[she] add PrecomputedPublicKey

include/mcl/she.hpp

@@ -328,6 +328,7 @@ struct SHET {
 
 	class SecretKey;
 	class PublicKey;
+	class PrecomputedPublicKey;
 	// additive HE
 	class CipherTextA; // = CipherTextG1 + CipherTextG2
 	class CipherTextM; // multiplicative HE
@@ -614,6 +615,7 @@ public:
 		G1 xP_;
 		G2 yQ_;
 		friend class SecretKey;
+		friend class PrecomputedPublicKey;
 		/*
 			(S, T) = (m P + r xP, rP)
 		*/
@@ -851,6 +853,61 @@ public:
 		bool operator!=(const PublicKey& rhs) const { return !operator==(rhs); }
 	};
 
+	class PrecomputedPublicKey {
+		typedef local::InterfaceForHashTable<GT, false> GTasEC;
+		typedef mcl::fp::WindowMethod<GTasEC> GTwin;
+		GT exPQ_;
+		GT eyPQ_;
+		GT exyPQ_;
+		GTwin exPQwm_;
+		GTwin eyPQwm_;
+		GTwin exyPQwm_;
+		template<class T>
+		void mulByWindowMethod(GT& x, const GTwin& wm, const T& y) const
+		{
+			wm.mul(static_cast<GTasEC&>(x), y);
+		}
+	public:
+		void init(const PublicKey& pub)
+		{
+			BN::pairing(exPQ_, pub.xP_, Q_);
+			BN::pairing(eyPQ_, P_, pub.yQ_);
+			BN::pairing(exyPQ_, pub.xP_, pub.yQ_);
+			const size_t bitSize = Fr::getBitSize();
+			exPQwm_.init(static_cast<const GTasEC&>(exPQ_), bitSize, local::winSize);
+			eyPQwm_.init(static_cast<const GTasEC&>(eyPQ_), bitSize, local::winSize);
+			exyPQwm_.init(static_cast<const GTasEC&>(exyPQ_), bitSize, local::winSize);
+		}
+		template<class RG>
+		void enc(CipherTextM& c, int64_t m, RG& rg) const
+		{
+			/*
+				(s, t, u, v) = (e^m e^(xya), (e^x)^b, (e^y)^c, e^(b + c - a))
+			*/
+			Fr ra, rb, rc;
+			ra.setRand(rg);
+			rb.setRand(rg);
+			rc.setRand(rg);
+			GT t;
+			ePQhashTbl_.mulByWindowMethod(c.g_[0], m); // e^m
+			mulByWindowMethod(t, exyPQwm_, ra); // (e^xy)^a
+			c.g_[0] *= t;
+			mulByWindowMethod(c.g_[1], exPQwm_, rb); // (e^x)^b
+			mulByWindowMethod(c.g_[2], eyPQwm_, rc); // (e^y)^c
+			rb = rb + rc - ra;
+			ePQhashTbl_.mulByWindowMethod(c.g_[3], rb);
+		}
+		template<class RG>
+		void reRand(CipherTextM& c, RG& rg) const
+		{
+			CipherTextM c0;
+			enc(c0, 0, rg);
+			CipherTextM::add(c, c, c0);
+		}
+		void enc(CipherTextM& c, int64_t m) const { return enc(c, m, local::g_rg); }
+		void reRand(CipherTextM& c) const { reRand(c, local::g_rg); }
+	};
+
 	class CipherTextA {
 		CipherTextG1 c1_;
 		CipherTextG2 c2_;
@@ -928,6 +985,7 @@ public:
 		GT g_[4];
 		friend class SecretKey;
 		friend class PublicKey;
+		friend class PrecomputedPublicKey;
 		friend class CipherTextA;
 	public:
 		void clear()
@@ -1148,6 +1206,7 @@ template<class BN, class Fr> local::HashTable<typename BN::Fp12, false> SHET<BN,
 typedef mcl::she::SHET<bn_current::BN, bn_current::Fr> SHE;
 typedef SHE::SecretKey SecretKey;
 typedef SHE::PublicKey PublicKey;
+typedef SHE::PrecomputedPublicKey PrecomputedPublicKey;
 typedef SHE::CipherTextG1 CipherTextG1;
 typedef SHE::CipherTextG2 CipherTextG2;
 typedef SHE::CipherTextA CipherTextA;

misc/she/bench4.txt

@@ -47,6 +47,7 @@ GTwindow 1.05e+01
 encG1    2.21e+02
 encG2    4.77e+02
 encGT    2.45e+03
+encGTpre 6.03e+02
 decG1    1.84e+02
 degGT    2.19e+03
 mul      4.06e+03
@@ -56,6 +57,7 @@ addGT    2.04e+01
 reRandG1 2.12e+02
 reRandG2 4.76e+02
 reRandGT 2.47e+03
+reRandGTpre 6.18e+02
 mulG1    7.90e+01
 mulG2    1.65e+02
 mulGT    3.93e+02

misc/she/bench6.txt

@@ -47,6 +47,7 @@ GTwindow 2.10e+01
 encG1    6.07e+02
 encG2    1.51e+03
 encGT    7.66e+03
+encGTpre 1.74e+03
 decG1    5.51e+02
 degGT    6.00e+03
 mul      1.34e+04
@@ -56,6 +57,7 @@ addGT    4.26e+01
 reRandG1 6.15e+02
 reRandG2 1.50e+03
 reRandGT 7.68e+03
+reRandGTpre 1.75e+03
 mulG1    1.53e+02
 mulG2    3.60e+02
 mulGT    8.85e+02

misc/she/bench8.txt

@@ -47,6 +47,7 @@ GTwindow 4.04e+01
 encG1    1.70e+03
 encG2    3.67e+03
 encGT    1.87e+04
+encGTpre 3.77e+03
 decG1    1.52e+03
 degGT    1.32e+04
 mul      3.11e+04
@@ -56,6 +57,7 @@ addGT    8.04e+01
 reRandG1 1.66e+03
 reRandG2 3.58e+03
 reRandGT 1.83e+04
+reRandGTpre 3.78e+03
 mulG1    2.36e+02
 mulG2    5.55e+02
 mulGT    1.30e+03

test/she_test.cpp

@@ -91,6 +91,15 @@ CYBOZU_TEST_AUTO(enc_dec)
 		pub.reRand(c);
 		CYBOZU_TEST_EQUAL(sec.dec(c), i);
 	}
+	PrecomputedPublicKey ppub;
+	ppub.init(pub);
+	CipherTextM cm1, cm2;
+	for (int i = -5; i < 5; i++) {
+		pub.enc(cm1, i);
+		CYBOZU_TEST_EQUAL(sec.dec(cm1), i);
+		ppub.enc(cm2, i);
+		CYBOZU_TEST_EQUAL(sec.dec(cm2), i);
+	}
 }
 
 CYBOZU_TEST_AUTO(add_sub_mul)
@@ -281,6 +290,8 @@ CYBOZU_TEST_AUTO(hashBench)
 	SHE::setRangeForDLP(hashSize, 1024);
 	PublicKey pub;
 	sec.getPublicKey(pub);
+	PrecomputedPublicKey ppub;
+	ppub.init(pub);
 	{
 		int x = 1 << 20;
 		CipherText one;
@@ -365,6 +376,7 @@ CYBOZU_TEST_AUTO(hashBench)
 	CYBOZU_BENCH_C("encG1   ", C, pub.enc, ca1, m);
 	CYBOZU_BENCH_C("encG2   ", C, pub.enc, ca2, m);
 	CYBOZU_BENCH_C("encGT   ", C, pub.enc, cm, m);
+	CYBOZU_BENCH_C("encGTpre", C, ppub.enc, cm, m);
 
 	CYBOZU_BENCH_C("decG1   ", C, sec.dec, ca1);
 //	CYBOZU_BENCH_C("decG2   ", C, sec.dec, ca2);
@@ -378,6 +390,7 @@ CYBOZU_TEST_AUTO(hashBench)
 	CYBOZU_BENCH_C("reRandG1", C, pub.reRand, ca1);
 	CYBOZU_BENCH_C("reRandG2", C, pub.reRand, ca2);
 	CYBOZU_BENCH_C("reRandGT", C, pub.reRand, cm);
+	CYBOZU_BENCH_C("reRandGTpre", C, ppub.reRand, cm);
 	CYBOZU_BENCH_C("mulG1   ", C, CipherTextG1::mul, ca1, ca1, m);
 	CYBOZU_BENCH_C("mulG2   ", C, CipherTextG2::mul, ca2, ca2, m);
 	CYBOZU_BENCH_C("mulGT   ", C, CipherTextM::mul, cm, cm, m);