Key-switching
The key-switching allows to convert a ciphertext encrypted with a secret key, to a ciphertext encrypted with another secret key. This requires a special Key-switching key (). Key-switching is used primarily to change the dimension security parameter of a ciphertext, and as part of the bootstrapping procedure.
Operation | |
Type | Leveled |
Side effects | Modifies encryption key Potentially modifies security parameters |
Generating a key-switching key
A Key-switching key is an encryption of the bits of the original secret key (secret_key_before
) under the destination secret key (secret_key_after
). To generate a key-switching key, you can use the structure LWEKSK
with the following parameters:
secret_key_before
: the key under which the ciphertext is encryptedsecret_key_after
: the key under which we want the ciphertext to be encrypted after the key-switchbase_log
: number of bits of the decomposition baselevel
: precision of the decomposition
Both the base_log
and the level
parameters are used to managed the noise of the ciphertext and the message precision on the plaintext. They also impact directly the computation cost and the key-switching key size. The level
is usually chosen small to obtain a good tradeoff between all parameters.
Here is a code example:
Performing a key-switch
Performing a key-switch is done by calling the method keyswitch
, which takes a key-switching key as input, and outputs a ciphertext under the new key. Note that in this example, the ciphertext also changes the dimension security parameter, from 1024 to 630.
Last updated