[Resource Topic] 2024/1638: Modular Reduction in CKKS

Resource Public-key cryptography
#1

Welcome to the resource topic for 2024/1638

Title:
Modular Reduction in CKKS

Authors: Jaehyung Kim, Taeyeong Noh

Abstract:

The Cheon-Kim-Kim-Song (CKKS) scheme is renowned for its efficiency in encrypted computing over real numbers. However, it lacks an important functionality that most exact schemes have, an efficient modular reduction. This derives from the fundamental difference in encoding structure. The CKKS scheme encodes messages to the least significant bits, while the other schemes encode to the most significant bits (or in an equivalent manner). As a result, CKKS could enjoy an efficient rescaling but lost the ability to modular reduce inherently.

Our key observation is that at the very bottom modulus, plaintexts encoded in the least significant bits can still enjoy the inherent modular reduction of RLWE. We suggest incorporating modular reduction as a primary operation for CKKS and exploring its impact on efficiency. We constructed a novel homomorphic modular reduction algorithm using the discrete bootstrapping from Bae et al. [Asiacrypt’24] and a new discretization algorithm from modulus switching. One of the key advantages of our modular reduction is that its computational complexity grows sublinearly (O(\log k)) as we increase the input range [0,k), which is asymptotically better than the state-of-the-art with \geq O(k).

We checked our algorithms with concrete experiments. Notably, our modulo 1 function for input range [0, 2^{20}) takes only 44.9 seconds with 13.3 bits of (mean) precision, in a single-threaded CPU. Recall that modular reduction over such a large range was almost infeasible in the previous works, as they need to evaluate a polynomial of degree > 2^{20} (or equivalent). As an application of our method, we compared a bit decomposition based on our framework with the state-of-the-art method from Drucker et al. [J.Cryptol’24]. Our method is 7.1 \times faster while reducing the failure probability by more than two orders of magnitude.

ePrint: https://eprint.iacr.org/2024/1638

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .