Hello everyone!
I am investigating numerical errors of different CKKS parts, and I am interested in measuring the errors of CKKS encoding, but I couldn’t find the way to decode the message without having ciphertext to decrypt. So my question is, is it possible to encode and decode CKKS plaintext without having to create ciphertext, or not?
I am also investigating the runtime of CKKS encoding. I was expected, that it does not depend on multiplicative depth, but there seems to be a linear dependence. Could someone give a hint for the reason of such behavior? I thought multiplicative depth only impacts ciphertext modulus, but not the plaintext one, or?
The so-called null CKKS scheme is not currently supported in OpenFHE as it is tricky to create a null scheme that accurately captures the error, especially the modulus switching error in rescaling. You could probably add this functionality by setting the random polynomial a to zero in appropriate places (in encryption and key generation), but it is not clear how you could have it handle the rescaling error.
The normal workflow during CKKS encoding is to run inverse FFT (for packing) to a native-size polynomial and then expand it to the ciphertext modulus (and apply NTTs for each RNS limb to make it ready for encryption or multiplying by a ciphertext). The second part depends on the ciphertext modulus. In other words, the plaintext polynomial needs to use the same ring parameters as the ciphertext so that encryption or ciphertext/plaintext operations could be supported.