[rewrite] More noise stats

.github/workflows/ci.yaml

@@ -14,7 +14,7 @@ jobs:
       matrix:
         target:
           - wasm32-unknown-unknown
-          - wasm32-wasi
+          - wasm32-wasip1
     steps:
       - uses: actions/checkout@v4
 
@@ -50,6 +50,10 @@ jobs:
 
       - name: Run test
         run: cargo test --profile ci --workspace --all-features
+        env:
+          PZ_TIME_CONSUMING_TEST_REPETITION: 10
+          PZ_STATS_SAMPLE_SIZE: 1000000
+          PZ_STATS_TIMEOUT: 30
 
   lint:
     name: Lint

Cargo.toml

@@ -12,6 +12,7 @@ rand_distr = { version = "0.4.3", default-features = false }
 rustfft = "6.2.0"
 serde = "1.0"
 serde_bytes = "0.11"
+unroll = "0.1.5"
 
 # dev-dependencies
 bincode = "1.3.3"

crypto/benches/rlwe.rs

@@ -30,7 +30,7 @@ fn automorphism(c: &mut Criterion) {
             RlweAutoKey::allocate_eval(ring.ring_size(), ring.eval_size(), decomposition_param, 5);
         let mut ct = RlweCiphertext::allocate(ring.ring_size());
         auto_key
-            .as_ks_key_mut()
+            .ks_key_mut()
             .ct_iter_mut()
             .for_each(|mut ct| ring.sample_uniform_into(ct.as_mut(), &mut rng));
         ring.sample_uniform_into(ct.as_mut(), &mut rng);

crypto/src/core/lwe/test.rs

@@ -9,9 +9,10 @@ use crate::{
     },
 };
 use phantom_zone_math::{
-    decomposer::DecompositionParam,
+    decomposer::{Decomposer, DecompositionParam},
     distribution::Gaussian,
-    modulus::{Modulus, ModulusOps, Native, NonNativePowerOfTwo, Prime},
+    izip_eq,
+    modulus::{ElemFrom, Modulus, ModulusOps, Native, NonNativePowerOfTwo, Prime},
     ring::{NativeRing, NonNativePowerOfTwoRing, PrimeRing},
 };
 use rand::{RngCore, SeedableRng};
@@ -145,6 +146,52 @@ impl<M: ModulusOps> Lwe<M> {
             .slice_add_assign(ct_c.as_mut(), ct_b.as_ref());
         ct_c
     }
+
+    pub fn scalar_fma<'a, T>(
+        &self,
+        cts: impl IntoIterator<Item = &'a LweCiphertextOwned<M::Elem>>,
+        scalars: impl IntoIterator<Item = T>,
+    ) -> LweCiphertextOwned<M::Elem>
+    where
+        M: ElemFrom<T>,
+    {
+        let modulus = self.modulus();
+        let mut ct_lc = LweCiphertext::allocate(self.dimension());
+        izip_eq!(cts, scalars).for_each(|(ct, scalar)| {
+            modulus.slice_scalar_fma(ct_lc.as_mut(), ct.as_ref(), &modulus.elem_from(scalar))
+        });
+        ct_lc
+    }
+
+    pub fn noise(
+        &self,
+        sk: &LweSecretKeyOwned<i32>,
+        pt: &LwePlaintext<M::Elem>,
+        ct: &LweCiphertextOwned<M::Elem>,
+    ) -> i64 {
+        let pt_noisy = self.decrypt(sk, ct);
+        self.modulus.to_i64(self.modulus.sub(&pt_noisy.0, &pt.0))
+    }
+
+    pub fn ks_key_noise(
+        &self,
+        sk_from: &LweSecretKeyOwned<i32>,
+        sk_to: &LweSecretKeyOwned<i32>,
+        ks_key: &LweKeySwitchKeyOwned<M::Elem>,
+    ) -> Vec<Vec<i64>> {
+        let modulus = self.modulus();
+        let decomposer = M::Decomposer::new(modulus.modulus(), ks_key.decomposition_param());
+        izip_eq!(ks_key.cts_iter(), sk_from.as_ref())
+            .map(|(ks_key_i, sk_from_i)| {
+                izip_eq!(ks_key_i.iter(), decomposer.gadget_iter())
+                    .map(|(ks_key_i_j, beta_j)| {
+                        let pt = LwePlaintext(modulus.mul_elem_from(&beta_j, &-sk_from_i));
+                        self.noise(sk_to, &pt, &ks_key_i_j.cloned())
+                    })
+                    .collect()
+            })
+            .collect()
+    }
 }
 
 pub fn test_param(ciphertext_modulus: impl Into<Modulus>) -> LweParam {

crypto/src/core/rlwe/method.rs

@@ -39,7 +39,7 @@ pub fn pk_gen<'a, 'b, R, T>(
 {
     sk_encrypt_zero(
         ring,
-        pk.into().as_ct_mut(),
+        pk.into().ct_mut(),
         sk,
         noise_distribution,
         scratch,
@@ -296,8 +296,8 @@ pub fn prepare_auto_key<'a, 'b, R: RingOps>(
 ) {
     prepare_ks_key(
         ring,
-        auto_key_prep.into().as_ks_key_mut(),
-        auto_key.into().as_ks_key(),
+        auto_key_prep.into().ks_key_mut(),
+        auto_key.into().ks_key(),
         scratch,
     );
 }
@@ -410,7 +410,7 @@ pub fn seeded_pk_gen<'a, 'b, R, T>(
 {
     let mut t = RlwePublicKey::scratch(ring.ring_size(), ring.ring_size(), &mut scratch);
     pk_gen(ring, &mut t, sk, noise_distribution, scratch, rng);
-    pk.into().as_ct_mut().b_mut().copy_from_slice(t.b());
+    pk.into().ct_mut().b_mut().copy_from_slice(t.b());
 }
 
 fn seeded_ks_key_gen_inner<R, T>(
@@ -448,7 +448,7 @@ pub fn seeded_auto_key_gen<'a, 'b, R, T>(
 {
     let (mut auto_key_seeded, sk) = (auto_key_seeded.into(), sk.into());
     let auto_map = AutomorphismMap::new(ring.ring_size(), auto_key_seeded.k());
-    let ks_key = auto_key_seeded.as_ks_key_mut();
+    let ks_key = auto_key_seeded.ks_key_mut();
     let sk_auto = scratch.copy_iter(auto_map.apply(sk.as_ref(), |&v| -v));
     seeded_ks_key_gen_inner(ring, ks_key, sk_auto, sk, noise_distribution, scratch, rng);
 }
@@ -470,7 +470,7 @@ pub fn unseed_pk<'a, 'b, R: RingOps>(
     pk_seeded: impl Into<SeededRlwePublicKeyView<'b, R::Elem>>,
     rng: &mut LweRng<(), impl RngCore>,
 ) {
-    unseed_ct(ring, pk.into().as_ct_mut(), pk_seeded.into().as_ct(), rng);
+    unseed_ct(ring, pk.into().ct_mut(), pk_seeded.into().ct(), rng);
 }
 
 pub fn unseed_ks_key<'a, 'b, R: RingOps>(
@@ -491,8 +491,8 @@ pub fn unseed_auto_key<'a, 'b, R: RingOps>(
 ) {
     unseed_ks_key(
         ring,
-        auto_key.into().as_ks_key_mut(),
-        auto_key_seeded.into().as_ks_key(),
+        auto_key.into().ks_key_mut(),
+        auto_key_seeded.into().ks_key(),
         rng,
     )
 }