Hello everyone!
I am investigating numerical errors of different CKKS parts, and I am interested in measuring the errors of CKKS encoding, but I couldn’t find the way to decode the message without having ciphertext to decrypt. So my question is, is it possible to encode and decode CKKS plaintext without having to create ciphertext, or not?
I am also investigating the runtime of CKKS encoding. I was expected, that it does not depend on multiplicative depth, but there seems to be a linear dependence. Could someone give a hint for the reason of such behavior? I thought multiplicative depth only impacts ciphertext modulus, but not the plaintext one, or?
The so-called null CKKS scheme is not currently supported in OpenFHE as it is tricky to create a null scheme that accurately captures the error, especially the modulus switching error in rescaling. You could probably add this functionality by setting the random polynomial a to zero in appropriate places (in encryption and key generation), but it is not clear how you could have it handle the rescaling error.
The normal workflow during CKKS encoding is to run inverse FFT (for packing) to a native-size polynomial and then expand it to the ciphertext modulus (and apply NTTs for each RNS limb to make it ready for encryption or multiplying by a ciphertext). The second part depends on the ciphertext modulus. In other words, the plaintext polynomial needs to use the same ring parameters as the ciphertext so that encryption or ciphertext/plaintext operations could be supported.
Sorry to bump up this reply, but I am quite new in FHE and do not understand the reason we can’t decode the Plaintext directly. Can you please elaborate more?
Additional question:
I want to demonstrate the decoding process of the Plaintext. If I can’t decode it directly, can I demonstrate the decoding process by adding the Plaintext with Enc(0) and decrypting the result?
