I have some questions regarding CKKS scheme encoding, encryption and decryption after reading paper

I would be very grateful if you clear up my basic confusion regarding the CKKS scheme.

  1. While writing code, we use one function, MakePacketPlaintext (). It will convert our input vector into NTT eval form. However, in the theory paper, the encoding probably has to go through scaling, complex canonical embedding, projection, and transformation by NTT. Why complex canonical embedding is required? How it has been done in the background? Any references? Are all these steps required in the real implementation of plaintext packing?

  2. How are public keys and private keys generated in the CKKS scheme? Inside the private key, there is Eval 0: Eval 1: and Eval2: but in the public key, there are Eval 0 to 4. Does that mean three polynomials in private key in NTT form?

  3. I want to confirm encryption and decryption formulae.

ct=Enc(m)=ciphertext (c0,c1),
c0=v.a+e0 and c1=v.b+e1+m , where pbk(a,b), random values v and errors e0,e1 from specific distributions (denoted as χenc and χerr)**

Decsk(ct(m))=c0+c1⋅s∈RQ

  1. Is there the length of the public key and private key and ring dimension always equal? are encryption and computation done in Eval mode? Is there any calculation in the coefficient form of the polynomial?
  2. Last but not least, What are the main roles of CRT(Chinese remainder theorem) in CKKS? Is it only for simplifying calculations?

I suggest reading the following tutorial: CKKS explained: Part 1, Vanilla Encoding and Decoding (note that it has 5 parts). It should answer most of your questions.

1 Like