playerxq
commented
1 year ago I think for each I in SEAL_ITERATE(iter(size_t(0)), rns_modulus_size, [&](auto I), we just need to multiply target_iter[I] = c2i with ksk[I][key_index] = ((P mod qi)(sk_new mod qi) + ask_old + e, -a) mod qi
I am reading the code of switch_key_inplace function, and found that in the two loops computing c2 ksk: SEAL_ITERATE(iter(size_t(0)), rns_modulus_size, [&](auto I) SEAL_ITERATE(iter(size_t(0)), decomp_modulus_size, [&](auto J) we actually obtain sum(c2 mod qj ksk[j][i]) mod qi = c2i(P mod qi)(sk_new mod qi) + sum_j(c2j(ajsj_old + ej mod qi, -aj mod qi)) mod qi for each qi in rns modulus basis. However, to recover c2 ksk mod QP we have to obtain c2 ksk mod qi = c2i(P mod qi)(sk_new mod qi) + c2i(aisi_old + ei mod qi, -ai mod qi) and then do CRT. So why we accumulate sum_j(c2j(ajsj_old + ej mod qi, -aj mod qi))? Can this be converted to c2 * ksk mod QP?