CGGI

‘cggi’ Dialect

A dialect for types and operations in the CGGI cryptosystem

CGGI attributes

CGGIBoolGatesAttr

An attribute containing an array of strings to store bool gates

Syntax:

#cggi.cggi_bool_gates<
  ::llvm::ArrayRef<::mlir::heir::cggi::CGGIBoolGateEnumAttr>   # gates
>

This attributes stores a list of integer identifiers for Boolean gates.

Uses following mapping: AND_GATE = 0; NAND_GATE = 1; OR_GATE = 2; NOR_GATE = 3; XOR_GATE = 4; XNOR_GATE = 5;

Parameters:

CGGIParamsAttr

Syntax:

#cggi.cggi_params<
  ::mlir::heir::lwe::RLWEParamsAttr,   # rlweParams
  unsigned,   # bsk_noise_variance
  unsigned,   # bsk_gadget_base_log
  unsigned,   # bsk_gadget_num_levels
  unsigned,   # ksk_noise_variance
  unsigned,   # ksk_gadget_base_log
  unsigned   # ksk_gadget_num_levels
>

Parameters:

CGGI ops

cggi.and (heir::cggi::AndOp)

Logical AND of two ciphertexts.

Syntax:

operation ::= `cggi.and` operands attr-dict `:` qualified(type($output))

Traits: AlwaysSpeculatableImplTrait, Commutative, Elementwise, SameOperandsAndResultType, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Operands:

Results:

cggi.lut2 (heir::cggi::Lut2Op)

A lookup table on two inputs.

Syntax:

operation ::= `cggi.lut2` operands attr-dict `:` qualified(type($output))

An op representing a lookup table applied to some number n of ciphertexts encrypting boolean input bits.

Over cleartext bits a, b, c, using n = 3 for example, the operation computed by this function can be interpreted as

  truth_table >> {c, b, a}

where {c, b, a} is the unsigned 3-bit integer with bits c, b, a from most significant bit to least-significant bit. The input are combined into a single ciphertext input to the lookup table using products with plaintexts and sums.

Traits: AlwaysSpeculatableImplTrait, Commutative, Elementwise, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, LUTOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Attributes:

Operands:

Results:

cggi.lut3 (heir::cggi::Lut3Op)

A lookup table on three inputs.

Syntax:

operation ::= `cggi.lut3` operands attr-dict `:` qualified(type($output))

An op representing a lookup table applied to some number n of ciphertexts encrypting boolean input bits.

Over cleartext bits a, b, c, using n = 3 for example, the operation computed by this function can be interpreted as

  truth_table >> {c, b, a}

where {c, b, a} is the unsigned 3-bit integer with bits c, b, a from most significant bit to least-significant bit. The input are combined into a single ciphertext input to the lookup table using products with plaintexts and sums.

Traits: AlwaysSpeculatableImplTrait, Commutative, Elementwise, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, LUTOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Attributes:

Operands:

Results:

cggi.lut_lincomb (heir::cggi::LutLinCombOp)

A variadic-input lookup table with inputs prepared via linear combination.

Syntax:

operation ::= `cggi.lut_lincomb` operands attr-dict `:` type($output)

An op representing a lookup table applied to an arbitrary number of input ciphertexts, which are combined according to a static linear combination attached to the op.

The user must ensure the chosen linear combination does not bleed error bits into the message space according to the underlying ciphertext’s encoding attributes. E.g., a bit_field_encoding with 3 cleartext bits cannot be multiplied by 16.

Example:

#encoding = #lwe.bit_field_encoding<cleartext_start=30, cleartext_bitwidth=3>
#params = #lwe.lwe_params<cmod=7917, dimension=4>
!ciphertext = !lwe.lwe_ciphertext<encoding = #encoding, lwe_params = #params>

%4 = cggi.lut_lincomb %c0, %c1, %c2, %c3 {coefficients = array<i32: 1, 2, 3, 2>, lookup_table = 68 : index} : !ciphertext

Represents applying the lut

  68 >> (1 * c0 + 2 * c1 + 3 * c2 + 2 * c3)

Traits: AlwaysSpeculatableImplTrait, Commutative, Elementwise, SameOperandsAndResultType, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, LUTOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Attributes:

Operands:

Results:

cggi.multi_lut_lincomb (heir::cggi::MultiLutLinCombOp)

A multi-output version of lut_lincomb with one LUT per output.

Syntax:

operation ::= `cggi.multi_lut_lincomb` operands attr-dict `:` functional-type($inputs, $outputs)

An op representing multiple lookup tables applied to a shared input, which is prepared via a static linear combination. This is equivalent to cggi.lut_lincomb, but where the linear combination is given to multiple lookup tables, each producing a separate output.

This can be achieved by a special implementation of blind rotate in the CGGI scheme. See AutoHoG.

Example:

#encoding = #lwe.bit_field_encoding<cleartext_start=30, cleartext_bitwidth=3>
#params = #lwe.lwe_params<cmod=7917, dimension=4>
!ciphertext = !lwe.lwe_ciphertext<encoding = #encoding, lwe_params = #params>

%4 = cggi.multi_lut_lincomb %c0, %c1, %c2, %c3 {
    coefficients = array<i32: 1, 2, 3, 2>,
    lookup_tables = array<index: 68, 70, 4, 8>
} : (!ciphertext, !ciphertext, !ciphertext, !ciphertext) -> (!ciphertext, !ciphertext, !ciphertext, !ciphertext)

Represents applying the following LUTs. Performance-wise, this is comparable to applying a single LUT to a linear combination.

x = (1 * c0 + 2 * c1 + 3 * c2 + 2 * c3)
return (
  (68 >> x) & 1,
  (70 >> x) & 1,
  (4 >> x) & 1,
  (8 >> x) & 1
)

Traits: AlwaysSpeculatableImplTrait, Commutative, Elementwise, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Attributes:

Operands:

Results:

cggi.nand (heir::cggi::NandOp)

Logical NAND of two ciphertexts.

Syntax:

operation ::= `cggi.nand` operands attr-dict `:` qualified(type($output))

Traits: AlwaysSpeculatableImplTrait, Commutative, Elementwise, SameOperandsAndResultType, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Operands:

Results:

cggi.nor (heir::cggi::NorOp)

Logical NOR of two ciphertexts.

Syntax:

operation ::= `cggi.nor` operands attr-dict `:` qualified(type($output))

Traits: AlwaysSpeculatableImplTrait, Commutative, Elementwise, SameOperandsAndResultType, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Operands:

Results:

cggi.not (heir::cggi::NotOp)

Logical NOT of two ciphertexts

Syntax:

operation ::= `cggi.not` operands attr-dict `:` qualified(type($output))

Traits: AlwaysSpeculatableImplTrait, Elementwise, Involution, SameOperandsAndResultType, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Operands:

Results:

cggi.or (heir::cggi::OrOp)

Logical OR of two ciphertexts.

Syntax:

operation ::= `cggi.or` operands attr-dict `:` qualified(type($output))

Traits: AlwaysSpeculatableImplTrait, Commutative, Elementwise, SameOperandsAndResultType, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Operands:

Results:

cggi.packed_lut3 (heir::cggi::PackedLut3Op)

Syntax:

operation ::= `cggi.packed_lut3` operands attr-dict `:` functional-type(operands, results)

Traits: AlwaysSpeculatableImplTrait, SameOperandsAndResultType

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, LUTOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Attributes:

Operands:

Results:

cggi.packed_gates (heir::cggi::PackedOp)

Syntax:

operation ::= `cggi.packed_gates` operands attr-dict `:` functional-type(operands, results)

Operation to where different Boolean gates are executed pairwise between elements of two ciphertext arrays.

For example,

%0 = cggi.packed_gates %a, %b {gates = #cggi.cggi_gate<"and", "xor">} : tensor<2x!lwe.lwe_ciphertext>

applies an “and” gate to the first elements of %a and %b and an xor gate to the second elements.

Mapping is defined in the BooleanGates.td file.

Traits: AlwaysSpeculatableImplTrait

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Attributes:

Operands:

Results:

cggi.xnor (heir::cggi::XNorOp)

Logical XNOR of two ciphertexts.

Syntax:

operation ::= `cggi.xnor` operands attr-dict `:` qualified(type($output))

Traits: AlwaysSpeculatableImplTrait, Commutative, Elementwise, SameOperandsAndResultType, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Operands:

Results:

cggi.xor (heir::cggi::XorOp)

Logical XOR of two ciphertexts.

Syntax:

operation ::= `cggi.xor` operands attr-dict `:` qualified(type($output))

Traits: AlwaysSpeculatableImplTrait, Commutative, Elementwise, SameOperandsAndResultType, Scalarizable, Tensorizable, Vectorizable

Interfaces: ConditionallySpeculatable, InferTypeOpInterface, NoMemoryEffect (MemoryEffectOpInterface)

Effects: MemoryEffects::Effect{}

Operands:

Results:

CGGI additional definitions

AffineMapAttr

An Attribute containing an AffineMap object

Syntax:

affine-map-attribute ::= `affine_map` `<` affine-map `>`

Examples:

affine_map<(d0) -> (d0)>
affine_map<(d0, d1, d2) -> (d0, d1)>

Parameters:

ArrayAttr

A collection of other Attribute values

Syntax:

array-attribute ::= `[` (attribute-value (`,` attribute-value)*)? `]`

An array attribute is an attribute that represents a collection of attribute values.

Examples:

[]
[10, i32]
[affine_map<(d0, d1, d2) -> (d0, d1)>, i32, "string attribute"]

Parameters:

DenseArrayAttr

A dense array of integer or floating point elements.

A dense array attribute is an attribute that represents a dense array of primitive element types. Contrary to DenseIntOrFPElementsAttr this is a flat unidimensional array which does not have a storage optimization for splat. This allows to expose the raw array through a C++ API as ArrayRef<T> for compatible types. The element type must be bool or an integer or float whose bitwidth is a multiple of 8. Bool elements are stored as bytes.

This is the base class attribute. Access to C++ types is intended to be managed through the subclasses DenseI8ArrayAttr, DenseI16ArrayAttr, DenseI32ArrayAttr, DenseI64ArrayAttr, DenseF32ArrayAttr, and DenseF64ArrayAttr.

Syntax:

dense-array-attribute ::= `array` `<` (integer-type | float-type)
                                      (`:` tensor-literal)? `>`

Examples:

array<i8>
array<i32: 10, 42>
array<f64: 42., 12.>

When a specific subclass is used as argument of an operation, the declarative assembly will omit the type and print directly:

[1, 2, 3]

Parameters:

DenseIntOrFPElementsAttr

An Attribute containing a dense multi-dimensional array of integer or floating-point values

Syntax:

tensor-literal ::= integer-literal | float-literal | bool-literal | [] | [tensor-literal (, tensor-literal)* ]
dense-intorfloat-elements-attribute ::= `dense` `<` tensor-literal `>` `:`
                                        ( tensor-type | vector-type )

A dense int-or-float elements attribute is an elements attribute containing a densely packed vector or tensor of integer or floating-point values. The element type of this attribute is required to be either an IntegerType or a FloatType.

Examples:

// A splat tensor of integer values.
dense<10> : tensor<2xi32>
// A tensor of 2 float32 elements.
dense<[10.0, 11.0]> : tensor<2xf32>

Parameters:

DenseResourceElementsAttr

An Attribute containing a dense multi-dimensional array backed by a resource

Syntax:

dense-resource-elements-attribute ::=
  `dense_resource` `<` resource-handle `>` `:` shaped-type

A dense resource elements attribute is an elements attribute backed by a handle to a builtin dialect resource containing a densely packed array of values. This class provides the low-level attribute, which should only be interacted with in very generic terms, actual access to the underlying resource data is intended to be managed through one of the subclasses, such as; DenseBoolResourceElementsAttr, DenseUI64ResourceElementsAttr, DenseI32ResourceElementsAttr, DenseF32ResourceElementsAttr, DenseF64ResourceElementsAttr, etc.

Examples:

"example.user_op"() {attr = dense_resource<blob1> : tensor<3xi64> } : () -> ()

{-#
dialect_resources: {
    builtin: {
      blob1: "0x08000000010000000000000002000000000000000300000000000000"
    }
  }
#-}

Parameters:

DenseStringElementsAttr

An Attribute containing a dense multi-dimensional array of strings

Syntax:

dense-string-elements-attribute ::= `dense` `<` attribute-value `>` `:`
                                    ( tensor-type | vector-type )

A dense string elements attribute is an elements attribute containing a densely packed vector or tensor of string values. There are no restrictions placed on the element type of this attribute, enabling the use of dialect specific string types.

Examples:

// A splat tensor of strings.
dense<"example"> : tensor<2x!foo.string>
// A tensor of 2 string elements.
dense<["example1", "example2"]> : tensor<2x!foo.string>

Parameters:

DictionaryAttr

An dictionary of named Attribute values

Syntax:

dictionary-attribute ::= `{` (attribute-entry (`,` attribute-entry)*)? `}`

A dictionary attribute is an attribute that represents a sorted collection of named attribute values. The elements are sorted by name, and each name must be unique within the collection.

Examples:

{}
{attr_name = "string attribute"}
{int_attr = 10, "string attr name" = "string attribute"}

Parameters:

FloatAttr

An Attribute containing a floating-point value

Syntax:

float-attribute ::= (float-literal (`:` float-type)?)
                  | (hexadecimal-literal `:` float-type)

A float attribute is a literal attribute that represents a floating point value of the specified float type. It can be represented in the hexadecimal form where the hexadecimal value is interpreted as bits of the underlying binary representation. This form is useful for representing infinity and NaN floating point values. To avoid confusion with integer attributes, hexadecimal literals must be followed by a float type to define a float attribute.

Examples:

42.0         // float attribute defaults to f64 type
42.0 : f32   // float attribute of f32 type
0x7C00 : f16 // positive infinity
0x7CFF : f16 // NaN (one of possible values)
42 : f32     // Error: expected integer type

Parameters:

IntegerAttr

An Attribute containing a integer value

Syntax:

integer-attribute ::= (integer-literal ( `:` (index-type | integer-type) )?)
                      | `true` | `false`

An integer attribute is a literal attribute that represents an integral value of the specified integer or index type. i1 integer attributes are treated as boolean attributes, and use a unique assembly format of either true or false depending on the value. The default type for non-boolean integer attributes, if a type is not specified, is signless 64-bit integer.

Examples:

10 : i32
10    // : i64 is implied here.
true  // A bool, i.e. i1, value.
false // A bool, i.e. i1, value.

Parameters:

IntegerSetAttr

An Attribute containing an IntegerSet object

Syntax:

integer-set-attribute ::= `affine_set` `<` integer-set `>`

Examples:

affine_set<(d0) : (d0 - 2 >= 0)>

Parameters:

OpaqueAttr

An opaque representation of another Attribute

Syntax:

opaque-attribute ::= dialect-namespace `<` attr-data `>`

Opaque attributes represent attributes of non-registered dialects. These are attribute represented in their raw string form, and can only usefully be tested for attribute equality.

Examples:

#dialect<"opaque attribute data">

Parameters:

SparseElementsAttr

An opaque representation of a multi-dimensional array

Syntax:

sparse-elements-attribute ::= `sparse` `<` attribute-value `,`
                              attribute-value `>` `:`
                              ( tensor-type | vector-type )

A sparse elements attribute is an elements attribute that represents a sparse vector or tensor object. This is where very few of the elements are non-zero.

The attribute uses COO (coordinate list) encoding to represent the sparse elements of the elements attribute. The indices are stored via a 2-D tensor of 64-bit integer elements with shape [N, ndims], which specifies the indices of the elements in the sparse tensor that contains non-zero values. The element values are stored via a 1-D tensor with shape [N], that supplies the corresponding values for the indices.

Example:

sparse<[[0, 0], [1, 2]], [1, 5]> : tensor<3x4xi32>

// This represents the following tensor:
///  [[1, 0, 0, 0],
///   [0, 0, 5, 0],
///   [0, 0, 0, 0]]

Parameters:

StringAttr

An Attribute containing a string

Syntax:

string-attribute ::= string-literal (`:` type)?

A string attribute is an attribute that represents a string literal value.

Examples:

"An important string"
"string with a type" : !dialect.string

Parameters:

SymbolRefAttr

An Attribute containing a symbolic reference to an Operation

Syntax:

symbol-ref-attribute ::= symbol-ref-id (`::` symbol-ref-id)*

A symbol reference attribute is a literal attribute that represents a named reference to an operation that is nested within an operation with the OpTrait::SymbolTable trait. As such, this reference is given meaning by the nearest parent operation containing the OpTrait::SymbolTable trait. It may optionally contain a set of nested references that further resolve to a symbol nested within a different symbol table.

Rationale: Identifying accesses to global data is critical to enabling efficient multi-threaded compilation. Restricting global data access to occur through symbols and limiting the places that can legally hold a symbol reference simplifies reasoning about these data accesses.

See Symbols And SymbolTables for more information.

Examples:

@flat_reference
@parent_reference::@nested_reference

Parameters:

TypeAttr

An Attribute containing a Type

Syntax:

type-attribute ::= type

A type attribute is an attribute that represents a type object.

Examples:

i32
!dialect.type

Parameters:

UnitAttr

An Attribute value of unit type

Syntax:

unit-attribute ::= `unit`

A unit attribute is an attribute that represents a value of unit type. The unit type allows only one value forming a singleton set. This attribute value is used to represent attributes that only have meaning from their existence.

One example of such an attribute could be the swift.self attribute. This attribute indicates that a function parameter is the self/context parameter. It could be represented as a boolean attribute(true or false), but a value of false doesn’t really bring any value. The parameter either is the self/context or it isn’t.

Examples:

// A unit attribute defined with the `unit` value specifier.
func.func @verbose_form() attributes {dialectName.unitAttr = unit}

// A unit attribute in an attribute dictionary can also be defined without
// the value specifier.
func.func @simple_form() attributes {dialectName.unitAttr}

StridedLayoutAttr

An Attribute representing a strided layout of a shaped type

Syntax:

strided-layout-attribute ::= `strided` `<` `[` stride-list `]`
                             (`,` `offset` `:` dimension)? `>`
stride-list ::= /*empty*/
              | dimension (`,` dimension)*
dimension ::= decimal-literal | `?`

A strided layout attribute captures layout information of the memref type in the canonical form. Specifically, it contains a list of strides, one for each dimension. A stride is the number of elements in the linear storage one must step over to reflect an increment in the given dimension. For example, a MxN row-major contiguous shaped type would have the strides [N, 1]. The layout attribute also contains the offset from the base pointer of the shaped type to the first effectively accessed element, expressed in terms of the number of contiguously stored elements.

Strides must be positive and the offset must be non-negative. Both the strides and the offset may be dynamic, i.e. their value may not be known at compile time. This is expressed as a ? in the assembly syntax and as ShapedType::kDynamic in the code. Stride and offset values must satisfy the constraints above at runtime, the behavior is undefined otherwise.

See [Dialects/Builtin.md#memreftype](MemRef type) for more information.

Parameters: