# Packing HE ciphertexts for coordinate-wise multiplication
Let $X$ be an integer, and $(x_n,...,x_0)$ binary decomposition
Goal: define packing technique so that we can assume that the scheme works over messages that are vectors in $F^n_p$ despite the HE message space are polynomials in $R=F_p[X]/(X^n + 1)$.
To this end we want define a bijection $(encode, decode)$ where
$encode: F_p^n \to R=F_p[X]/(X^n + 1))$ s.t. $\forall v_1, v_2 \in F^n_p: v_1\cdot v_2 = decode(encode(v_1) * encode(v_2))$
Let $z$ be an integer, $n = 2^z$, $m = 2 ยท n$, and $p$ be a prime such that $p = 1 \mod m$.
In this case, $(X^n + 1)$ splits over $F_p$, i.e., $(X^n +1) = \prod_i F_i(X)$, where each $F_i$ is a linear polynomial.
The $encode$ function can be defined via CRT encoding as follows.
Given $\vec v$, build a polynomial $p(X)$ of degree $n-1$ by solving the following system of equations
$$\forall i: p(X) = v_i \bmod F_i(X)$$
The $decode$ function is the one that, on input a polynomial $p(X)$, returns the vector
$$(p(X) \bmod F_1(X), \ldots, p(X) \bmod F_n(X))$$
Let us briefly see how the homomorphic property holds after a multiplication. Assume $p_j(X) =encode(\vec v_j)$ for $j=1,2$, and that $p(X) = p_1(X)\cdot p_2(X) \bmod (X^n + 1)$. Namely, $p(X) = p_1(X)\cdot p_2(X) - t(X) (X^n + 1)$ for some polynomial $t(X)$.
Then
$$p(X) \bmod F_i(X) = p_1(X)\cdot p_2(X) - t(X) (X^n + 1) \bmod F_i(X) = $$
$$ p_1(X)\cdot p_2(X) \bmod F_i(X) = v_{1,i} \cdot v_{2,i}$$
(using the fact that $X^n + 1 \mod F_i(X) = \prod_j F_j(X) \bmod F_i(X) = 0$)

General Information ZKProof5 (2022), the 5th workshop of the zero-knowledge proof standardization effort, will take place, as an in-person event. Hybrid remote participation will be possible in most sessions, but we encourage physical presence to enable effective discussions and in-situ collaborations. Where: Tel Aviv Stock Exchange, Tel Aviv, Israel When: November 15--17, 2022 Submission due: Friday, October 14th Submission mail: zkproof5-submissions@zkproof.org Acceptance notification: Tuesday, October 25th Venue address: Ahuzat Bayit St 2, Tel Aviv-Yafo, 6525216, Israel

9/12/2022Date & Time: August, Tuesday 3rd @2:30pm UTC / 5:30pm Israel Time / 10:30am EST / 7:30am Pacific time Link to the Space: https://twitter.com/i/spaces/1BRJjBZQvNWJw Confirmed Participants: Technical part: Daira, Pratyush, Chelsea, Eran, Zac and Ian Economics part: Zooko, Jon, Michelle, Hudson, Jack and Moderators: Mary (as @ZKProof) and Daniel

8/3/2021![](https://i.imgur.com/4rVEsHh.png =200x) Introduction As part of the SIEVE program, TA1 and TA2 performers are required to interoperate by generating or consuming the same intermediate representation (IR) of zero-knowledge statements. This document contains a brief description of the zkInterface interoperability tool, and focuses on outlining the relevant and important features. zkInterface is the first such proposal, allowing TA1 performers to use the most suitable and convenient TA2 proving system, and viceversa, without having to implement every possible connection. Furthermore, zkInterface can facilitate the process of testing and evaluation (T&E) for the deliverables of different performers. zkInterface was created as part of the ZKProof Standardization effort, where it quickly got traction becoming the standard tool for interoperability between frontends and backends. Resources

7/14/2020Intro to Lattice-based Cryptography By Daniel Benarroch, July 2020 Most pictures taken from Daniele Micciancio's & Chris Peikert's presentations Content Lattices Motivation What is a Lattice? Important properties Computational problems

7/13/2020
Published on ** HackMD**