microsoft/SEAL v3.4.0

Release 3.4.0

on GitHub

Changes

New Features

• Microsoft SEAL can use ZLIB, a data compression library,
  to automatically compress data that is serialized. This applies to every serializable object
  in Microsoft SEAL. This feature must be enabled by the user. See more explanation of the compression
  mechanism in README.md. Microsoft SEAL does not redistribute ZLIB.

• AES-128 is replaced with the BLAKE2 family of hash functions in the pseudorandom number generator,
  as BLAKE2 provides better cross-platform support. Microsoft SEAL redistributes the
  reference implementation of BLAKE2
  with light modifications to silence some misleading warnings in Visual Studio. The reference
  implementation of BLAKE2 is licensed under
  CC0 1.0 Universal; see license boilerplates
  in files native/src/seal/util/blake*.

• The serialization functionality has been completely rewritten to make it more safe and robust.
  Every serialized Microsoft SEAL object starts with a 16-byte Serialization::SEALHeader struct,
  and then includes the data for the object member variables. Every serializable object can now also
  be directly serialized into a memory buffer instead of a C++ stream. This improves serialization
  for .NET and makes it much easier to wrap the serialization functionality in other languages, e.g.,
  Java. Unfortunately, old serialized Microsoft SEAL objects are incompatible with the new format.

• A ciphertext encrypted with a secret key, for example, a keyswitching key, has one component
  generated by the PRNG. By using a seeded PRNG, this component can be replaced with the random seed
  used by the PRNG to reduce data size. After transmitted to another party with Microsoft SEAL, the
  component can be restored (regenerated) with the same seed. The security of using seeded PRNG is
  enhanced by switching to BLAKE2 hash function with a 512-bit seed.

• Encryptor now can be constructed with a secret key. This enables symmetric key encryption which
  has methods that serialize ciphertexts (compressed with a seed) to a C++ stream or a memory buffer.

• The CMake system has been improved. For example, multiple versions of Microsoft SEAL can now be
  installed on the same system easily, as the default installation directory and library filename now
  depend on the version of Microsoft SEAL. Examples and unit tests can now be built without installing
  the library. README.md has been updated to reflect these changes.

• Encryptor::encrypt operations in the BFV scheme are modified. Each coefficient of a plaintext
  message is first multiplied with the ciphertext modulus, then divided by the plaintext modulus, and
  rounded to the nearest integer. In comparison with the previous method, where each coefficient of a
  plaintext message is multiplied with the flooring of the coefficient modulus divided by the plaintext
  modulus, the new method reduces the noise introduced in encryption, increases a noise budget of a
  fresh encryption, slightly slows down encryption, and has no impact on the security at all.

• Merged PR 62 that uses a non-adjacent form (NAF)
  decomposition of random rotations to perform them in a minimal way from power-of-two rotations in
  both directions. This improves performance of random rotations.

API Changes

C++ Native

In all classes with save and load methods:

• Replaced the old save with two new methods that saves to either a C++ stream or a memory buffer.
  Optionally, a compression mode can be chosen when saving an object.
• Replaced the old load with two new methods that loads from either a C++ stream or a memory buffer.
• Added a method save_size to get an upper bound on the size of the object as if it was written to
  an output stream. To save to a buffer, the user must ensure that the buffer has at least size equal
  to what the save_size member function returns.
• New save and load methods rely on the Serialization class declared in serialization.h.
  This class unifies the serialization functionality for all serializable Microsoft SEAL classes.

In class Ciphertext:

• Added a method int_array for read-only access to the underlying IntArray object.
• Removed methods uint64_count_capacity and uint64_count that can now be accessed in a more
  descriptive manner through the int_arrar return value.

In class CKKSEncoder: added support for gsl::span type of input.

In class SEALContext::ContextData: added method coeff_mod_plain_modulus for read-only access to
the non-RNS version of upper_half_increment.

In class EncryptionParameters: an EncryptionParameters object can be constructed without
scheme_type which by default is set to scheme_type::none.

In class Encryptor:

• An Encryptor object can now be constructed with a secret key to enable symmetric key encryption.
• Added methods encrypt_symmetric and encrypt_zero_symmetric that generate a Ciphertext using
  the secret key.
• Added methods encrypt_symmetric_save and encrypt_zero_symmetric_save that directly serialize
  the resulting Ciphertext to a C++ stream or a memory buffer. The resulting Ciphertext no long
  exists after serilization. In these methods, the second polynomial of a ciphertext is generated by
  the PRNG and is replaced with the random seed used.

In class KeyGenerator:

• Added methods relin_keys_save and galois_keys_save that generate and directly serialize keys
  to a C++ stream or a memory buffer. The resulting keys no long exist after serilization. In these
  methods, half of the polynomials in keys are generated by the PRNG and is replaced with the random
  seed used.
• Methods galois_keys and galois_keys_save throw an exception if EncryptionParameters do not
  support batching in the BFV scheme.

In class Plaintext: added a method int_array for read-only access to the underlying IntArray
object.

In class UniformRandomGenerator and UniformRandomGeneratorFactory: redesigned for users to
implement their own random number generators more easily.

In file valcheck.h: validity checks are partitioned into finer methods; the is_valid_for(...)
functions will validate all aspects fo the Microsoft SEAL ojects.

New classes BlakePRNG and BlakePRNGFactory: uses Blake2 family of hash functions for PRNG.

New class Serialization:

• Gives a uniform serilization in Microsoft SEAL to save objects to a C++ stream or a memory buffer.
• Can be configured to use ZLIB compression.

New files:

• native/src/seal/util/rlwe.h
• native/src/seal/util/blake2.h
• native/src/seal/util/blake2-impl.h
• native/src/seal/util/blake2b.c
• native/src/seal/util/blake2xb.c
• native/src/seal/util/croots.cpp
• native/src/seal/util/croots.h
• native/src/seal/util/scalingvariant.cpp
• native/src/seal/util/scalingvariant.h
• native/src/seal/util/ztools.cpp
• native/src/seal/util/ztools.h
• native/src/seal/serialization.cpp
• native/src/seal/serialization.h
• native/tests/seal/serialization.cpp
• dotnet/native/sealnet/serialization_wrapper.cpp
• dotnet/native/sealnet/serialization_wrapper.h

Removed files:

• native/src/seal/util/hash.cpp

.NET

API changes are mostly identical in terms of functionality to those in C++ native, except only
the IsValidFor variant of the validity check functions is available in .NET, the more granular
checks are not exposed.

New files:

• dotnet/src/Serialization.cs

Minor Bug and Typo Fixes

• Function encrypt_zero_asymmetric in native/src/seal/util/rlwe.h
  handles the condition is_ntt_form == false correctly.
• Invariant noise calculation in BFV is now correct when the plaintext modulus is large and
  ciphertexts are fresh (reported in issue 59).
• Fixed comments in native/src/seal/util/smallntt.cpp as
  reported in issue 56.
• Fixed an error in examples as reported in issue 61.
• GaloisKeys can no longer be created with encryption parameters that do not support batching.
• Security issues in deserialization were resolved.