Merge pull request #19 from b5li/rns

highway-based lazy FMA for RNS polynomial

Author: b5li

WORKSPACE

@@ -87,3 +87,14 @@ http_archive(
     sha256 = "34af2f15cf7367513b352bdcd2493ab14ce43692d2dcd9dfc499492966c64dcf",
     strip_prefix = "gflags-2.2.2",
 )
+
+# Highway for SIMD operations.
+# https://github.com/google/highway
+http_archive(
+    name = "com_github_google_highway",
+    sha256 = "e9a9e1d2c7a607d4bce48b75f83eb25a8e802e6fe065bcd5dd770b79034ac6b9",
+    strip_prefix = "highway-3af6ba57bf82c861870f92f0483149439007d652",
+    urls = [
+        "https://github.com/google/highway/archive/3af6ba57bf82c861870f92f0483149439007d652.zip",
+    ],
+)

shell_encryption/rns/BUILD

@@ -314,6 +314,7 @@ cc_library(
     srcs = ["rns_ciphertext.cc"],
     hdrs = ["rns_ciphertext.h"],
     deps = [
+        ":lazy_rns_polynomial",
         ":rns_error_params",
         ":rns_polynomial",
         ":serialization_cc_proto",
@@ -724,6 +725,7 @@ cc_library(
     hdrs = ["rns_galois_key.h"],
     deps = [
         ":error_distribution",
+        ":lazy_rns_polynomial",
         ":rns_bfv_ciphertext",
         ":rns_bgv_ciphertext",
         ":rns_ciphertext",
@@ -828,3 +830,66 @@ cc_test(
         "@com_google_absl//absl/strings",
     ],
 )
+
+# Highway-based polynomial multiplication.
+cc_library(
+    name = "rns_polynomial_hwy",
+    srcs = ["rns_polynomial_hwy.cc"],
+    hdrs = ["rns_polynomial_hwy.h"],
+    deps = [
+        "//shell_encryption:integral_types",
+        "//shell_encryption:montgomery",
+        "@com_github_google_highway//:hwy",
+        "@com_google_absl//absl/base:core_headers",
+        "@com_google_absl//absl/numeric:int128",
+        "@com_google_absl//absl/status",
+        "@com_google_absl//absl/status:statusor",
+        "@com_google_absl//absl/types:span",
+    ],
+)
+
+# Lazy RNS polynomial.
+cc_library(
+    name = "lazy_rns_polynomial",
+    srcs = ["lazy_rns_polynomial.cc"],
+    hdrs = ["lazy_rns_polynomial.h"],
+    deps = [
+        ":rns_modulus",
+        ":rns_polynomial",
+        ":rns_polynomial_hwy",
+        "//shell_encryption:integral_types",
+        "//shell_encryption:montgomery",
+        "//shell_encryption:statusor_fork",
+        "@com_github_google_highway//:hwy",
+        "@com_google_absl//absl/numeric:int128",
+        "@com_google_absl//absl/status",
+        "@com_google_absl//absl/status:statusor",
+        "@com_google_absl//absl/strings",
+        "@com_google_absl//absl/types:span",
+    ],
+)
+
+cc_test(
+    name = "lazy_rns_polynomial_test",
+    srcs = ["lazy_rns_polynomial_test.cc"],
+    deps = [
+        ":lazy_rns_polynomial",
+        ":rns_context",
+        ":rns_modulus",
+        ":rns_polynomial",
+        "//shell_encryption:integral_types",
+        "//shell_encryption:montgomery",
+        "//shell_encryption:polynomial",
+        "//shell_encryption:statusor_fork",
+        "//shell_encryption/rns/testing:parameters",
+        "//shell_encryption/rns/testing:testing_utils",
+        "//shell_encryption/testing:matchers",
+        "//shell_encryption/testing:parameters",
+        "//shell_encryption/testing:status_testing",
+        "//shell_encryption/testing:testing_prng",
+        "@com_github_google_googletest//:gtest_main",
+        "@com_google_absl//absl/log:check",
+        "@com_google_absl//absl/status",
+        "@com_google_absl//absl/strings",
+    ],
+)

shell_encryption/rns/lazy_rns_polynomial.cc

@@ -0,0 +1,129 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "shell_encryption/rns/lazy_rns_polynomial.h"
+
+#include <vector>
+
+#include "absl/numeric/int128.h"
+#include "absl/status/status.h"
+#include "absl/types/span.h"
+#include "shell_encryption/integral_types.h"
+#include "shell_encryption/montgomery.h"
+#include "shell_encryption/rns/rns_modulus.h"
+#include "shell_encryption/rns/rns_polynomial.h"
+#include "shell_encryption/rns/rns_polynomial_hwy.h"
+#include "shell_encryption/status_macros.h"
+
+namespace rlwe {
+
+using ModularInt32 = MontgomeryInt<Uint32>;
+using ModularInt64 = MontgomeryInt<Uint64>;
+
+template <typename ModularInt>
+absl::Status LazyRnsPolynomial<ModularInt>::CheckFusedMulAddInPlaceParameters(
+    const RnsPolynomial<ModularInt>& a, const RnsPolynomial<ModularInt>& b,
+    absl::Span<const PrimeModulus<ModularInt>* const> moduli) {
+  if (!a.IsNttForm() || !b.IsNttForm()) {
+    return absl::InvalidArgumentError(
+        "Polynomials `a` and `b` must be in NTT form.");
+  }
+  int num_moduli = moduli.size();
+  if (a.NumModuli() != num_moduli || b.NumModuli() != num_moduli ||
+      coeff_vectors_.size() != num_moduli) {
+    return absl::InvalidArgumentError(
+        "Polynomials `a`, `b`, and this must all be defined wrt `moduli`");
+  }
+  int num_coeffs = coeff_vectors_[0].size();
+  if (a.NumCoeffs() != num_coeffs || b.NumCoeffs() != num_coeffs) {
+    return absl::InvalidArgumentError(
+        "Polynomials `a` and `b` must have the same number of coefficients as "
+        "this lazy polynomial.");
+  }
+  return absl::OkStatus();
+}
+
+template <typename ModularInt>
+absl::Status LazyRnsPolynomial<ModularInt>::FusedMulAddInPlace(
+    const RnsPolynomial<ModularInt>& a, const RnsPolynomial<ModularInt>& b,
+    absl::Span<const PrimeModulus<ModularInt>* const> moduli) {
+  RLWE_RETURN_IF_ERROR(CheckFusedMulAddInPlaceParameters(a, b, moduli));
+  if (current_level_ == maximum_level_) {
+    Refresh(moduli);
+  }
+
+  int num_moduli = moduli.size();
+  int num_coeffs = coeff_vectors_[0].size();
+  const auto& a_coeff_vectors = a.Coeffs();
+  const auto& b_coeff_vectors = b.Coeffs();
+  for (int i = 0; i < num_moduli; ++i) {
+    for (int j = 0; j < num_coeffs; ++j) {
+      coeff_vectors_[i][j] +=
+          static_cast<BigInt>(
+              a_coeff_vectors[i][j].GetMontgomeryRepresentation()) *
+          b_coeff_vectors[i][j].GetMontgomeryRepresentation();
+    }
+  }
+  current_level_++;
+  return absl::OkStatus();
+}
+
+template <>
+absl::Status LazyRnsPolynomial<ModularInt32>::FusedMulAddInPlace(
+    const RnsPolynomial<ModularInt32>& a, const RnsPolynomial<ModularInt32>& b,
+    absl::Span<const PrimeModulus<ModularInt32>* const> moduli) {
+  RLWE_RETURN_IF_ERROR(CheckFusedMulAddInPlaceParameters(a, b, moduli));
+  if (current_level_ == maximum_level_) {
+    Refresh(moduli);
+  }
+
+  int num_moduli = moduli.size();
+  const auto& a_coeff_vectors = a.Coeffs();
+  const auto& b_coeff_vectors = b.Coeffs();
+  for (int i = 0; i < num_moduli; ++i) {
+    internal::BatchFusedMulAddMontgomeryRep<Uint32>(
+        a_coeff_vectors[i], b_coeff_vectors[i], coeff_vectors_[i]);
+  }
+  current_level_++;
+  return absl::OkStatus();
+}
+
+template <>
+absl::Status LazyRnsPolynomial<ModularInt64>::FusedMulAddInPlace(
+    const RnsPolynomial<ModularInt64>& a, const RnsPolynomial<ModularInt64>& b,
+    absl::Span<const PrimeModulus<ModularInt64>* const> moduli) {
+  RLWE_RETURN_IF_ERROR(CheckFusedMulAddInPlaceParameters(a, b, moduli));
+  if (current_level_ == maximum_level_) {
+    Refresh(moduli);
+  }
+  int num_moduli = moduli.size();
+  const auto& a_coeff_vectors = a.Coeffs();
+  const auto& b_coeff_vectors = b.Coeffs();
+  for (int i = 0; i < num_moduli; ++i) {
+    internal::BatchFusedMulAddMontgomeryRep<Uint64>(
+        a_coeff_vectors[i], b_coeff_vectors[i], coeff_vectors_[i]);
+  }
+  current_level_++;
+  return absl::OkStatus();
+}
+
+template class LazyRnsPolynomial<MontgomeryInt<Uint16>>;
+template class LazyRnsPolynomial<MontgomeryInt<Uint32>>;
+template class LazyRnsPolynomial<MontgomeryInt<Uint64>>;
+template class LazyRnsPolynomial<MontgomeryInt<absl::uint128>>;
+#ifdef ABSL_HAVE_INTRINSIC_INT128
+template class LazyRnsPolynomial<MontgomeryInt<unsigned __int128>>;
+#endif
+
+}  // namespace rlwe