US-20260128855-A1 - ELECTRONIC DEVICE AND CONTROLLING METHOD THEREOF

Abstract

An electronic apparatus and a controlling method thereof are disclosed. Specifically, the electronic apparatus includes memory storing instructions, and a processor configured to execute the instructions, and the processor is configured to obtain a complex root of unity data by transforming coefficient data included in an encrypted input ciphertext, obtain a plurality of plaintexts that encode the complex root of unity data in slots based on the complex root of unity data, obtain corrected ciphertexts by applying an encrypted mask and a complex conjugation operation to the plurality of plaintexts, obtain a plurality of rotation results of the corrected ciphertexts based on secret indices corresponding to each of a plurality of valid coefficients of a secret key, obtain an intermediate ciphertext based on the plurality of rotation results, and obtain an output ciphertext that is represented as a modulus value greater than a modulus value of an input ciphertext by performing a complex conjugation operation on the intermediate ciphertext and adding the result thereof to the intermediate ciphertext, and that is decodable with a plaintext vector corresponding to a decoding result of the input ciphertext.

Inventors

• Guillaume Hanrot
• Damien Stehle

Assignees

• CRYPTO LAB INC.

Dates

Publication Date

20260507

Application Date

20250923

Priority Date

20240923

Claims (11)

1. 1 . An electronic apparatus, comprising: memory storing instructions; and a processor configured to execute the instructions, wherein the processor is configured to obtain the complex root of unity data by transforming coefficient data comprised in an encrypted input ciphertext, obtain a plurality of plaintexts that encode the complex root of unity data in slots based on the complex root of unity data, obtain corrected ciphertexts by applying at least one encrypted mask and a complex conjugation operation to the plurality of plaintexts, obtain a plurality of rotation results of the corrected ciphertexts based on secret indices corresponding to each of a plurality of valid coefficients of a secret key, obtain an intermediate ciphertext based on the plurality of rotation results, and obtain an output ciphertext that is represented as a modulus value greater than a modulus value of an input ciphertext by performing a complex conjugation operation on the intermediate ciphertext and adding the result thereof to the intermediate ciphertext, and that is decodable with a plaintext vector corresponding to a decoding result of the input ciphertext.
2. 2 . The electronic apparatus of claim 1 , wherein the processor is configured to obtain an output ciphertext by applying a correction coefficient to at least one from among the plurality of plaintexts or at least one from among the corrected ciphertexts.
3. 3 . The electronic apparatus of claim 1 , wherein the processor is configured to obtain an output ciphertext by having at least one from among the plurality of plaintexts omit application of the at least one encrypted mask and the complex conjugation operation.
4. 4 . The electronic apparatus of claim 1 , wherein the processor is configured to transform the input ciphertext to the complex root of unity data, and after encoding the complex root of unity data to plaintext data on a slot basis, increase a modulus value of the plaintext data.
5. 5 . The electronic apparatus of claim 1 , wherein the processor is configured to obtain the plurality of rotation results by performing blind rotation operations in parallel based on the secret indices.
6. 6 . The electronic apparatus of claim 5 , wherein the processor is configured to perform at least one of: a sum of a plurality of simple homomorphic rotation operations multiplied by ciphertexts provided as a part of the blind rotation operations. or and one or more multiplexer-based rotation operations that use a plurality of keys which is provided as a part of the blind rotations.
7. 7 . The electronic apparatus of claim 6 , wherein the processor is configured to perform, based on a range of the secret index being less than or equal to a predetermined threshold value, the simple homomorphic rotation multiplied by ciphertexts, and perform, based on a range of the secret index exceeding the threshold value, the multiplexer based rotation.
8. 8 . The electronic apparatus of claim 1 , wherein the processor is configured to reduce a number of valid coefficients by using a secret-sparse secret key in a process of obtaining the plurality of rotation results.
9. 9 . The electronic apparatus of claim 1 , wherein the processor is configured to obtain the plurality of rotation results after increasing a modulus value of the input ciphertext.
10. 10 . A method for controlling an electronic apparatus, the method comprising: obtaining the complex root of unity data by transforming coefficient data comprised in an encrypted input ciphertext; obtaining a plurality of plaintexts that encode the complex root of unity data in slots based on the complex root of unity data; obtaining corrected ciphertexts by applying at least one encrypted mask and a complex conjugation operation to the plurality of plaintexts; obtaining a plurality of rotation results of the corrected ciphertexts based on secret indices corresponding to each of a plurality of valid coefficients of a secret key; obtaining an intermediate ciphertext based on the plurality of rotation results; and obtaining an output ciphertext that is represented as a modulus value greater than a modulus value of an input ciphertext by performing a complex conjugation operation on the intermediate ciphertext and adding the result thereof to the intermediate ciphertext, and that is decodable with a plaintext vector corresponding to a decoding result of the input ciphertext.
11. 11 . A non-transitory computer-readable medium configured to store a program, the program being configured to execute a method for controlling an electronic apparatus, and the method comprising: obtaining the complex root of unity data by transforming coefficient data comprised in an encrypted input ciphertext; obtaining a plurality of plaintexts that encode the complex root of unity data in slots based on the complex root of unity data; obtaining corrected ciphertexts by applying at least one encrypted mask and a complex conjugation operation to the plurality of plaintexts; obtaining a plurality of rotation results of the corrected ciphertexts based on secret indices corresponding to each of a plurality of valid coefficients of a secret key; obtaining an intermediate ciphertext based on the plurality of rotation results; and obtaining an output ciphertext that is represented as a modulus value greater than a modulus value of an input ciphertext by performing a complex conjugation operation on the intermediate ciphertext and adding the result thereof to the intermediate ciphertext, and that is decodable with a plaintext vector corresponding to a decoding result of the input ciphertext.

Description

TECHNICAL FIELD The disclosure relates to an electronic apparatus and a controlling method of the electronic apparatus, and more particularly to an electronic apparatus capable of performing bootstrapping and encryption operation, and a controlling method thereof. BACKGROUND ART Homomorphic encryption may be an encryption scheme with which addition and multiplication operations can be performed in a ciphertext state, which makes operations possible without decoding sensitive data, and is receiving attention from various fields such as machine learning, statistical analysis, finance, and health care in which protection of privacy is required. The Cheon-Kim-Kim-Song (CKKS) scheme may be the representative homomorphic encryption scheme that supports approximation operations for complex vectors, and utilization thereof in numerical operation applications such as machine learning and data analysis may be high. However, if repetitive multiplication operations are performed in the CKKS, noise may be significantly accumulated in a ciphertext, and after operations of a certain level or more, problems such as not being able to obtain correct results when performing decoding may occur. To solve the above, a bootstrapping technique was introduced, but the conventional technique requires very high operation complexity and deep multiplicative depth, and has limitations of increasing delays in overall bootstrapping and excessive resource consumption. In addition, because a stable operation in the conventional technique is possible only when a large modulus chain and ring degree are set, a parameter size of an entire system may become excessive. As a result, there may be limitations of an actual throughput reducing and required amount of memory increasing. The above may be factors that reduce practicalities of bootstrapping in, specifically, a cloud environment or devices with resource limitations. Furthermore, the conventional technique requires unnecessary number of operations in a rotation operation and masking process, and a deterioration in performance of the overall bootstrapping may occur due to not effectively managing a modulus budget. Accordingly, in order to effectively perform CKKS bootstrapping, a new approach for reducing complexities in existing levels, and simultaneously minimizing operation depth and modulus consumption is needed. DISCLOSURE Technical Solution Aspects according to the disclosure are provided to solve at least the above-described problems, and to provide an electronic apparatus capable of performing efficient and effective bootstrapping and encryption operations and a controlling method thereof. Additional aspects will be described in part in the description below, and parts thereof will be obvious from the description, or learned by practice of the embodiments provided. According to an aspect of the disclosure, an electronic apparatus includes memory storing instructions, and a processor configured to execute the instructions, and the processor is configured to obtain the complex root of unity data by transforming coefficient data included in an encrypted input ciphertext, obtain a plurality of plaintexts that encode the complex root of unity data in slots based on the complex root of unity data, obtain corrected ciphertexts by applying an encrypted mask and a complex conjugation operation to the plurality of plaintexts, obtain a plurality of rotation results of the corrected ciphertexts based on secret indices corresponding to each of a plurality of valid coefficients of a secret key, obtain an intermediate ciphertext based on the plurality of rotation results, and obtain an output ciphertext that is represented as a modulus value greater than a modulus value of an input ciphertext by performing a complex conjugation operation on the intermediate ciphertext and adding the result thereof to the intermediate ciphertext, and that is decodable with a plaintext vector corresponding to a decoding result of the input ciphertext. The processor may be configured to obtain an output ciphertext by applying a correction coefficient to at least one from among the plurality of plaintexts or at least one from among the corrected ciphertexts. The processor may be configured to obtain an output ciphertext by having at least one from among the plurality of plaintexts omit application of the encrypted mask and the complex conjugation operation. The processor may be configured to transform the input ciphertext to the complex root of unity data, and after encoding the complex root of unity data to plaintext data on a slot basis, increase a modulus value of the plaintext data. The processor may be configured to obtain the plurality of rotation results by performing a blind rotation in parallel based on the secret indices. The processor may be configured to perform at least one from among a sum of a plurality of simple homomorphic rotation operations multiplied by ciphertexts provided as a part of the blind rot