# lol

A library for lattice cryptography. https://github.com/cpeikert/Lol

Latest on Hackage: | 0.6.0.0 |

This package is not currently in any snapshots. If you're interested in using it, we recommend adding it to Stackage Nightly. Doing so will make builds more reliable, and allow stackage.org to host generated Haddocks.

Maintained by

**Eric Crockett**This package is primarily a library providing interfaces for lattice cryptography

primitives. There are two main interfaces: 'Cyclotomic' and 'Tensor'. The

Cyclotomic interface is the outward-facing API that is used to build cryptographic

applications like pseudo-random functions, encryption, etc. The Tensor interface allows

multiple backends to implement the functionality used by the Cyclotomic interface.

Unless you are writing a new backend implementation, you shouldn't need to

understand the Tensor interface. However, you *will* need an implementation of the

Tensor interface in order to test, benchmark, and run applications.

Most of the functionality in Lol is exported by two modules:

* 'Crypto.Lol' exports the primary *interfaces* of Lol

* 'Crypto.Lol.Types' exports concrete types that would be used by most

instantiations.

For a brief introduction to relevant mathematical notation, see 'Crypto.Lol'.

Overview of key modules, roughly from highest- to lowest-level:

Cyclotomic layer:

* 'Crypto.Lol.Cyclotomic.Cyc', which defines an interface for using cyclotomic

fields, rings \( R \), and quotient rings \( R_q=R/qR \); as well as many

other commonly used operations, e.g., converting

between rings, decoding and decomposing elements, modulus

reduction/rounding, etc. 'Cyc' is a safe wrapper around the

'UCyc' type, which exposes some representation-dependent operations.

'UCyc' (and hence 'Cyc') is implemented using a generic 'Tensor'

(described below).

Tensor layer:

* 'Crypto.Lol.Cyclotomic.Tensor', which defines a class that encapsulates all

the necessary linear transformations for operating on representations of

\( R \)- and \( R_q \)-elements, e.g., the CRT transform, converting between

the powerful and decoding bases, generating error terms, etc.

* You will need an implementation of the 'Tensor' interface in order to use Lol.

Two implementations can be found at

<https://hackage.haskell.org/package/lol-cpp lol-cpp>

and <https://hackage.haskell.org/package/lol-repa lol-repa>.

Base ring layer:

* 'Crypto.Lol.Types.FiniteField', which gives an unoptimized implementation of

finite field arithmetic. To use this module, you will need an instance of

'IrreduciblePoly'. These instances provide irreducible polynomials

for various degrees and base fields. One (orphan) instance is provided for

characteristic 2 fields of size up to 2^128 in

'Crypto.Lol.Types.IrreducibleChar2', and is exported by 'Crypto.Lol.Types'.

If you need to use an unsupported finite field, define your own

instance of 'IrreduciblePoly' and do **not** import 'IrreducibleChar2'.

* 'Crypto.Lol.Types.Unsafe.ZqBasic', which is a basic implementation of

\( \Z_q=\Z/q\Z \) arithmetic.

* 'Crypto.Lol.Factored', which contains type-level support code for

factored integers. It also supports "reifying" 'Int's at runtime as static

types and "reflecting" those types as integers back to the code..

'Factored' types are mainly used to represent cyclotomic indices.

Tests and benchmarks can be found in the packages <https://hackage.haskell.org/package/lol-tests lol-tests> and <https://hackage.haskell.org/package/lol-benches lol-benches>,

respectively, though they are instantiated in individual tensors.

## Changes

# Changelog for lol project

## 0.6.0.0

- Support for serializing ring products, linear functions, and TypeReps.
- Split previous lol package into separate tensor packages lol-cpp and lol-repa and utility packages lol-benches and lol-tests.
- Moved test and benchmark code to packages lol-tests and lol-benches, respectively.
- Simpler tests and benchmarks (though microbenchmarks might be slightly slower than 0.5.0.2).
- Fixed minor bug in IrreducibleChar2.hs
- Moved tensor-specific instances (Elt, Unbox, etc) to tensor packages (lol-cpp and lol-repa).

## 0.5.0.2

Updates to README.

## 0.5.0.1

Benchmarks now compile.

## 0.5.0.0

- Dramatically improved CT performance using Haskell INLINE/INLINABLE pragmas.
- Removed fmapTM from Tensor.
- Removed valuePPs, totientPPs, radicalPPs, oddRadicalPPs from Factored.
- K_q (i.e. base ring RRq) is now serialized with a discrete modulus.
- Fixed a bug in UCyc.divG. The result is
`divG`

is now split into`divGPow`

`divGDec`

, and`divGCRTC`

. - Added
`UCycPC`

type synonym to UCyc. - Added data-level interface for Factored.
- Added Random instance for FiniteField.

## 0.4.0.0

- Added support for GHC 8.0, also compatible with 7.10.3
- Converted documentation to MathJax
- Renamed Tensor.Matrix -> Tensor.Kron
- Added Crypto.Lol.Types interface file

## 0.3.0.0

- Support for protocol-buffers
- Support for reifying Factored types
- Support for reals (RR) mod q
- Replaced C backend with C++ backend
- Renamed LatticePrelude -> Prelude
- Added monad argument to CRTrans

## 0.2.0.0

- Added benchmarks
- Better performance for C backend with RNS base ring
- UCyc exposes bases as type for safety
- Other safety improvements throughout
- Easier index representation with TemplateHaskell
- Split SymmSHE into new package lol-apps.

## 0.1.0.0

- Fixed bug in Box-Muller sampling routine.
- Changed how we lift linear functions for better noise control.
- Split entailment functions in Tensor.
- Increased performance in FastCyc by better handling Sub constructors.

Depends on:

Used by 6 packages:

comments powered byDisqus

A service provided by
FP Complete