FHE: What is the difference between multiplicative depth and multiplicative level?Where does bootstrapping occur, client side or server side?Why do we apply the concept of circuit in homomorphic encryption schemes?Noise bound in FHE over the integersWhat does “circuits” mean in Cryptography?How does the Efficient Fully Homomorphic Encryption from (Standard) LWE work?SPDZ for the 2-party caseDifference between somewhat homomorphic encryption and leveled homomorphic encryption?IND-CPA secure RSA padding with a partial homomorphic propertyIs there a way of maintaining malleability in a homomorphic encryption system while making it infeasible to perform chosen ciphertext attacks?
Remove ads in Viber for PC
How can I oppose my advisor granting gift authorship to a collaborator?
Displaying minutes in HH:MM format
Why does dough containing a small amount of terumah become exempt from challah?
Why do old games use flashing as means of showing damage?
How to check status of Wi-Fi adapter through command line?
Divide Numbers by 0
How do I stop making people jump at home and at work?
properties that real numbers hold but complex numbers does not
Given a specific computer system, is it possible to estimate the actual precise run time of a piece of Assembly code
To which country did MiGs in Top Gun belong?
Using font to highlight a god's speech in dialogue
In Toy Story, are toys the only inanimate objects that become alive? And if so, why?
Is it rude to ask my opponent to resign an online game when they have a lost endgame?
Punishment in pacifist society
What is the significance of 104%
'Hard work never hurt anyone' Why not 'hurts'?
Design of 50 ohms RF trace for 2.4GHz...Double layer FR-4 PCB
Is the mnemonic in Winter's Tale real?
Is there anything in the universe that cannot be compressed?
Why KVM VPS is slower then OPENVZ
Using GNU screen, I get raw prompt with backslashes
Tiny image scraper for xkcd.com
How does Harry wear the invisibility cloak?
FHE: What is the difference between multiplicative depth and multiplicative level?
Where does bootstrapping occur, client side or server side?Why do we apply the concept of circuit in homomorphic encryption schemes?Noise bound in FHE over the integersWhat does “circuits” mean in Cryptography?How does the Efficient Fully Homomorphic Encryption from (Standard) LWE work?SPDZ for the 2-party caseDifference between somewhat homomorphic encryption and leveled homomorphic encryption?IND-CPA secure RSA padding with a partial homomorphic propertyIs there a way of maintaining malleability in a homomorphic encryption system while making it infeasible to perform chosen ciphertext attacks?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
$begingroup$
I have seen the terms multiplicative depth and multiplicative level while reading
Faster homomorphic encryption is not enough: improved heuristic for multiplicative depth minimization of Boolean circuits by Aubry et. al, 2019.
Is there a difference between the term multiplicative depth and multiplicative level?
homomorphic-encryption
edited 5 hours ago
kelalaka
10.3k3 gold badges26 silver badges54 bronze badges
asked 10 hours ago
fallere456fallere456
835 bronze badges
$endgroup$
add a comment |
$begingroup$
I have seen the terms multiplicative depth and multiplicative level while reading
Faster homomorphic encryption is not enough: improved heuristic for multiplicative depth minimization of Boolean circuits by Aubry et. al, 2019.
Is there a difference between the term multiplicative depth and multiplicative level?
homomorphic-encryption
edited 5 hours ago
kelalaka
10.3k3 gold badges26 silver badges54 bronze badges
asked 10 hours ago
fallere456fallere456
835 bronze badges
$endgroup$
$begingroup$
What is your definition of depth of a circuit?
$endgroup$
– user0410
9 hours ago
add a comment |
$begingroup$
I have seen the terms multiplicative depth and multiplicative level while reading
Faster homomorphic encryption is not enough: improved heuristic for multiplicative depth minimization of Boolean circuits by Aubry et. al, 2019.
Is there a difference between the term multiplicative depth and multiplicative level?
homomorphic-encryption
edited 5 hours ago
kelalaka
10.3k3 gold badges26 silver badges54 bronze badges
asked 10 hours ago
fallere456fallere456
835 bronze badges
$endgroup$
I have seen the terms multiplicative depth and multiplicative level while reading
Faster homomorphic encryption is not enough: improved heuristic for multiplicative depth minimization of Boolean circuits by Aubry et. al, 2019.
Is there a difference between the term multiplicative depth and multiplicative level?
homomorphic-encryption
homomorphic-encryption
edited 5 hours ago
kelalaka
10.3k3 gold badges26 silver badges54 bronze badges
asked 10 hours ago
fallere456fallere456
835 bronze badges
edited 5 hours ago
kelalaka
10.3k3 gold badges26 silver badges54 bronze badges
asked 10 hours ago
fallere456fallere456
835 bronze badges
edited 5 hours ago
kelalaka
10.3k3 gold badges26 silver badges54 bronze badges
edited 5 hours ago
kelalaka
10.3k3 gold badges26 silver badges54 bronze badges
edited 5 hours ago
kelalaka
10.3k3 gold badges26 silver badges54 bronze badges
10.3k3 gold badges26 silver badges54 bronze badges
asked 10 hours ago
fallere456fallere456
835 bronze badges
asked 10 hours ago
fallere456fallere456
835 bronze badges
asked 10 hours ago
fallere456fallere456
835 bronze badges
835 bronze badges
$begingroup$
What is your definition of depth of a circuit?
$endgroup$
– user0410
9 hours ago
add a comment |
$begingroup$
What is your definition of depth of a circuit?
$endgroup$
– user0410
9 hours ago
$begingroup$
What is your definition of depth of a circuit?
$endgroup$
– user0410
9 hours ago
$begingroup$
What is your definition of depth of a circuit?
$endgroup$
– user0410
9 hours ago
add a comment |
2 Answers
2
active
oldest
votes
$begingroup$
In Fully Homomorphic Encryption (in short FHE), we have a noise that increased with every operation, and it is almost doubled with the multiplication. When preparing the circuit $mathcalC$ to $textttEVAL$ on the cloud we have to consider various parameters to deal with the noise of which the FHE scheme provides. Minimizing boothstrapping calls, which is very costly, number of modulus switching and linearization, etc. According to parameters, the FHE scheme may provide more than 1 multiplication without bootstrapping.
Multiplicative depth (From your reference) :
The multiplicative depth is the maximal number of sequential homomorphic multiplications which can be performed on
fresh ciphertexts such that once decrypted we retrieve the result of these multiplications.
What is multiplicative level?
This cannot be easily understood if you don't implement some problems. Here is a simple explanation from Efficient Fully Homomorphic Encryption from (Standard) LWE
During the homomorphic evaluation, we will generate ciphertexts of the form $c = ((v, w), ell)$, where the tag $ell$ indicates the multiplicative level at which the ciphertext has been generated (hence fresh ciphertexts are tagged with 0). The requirement that $f$ is layered will make sure that throughout the homomorphic evaluation all inputs to a gate have the same tag.
Here is the trick, if you need to add a fresh ciphertext $c_i$ into a level $l$ (that can be quite common as encryption of 1 or 0 1), you need to increase the level of $c_i$ to $l$. Otherwise, the operations will fail.
Example: Let we want to multiply $p_1,p_2, p_3$ with FHE. Let $c_i = Enc_k_pub(p_i)$, and clearly they have 0 multiplication level. You need to send $$textttEVAL(mathcalC,k_pub,c_1,c_2,c_3)$$ The server first calculates3$$c_4 = c_1 cdot c_2.$$ Now, the $c_4$ has multiplication level 1. To multiply $c_4 cdot c_3$ we need to increase the multiplication level of $c_3$ to 1. Once they are equal, we can multiply.
In short: multiplicative depth is how much multiplication can be performed and multiplicative level is how many multiplication is performed on a ciphertext2.
1 The Private Information Retrieval article Bandwidth Efficient PIR from NTRU is implemented as Mux and the selector bits needs to have the same multiplicative level.
2Multiplcative level cannot exceed the multiplicative depth, otherwise you cannot decrypt.
3The calculation performed according to your circuit $mathcalC$.
answered 7 hours ago
kelalakakelalaka
10.3k3 gold badges26 silver badges54 bronze badges
$endgroup$
add a comment |
$begingroup$
Fresh ciphertext, i.e., output by the encryption function, are at level $1$. When you multiply ciphertexts $c_0$ and $c_1$ that are at level $L_0$ and $L_1$, you get a ciphertext in level $L_0 + L_1$.
Hence, if a $c$ is at level $L$, then the homomorphic computation that generated $c$ involved something like $prod_i=1^L c_i$ (more accurately, you computed a polynomial of degree $L$ in order to get $c$).
Thus, if you evaluate a circuit of depth $L$, you start with ciphertexts in the lower level $1$ and goes obtaining ciphertexts in the middle levels, until you perform a sequence of $L$ products, and you get ciphertexts in the upper level $L$.
Some authors can state things in the other way around, that is, saying that you start with ciphertexts at level $L$ (or $L-1$) and products "consume" the level, generating ciphertexts in lower levels, until you reach the level $1$ (or $0$).
answered 4 hours ago
Hilder Vítor Lima PereiraHilder Vítor Lima Pereira
4,28810 silver badges32 bronze badges
$endgroup$
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f72982%2ffhe-what-is-the-difference-between-multiplicative-depth-and-multiplicative-leve%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
In Fully Homomorphic Encryption (in short FHE), we have a noise that increased with every operation, and it is almost doubled with the multiplication. When preparing the circuit $mathcalC$ to $textttEVAL$ on the cloud we have to consider various parameters to deal with the noise of which the FHE scheme provides. Minimizing boothstrapping calls, which is very costly, number of modulus switching and linearization, etc. According to parameters, the FHE scheme may provide more than 1 multiplication without bootstrapping.
Multiplicative depth (From your reference) :
The multiplicative depth is the maximal number of sequential homomorphic multiplications which can be performed on
fresh ciphertexts such that once decrypted we retrieve the result of these multiplications.
What is multiplicative level?
This cannot be easily understood if you don't implement some problems. Here is a simple explanation from Efficient Fully Homomorphic Encryption from (Standard) LWE
During the homomorphic evaluation, we will generate ciphertexts of the form $c = ((v, w), ell)$, where the tag $ell$ indicates the multiplicative level at which the ciphertext has been generated (hence fresh ciphertexts are tagged with 0). The requirement that $f$ is layered will make sure that throughout the homomorphic evaluation all inputs to a gate have the same tag.
Here is the trick, if you need to add a fresh ciphertext $c_i$ into a level $l$ (that can be quite common as encryption of 1 or 0 1), you need to increase the level of $c_i$ to $l$. Otherwise, the operations will fail.
Example: Let we want to multiply $p_1,p_2, p_3$ with FHE. Let $c_i = Enc_k_pub(p_i)$, and clearly they have 0 multiplication level. You need to send $$textttEVAL(mathcalC,k_pub,c_1,c_2,c_3)$$ The server first calculates3$$c_4 = c_1 cdot c_2.$$ Now, the $c_4$ has multiplication level 1. To multiply $c_4 cdot c_3$ we need to increase the multiplication level of $c_3$ to 1. Once they are equal, we can multiply.
In short: multiplicative depth is how much multiplication can be performed and multiplicative level is how many multiplication is performed on a ciphertext2.
1 The Private Information Retrieval article Bandwidth Efficient PIR from NTRU is implemented as Mux and the selector bits needs to have the same multiplicative level.
2Multiplcative level cannot exceed the multiplicative depth, otherwise you cannot decrypt.
3The calculation performed according to your circuit $mathcalC$.
answered 7 hours ago
kelalakakelalaka
10.3k3 gold badges26 silver badges54 bronze badges
$endgroup$
add a comment |
$begingroup$
In Fully Homomorphic Encryption (in short FHE), we have a noise that increased with every operation, and it is almost doubled with the multiplication. When preparing the circuit $mathcalC$ to $textttEVAL$ on the cloud we have to consider various parameters to deal with the noise of which the FHE scheme provides. Minimizing boothstrapping calls, which is very costly, number of modulus switching and linearization, etc. According to parameters, the FHE scheme may provide more than 1 multiplication without bootstrapping.
Multiplicative depth (From your reference) :
The multiplicative depth is the maximal number of sequential homomorphic multiplications which can be performed on
fresh ciphertexts such that once decrypted we retrieve the result of these multiplications.
What is multiplicative level?
This cannot be easily understood if you don't implement some problems. Here is a simple explanation from Efficient Fully Homomorphic Encryption from (Standard) LWE
During the homomorphic evaluation, we will generate ciphertexts of the form $c = ((v, w), ell)$, where the tag $ell$ indicates the multiplicative level at which the ciphertext has been generated (hence fresh ciphertexts are tagged with 0). The requirement that $f$ is layered will make sure that throughout the homomorphic evaluation all inputs to a gate have the same tag.
Here is the trick, if you need to add a fresh ciphertext $c_i$ into a level $l$ (that can be quite common as encryption of 1 or 0 1), you need to increase the level of $c_i$ to $l$. Otherwise, the operations will fail.
Example: Let we want to multiply $p_1,p_2, p_3$ with FHE. Let $c_i = Enc_k_pub(p_i)$, and clearly they have 0 multiplication level. You need to send $$textttEVAL(mathcalC,k_pub,c_1,c_2,c_3)$$ The server first calculates3$$c_4 = c_1 cdot c_2.$$ Now, the $c_4$ has multiplication level 1. To multiply $c_4 cdot c_3$ we need to increase the multiplication level of $c_3$ to 1. Once they are equal, we can multiply.
In short: multiplicative depth is how much multiplication can be performed and multiplicative level is how many multiplication is performed on a ciphertext2.
1 The Private Information Retrieval article Bandwidth Efficient PIR from NTRU is implemented as Mux and the selector bits needs to have the same multiplicative level.
2Multiplcative level cannot exceed the multiplicative depth, otherwise you cannot decrypt.
3The calculation performed according to your circuit $mathcalC$.
answered 7 hours ago
kelalakakelalaka
10.3k3 gold badges26 silver badges54 bronze badges
$endgroup$
add a comment |
$begingroup$
In Fully Homomorphic Encryption (in short FHE), we have a noise that increased with every operation, and it is almost doubled with the multiplication. When preparing the circuit $mathcalC$ to $textttEVAL$ on the cloud we have to consider various parameters to deal with the noise of which the FHE scheme provides. Minimizing boothstrapping calls, which is very costly, number of modulus switching and linearization, etc. According to parameters, the FHE scheme may provide more than 1 multiplication without bootstrapping.
Multiplicative depth (From your reference) :
The multiplicative depth is the maximal number of sequential homomorphic multiplications which can be performed on
fresh ciphertexts such that once decrypted we retrieve the result of these multiplications.
What is multiplicative level?
This cannot be easily understood if you don't implement some problems. Here is a simple explanation from Efficient Fully Homomorphic Encryption from (Standard) LWE
During the homomorphic evaluation, we will generate ciphertexts of the form $c = ((v, w), ell)$, where the tag $ell$ indicates the multiplicative level at which the ciphertext has been generated (hence fresh ciphertexts are tagged with 0). The requirement that $f$ is layered will make sure that throughout the homomorphic evaluation all inputs to a gate have the same tag.
Here is the trick, if you need to add a fresh ciphertext $c_i$ into a level $l$ (that can be quite common as encryption of 1 or 0 1), you need to increase the level of $c_i$ to $l$. Otherwise, the operations will fail.
Example: Let we want to multiply $p_1,p_2, p_3$ with FHE. Let $c_i = Enc_k_pub(p_i)$, and clearly they have 0 multiplication level. You need to send $$textttEVAL(mathcalC,k_pub,c_1,c_2,c_3)$$ The server first calculates3$$c_4 = c_1 cdot c_2.$$ Now, the $c_4$ has multiplication level 1. To multiply $c_4 cdot c_3$ we need to increase the multiplication level of $c_3$ to 1. Once they are equal, we can multiply.
In short: multiplicative depth is how much multiplication can be performed and multiplicative level is how many multiplication is performed on a ciphertext2.
1 The Private Information Retrieval article Bandwidth Efficient PIR from NTRU is implemented as Mux and the selector bits needs to have the same multiplicative level.
2Multiplcative level cannot exceed the multiplicative depth, otherwise you cannot decrypt.
3The calculation performed according to your circuit $mathcalC$.
answered 7 hours ago
kelalakakelalaka
10.3k3 gold badges26 silver badges54 bronze badges
$endgroup$
In Fully Homomorphic Encryption (in short FHE), we have a noise that increased with every operation, and it is almost doubled with the multiplication. When preparing the circuit $mathcalC$ to $textttEVAL$ on the cloud we have to consider various parameters to deal with the noise of which the FHE scheme provides. Minimizing boothstrapping calls, which is very costly, number of modulus switching and linearization, etc. According to parameters, the FHE scheme may provide more than 1 multiplication without bootstrapping.
Multiplicative depth (From your reference) :
The multiplicative depth is the maximal number of sequential homomorphic multiplications which can be performed on
fresh ciphertexts such that once decrypted we retrieve the result of these multiplications.
What is multiplicative level?
This cannot be easily understood if you don't implement some problems. Here is a simple explanation from Efficient Fully Homomorphic Encryption from (Standard) LWE
During the homomorphic evaluation, we will generate ciphertexts of the form $c = ((v, w), ell)$, where the tag $ell$ indicates the multiplicative level at which the ciphertext has been generated (hence fresh ciphertexts are tagged with 0). The requirement that $f$ is layered will make sure that throughout the homomorphic evaluation all inputs to a gate have the same tag.
Here is the trick, if you need to add a fresh ciphertext $c_i$ into a level $l$ (that can be quite common as encryption of 1 or 0 1), you need to increase the level of $c_i$ to $l$. Otherwise, the operations will fail.
Example: Let we want to multiply $p_1,p_2, p_3$ with FHE. Let $c_i = Enc_k_pub(p_i)$, and clearly they have 0 multiplication level. You need to send $$textttEVAL(mathcalC,k_pub,c_1,c_2,c_3)$$ The server first calculates3$$c_4 = c_1 cdot c_2.$$ Now, the $c_4$ has multiplication level 1. To multiply $c_4 cdot c_3$ we need to increase the multiplication level of $c_3$ to 1. Once they are equal, we can multiply.
In short: multiplicative depth is how much multiplication can be performed and multiplicative level is how many multiplication is performed on a ciphertext2.
1 The Private Information Retrieval article Bandwidth Efficient PIR from NTRU is implemented as Mux and the selector bits needs to have the same multiplicative level.
2Multiplcative level cannot exceed the multiplicative depth, otherwise you cannot decrypt.
3The calculation performed according to your circuit $mathcalC$.
answered 7 hours ago
kelalakakelalaka
10.3k3 gold badges26 silver badges54 bronze badges
edited 6 hours ago
answered 7 hours ago
kelalakakelalaka
10.3k3 gold badges26 silver badges54 bronze badges
answered 7 hours ago
kelalakakelalaka
10.3k3 gold badges26 silver badges54 bronze badges
answered 7 hours ago
kelalakakelalaka
10.3k3 gold badges26 silver badges54 bronze badges
10.3k3 gold badges26 silver badges54 bronze badges
add a comment |
add a comment |
$begingroup$
Fresh ciphertext, i.e., output by the encryption function, are at level $1$. When you multiply ciphertexts $c_0$ and $c_1$ that are at level $L_0$ and $L_1$, you get a ciphertext in level $L_0 + L_1$.
Hence, if a $c$ is at level $L$, then the homomorphic computation that generated $c$ involved something like $prod_i=1^L c_i$ (more accurately, you computed a polynomial of degree $L$ in order to get $c$).
Thus, if you evaluate a circuit of depth $L$, you start with ciphertexts in the lower level $1$ and goes obtaining ciphertexts in the middle levels, until you perform a sequence of $L$ products, and you get ciphertexts in the upper level $L$.
Some authors can state things in the other way around, that is, saying that you start with ciphertexts at level $L$ (or $L-1$) and products "consume" the level, generating ciphertexts in lower levels, until you reach the level $1$ (or $0$).
answered 4 hours ago
Hilder Vítor Lima PereiraHilder Vítor Lima Pereira
4,28810 silver badges32 bronze badges
$endgroup$
add a comment |
$begingroup$
Fresh ciphertext, i.e., output by the encryption function, are at level $1$. When you multiply ciphertexts $c_0$ and $c_1$ that are at level $L_0$ and $L_1$, you get a ciphertext in level $L_0 + L_1$.
Hence, if a $c$ is at level $L$, then the homomorphic computation that generated $c$ involved something like $prod_i=1^L c_i$ (more accurately, you computed a polynomial of degree $L$ in order to get $c$).
Thus, if you evaluate a circuit of depth $L$, you start with ciphertexts in the lower level $1$ and goes obtaining ciphertexts in the middle levels, until you perform a sequence of $L$ products, and you get ciphertexts in the upper level $L$.
Some authors can state things in the other way around, that is, saying that you start with ciphertexts at level $L$ (or $L-1$) and products "consume" the level, generating ciphertexts in lower levels, until you reach the level $1$ (or $0$).
answered 4 hours ago
Hilder Vítor Lima PereiraHilder Vítor Lima Pereira
4,28810 silver badges32 bronze badges
$endgroup$
add a comment |
$begingroup$
Fresh ciphertext, i.e., output by the encryption function, are at level $1$. When you multiply ciphertexts $c_0$ and $c_1$ that are at level $L_0$ and $L_1$, you get a ciphertext in level $L_0 + L_1$.
Hence, if a $c$ is at level $L$, then the homomorphic computation that generated $c$ involved something like $prod_i=1^L c_i$ (more accurately, you computed a polynomial of degree $L$ in order to get $c$).
Thus, if you evaluate a circuit of depth $L$, you start with ciphertexts in the lower level $1$ and goes obtaining ciphertexts in the middle levels, until you perform a sequence of $L$ products, and you get ciphertexts in the upper level $L$.
Some authors can state things in the other way around, that is, saying that you start with ciphertexts at level $L$ (or $L-1$) and products "consume" the level, generating ciphertexts in lower levels, until you reach the level $1$ (or $0$).
answered 4 hours ago
Hilder Vítor Lima PereiraHilder Vítor Lima Pereira
4,28810 silver badges32 bronze badges
$endgroup$
Fresh ciphertext, i.e., output by the encryption function, are at level $1$. When you multiply ciphertexts $c_0$ and $c_1$ that are at level $L_0$ and $L_1$, you get a ciphertext in level $L_0 + L_1$.
Hence, if a $c$ is at level $L$, then the homomorphic computation that generated $c$ involved something like $prod_i=1^L c_i$ (more accurately, you computed a polynomial of degree $L$ in order to get $c$).
Thus, if you evaluate a circuit of depth $L$, you start with ciphertexts in the lower level $1$ and goes obtaining ciphertexts in the middle levels, until you perform a sequence of $L$ products, and you get ciphertexts in the upper level $L$.
Some authors can state things in the other way around, that is, saying that you start with ciphertexts at level $L$ (or $L-1$) and products "consume" the level, generating ciphertexts in lower levels, until you reach the level $1$ (or $0$).
answered 4 hours ago
Hilder Vítor Lima PereiraHilder Vítor Lima Pereira
4,28810 silver badges32 bronze badges
answered 4 hours ago
Hilder Vítor Lima PereiraHilder Vítor Lima Pereira
4,28810 silver badges32 bronze badges
answered 4 hours ago
Hilder Vítor Lima PereiraHilder Vítor Lima Pereira
4,28810 silver badges32 bronze badges
answered 4 hours ago
Hilder Vítor Lima PereiraHilder Vítor Lima Pereira
4,28810 silver badges32 bronze badges
4,28810 silver badges32 bronze badges
add a comment |
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f72982%2ffhe-what-is-the-difference-between-multiplicative-depth-and-multiplicative-leve%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
$begingroup$
What is your definition of depth of a circuit?
$endgroup$
– user0410
9 hours ago