Hi all,
I wanted to double check whether my understanding of CKKS is sound.
Given a ciphertext c = (c_0,c_1) (encryption of m) and a plaintext m', their product is given by (c_0 m', c_1 m'), as c_0 m' + c_1 m' s = m' (c_0 + c_1 s) = m' (m + e) \approx m'm for some noise e and secret key s.
If the plaintext m' has no scale, for instance being an integer (-coeff. polynomial), then the ciphertext (c_0 m', c_1 m') does not need to be rescaled in order to get a correct decryption, is that right?
Correct, as long as the integer coefficients are not large (close to unity or so in the coefficient representation). For instance, if the coefficients are 2^{30}, then the effective scale of the product will get increased and rescaling would still be needed at some point. Note that we use products like this, e.g., MultByMonomial, in the CKKS bootstrapping implementation of OpenFHE.
One has to keep in mind that multiplying by a bit-mask vector in CKKS still requires a rescale since the bit-mask vector after inverse FFT gets non-integer values (that need to be scaled up and rounded).