rtitiu
commented
3 years ago Hello. The issue seems to be that you assume multiplication takes place component-wise. But it is not the case here. For instance when multiplying [1,1,0,1] with [0,1,0,0] the following thing happens:
[1,1,0,1] gets mapped to the polynomial f(X) = 1 + 1X + 0 X^2 + 1X^3 = 1 + X + X^3 [0,1,0,0] gets mapped to the polynomial g(X) = X then the two polynomials are multiplied together f g = X + X^2 + X^4 . To get the final answer this result is further reduced mod the polynomial that defines the ring: X ^ n + 1. Current parameters in main give n = 2 ** 2. So to get the result we do X + X^2 + X^4 mod X^4 + 1 = 1 + X + X^2 , which converts back exactly to [1,1,1,0].
You can read more about the maths behind the scheme in our blog-post: https://bit-ml.github.io/blog/post/homomorphic-encryption-toy-implementation-in-python/
rkarn
I run the main.py. I get following result:
[+] Ciphertext ct1([1, 0, 1, 1]):
[+] Ciphertext ct2([1, 1, 0, 1]):
[+] Decrypted ct3=(ct1 + [0, 1, 1, 0]): [1 1 0 1] [+] Decrypted ct4=(ct2 [0, 1, 0, 0]): [1 1 1 0] [+] Decrypted ct5=(ct1 + [0, 1, 1, 0] + [0, 1, 0, 0] ct2): [0 0 1 1] [+] pt1 + [0, 1, 1, 0] + [0, 1, 0, 0] pt2): [0 0 1 1] [+] Decrypted ct6=(ct1 ct2): [0 0 0 1] [+] Decrypted ct7=(ct1 ct2): [0 0 0 1] [+] pt1 pt2: [0 0 0 1]
The multiplication ct2 [0, 1, 0, 0] = [1, 1, 0, 1] [0, 1, 0, 0] should be [0, 1, 0, 0] . But it computes as [1 1 1 0]. Also, pt1 pt2 = [1, 0, 1, 1] [1, 1, 0, 1] should be [1, 0, 0, 1] but it computes as [0 0 0 1].
Can you please elaborate ?