision of an IACR publication in CIC 2024
- DOI
- 10.62056/a01zogy4e-
- Keywords
- Homomorphic encryptionLinear transformationsBootstrappingBGVBFV
- Contact author(s)
- robin geelen @ esat kuleuven be
- History
- 2024-10-31: last of 4 revisions
- 2024-02-02: received
- See all versions
- Short URL
- https://ia.cr/2024/153
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/153,
author = {Robin Geelen},
title = {Revisiting the Slot-to-Coefficient Transformation for {BGV} and {BFV}},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/153},
year = {2024},
doi = {10.62056/a01zogy4e-},
url = {https://eprint.iacr.org/2024/153}
}
