参考文献:
- [Gold64] Goldschmidt R E. Applications of division by convergence[D]. Massachusetts Institute of Technology, 1964.
- [CKKLL19] Cheon J H, Kim D, Kim D, et al. Numerical method for comparison on homomorphically encrypted numbers[C]//International Conference on the Theory and Application of Cryptology and Information Security. Cham: Springer International Publishing, 2019: 415-445.
- [CKK20] Cheon J H, Kim D, Kim D. Efficient homomorphic comparison methods with optimal complexity[C]//Advances in Cryptology–ASIACRYPT 2020: 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7–11, 2020, Proceedings, Part II 26. Springer International Publishing, 2020: 221-256.
- [LLNK21] Lee E, Lee J W, No J S, et al. Minimax approximation of sign function by composite polynomial for homomorphic comparison[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 19(6): 3711-3727.
- [LLKN22] Lee E, Lee J W, Kim Y S, et al. Optimization of homomorphic comparison algorithm on rns-ckks scheme[J]. IEEE Access, 2022, 10: 26163-26176.
文章目录
CKKS 方案只能计算多项式,但是符号函数是阶跃的,难以表示为简单多项式。如果采取完全的插值,随着精度提高,多项式的度数将会是指数级。[CKK20] 提出可以通过迭代一个或两个简单多项式,来快速逼近符号函数,它达到了渐进最优。[LLNK21] 使用若干个 minimax approximate polynomials 的组合来逼近符号函数,用动态规划算法确定它们,实际效率更好。[LLKN22] 继续改进,但提升并不算大。
New Comparison Algorithm
Idea
待计算的两个函数,关系为 c o m p ( a , b ) = ( s g n ( a − b ) + 1 ) / 2 comp(a,b)=(sgn(a-b)+1)/2 comp(a,b)=(sgn(a−b)+1)/2
s g n ( x ) = { 1 , x > 0 0 , x = 0 − 1 , x < 0 c o m p ( a , b ) = { 1 , a > b 1 / 2 , a = b 0 , a < b \begin{aligned} sgn(x) &= \left\{\begin{aligned} 1, && x>0\\ 0, && x=0\\ -1, && x<0 \end{aligned}\right.\\ comp(a,b) &= \left\{\begin{aligned} 1, && a>b\\ 1/2, && a=b\\ 0, && a<b \end{aligned}\right.\\ \end{aligned} sgn(x)comp(a,b)=⎩
⎨
⎧1,0,−1,x>0x=0x<0=⎩
⎨
⎧1,1/2,0,a>ba=ba<b
在 [CKKLL19] 中指出如下的公式,
c o m p ( a , b ) = lim k → ∞ a k a k + b k comp(a,b) = \lim_{k \to \infty} \frac{a^k}{a^k + b^k} comp(a,b)=k→∞limak+bkak
可以使用迭代算法,
- 初始化 a 0 = a , b 0 = b a_0=a,b_0=b a0=a,b0=b
- 迭代计算 a k + 1 ← a k 2 / ( a k 2 + b k 2 ) a_{k+1} \gets a_k^2/(a_k^2+b_k^2) ak+1←ak2/(ak2+bk2) 和 b k + 1 ← a k 2 / ( a k 2 + b k 2 ) b_{k+1} \gets a_k^2/(a_k^2+b_k^2) bk+1←ak2/(ak2+bk2)
- 输出 a d = a 2 d / ( a 2 d + b 2 d ) ≈ c o m p ( a , b ) a_d=a^{2^d}/(a^{2^d}+b^{2^d}) \approx comp(a,b) ad=a2d/(a2d+b2d)≈comp(a,b)
然而这种方法需要计算同态除法,同态方案并不自然支持。[CKKLL19] 使用了 Goldschmidt’s division 算法,但效率很低。
[CKK20] 的目标是找到一个好的简单多项式,并且它的迭代过程中不需要计算除法。首先将 [CKKLL19] 的迭代函数修改为 f ( x ) = x 2 / ( x 2 + ( 1 − x ) 2 ) , x ∈ [ 0 , 1 ] f(x)=x^2/(x^2+(1-x)^2), x \in [0,1] f(x)=
最低0.47元/天 解锁文章
扫一扫
1613
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
