Paper 2024/1638

Modular Reduction in CKKS

Jaehyung Kim, CryptoLab Inc., Stanford University
Taeyeong Noh, CryptoLab Inc.
Abstract

The Cheon-Kim-Kim-Song (CKKS) scheme is renowned for its efficiency in encrypted computing over real numbers. However, it lacks an important functionality that most exact schemes have, an efficient modular reduction. This derives from the fundamental difference in encoding structure. The CKKS scheme encodes messages to the least significant bits, while the other schemes encode to the most significant bits (or in an equivalent manner). As a result, CKKS could enjoy an efficient rescaling but lost the ability to modular reduce inherently. Our key observation is that at the very bottom modulus, plaintexts encoded in the least significant bits can still enjoy the inherent modular reduction of RLWE. We suggest incorporating modular reduction as a primary operation for CKKS and exploring its impact on efficiency. We constructed a novel homomorphic modular reduction algorithm using the discrete bootstrapping from Bae et al. [Asiacrypt'24] and a new discretization algorithm from modulus switching. One of the key advantages of our modular reduction is that its computational complexity grows sublinearly ($O(\log k)$) as we increase the input range $[0,k)$, which is asymptotically better than the state-of-the-art with $\geq O(k)$. We checked our algorithms with concrete experiments. Notably, our modulo 1 function for input range $[0, 2^{20})$ takes only 44.9 seconds with 13.3 bits of (mean) precision, in a single-threaded CPU. Recall that modular reduction over such a large range was almost infeasible in the previous works, as they need to evaluate a polynomial of degree $> 2^{20}$ (or equivalent). As an application of our method, we compared a bit decomposition based on our framework with the state-of-the-art method from Drucker et al. [J.Cryptol'24]. Our method is $7.1 \times$ faster while reducing the failure probability by more than two orders of magnitude.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Homomorphic EncryptionCKKSModular Reduction
Contact author(s)
jaehk @ stanford edu
tynoh0219 @ cryptolab co kr
History
2024-10-17: revised
2024-10-11: received
See all versions
Short URL
https://ia.cr/2024/1638
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1638,
      author = {Jaehyung Kim and Taeyeong Noh},
      title = {Modular Reduction in {CKKS}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1638},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1638}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.